January 06, 2005
Six Apart acquires Livejournal
Hot as it can be, the news is SixApart has acquired Livejournal. Om Malik broke out the news yesterday. Here is Mena's explanation of the acquisition.
November 17, 2004
Gandhi's Universal Truth
Those famous words of the Mahatma. RedHat seems to have hit the right spot with them. In the latest war of words with some other OS vendors. The response was most probably incited by outburst from Sun and Microsoft recently among all the earlier attempts to malign them.
They go on to say -
Over the years the establishment has claimed Linux wasn't ready, wrote it off as too expensive, and compared open source to cancer and communism. All while they declared it to be enemy number one. We know why. It starts with the open source. This is how we rapidly innovate and provide the levels of reliability and security the establishment can never match. In an open environment, everyone can participate and compete.
Very True.
Fishing out the phishers
Apart from all the standard security features, Mozilla Firefox 1.0 does an incredible job in defeating phishers. As evident from the screenshots on the left, when a regular user visits the Paypal website, Firefox marks the address bar in yellow to show that it is an SSL enabled website. When a phisher tries to imitate Paypal's homepage right down to the last HTML markup tag, the thing that defeats him is the white address bar. A regular user (unlike me; I was almost fooled!) immediately recognizes that this isn't the original Paypal website. The phisher is stopped dead in his tracks. This isn't enough to stop phishing scams. But it goes a long way. In case you are even dumber to differentiate between white and yellow, Spoofstick, an anti-phishing Firefox extension might just be your savior.
In other news, Mozilla Firefox 1.0 gets all the adulation it deserves. Also, here's a step-by-step introduction to Firefox.
November 10, 2004
The Stable Fox is out
Welcome to the world of secure internet surfing. Welcome to Firefox 1.0 - combining the best of browser security, features and cool extension magic. The last few days have been especially good for Firefox. And to top it all, Google has created a custom start page for firefox. This is the default homepage on a standard Firefox installation. As someone said on Slashdot, fire your conspiracy theories...
September 16, 2004
PRA - Purposefully Regressive Algorithm
Microsoft is again doing what it is best at - impeding progress of open Internet standards. The IETF has rejected Microsoft's draft proposal for the SenderID Framework (something to do with anti-spam) because of the patent issues surrounding the PRA algorithm. But does that affect Microsoft's efforts to push forth their agenda? No, not even the Internet's premier body can do that.
Microsoft had released the algorithm under a "non-transferable & non-sublicensable" license which locks out open source implementations of the algorithms since they now cannot sub-license their implementations under the GPL/Apache/BSD licenses. This affects about 60% of the mail relay servers on the Internet! And what do Microsoft have to say on this? "We don't care". If you check the link, the second para tells you all -
…it does not make sense to discuss alternatives to PRA if those alternatives may be reasonably inferred to be covered by the patent application (though not necessarily the license) since this working group does not wish to discount Microsoft's patent application…
Don't forget to read the whole thread. So finally, Microsoft will go ahead with PRA's incorporation and will not use the other alternative MAILFROM method for checking incoming mails. Another quote from the above link -
While Microsoft plans to incorporate both mailfrom and PRA checking information in the records it maintains, it has no plans to use mailfrom to check incoming e-mails, saying PRA is the superior technology.
Pretty roguish attitude!
So what is the SenderID Framework?
The SenderID Framework is a method to authenticate whether a mail server sending mail for say, yahoo.com is indeed yahoo.com server. This is verified by asking the DNS servers of yahoo.com on who are its mail servers and comparing the returned information with the connecting server. If the IP address is listed in the DNS information, the mail is accepted. Now there are two proposals on how this can be implemented. One is SPF and the other is well, PRA. SPF has been freely available for quite sometime, but not PRA.
So does the SenderID Framework kill all spam? The answer has always been NO. Authentication Is Not an Anti-Spam System. Some more links - one, two.
June 18, 2004
The Browser Upgrade Campaign heats up
Its the latest salvo fired against Internet Explorer. Security Focus has joined the widespread campaign exhorting people to move away from the buggy, insecure, dangerous piece of software, and the source of many of the headaches that security pros have to endure. Before them, it was LockerGnome, an MCSE who has been frustrated with IE's security track record, their I-don't-care attitude towards major bug fixes and worst Web Standards support among browsers. Before that was the interview of Scott Collins of mozilla.org on Ars Technica. And then you have the whole Internet community.
Then there are the two discussion threads(one, two) on channel9.msdn.com where everybody is shouting about whether MS cares about web developers and the lack of features in IE. There are ample indications that Microsoft is feeling the heat. You can see Tony Chor answering questions and clarifying in the threads. To summarise the happenings in the forums, after the launch of IE 6.0 in the second half of 2001, MS moved developers from the IE group to the MSN Explorer group. So there was no one in IE to listen to customers' problems. There hasn't been a feature update since then. To believe them, the whole IE group managed only to release security fixes for bugs (and they were quite bad at that too). Now they say, the group is back to work on a newer version of IE including a couple of feature updates in XPSP2. Still the attitude is being non-committal on including complete CSS2 support and PNG alpha transparency. They have managed to put up a wiki for feature requests. I don't know how that is going to help them.
So what is the benchmark? What is everyone recommending to move to? Which browser is high up in terms of security and is standards-complaint better than any other browser? You don't have to take a second guess.
June 07, 2004
The Fox and the open bag
The Firefox visual identity team has decided on changing the default theme of Firefox in preparation of the impending 1.0 release. As often in the open source community, this has caused some furor in the mozilla dev community with people taking sides with the earlier theme author who is equally furious. The fault was his own. He was hesitant in releasing his Qute theme with the same license as MPL. So the team thought of porting the hugely popular Pinstripe OSX Firefox and Thunderbird themes to Windows. They call it Winstripe. Although its only Work In Progress and is basically a mish-mash of the Qute, Pinstripe & XP Luna themes, I am liking it™.
January 18, 2003
OpenNTF
OpenNTF is an open source community site for the Domino platform, on the lines of sourceforge.net. And they have some very interesting open source projects going on - Discussion Forum, a CMS, Fax server, a bulletin board, a simple CRM, shopping carts, a workflow engine, an LDAP schema for Samba to work with Notes, a helpdesk software. Hmm... the list gets more and more interesting. These guys are surely responsible for arousing my interest in Domino, given that at one point of time, I used to hate Lotus Notes. In case you need open source software for Windows, check out OpenCD.
November 02, 2002
BSD Mania
Now for some late night BSD snacks - If you are a BSD newbie, you might find the very linux ONLamp.com actually useful. If you are a BSD pro, a CD bootable firewall might interest you. And if you are neither a newbie nor a pro, securing your BSD box might be what concerns you most. OpenBSD 3.2 has been released. It boasts of a chroot'd Apache, the very reliable systrace, the finally-arrived packet filter, pf among other things. If you are more interested in the status of pf, you can check out the interview of Daniel Hartmeier, the original author of pf, at kerneltrap.org. OpenBSD has always been my favourite, more than Linux, for firewalls, for its minimal footprint(30MB, without a bit of effort), easy configuration(clocked 1 hour setups from scratch to firebreathing boxes) and almost nil maintenance(400 days without a reboot).
October 31, 2002
M$ Undoing
Off late, if you must have observed, Linux is gaining followers
among governments of the developing nations. Because of its cost
factor, configurability, academic significance, open standards,
it is steadily gaining popularity. This seems to have frustrated
Microsoft to no limits. MS has put up a site called Initiative
for Software Choice(ISC) demanding "fair" software
procurement practices from governments, saying that choice of Linux
is not fair. Linux evangelist Bruce Perens was not far behind. In
retaliation, he created a site called Sincere
Choice. Here is his analysis
on ISC.
MS is trying hard to strike back this time using negative tactics.
Steve Ballmer has been constantly harping on his 'Linux
is a cancer' theory. And the most glaring example being a Congress
member calling on to the US Govt to ban the GPL. Using poor
examples and statements that look straight out of MS PR handouts,
they say that licensing terms such as "those in the GNU
or GPL" are restrictive, preclude innovation, improvement,
adoption and establishment of commercial IP rights. How ridiculous!!
But then, you see its a part of their job, after all
the support Micro$oft has given them. The US seems to be the
only govt so much in love with MS. Not even
the Europeans are so comfy with Microsoft. MS has even gone
to the extent of blocking
GPL source code being used with windows programs.( Their Royalty-free
CIFS license.) For your surfing pleasure, Related - one,
two,
three,
four,
five, six, seven, eight.
If you actually were to compare the GPL
License and one of the Microsoft software licenses(couldn't
get the links, and morover they constantly change),
you yourself can decide which of them is the real cancer! All this
and not to mention the countless antitrust cases against the software
firm.
Update: The latest addition to the growing list of countries rejecting MS is Namibia. Check this The Register article.
September 27, 2002
The Free and The Powerful
Its a culture, its a philosophy, its powerful, its flexible, best of all its open! The BSD OSes. As we call them *BSD. The most popular FreeBSD with all bells and whistles; The most secure OpenBSD, without a remote exploit for 4 years and the most fanatic OS code auditing team; The most portable NetBSD, which runs on 25 different platforms, ranging from the humble x86 to the most exotic BeBox and Playstation2. It has the record for most number of hardware supported; And last and latest Darwin, the backbone of MacOSX, offering the best CLI/GUI combination. Those BSD guys are simply great. Read an inspiring article on the BSD OSes.
June 08, 2001
Ganymede
Since everyones goin Directory Services crazy, here's Ganymede network directory management system released under GNU.
May 25, 2001
6Bone BSD
Here's a HOWTO on OpenBSD+6Bone i.e. if you know that 6Bone is not actually 6 bones. :-)
May 17, 2001
Logmon
This is one cool program, multiple log files in the same terminal LogMon
