OpenSUSE Linux Rants

*FACEPALM* - 20 years and still not figuring it out:

Ian Lamont writes "Microsoft has issued a security advisory warning users not to press the F1 key in Windows XP, owing to an unpatched bug in VBScript discovered by Polish researcher Maurycy Prodeus. The security advisory says that the vulnerability relates to the way VBScript interacts with Windows Help files when using Internet Explorer, and could be triggered by a user pressing the F1 key after visiting a malicious Web site using a specially crafted dialog box."

Read more of this story at Slashdot.

Another migration from Windows to Linux to join my list of nearly 100 Linux Migrations from Around the Globe:

INSURANCE giant Allianz Australia expects to save more than $1 million by switching from Microsoft Windows to Red Hat Linux for key applications.

Excerpt:

“We believe this is just the beginning… the move from a Wintel-based environment to a virtualised Linux environment will save over $1m a year in facilities, hardware and software costs,” Mr Rowe said.

Read “Insurer slashes $1m from costs with move to Linux.”

Good thing they’re switching, too, because they’d be vulnerable to today’s zero-day exploit:

A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future.  When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.  For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites’ content. Symantec currently detects the exploit with the Bloodhound.Exploit.129 antivirus signature and is working on new signatures now. Symantec IPS protection also currently detects this exploit with signatures HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO. A new IPS signature, HTTP IE Style Heap Spray BO, has also been created for this specific exploit. To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.

Provided by Symantec. This is why friends don’t let friends use Windows.

In other news, how would you like to turn a body part into a TV screen or computer monitor?

Check this out:

“New LED tattoos from the University of Pennsylvania could make the Illustrated Man real (minus the creepy stories, of course). Researchers there are developing silicon-and-silk implantable devices which sit under the skin like a tattoo. Already implanted into mice, these tattoos could carry LEDs, turning your skin into a screen.”

Read “How LED Tattoos Could Make Your Skin a Screen.”

Just use Linux.

It seems that M$ still doesn’t get it. At least that’s quite obvious when one considers the “training” that they have been providing to Best Buy employees. For example, take a look at this screenshot of the training (click for bigger graphic):

The original poster of this info couldn’t have said it better:

“No iPod support? Really? And the Zune doesn’t work on the Mac either although there has been some progress from the Linux community. And I’ve never had any problems pulling pictures from cameras.

I’ve yet to see a printer that doesn’t have a driver. You might have to download it from the products website though (gasp!).

Yeah yeah. Software. Although WINE has been vastly improving lately (we even got around that stupid Secu-ROM).

There are free alternatives to all of the Windows Live “essentials”.

WOW. Of all the games to mention, they mention World of Warcraft. I wrote a tutorial on how to get WoW running on Linux not to long ago. Its probably the easiest game to set up with in WINE.

Authorized support? Well you have Red Hat and Canonical, oh I guess you can count Novell…

Video chat with Pidgin? Or Skype?“

Of course, not to mention the endless lists of Linux equivalents to Win software.

Take a look at the original exposé here:

Microsoft attack Linux at the retail level

See also:

microsoft (mis)educates best buy employees about linux

Microsoft’s training materials teach Best Buy employees how to trash Linux

You know Microsoft would only say something like this if there was absolutely no other alternative. They are marketing experts, not software experts. And apparently, the software experts that contribute to Linux have created an OS superior enough that, with little to no marketing/advertising, it enjoys a quickly-expanding install base.

Excerpt:

“While Linux on servers is a well-established market among business customers, Linux as a viable alternative to Windows on PCs has never taken off. However, the emergence of the netbook as a low-cost, smaller form factor to the traditional notebook PC has certainly changed that, so much so that Microsoft lately has been pushing a lightweight notebook as an alternative to netbooks, Helm said.”

Read Microsoft acknowledges Linux threat

Celebratory wallpaper:

Click for full-sized wallpaper.

Can anyone verify that this unbelievable claim is, in fact, true?

http://techdirt.com/articles/20080429/095514977.shtml
http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html

OK, I am totally stealing this one, but I wanted to share it (thx Steve).

“It’s official, Microsoft knows no shame. We used to think that the Zune tattoo guy was bad for publicity, but now it’s clear that the video promo team needs zero outside help in dragging whatever shred of dignity this company has through the mud. Whoever thought up this Bruce Springsteen-defiling “Rockin’ Our Sales” piece of garbage to promote the launch of Vista SP1 should be fired instantly and sued for defamation. It’s just that good. Video is naturally after the break.”

You HAVE to see just how low they can go.

Masochists click here for punishment.

The evidence is undeniable : Linux is more secure than its proprietary alternative. This should be clear enough with even the briefest review of system security news revolving around M$ and its OS in the past week. 396 stories found. For Linux? 26.

“But if you consider the install base of each one, that will account for the difference in the number of stories and the number of vulnerabilities and exploits.” That’s one I hear from a lot of Micro$ofties. What’s funny is that this isn’t even true, and it’s very easily disproven. Very easily.

It’s as simple as comparing the number of flaws that exist per thousand lines of code in each of the kernels. Coverity did a study (albeit just over 3 years ago) of the number of vulnerabilities found in the Linux kernel per thousand lines of code. That number came out to be about 0.17 flaws per 1,000 lines of code, down considerably from about 8 times that only four years previous. Imagine how much it has improved since the study was done.

On the other hand, a study of proprietary software revealed that the average number of flaws per thousand lines of code is roughly between 10 and 20. This is not a good number for the M$ camp. 0.17 for Linux versus between 10 and 20 for proprietary software on average. Since M$ won’t let anyone see their source code, it is not possible to make a definite determination. But if they were certain it was even in the same ballpark as the Linux figure, you’d bet that they would be making a huge deal about the fact. I have heard nothing from them concerning the matter. Draw your own conclusions.

A very large number of entities are noticing this same thing. Not only is Linux much cheaper to run and maintain, it is also apparently around 100 times more secure (if you take a number between 10 and 20, like say 17, and you divide it by 0.17, you get 100) than what you might have on your desktop at this very moment. There are a lot of companies who are seeing this.

You know it must be fairly accurate if even financial institutions are switching over. Today, I saw an article illustrating this point. Entitled, “Financial group trusts Linux platform to protect customers’ assets,” the company’s experience thus far has had a familiar ring. Here are a couple of excerpts:

“Western & Southern reports an 80% decrease in batch cycle times on the new database servers running Linux, as well as a 60% reduction in the number of servers needed, which further reduced both hardware and software license costs.”

“Jackson’s experience with Linux has been so good that the company is now looking at other areas in which it could use the open source operating system.”

Now… This is not one isolated instance. I have personally documented over 150 cases of major Linux migrations. Entities described in this research include all of the branches of the U.S. Military, various national governments around the world, other world-wide financial institutions, large international companies and corporations, and educational institutions.

If you would like to have this research, I have made it available as part of my “Intro to Linux” course, available from the right nav on my OpenSUSE Linux blog. It’s free and makes for an interesting read, and you can send it out to whomever you may wish to share it with. That particular part of the course is in class number 4.

In any case, for situations where you need rock-solid security, Linux is truly a viable solution.

From an article called “Playing music severely degrades network transfer performance in Vista, we learn some interesting stuff. It’s funny to me that Linux doesn’t suffer from the same problem… A nice explanation of this phenomenon is found in another article, called Those Dang DPCs Clogging the MMCSS. Oh, man. You’d think they would figure it out by now. I mean hell, they’ve only been making operating systems for 25 years, and only have about $40 Billion to work with. Friends truly don’t let friends use Windows, especially Vista.

(09:54:18) Steve D: http://www.the-gay-bar.com/index.php/2007/04/23/security-by-naming-conventions/

(09:54:19) Steve D: dude

(09:54:25) Steve D: THERES some MS funnage to munch on

(09:54:27) Steve D: Talk about LAME.

(10:03:01) Scott: nice

(10:10:26) Steve D: what a piece of trash, man

(10:10:28) Steve D: stupid windows.

(10:10:31) Steve D: what total garbage.

(10:11:50) Scott: Few people on this earth agree with you as much as I do.

(10:12:45) Steve D: I cant believe how many corners theyve cut

(10:13:04) Steve D: Im starting to believe that MS might be as ruthless in saving time and money as Wal-Mart is.

(10:13:14) Steve D: Do it right? oh, that takes too long.

(10:13:30) Steve D: Add an if statement checking to see if "install" is in the filename? 12 minutes.

(10:13:45) Scott: Yep

(10:13:49) Scott: that is rockin’ cool

(10:14:46) Steve D: How does that quote go?

(10:14:59) Steve D: Those that don't use Unix's philosophy are destined to redesign it, poorly.

(10:15:01) Steve D: soemthing like that

Later that morning…

(10:25:19) Steve D: man

(10:25:25) Steve D: Looks like Vista isnt selling very well

(10:25:33) Steve D: I hope this is the beginning of the end for MS

(10:25:36) Scott: It’s fecal material.

(10:25:52) Steve D: Did you hear Dell went back to selling XP preloaded because of customer demand?

(10:25:57) Scott: Yeah, I think this is the beginning of the end.

(10:25:58) Steve D: Dude, THAT is a bad sign right there phoobage.

(10:26:07) Scott: You have a link for that, there, tiger?

(10:26:12) Steve D: uh

(10:26:15) Steve D: one second.

(10:26:26) Steve D: I think it was techdirt?

(10:26:28) Scott: http://news.com.com/Dell+brings+back+XP+on+home+systems/2100-1046_3-6177619.html

(10:26:32) Scott: There’s one.

(10:27:06) Steve D: "We heard you loud and clear on bringing the Windows XP option back to our Dell consumer PC offerings,"

(10:27:09) Steve D: I hate PR spin.

(10:27:09) Steve D: :B

(10:27:29) Steve D: Translation: After telling MS we're going to sue them for lost sales, they changed our contract to make the whole a little smaller.

(10:28:48) Steve D: man I totally hope this thing just falls flat on its face.

For more information on this important topic, go here.