Dissociated Press

The IETF has moved the Secure Shell specifications to Proposed Standard status. Read all about it on NewsForge.

In case you’re interested in banging on Gaim 2.0 on amd64 without having to build your own package, I’ve whipped up a package using CheckInstall.

As always, be careful using beta software, it could eat your data. Make a back up of your .gaim directory before installing.

I should learn, one of these days, that no project related to compiling and installing new package is going to be simple or “just five minutes.” Wanted to check out a program for Distributed Proofreaders, to see if there’s a better way than using the browser interface. That program needs, apparently, about 1/4 of CPAN. Naturally, it doesn’t appear that all of the CPAN modules it wants (mostly related to Tk, which I thought had gone out years ago…) are available as packages for Ubuntu.

Also, along the way, I wanted to convert the Perl scripts included with the DP program from DOS to Unix line-ends — and noticed that dos2unix is not installed on Ubuntu, nor does that seem to be available as a package.

So, a quick Google and I find a short script that will do the trick. (Yes, I could probably write one myself, but why bother if the LazyWeb can do it for you?) So, when all else fails:

awk '{ sub("\r$", ""); print }' winfile.txt > unixfile.txt

And that’s all that’s needed. Still, I decided I wanted to go ahead and install the utilities, so I checked Freshmeat and found Hany’s Dos2Unix. Surely, that would be packaged for Ubuntu. Hm. Nope. Doesn’t appear to be packaged for Debian, either. At this point, I think I will see if I can package it for Ubuntu and Debian and put it into the respective repositories.

Finally — half an hour after I started a five-minute project, I’ve got the GuiGuts tool running. Actually a bit disappointing.

Ah well. I’ve whipped up a temporary package for Ubuntu AMD 64 if anyone wants it. Time to build an “official” package and see if the Ubuntu and Debian folks want it.

The Free Software Foundation is moving forward on the GPL 3.0, a pretty major event for the free software community. The process is scheduled to take about 12 months, but the first draft was released on Monday. We wrote up an analysis of the first draft and the changes. All in all, nothing really shocking in this draft, and it doesn’t look very drastic.

With any luck, it should be relatively easy to get buy-in from most of the interested parties. 2006 should be an interesting year…

For a long time, it was comparing (ahem) Apples and oranges when you’d do a price comparison between Apple hardware and PC hardware. The Apple enthusiasts would invariably bring up the Apple chip du jour as a reason why the Apple computer was oh-so-much better and worth the additional cash, or argue that whatever the comparison, it wasn’t fair because you couldn’t consider the machines side-by-side.

By moving to Intel chips, Apple has made it that much easier to compare side-by-side, fairly. CNet’s Michael Kanellos does just that, and finds that when you price machines from Gateway and Apple with a similar configuration, you end up with a price difference around $455.

(more…)

Well, Apple has finally trotted out its new Intel-based models, a couple of laptops and iMacs with the Intel Core Duo chips. Last year, when Apple announced its move to Intel, a lot of people said that would be a major blow to Linux on the desktop — because Apple could sell Intel machines cheaper, with the ever-popular Mac OS X. That combination was supposed to make *nix geeks snap up the Apple machines in droves, as well as the poor huddled masses of Windows users who would suddenly be willing to think different and switch when the machines cost a little (lot) less.

As I said last year, this doesn’t look like the revolutionary change that some pundits were predicting. If Apple has any hopes of displacing Windows on a significant number of desktops, it will need to do better than a $2K laptop or $1299 iMac. Apple is still catering to the high-end market that bolsters its profit margins, but doesn’t do much for its market share overall.

The latest US-CERT security bulletin is getting a lot of press lately, most of it misguided. Joe Barr and I wrote a short piece (Joe Barr deserves most of the credit, I just added a few grafs…) trying to set the record straight when it comes to security vulnerabilities, which seems to have actually penetrated the fog of the mainstream tech media.

Since I spend much of my time interviewing other folks, it was a bit fun to turn the tables and to be interviewed for this NewsFactor story on the topic by Jay Wrolstad. (All things being equal, however, I think I prefer asking the questions…)

The crux of the biscuit is that mainstream tech pubs have been reporting the sheer number of reported vulnerabilities as being representative of the actual level of security for a given operating system. I’m hoping, though not convinced, that the message may be finally getting through that the number of reported vulnerabilities is not the same as how vulnerable an operating system is or isn’t.

Actually presenting a fair picture of operating system security is pretty hard, but here’s a hint for anyone who’s looking to try — a good overview needs to take into account the following:

• How many vulnerabilities appear during a given period.
• How many exploits appear during a given period.
• How long it takes a vendor to issue a patch or fix for the vulnerability.
• How hard/easy it is to construct an exploit for the vulnerability.
• Who’s identifying the vulnerabilities? Is it the vendor, or outside parties?

In short, just taking a raw number and saying “OS A is secure and OS B is less so, because OS A only has a fraction of OS B’s vulnerabilities” is pretty bogus. It’s worth noting that the US-CERT report is unfair to Windows as well as Linux/UNIX/Mac OS X because vulnerabilities against programs like “Apple Darwin Streaming Server” are counted against the Windows tally. WTF? Most Windows users don’t have that application installed, so how should it count as a “Windows” vulnerability? At the same time, it doesn’t look like most of the Firefox vulnerabilities were tallied under the Windows column, even though Firefox also runs on Windows.

I’ll take ten minor flaws in things like LibXPM or netpbm than the WMF flaw that a lot of Windows shops are concerned with right now.