Microsoft Holes Exploited Again
As if the last security hole in Internet Explorer was not enough, here’s yet another reason to drop Microsoft Software. This time it’s their cash-cow, Office:
Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, according to security researchers.
“Inside the document is an ActiveX control, and in that control is a line that makes it call out to the site that’s hosting the malware,” said David Marcus, the director of security research and communications for McAfee’s Avert Labs. “This is a pretty insidious way to attack people, because it’s invisible to the eye, the communication with the site.”
This all reminds me of a sieve – full of holes.
If I was a small business using Microsoft application software today, I would be dropping it faster than a red-hot rock. If I was a CTO I would be planning now how to migrate away.
OpenOffice.org will protect you from malicious ActiveX in documents, Firefox for web browsing and Thunderbird for email will do the same whilst allowing you to continue to use the Windows OS as you plan the final step to freedom. Ubuntu will complete the process.
If you need help, there are companies out there who can provide support and technical assistance. 😉
OpenOffice.org saves you £30Million/day…
… by my reckoning at least.
Take a look at this chart (click for a bigger image):
That looks to be a rough average of about 300,000 downloads of the free and open source OpenOffice.org application suite every day for the last 28 days, which means about 8.5Million downloads this month. So to me, that works out something like this:
If MS Office is worth about £100 (I guess that’s a reasonable average price) then that’s about £30Million pounds worth of software being downloaded for free every day.
In the last 28 days, that works out at about £840Million, or in US Dollars about $1.25Billion at the current exchange rate.
Now according to the OpenOffice.org’s bouncer today (02/12/2008), there have been a bit less than 18Million1 downloads so far since the release of OOo 3.0 on the 13th October. Or, to put it another way:
worth of software since launch.
How much does our government spend on MSO licenses each year? Think they should stop wasting their money? Fortunately, if it carries on like this, they will probably have to upgrade to OpenOffice.org 😉
[1] Please see the Bouncer FAQ for more details on what is recorded, but be aware that this number is probably very low in actuality:
Does the Bouncer provide the full story?
No! – it only records downloads started a single point, the OpenOffice.org download page. It omits:
- downloads which people make directly from mirrors
- downloads via other mechanisms, such as peer-to-peer networks
- downloads from other third-party repositories – including GNU/Linux distributions (see next question)
Note also that the Bouncer logs when it successfully redirects someone to a download site – if the user chooses not to download, or cancels the download, then the Bouncer will not be aware.
Wanted Dead [not alive] M$ Unified Communications. $100k Reward
I used to work in the Computer Networking Industry and Cisco was, by far, my biggest competitor in almost all areas. You had to respect them however. Not only did they have a very full war chest of products, sales execs and money to pour into the channel but also they were the absolute best for the way they managed acquisitions (and they did a lot of them). They had such a thorough and well-honed process that the acquired companies almost always integrated swiftly and with minimal pain. Those individuals who stayed were made welcome on Day 1. And those who were not wanted were given their severance fairly and swiftly.
My experiences of being acquired (not by Cisco BTW) have been far less clinical. In fact we weren’t properly integrated and given the appropriate company status for many, many months…
Anyway, I digress somewhat.
It appears that Cisco are now going after the convicted monopolist Microsoft, and in a fantastically ironic way. They have announced a competition for Linux developers to help them create innovative and compelling products:
The Cisco “Think Inside the Box†Developer Contest invites developers to write applications for the Cisco Application Extension Platform (AXP) platform on the Cisco Integrated Services Router (ISR). Cisco will award a first prize (US$50,000), second prize (US$30,000) and third prize (US$20,000) to the person or team of innovators for the most creative and compelling entries. You can find terms and conditions at www.cisco.com/go/thinkinside.
Here’s the full story from The Var Guy.
If you have think you might have a good idea, go and register for the competition.
Russia teaches the world about FOSS
Glyn Moody (See blogroll) has an absolutely cracking post on his Open Enterprise blog regarding a recent announcement from Russia. The really interesting bit for me is not the article itself so much, although it is indeed great news and very inspirational, but the comments that follow.
Firstly, the main story. It is that Russia has had such a successful time using Open Source software in some School pilots that the government have decided to roll it out across ALL schools in Russia.
It began with a few pilot projects, and apparently these have been so successful that the Russian government has now decided to make it the standard for *all* schools:
До конца 2009 г. на вÑех школьных компьютерах будет уÑтановлен пакет Ñвободного программного обеÑÐ¿ÐµÑ‡ÐµÐ½Ð¸Ñ (ПСПО). Об Ñтом, как передает «Прайм ТÐСС», ÑÐµÐ³Ð¾Ð´Ð½Ñ Ñообщил миниÑÑ‚Ñ€ ÑвÑзи и маÑÑовых коммуникаций РФ Игорь Щеголев на пленарном заÑедании «Информационное общеÑтво и Ñовременные технологии доÑтавки информации» в рамках международной выÑтавки «ИнфоКом-2008».
[Via Google Translate: By the end of 2009, all school computers will be installed package of free software (PSPO). This is how transfers «Prime-TASS», today announced Minister of Communications and Mass Communications of the Russian Federation Igor Shchyogolev at the plenary session «Information Society and the modern technologies of information» in the international exhibition «InfoCom-2008».]
This isn’t just an option for those brave souls who might want to try something different: this is now the official approach. If schools want to use proprietary software, they have to pay for it themselves:
Read the full article to get further details.
Then scroll down the page and read some of the comments…
It starts with the first post saying we should teach M$ because that’s what business uses today. It’s the only “pro” proprietary comment and rightly gets pretty short shrift from every subsequent commenter.
But then a remarkable thing starts happening, which emphasises yet again, why Free Software is SO important in Education: In that it absolutely encourages innovation, inquisitiveness, collaboration, and – above all – learning from and with others.
Gala Kuznetsova said on Thursday, 23 October 2008
Today more than 1700 russian schools (~ 34 000 computers) migrated to free software. Additional information about this project: <http://altlinux.info/news/altnews>
—
Alex Besogonov said on Thursday, 23 October 2008
A little translation grammar nazism: “According to Schegoleva” should be “According to Schegolev” (“Shegoleva” is genetive case from “Schegolev”).
—
Helio M. said on Thursday, 23 October 2008
In Brazil, we soon have 50 million kid in school will use KDE/Linux which is modified in portogeuse for our country. As mroe and more kids become use to Linux, we have then more young developers/hackers who will be growing up in school useing free software and we will continue to have a free/free OS that will truly reflect our country but built at the base on a foundation of Gnu/Linux/KDE projects. We can share knowledge with the planet but have a distro (or more) that is us and whom we control. I think russians will like that. it is called selfdetermination.
—
anonymous said on Friday, 24 October 2008
It should be noted that what google translates as free has in Russian the explicit meaning of free as in liberty, aka open source.
—
Hilton said on Friday, 24 October 2008
Hi
We are pushing open source software usage in schools in South Africa – www.tuxlabs.org.za using edubuntu. The guy from brazil can you please make contact hilton@inkululeko.co.za (inkululeko=freedom)
—
Ken Hansen said on Friday, 24 October 2008
Here in my US school district the technology teachers are *demanding* MS Office 2007access now, and they expect that MS Office 2007 will replace MS Office 2003 in next year’s district-wide system image. This despite the factt they have neither the training or classroom materials to properly teach students in MS Office 2007. The cornerstone of their argument lies in the frustration that we don’t have the same tools our kids have at home!
This is all great stuff:
- 50,000,000 kids using Linux in Brazil!
- South Africa asking Brazil to contact them to share their experiences.
- A US School demanding they teach MSO2007 despite the fact they don’t really know *how* to teach it.
- A lesson in Russian Grammar…
- and the true meaning of the word “Free” in the Russian text.
The second, and far more worrying conversation, just shows what a total travesty it is that we continue to teach our children not how to use a computer as a tool, but instead teach our kids how to open and create a Microsoft Word or Excel document. Another visitor to our stand (and parent) was discussing the experience of a colleague whose child came home from school with some homework only to find he couldn’t open the files on his home PC as they were created in Office 2007! The family couldn’t afford to buy it – and why the hell should they frankly? This was obviously very distressing for the family and child concerned.
Our our schools now a sales channel for Microsoft I wonder?
The result of this kind of upgrade-treadmill that MS would love us all to live on permanently, is to create a two-tier system of education for our children: those whose parents can afford to buy expensive commercial software and those who cant.
OOXML: Flogging a Dead Horse
I am continually amazed by the amount of time, energy and expense that the ISO are going to to support the standard that nobody really wants or believes (in except for one corporation and it’s paid lackeys of course). Yes, it’s IS29500 (OOXML to you and me).
In the last few weeks we have had coverage with some lovely photos of the events taking place in Korea from that bastion of fair play and honesty Alex Brown. How the poor live eh? All sponsored by our friends and yours: Microshaft. Well actually, if you buy their software, you have probably been paying for the luxury hotels, drinks and food.
We have also heard how the Norwegian NB (National Body), that actually voted against OOXML becoming a standard but were ignored, has resigned en-masse:
We end our work with Standard Norway because:
- The administration of Standard Norway trust 37 identical letters from Microsoft partners more than their own technical committee.
- The process within Standard Norway has been unpredictable and the administration has changed the rules along the way.
- Standard Norway and ISO have committed a series of violations of their own rules and other irregularities in the OOXML process.
“Standard Norway has overruled hundreds of thousands of users in the public and private sectors”, says Martin Bekkelund.
The mass-copied Microsoft-letter did not contain a single professional argument. Standard Norway first said that these kinds of statements would not be given any weight. However, at the end of the process they changed their mind and emphasized the Microsoft letters. Thereby, Standard Norway misled the committee members.
And we have also seen IBM – a conservative corporation by any measure – making a public statement about the standards process needing reform. Bob Sutor expands on the announcement:
I’ve asked before in this blog if we don’t need some sort of full disclosure from standards participants. In the wiki IBM facilitated last summer, there was a good discussion of the notions of open government and how these might apply to standards making. Over time various votes on standards will be won or lost. I think an open, transparent organization should help users and other stakeholders understand who voted how and why. This is especially true for organizations that represent countries. We must have and understand accountability.
Not very clouded words for “ISO: Sort out your house or become an irrelevance”.
And we also had, back in September, the signed declaration by 6 countries – Brazil, Cuba, Ecuador, Paraguay, South Africa and Venezuela – deploring the refusal of ISO and IEC to further review the appeals submitted by the National Bodies of four nations.
And in support of ODF we have – almost daily it seems – countries, public bodies & departments and corporations requiring/mandating [PDF] the use of the open and royalty-free ODF to store their documents. Here some of the countries that have (or are) adopted ODF: Belgium, Brazil, Croatia, Denmark, France, Japan, Malaysia, The Netherlands, Norway, Poland, Russia, South Africa, Switzerland and Uruguay. Many others are close on their heels.
Which countries have formally adopted OOXML? Which countries have said they are thinking about adopting OOXML? I have yet to see any. Perhaps Côte d’Ivoire might eh?
But OOXML is not quite dead yet. There is a danger. And one we must all be vigilant toward: There is a possibility of Microshaft and it’s Lackeys trying to gain control of the maintenance of the ODF standard. Currently this is handled by the very open and transparent OASIS organisation. This process might end up being transferred to ISO under the guise of a group known as SC34. This committee is loaded full of Microsoft puppets – several of whom are British and have shown a total disregard for due process to this date.
Perhaps the title shouldn’t be “flogging a dead horse” but more of a “dead cat bounce“.
Building your own PC…
My regular desktop computer, Twoflower*, that I use for work and play is dying… 🙁
Twoflower is pretty old now by PC terms and is becoming quite unreliable. I built it about 4 or 5 years ago I guess, although I can’t remember exactly when, and it has been a good workhorse until quite recently. But the time has finally come to move on.
I like building my own PCs and find it can also be a very cost effective way to get exactly the PC you want and, of course, you don’t have to pay the Microsoft Tax either. So, after planning and reading for a couple of months or so, I have just ordered the new bits which will come together to create Lobsang*.
I’m not a “gamer” so I don’t need a heavy duty graphics card or excessive cooling, but I do tend to run a lot of apps at the same time and some of them are quite “hungry”: Eclipse, VirtualBox Virtual Machines, Inkscape, Gimp, OpenOffice.org, Thunderbird & Lightning with as many email accounts and CalDAV calendars as I have, and Firefox with usually a dozen or so tabs open at one time and perhaps further instances of Firefox running too. I’ve also often got a remote X sessions running to a development server as well.
So, it was important to me that I built a PC that is pretty quick, can be expanded easily and will – again – hopefully last me for a good few years.
Here is my shopping list:
| Antec Three Hundred Case w/o PSU |
| 520W Corsair HX Series Modular PSU, ATX, EPS12V, whisper quiet, 5 year warranty |
| Asrock P43R1600Twins, iP43, S 775, PCI-E 2.0 (x16), DDR2/DDR3 1066/1333/800, SATA II, SATA RAID, ATX |
| Intel Core 2 Duo, E8400, Wolfdale Core, S775, 3.0 GHz, 1333MHz, 6MB Cache, Retail |
| Arctic Cooling Freezer 7 Pro |
| 2GB (2x1GB) Corsair TwinX DDR2 XMS2 Dominator, PC2-8500 (1066), 240 Pin, Non-ECC Unbuffered, CAS 5 |
| 256MB Palit 9500GT, PCI-E 2.0(x16), 1600MHz GDDR3, GPU 550MHz, 32 Cores, HDTV/ D-Sub/ DL DVI-I |
| 320 GB Samsung HD322HJ Spinpoint F1, SATA 300, 7200 rpm, 16MB Cache, 8.9 ms |
| Samsung TS-H653B/DEBH 20x DVD±R, 8x DVD±DL, DVD+RW x8/-RW x6, x12 DVD-RAM SATA Black OEM |
The notable items on here I would say are:
- Power Supply – It is a really important part of your system. A cheap “no-name” PSU gives you unstable voltages that will lead to operational and reliability problems, crap cabling which restricts airflow, inefficiency so you just waste money making heat and they can be surprisingly noisy. The reviews I read lead me to choose either this Corsair model or a 450W unit from “Be Quiet”.
- The Asrock Motherboard – This was probably the hardest component to choose. I don’t need a top-end mobo that will overclock like a wild thing, but I did want one that would provide me with a decent platform and will allow some level of growth. This board looked to be just about right and very well priced for an Intel LGA775 board. It supports DDR3 (up to 4GB) as well as DDR2 (up to 8GB) memory and will run any of the latest generation Core2 dual and quad core processors including the most recent 45nm designs.
- The Processor – I was, until quite recently, going to go for the outstanding Q6600 65nm Quad core chip but having read some more recent reviews it seems as though the newer 45nm designs are much more efficient and yet more powerful. In most review tests, this dual core E8400 outperforms the Q6600 device and has about half the power consumption. There are certain times when 4 cores are better, but seeing as I’ve happily lived with just one up until now I think two will be just fine!
- No Operating System – I will, of course, be installing a Free and Open Source OS and that will almost certainly be Ubuntu Hardy Heron 8.04.1. In fact I am planning to have a spare partition or two so I can install other OS’s too.
The rest of the items are nothing too special. I am very fond of Samsung drives and have used them for many years now. They are usually very quiet, fast, reliable and are excellent value. The graphics card is a passively cooled device that will be very fine for Compiz and the minimal other 3D requirements I have. I wanted a new case as my current PC’s case is terrible. It was cheap, looked it too and is really noisy with quite a few 80mm fans churning away constantly. This new Antec Three Hundred case looks much better, has bigger 120mm and 140mm fans (that turn slower and thus make less noise) and has better cable management so air should flow well and is quite capacious so I have room to expand too.
My main source of knowledge for this lot comes from the excellent Custom PC Magazine. Although it is heavily geared toward gamers and high end systems, their no-nonsense reviews and technical features are the best I have come across, and I’ve been reading computer magazines virtually since they first appeared. When Custom PC review a product, if it is crap they really say so. There never seems to be any of the “polite excuses” or bias toward particular suppliers or vendors – unless they make really good gear that is. My only gripes with it are I’d like it to cover more Media and power efficiency topics and feature more Open Source software. Perhaps I should suggest some articles…
For the supplier of the bits, I have gone to Scan Computers. I have used them several times before and have no complaints at all. They have a great reputation for service and they do tend to have the best prices too. Hopefully the bits will be here by the weekend, just in time for my 10th Wedding Anniversary, so how much actually ends up getting assembled before next week remains to be seen…
For this blog, I’ll take some pictures of the bits before, during and after assembly and run through the way I put together a new PC. It isn’t terribly hard and is very satisfying when it’s finished.
Update: I’ve written two articles covering the build process. Part 1 is here.
* All the computers in our house are named after characters from Terry Pratchett’s Discworld novels. So far I have used: Rincewind, Mort, Binky, Moist, Angua, Twoflower, Gladys and Vimes.
