Archive for September 30th, 2012

Free Software – Students Foment Change in College

Published by Robert Pogson September 30th, 2012 in technology. Comments

“Thanks to the success of our student organization, LibrePlanet/Students for Free Culture, the school has just taken big steps to promote students’ adoption of free software. Firstly, all incoming Hampshire College students this semester received a USB drive with download links for free software (listed below). The drives also included information about our student group and the importance of free software because people need to know how it is different from nonfree software and why the distinction matters. Secondly, GNU/Linux has been added as a boot option on all computers in our library. The student group has managed to achieve both of these milestones in the span of just two semesters.”

via Hampshire College distributes free software bundle to all incoming students — Free Software Foundation — working together for free software.

Wow! I guess it’s time I retired. These young people can really get things done. I doubt they need any advice from me.

Education holds the keys from one side, making ordinary people aware of choices in IT. The other is educating retailers but that should happen naturally enough when these young people go shopping…

RMS continues spreading the word to students as well. He spoke at several colleges in Massachusetts over the years and FSF had an intern from Hampshire College a few years ago. The effort is bearing fruit.

- Robert Pogson

Advice the Government of Canada Gives About GNU/Linux

Published by Robert Pogson September 30th, 2012 in technology. 18 Comments

“Basic Security Recommendations
Identification and Authentication – Current implementations of Linux are vulnerable through user passwords. Passwords are stored in clear text, meaning they are easily understood by any user that knows the password file location, and the default encryption tool for information does not meet the Government of Canada recommended encryption requirements. “

see Overview of Operating Systems Security Features – LINUX.

Well, it’s pretty clear they got that wrong:

  • $ cat /etc/shadow
    cat: /etc/shadow: Permission denied
  • “/etc/shadow” contains the following.


    user1:$1$Xop0FYH9$IfxyQwBe9b8tiyIkt2P4F/:
    13262:0:99999:7:::
    user2:$1$vXGZLVbS$ElyErNf/agUDsm1DehJMS/:
    13261:0:99999:7:::

    As explained in shadow(5), each “:” separated entry of this file means the following.

    Login name

    Encrypted password (The initial “$1$” indicates use of the MD5 encryption. The “*” indicates no login.)

    Days since Jan 1, 1970 that password was last changed

    Days before password may be changed

    Days after which password must be changed

    Days before password is to expire that user is warned

    see Chapter 4. Authentication (Debian)

So, quite wrong on the first point and the second partly true. MD5 is old and creaky but if your password is “sdfkui7y23,$@&&&xvhut3r” and the user/malware doesn’t have access to the password MD5 hashed, not encrypted, how are they to find any possible strings coming to that hash before being spotted? There’s also a “salt” added to the string before hashing so the job gets harder.

The usual standard in GNU/Linux is MD5:
“mkpasswd -S “frog37r3″ -m md5
Password:
$1$frog37r3$ezKGT9XmudHKS9ua3WjDx1

but SHA512 is available:
“mkpasswd -S “frog37r3″ -m sha-512
Password:
$6$frog37r3$dG/hS4PrlCRVn3SSP/ccIHVmzimdN5nNF0
js9WNKyM9ASro2dZZQ/8XUgW4Q8Kuu0xlRelRLDz7Z2DiOokJOF.”

so, good luck cracking that mess without being noticed for failures. Really, trial and error would be just as good as getting the shadow password which is out of sight.

Indeed, Debian changed to SHA512 default hashing back in 2009:
“[ Kees Cook ]
* debian/local/common-password, debian/pam-configs/unix: switch from “md5″
to “sha512″ as password crypt default.

So, the strength of the password is likely much more critical than the hashing of them. Debian tells us how to strengthen passwords, too.

I think this shows the Government of Canada is a little behind the curve in GNU/Linux and needs to open up to the standards of some European governments like Germany. Germany created their own GNU/Linux desktop for government use back in 2006. Germany isn’t spreading FUD about security of GNU/Linux. TFA from Canada was produced in 2010 using M$’s office suite and Adobe’s Distiller on that other OS.

Wake up Canada!

- Robert Pogson

XL Foods Crashes and Burns

Published by Robert Pogson September 30th, 2012 in technology. 39 Comments

XL Foods is a huge beef processor in Alberta, Canada. They distribute to much of Canada and USA. Last August, they produced shipments that began to be identified as contaminated with a particularly virulent form of e. coli bacteria. Because meat is not sampled 100%, government agencies took some time to determine the scope of the problem. A large number of recalls of product were made but eventually the licence of the business was revoked.

“Establishment 38 had monitoring measures in place but was not properly conducting trend analysis of the data it collected. The CFIA review found that the plant needs to improve its trend analysis and also stengthen its response measures when a higher than normal number of detections are made.

In addition, the company’s control measures for meat that tested positive for E. coli O157:H7 were not always being followed correctly. While containers of meat testing positive for E. coli O157:H7 were properly handled, a small number of containers produced immediately before and after the contaminated product were not always diverted from the fresh meat line. This process, known as bracketing, is an established food safety control.”

see Questions and Answers Recall of Specific Products from XL Foods Inc. – Establishment 38, Brooks, Alberta – Food – Canadian Food Inspection Agency.

We see this kind of failure of technology often. The more complex a system the more hidden are the details. XL apparently did not study their own test results well enough to trigger their internal alarms. If they had widespread recalls and the loss of the licence might have been prevented. What were they thinking? Trying to save a dollar? Was the wrong person put in charge of quality-control? We may never know but once again, a number of factors that should have prevented the problem all failed at the same time.

In technology, the only way to protect complex systems is to have a layer of defences and each one has to be tuned up and maintained or the whole thing can fail as XL did. Governments were complicit, too for they have not sampled often enough. If all exports to USA had not been sampled, this thing might have become much bigger and more tragic. Even so, some of the product entered USA. More than one layer had to work but they all failed. Not all samples of contaminated meat test positive but it only takes one bacterium to make a real mess.

Thorough cooking is the last line of defence. Make sure to cook that hamburger through. I actually know people who like their hamburger “rare”, like steaks, yet hamburger is nearly an ideal product in which the bacteria grow. I never eat undercooked meat.

For me, the operating system is the last line of defence in IT. If it was designed to be single-user, designed by salesmen, and forced on people in an uncompetitive market, the results will be disastrous. That’s why I recommend Debian GNU/Linux, an OS that works for you and not against you like the products of Wintel.

- Robert Pogson

More Stats

Published by Robert Pogson September 30th, 2012 in technology. 48 Comments
  • This site:
    Country Vists Avg. Duration
    United States 70,885 00:03:03
    Canada 16,785 00:04:03
    United Kingdom 11,414 00:03:45
    Australia 9,346 00:08:34
    Germany 7,715 00:05:52
    Netherlands 4,400 00:01:29
    India 3,780 00:01:11
    France 3,066 00:00:42
    Finland 2,788 00:02:11
    Mexico 2,325 00:03:38
    …100 more…


    So, it seems to me the site is working and the effort is worthwhile no matter what the naysayers repeat ad nauseam.

  • Spain has rolled out Ubuntu GNU/Linux to 220K students. That should show up in the stats somewhere. Perhaps here:

    Nope. That’s just Clicky ignoring most GNU/Linux installations while noticing a new release of Ubuntu. The “Linux” category dropped the same way in many other countries without a huge roll-out of Ubuntu, just a new release.

  • Ubuntu does get a good share in many countries but Cuba is the most interesting:

  • Interestingly, Clicky shows Mac at less than Apple’s published shares… while NetApplications shows them greater… What’s with that?

  • Notice the sharp dips in Brazil’s stats from Clicky. Clearly they think most people have that other OS at home but work/school is GNU/Linux. We know there are a lot of people working/schooling, yet GNU/Linux share still shows tiny. What’s with that?

Overall, I think the stats again show that published web stats greatly underreport GNU/Linux. Even in Brazil where all students use GNU/Linux at school and most government employees use GNU/Linux and GNU/Linux is a best-seller at Walmart, Clicky still reports ~1%. The fluctuation between home and work/school are huge, like half the share. That should mean half the schools and government offices use GNU/Linux. Yet, they report a tiny share. What’s hiding behind the curtain? Inquiring minds want to know.

Here’s what I see of visits this month:

1.	 Windows	42,488	24.40%	
2.	 Linux		36,091	20.73%
3.	 Macintosh	6,386	3.67%
4.	 Android	2,386	1.37%
5.	 iOS		939	0.54%
6.	 iPad		936	0.54%
7.	 (not set)	856	0.49%
8.	 iPhone		740	0.43%
9.	 iPod		134	0.08%
10.	 BlackBerry	89	0.05%

To the argument that the site’s biased to GNU/Linux I would reply, “If so, why are so many users of that other OS visiting? They must be interested in GNU/Linux.” It’s all good. Clearly there are far more unique visitors than commentators on any side. I am reaching folks who want to know about how to do things in IT.

- Robert Pogson

Archives by Month

My Mission

My observations and opinions about IT are based on 40 years of use in science and technology and lately, in education. I like IT that is fast, cost-effective and reliable. I do not care whether my solution is the same as yours. I like to think for myself.

My first use of GNU/Linux in 2001 was so remarkably better than what I had been using, I feel it is important work to share GNU/Linux with the world. I have been blessed by working in schools where students and school systems have benefited by good, modular software easily installed in most systems.

I have shown GNU/Linux to thousands of students and hundreds of teachers over the years and will continue in some way doing that until I die in spite of the opposition.

Posts

September 2012
S M T W T F S
« Aug   Oct »
 1
2345678
9101112131415
16171819202122
23242526272829
30  

    Writing

    3426 articles
    30525 comments

      Comments

      platforms
      linux 17414
      windows 12750
      macos 206
      sun 3
      wp 2

      browsers
      firefox 23849 
      safari 11835 
      chrome 11687 
      ie 4631 
      iceweasel 4239 
      opera 1641 
      konqueror 198 
      netnewswire 14 
      epiphany 2 
      flock 0 
      bonecho 0 
      lynx 0 

Bad Behavior has blocked 3793 access attempts in the last 7 days.