And again…
Here’s yet another story of yet another Microsoft hole being exploited. This time it’s in their SQL Server product. Seems like there are more exploits being – well – exploited than in something that’s extremely exploitable.
Microsoft is now warning users of a serious bug in its SQL Server database software, just days after patching a critical flaw in its Internet Explorer browser…
However, for me, the most telling comment of this – yet another – security hole in Microsoft’s code was the last sentence on Techworld’s article:
It was publicly disclosed on 9 December by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.
See that? M$ were informed back in April. Somehow I don’t think the FOSS community would wait that long to fix a major security hole in a very widespread product. Do you?
(Thanks to Techworld for keeping us abreast of these important news items)
Microsoft Holes Exploited Again
As if the last security hole in Internet Explorer was not enough, here’s yet another reason to drop Microsoft Software. This time it’s their cash-cow, Office:
Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, according to security researchers.
“Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that’s hosting the malware,” said David Marcus, the director of security research and communications for McAfee’s Avert Labs. “This is a pretty insidious way to attack people, because it’s invisible to the eye, the communication with the site.”
This all reminds me of a sieve – full of holes.
If I was a small business using Microsoft application software today, I would be dropping it faster than a red-hot rock. If I was a CTO I would be planning now how to migrate away.
OpenOffice.org will protect you from malicious ActiveX in documents, Firefox for web browsing and Thunderbird for email will do the same whilst allowing you to continue to use the Windows OS as you plan the final step to freedom. Ubuntu will complete the process.
If you need help, there are companies out there who can provide support and technical assistance. 
Why Ubuntu is Important
Jono Bacon has a very interesting and thought provoking article regarding what Ubuntu really means and why it is important. It’s well worth a read.
… So, today I would like to ask each and every one of you reading this to do one simple thing to help us all reconnect and share our ethos. If you have a blog or use Twitter or identi.ca, I would like to ask you to take five minutes to write down why Ubuntu is important to you, and what aspect of our ethos attracts you and motivates you about Ubuntu. How does our ethos around freedom excite you about the project? If you don’t have a blog, use IRC, mailing lists or anything else you can think of. The key point here is in sharing with others about what Ubuntu means to you. If we work together to continue to share our ethos, it will not only be healthy for our community, but also healthy for the next important chapter in the Ubuntu story.
Why is Ubuntu important? What does it mean to me?
In a word: Freedom.
In several words: Ubuntu is tremendously important. It not only provides a great and free software environment in which to do things on my computer hardware, it also provides a connection between me and many millions of other users. And that connection is something you can’t buy. It is based on enthusiasm, collaboration, desire and many other fantastic attributes that we – the Ubuntu Community – share. It doesn’t matter how much you contribute, it doesn’t matter if you are young or old, male or female. What matters is that you care. Every time I talk to someone who is unaware of FOSS I have to check myself and control that enthusiasm (especially when it is a professional conversation). But it is, nevertheless, infectious. And when I see the “penny drop” the eyes light up and the smile appear on their face I know that there is a new community member in the making. You don’t get that with Windows…
That’s why it is important.
BBC: Internet Explorer Security Alert
Users of the world’s most common web browser have been advised to switch to another browser until a serious security flaw has been fixed.
The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.
So, apart from being a crap browser at actually rendering web pages according to the standards, it also opens up your computer to a “serious security flaw” (as if we didn’t know that already).
Here’s my recommendation for curing this ailment. Permanently:
- Get Firefox for your Windows computer right now!
- Get Thunderbird for your Windows computer today and get away from Outlook/Outlook Express.
- Get OpenOffice.org for your Windows computer and marvel at the free office application suite and ponder why you have been paying so much for M$’s bloatware in the past.
- Then, once happy with the above, Get Ubuntu (which has all of these wonderful applications and much more)and then get rid of that malware masquerading as an operating system called Windows.
- Enjoy trouble-free Free computing for evermore.
Simple.
Thanks to oly on the #ubuntu-uk irc channel for pointing this story out.
Teacher: “No Software is Free” [Updated]
Thanks to Glyn for pointing this one out to me.
A thoroughly shocking saga from “across the pond”.
This blog is momentarily interrupted to bring you a snippet of recently received email.
…observed one of my students with a group of other children gathered around his laptop. Upon looking at his computer, I saw he was giving a demonstration of some sort. The student was showing the ability of the laptop and handing out Linux disks.
After confiscating the disks I called a confrence with the student and that is how I came to discover you and your organization. Mr. Starks, I am sure you strongly believe in what you are doing but I cannot either support your efforts or allow them to happen in my classroom. At this point, I am not sure what you are doing is legal. No software is free and spreading that misconception is harmful. These children look up to adults for guidance and discipline. I will research this as time allows and I want to assure you, if you are doing anything illegal, I will pursue charges as the law allows.
Mr. Starks, I along with many others tried Linux during college and I assure you, the claims you make are grossly over-stated and hinge on falsehoods. I admire your attempts in getting computers in the hands of disadvantaged people but putting linux on these machines is holding our kids back.
This is a world where Windows runs on virtually every computer and putting on a carnival show for an operating system is not helping these children at all. I am sure if you contacted Microsoft, they would be more than happy to supply you with copies of an older verison of Windows and that way, your computers would actually be of service to those receiving them…”
Karen xxxxxxxxx
xxxxxxxxx Middle School
AISD
Where on earth does one start? I assume that AISD is the
Austin Independent School District,
1111 W. 6th Street,
Austin,
TX 78703
This teacher’s position is frankly scary; to be in a position of authority and yet be so ignorant. I would suggest that she is sent on a two day FOSS course at AISD’s expense and then asked to give presentations/tutorials to the rest of her teaching community. She could also burn some CDs and give them out too.
I really hope that my children (who both use Edubuntu) will not encounter such blind ignorance during their school life.
I hereby pledge that I will do my utmost to help any offending teachers should this arise.
Update: Helios has written a postscript to this story after it became caught up in a frenzy of /. and digg mania. It seems as though Helios thinks he needs to apologise for something. Personally I didn’t feel that he had done anything wrong in his original post (he did keep the teachers identity private afterall) but clearly he didn’t like the tone of many of the comments. That’s honourable and almost certainly the right thing to do. But surely this is a two way street? Don’t you agree that Karen should have done at least a modicum of research before launching her exocet? Afterall she is a teacher…
Free Food!
I just came across this.
What a great idea.
I love to cook (and eat) and so this idea for sharing recipes and knowledge is right up my street. This will definitely be a new bookmark!
Now all I need is a PC in the Kitchen!
OpenOffice.org saves you £30Million/day…
… by my reckoning at least.
Take a look at this chart (click for a bigger image):
That looks to be a rough average of about 300,000 downloads of the free and open source OpenOffice.org application suite every day for the last 28 days, which means about 8.5Million downloads this month. So to me, that works out something like this:
If MS Office is worth about £100 (I guess that’s a reasonable average price) then that’s about £30Million pounds worth of software being downloaded for free every day.
In the last 28 days, that works out at about £840Million, or in US Dollars about $1.25Billion at the current exchange rate.
Now according to the OpenOffice.org’s bouncer today (02/12/2008), there have been a bit less than 18Million1 downloads so far since the release of OOo 3.0 on the 13th October. Or, to put it another way:
worth of software since launch.
How much does our government spend on MSO licenses each year? Think they should stop wasting their money? Fortunately, if it carries on like this, they will probably have to upgrade to OpenOffice.org
[1] Please see the Bouncer FAQ for more details on what is recorded, but be aware that this number is probably very low in actuality:
Does the Bouncer provide the full story?
No! – it only records downloads started a single point, the OpenOffice.org download page. It omits:
- downloads which people make directly from mirrors
- downloads via other mechanisms, such as peer-to-peer networks
- downloads from other third-party repositories – including GNU/Linux distributions (see next question)
Note also that the Bouncer logs when it successfully redirects someone to a download site – if the user chooses not to download, or cancels the download, then the Bouncer will not be aware.
Another tale of Open Sourcery
Martyn, from Severn Delta Ltd, emailed me saying he had an Open Source story to tell. I’ve had this in my inbox for a while now, but have finally got round to publishing it.
Alan,
I own 50% of a manufacturing company in Bridgwater. When we bought the company out of receivership in ‘03 we had no systems at all. Our former parent company was running a character based ERP system called MAX on Unix and a Windows file serving network.
So day 1 (ish!) we set up two RH servers and installed samba, sendmail, apache etc on one for file print intranet and email and the Linux port of MAX on the other.
See this post for some other detail.
http://blogs.severndelta.co.uk/?p=5
We have not been able to find a “right-sized” ERP solution for our needs to replace the ageing character based system (which had been “sunsetted” by infor in ‘05). We also needed some form of CRM package to mange the growth of the company once we had moved into our new building in ‘05.
So…. we decided to develop our own system in combination with an open source CRM package from a company called Senokian Solutions (http://www.senokian.com) called EGS.
EGS is PHP/Ajax based and runs against PostgreSQL. It also has its own development framework based on MVC that allows you to add modules. EGS 2.0 core has CRM, Project Management, Ticketing modules and a framework that allows for integrated e-commerce apps and site content management. It is free and open source.
The tools on which the system is built are:
Linux (Ubuntu)
Apache
PostgreSQL
PHP 5
Ajax
Smarty Template Engine
EZ pdf
XML/SWF ChartsIn November 2006 I took on a developer, Dave Easeman, to help code the accounts/ERP system as I specified it – we are now 99% of the way through – although I guess we will never finish the project! We are about to go live (Jan 1st) and then the aim is to polish everything up in Quarter 1/2 2009.
See here for a link on our blog
http://blogs.severndelta.co.uk/?p=58Maybe what I’ll do is update you as we progress to “go live” on Jan 1.
Regards
Martyn Shiner
Financial Director
Severn Delta Limited
Thanks for the story Martyn, it’s very encouraging how companies such as yours (i.e. not some global enterprise with billions of dollars in the bank) are able to deploy, manage, run and develop their own IT systems using FOSS. This is a great example of just how flexible and accessible FOSS really is.
I love this quote (from the first blog link):
I will never buy a Windows based PC ever again.
Are you listening Bill?
That was written in August last year. I’m interested if you have managed to stick to that goal Martyn?
Good luck with your deployment. I genuinely hope it goes well, and please do keep us updated on your progress. You seem to have a similar tenacity to Adrian Steele at Mercian Labels who has also been blogging about their own migration to FOSS. And they also developed a core application from scratch too – for them it was a CRM/MIS app.
