Archive for September 21st, 2010

Cyber-Warfare is Upon Us

Published by Robert Pogson September 21st, 2010 in technology. Comments

There is news that the Stuxnet malware may have been aimed specifically at control systems in Iran’s nuclear programme. If so, it was an act of war. If the perpetrators are discovered this could get ugly. If the prerpetrators are not found, expect the attitude of Iran’s government to stiffen, if that is possible.

If I were in charge in Iran, I would rip out that other OS and beef up security. Control systems should not even be connected to the web when they are on-line. That is insane, like leaving the front doors of the building unlocked. I would bet the Iranians are making all kinds of plans to tighten things up. It’s not their fault. Everyone who has been working alone re-invents the wheel. The isolation with “the west” forced them to do many things on their own which may not have benefited from the mistakes everyone else has made in the nuclear age. They may have simply copied techniques they used for oil production which is not as a volatile/critical as a nuclear programme.

The twits who did this should be punished whoever they are. They are playing with fire. Dealing with an aggressive party with aggression is a sure way to escalate to all-out war. We don’t need that.

- Robert Pogson

Integrity of the Network

Published by Robert Pogson September 21st, 2010 in Teaching and technology. Comments

I advocate use of thin clients which more or less go out of service with any interruption of the network. That along with lack of access to servers or the Internet are one of life’s problems for IT system administrators. Bigger guys have these problems, in spades.

Yesterday, I extended our wireless network to reach a dark corner of the school. I configured the wireless access point in my lab and because the office was about to be locked up for the day installed it in the office without testing. I thought it was sufficiently routine to take that risk and it would not likely be needed until the next day when the office would be open again. After the office was locked I did find time to test it and it failed. I could see the channel but I could get no IP address on my notebook. Ding, Ding, Ding… The bells in my head told me the AP was not properly connected to the LAN even though I had seen lights come on both on the switch in the office and on the access point, a DI-524 router. Later a teacher in the building asked for wireless access and we saw that the new AP was stronger than the old one, so I asked the maintenance foreman to let me into the office for a closer look.

Indeed the router was connected to the switch properly but the wall outlet for the LAN was cabled directly to a particular PC… The switch was not connected to the LAN… Inspection of the surroundings revealed a bundle of solid-conductor cable under the secretary’s desk, unconnected from anything. Then it dawned on me. The office had suffered the same “attack of the cleaning ladies” over the summer. Anything that was on the floor was moved off and usually unplugged. Sigh. At least no one’s shooting at my system. I put the switch and the router/AP in a safer place and reconnected the switch and PCs to the LAN. Bingo. Wireless now works better in the dark corner of the school. The PE teacher whose office in the gym was running at -85db will be pleased. The grade 1 teacher can now listen to her favourite feed while working late.

Then the water supply was cut off. There will be no school for two days because of concerns of contamination. Sigh. If it isn’t one problem with infrastructure it is another.

- Robert Pogson

Legal Responsibility

Published by Robert Pogson September 21st, 2010 in technology. Comments

Lily Allen is suing Apple to get them to come clean on insecurity of her MacBook. She was damaged by disclosure of personal information from an intrusion. This could get interesting if everyone who lost data sued the provider of the software. M$ could turn out the lights immediately…

Maybe she should try GNU/Linux and hire someone to harden her system. By the scale in that link, I am not “truly paranoid” but at least I have not seen malware on hundreds of PC-years of usage. Lily Allen may indeed need the paranoid level of security. I do not.

The EULA of that other OS attempts to absolve M$ of claims of legal responsibility as does the GPL that covers most of GNU/Linux.
“15. Disclaimer of Warranty.

THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.”

That is reasonable considering that the supplier cannot reasonably forsee all uses of the software and is not particularly being paid to provide security. However, a supplier can sell service which includes security protection to some extent. I doubt anyone can guarantee total security. Insurance, perhaps, but not certainty. On the other hand, the supplier of software who exhibits total disregard for security which M$ did until about 2000, should be sued for negligence, not reaching the ordinary duty of care required of everybody doing anything. Was it negligence to permit release of an OS with no firewall which at the same time was full of holes (XP before SP2)?

Did anyone sue M$ for the waves of malware that infected their OS? Yes. The shares of the company have done a dead-cat bounce since those days. Whether the suit, which was abandoned, or the malware was a cause of a lack of confidence or revulsion of M$ or just a symptom, it is bad business to produce a defective product. A thorough discussion of the issues generally about the legal responsibility for security of software is “The Tort of Negligent Enablement of Cybercrime”. Techs who neglect security can be fired. Maybe people should fire M$. I have.

- Robert Pogson

SUN Keeps Rising

Published by Robert Pogson September 21st, 2010 in technology. Comments

Oracle is doing well, we hear. They are making tons of money and innovating. One of their new servers could run all the schools where I have taught. If you have to ask the price, you probably cannot afford one. 16-core threaded chips at 40nm and hundreds of gB of RAM and lots of gigabit ports … They have also announced their own GNU/Linux distro with a kernel tuned for their servers/databases.

Now, if they could only free Java

- Robert Pogson

Archives by Month

My Mission

My observations and opinions about IT are based on 40 years of use in science and technology and lately, in education. I like IT that is fast, cost-effective and reliable. I do not care whether my solution is the same as yours. I like to think for myself.

My first use of GNU/Linux in 2001 was so remarkably better than what I had been using, I feel it is important work to share GNU/Linux with the world. I have been blessed by working in schools where students and school systems have benefited by good, modular software easily installed in most systems.

I have shown GNU/Linux to thousands of students and hundreds of teachers over the years and will continue in some way doing that until I die in spite of the opposition.

Posts

September 2010
S M T W T F S
« Aug   Oct »
 1234
567891011
12131415161718
19202122232425
2627282930  

    Writing

    3429 articles
    30591 comments

      Comments

      platforms
      linux 17463
      windows 12767
      macos 206
      sun 3
      wp 2

      browsers
      firefox 23908 
      safari 11859 
      chrome 11711 
      ie 4638 
      iceweasel 4261 
      opera 1641 
      konqueror 198 
      netnewswire 14 
      epiphany 2 
      flock 0 
      bonecho 0 
      lynx 0 

Bad Behavior has blocked 6226 access attempts in the last 7 days.