Ubuntucat

Through various times in my education, I was taught to not use the first person and to use an “objective” voice in my writing. When I became an English teacher, I taught my students a similar principle, except I called it “the illusion of objectivity.”

Objectivity is an interesting concept, but I do believe it is usually an illusion. There is an approach popular in the social sciences (particularly with regard to discussions of gender, sexuality, race, and class) in which the writer or researcher owns up to subjectivity and doesn’t pretend to be objective. The writer recognizes that her or his own upbringing colors the research, both in the questions that are asked and in how the answers and findings are interpreted or made meaningful.

How do I see this played out? Well, I’ve seen it in several scenarios. One was a faculty meeting once, when I was still teaching, in which a rather heated debate about homework loads ensued with various teachers believing hefty amounts of homework were necessary to moving along the curriculum and preparing students for the rigors of college and other various teachers believing that hefty amounts of homework left students too stressed out and unable to balance their lives properly. At one point, a teacher noted that most teachers who belonged to the former group were non-parents and most belonging to the latter group were parents. I believe his observation was intended to defuse the tension in the room, but it served only to make things tenser by making the conversation personal. A non-parent teacher I spoke with later after the meeting was quite upset, because she said not all non-parents chose not to have children, and we all give all we have to these kids (the students). I was in full agreement with her. More importantly, that incident made me aware of how tenuous the idea of objectivity is, particularly in that kind of discussion. After all, are the teachers who are also parents more “objective” for being parents, as they see both sides of the homework issue (as parents and as teachers), or are the non-parents more “objective” for being non-parents and not being emotionally tied to the apparent sufferings and imbalance students and their families might feel when overwhelmed with homework?

Even though a lot of us who appreciate logic theory want to think we can avoid ad hominem mistakes, we nevertheless often judge what people say based on who they are and what their perspective is rather than solely on the soundness of what they say in a vacuum. Think about how many letters to the editor of newspapers start out with identification. For example, let’s say there were a letter announcing its author as a Jew before going on to argue that anti-Israel sentiment is not the same as anti-Semitism. Wouldn’t the argument, if it were sound, be just the same, whether it came from a Jew or from an Arab? Or a letter announcing its author as a woman that also talks about how feminism has ruined the traditional American family values and is responsible for a number of societal ills—would the argument, if it were sound, be just as strong coming from a man? Or would it retain its potency if the letter writer didn’t reveal her or his gender?

Recently, I read some letters to the editor about capital punishment. One letter was for capital punishment. One was against it. Both were from self-proclaimed family members of murder victims. Does that perspective offer credibility? I guess, strictly from a theoretical logical perspective, no. But, really? Yes. I take a hell of a lot more seriously someone who’s had a family member murdered who is still against the death penalty than I do someone who has the same stance but lacks that personal experience. Yes, it seems to go against logic. The one without a personal investment in the trial and sentencing would seem to be the one with her head about her. But is that really objectivity? Or is it just another kind of subjective experience (the lack of a murdered family member)?

One time, in an American Literature course, my colleague and I planned a unit talking about race theory. Because I was Asian-American, some of my students questioned my motives for teaching that unit (“Is Mr. W.’s class doing this, too?”), but Mr. W was not similarly questioned, because he was White. But why would a White person be more objective about race? White, after all, is a race, too. It isn’t the lack of race… or shouldn’t be, at least.

In the end, I own my subjectivity. I know if I were White, born in the South, poor, raised to be macho, and taught to appreciate guns, I’d be a different person with a totally different perspective on life. If I were a woman forced to have sex with my boyfriend, I’d be a different person with a different perspective on life. If I were an American soldier in Iraq or an Iraqi, I’d have a different perspective.

We aren’t just detached logicians. We are all human and come with our own experiences. The sooner we recognize that, the sooner we can come to at least some semblance of the truth.

I get messages all the time—whether they’re from feminists, environmentalists, Christians, or Linux users—about how to spend my money and what businesses to support. This has been going on for years. Even in high school, my friend Shannon used to chastise me for using Papermate pens because Papermate did animal testing. My pastor told me that he supports Barnes and Noble online because Amazon gives a lot of its money to conservative political organizations. Linux users say to buy from vendors who provide Linux-compatible hardware (open drivers or ported drivers).

I do believe in voting with your wallet. I do believe that my general support of local businesses makes a difference in my neighborhood. I do think it matters whether I eat at a mom-and-pop restaurant instead of a large chain. I do think it matters whether I buy a comic book from the local comic book store instead of off Amazon. I do think the money you spend on computers sends a message to hardware vendors.

Of course, it’s only true to a certain extent. The economy is the economy. It’s interlinked. Organizations are interdependent. You can’t just take yourself out of the “bad” economy and make sure you’re in only the “good” economy. Every school or non-profit you believe in receives donations from very rich people who got very rich doing things you may not believe in. Even those rich people who are nice enough to donate may not themselves believe in what their company does. But their company pays the bills.

The interesting thing is that corporations (as I learned from the excellent documentary The Corporation) are not evil or good. They may appear to some people to do a lot of evil things, but they basically are, as the documentary puts it, “amoral and dangerous.” They exist to work for the good of their shareholders. That’s their main point of existence. If they’re not meeting that goal, even founders of corporations can be fired. These corporations may at the same time be polluting the water, kicking the poor out of their neighborhoods, building commercial buildings in place of public parks, laying off employees by the thousands… while also sponsoring fundraisers for charities, and donating large sums of money to non-profits and environmental organizations.

It would be convenient to think we live in an easy world of economic good and bad—that you can say “My money goes to only good companies and good causes” and know what you’re saying is true. The truth is you do what you can. You can make little bits of difference. You cannot ignore our interdependence, though. We’re all in this together and we all, in little ways, either support “the man” or benefit from support of “the man”—regardless of who “the man” is for you.

As a follow-up to my post of four years ago, “Gmail and Privacy,” I’d like to say something about some of the reactions to Google being asked to hand over YouTube user data to Viacom by an American judge.

First of all, I don’t see that Google did anything wrong here. Viacom may have done something wrong. The judge who ruled that user viewing data could be handed over from one company to another company without user consent has done something wrong. Should this make Google rethink how much data it should store and for how long? Of course. But that’s not because of what’s wrong with their privacy policies or practices—it has everything to do with the laws and powers they are subject to.

Secondly, as evidenced in the government subpoena in 2006 of search data, Google is much better than other major search engines, since AOL, MSN, and Yahoo! readily gave up their user search data, and Google didn’t. Google isn’t always in a legal position to protect your privacy, but it will at least try.

But that’s the real problem here. Too many people are focusing on Google and getting angry about privacy issues there. The real issue here is the US government and privacy issues there. If your data is stored somewhere, and the laws are on the side of a snooping government instead of a private citizen, then you’re screwed no matter where you store your data. You could have it on a privately owned domain hosted on a private server or even on your own home mail server. If the government wants to get to your data and a judge approves that action, well, tough luck for you. Never mind that most emails are sent unencrypted anyway.

When I think about how much of my life is stored places, it’s a little scary. I check books out of the library all the time. The library has a database (which is accessible online) of all the books I’ve ever checked out. Amazon keeps track of all the books I order or even look at and don’t order. If I use a credit card at a grocery store, they know what groceries I buy, and using a grocery store frequent buyers card makes it even easier for them to track what I do.

I guess if there’s anything that makes Google dangerous in terms of privacy, it’s the fact that they store a lot of data together. The government doesn’t have to search through millions of individual homes. They can just pester one company to give up its data. Really, though, imagining that you have privacy on the internet is just delusion. Yes, there are some things you can do to limit the amount of personal information you have floating around, but ultimately we live in a digital age, and the government has the ultimate say in terms of how that data gets accessed, privacy policies be damned.

Further Reading
Privacy on the Internet Still Doesn’t Exist

If you’ve never gone to seminary or studied ancient languages, it can be difficult to know how to interpret the Bible. There are so many interpretations that many critics of Christianity claim the Bible is essentially meaningless, since people can use it to justify anything.

I’m not a theologian. I’m just a lay-Christian, as most Christians are. We read books and listen to sermons by people who have studied ancient texts. We try our best to figure out what our stances should be on various issues in modern life based on what was written in cultures removed by time and often place as well.

I don’t know that my interpretations of the Bible are always right. Some passages seem to need reconciling with other passages (an eye for an eye or not?). Some passages seem to need reconciling with the common sense of everyday life (I don’t plan on literally gouging out my eye any time soon). So the way I make sense of the Bible is to look at what priorities the Bible itself places. What is the greatest commandment? What virtue is the most important?

Here’s what Jesus has to say:

Hearing that Jesus had silenced the Sadducees, the Pharisees got together. One of them, an expert in the law, tested him with this question: “Teacher, which is the greatest commandment in the Law?”

Jesus replied: ” ‘Love the Lord your God with all your heart and with all your soul and with all your mind.’ This is the first and greatest commandment. And the second is like it: ‘Love your neighbor as yourself.’ All the Law and the Prophets hang on these two commandments.” (Matthew 22:34-40 TNIV)

Loving the Lord your God is quite abstract, and the implementation of that principle is subject to interpretation. But loving your neighbor doesn’t seem too difficult to understand. Who’s your neighbor? Well, the person you’re supposed to hate, of course (read the parable of the good Samaritan, if you don’t believe me). You can see this shown through the stories of Jesus’ own life. Whom did he scorn and publicly humiliate? The people with theological authority who judged others as morally inferior. Whom did Jesus love and associate with? Just about everybody else—the outcasts, the “sinners,” the prostitutes, the tax collectors, the lepers.

So try to think about, in today’s society, who the theological authorities are who judge others. Then think about who the outcasts and “sinners” are. Love the latter. Associate with them. Then call the former on their bullshit, just as Jesus did.

Let’s take a look at what Paul says:

If I speak in human or angelic tongues, but do not have love, I am only a resounding gong or a clanging cymbal. If I have the gift of prophecy and can fathom all mysteries and all knowledge, and if I have a faith that can move mountains, but do not have love, I am nothing. If I give all I possess to the poor and give over my body [to hardship] that I may boast, but do not have love, I gain nothing.

And now these three remain: faith, hope and love. But the greatest of these is love. (1 Corinthians 13:1-3,13 TNIV)

Yup. That’s right. All that religious stuff you do? Pretty cool stuff. All that stuff without love? Worthless. Love trumps all. If you don’t love, as far as I can tell, you’re not a Christian, just a religious legalist. So the basic guideline you should have when struggling with scripture, working out interpretations, trying to resolve apparent discrepancies, figuring out practical applications to life: love. Make sure you remind yourself that both Jesus and Paul have said the greatest thing is love. That’s the priority.

I may not have seminary training. I may occasionally get some biblical interpretation wrong, but if I love people and God, I know I’m on the right track.

This is a very common question that comes up on the Ubuntu Forums from new users migrating from Windows. The answer, of course, is “No, Ubuntu doesn’t need antivirus.” Linux (and sometimes Mac) users often get accused of being smug or complacent for saying they don’t need antivirus, so I think I have to clarify that answer for the skeptics.

What kind of virus are you looking for protection from?
I’m not an expert on all the terminology out there for malware, but there are basically two kinds of malware, when it comes to security—malware that self-replicates and infects through security holes and malware that tricks the user into installing it (what’s called social engineering).

What makes the first kind of malware such a problem in Windows (at least in XP—I’ve never tried Vista) is the default-to-administrator-account setup, which is reinforced by some programs designed for Windows requiring the user be administrator, documentation for Windows assuming you are administrator (very seldom have I seen instructions for installing a setup.exe ask you to right-click, select Run as… and authenticate with an administrator account, with the assumption that you must be using a limited user account regularly), and the inconvenience of not being an administrator all the time (Run as… is not perfect and is often difficult to use).

The administrator account in Windows has access to almost everything on the system, so if it gets compromised, the entire system is compromised. And if you’ve ever had to clean malware off a Windows computer, you know how difficult it is to get all the junk out of the registry and all the reappearing programs and .dll files out of system directories.

A limited user account, on the other hand, has access only to its own account and very few system directories. I don’t know of any Windows malware that targets limited user accounts, but if the limited user account got compromised, cleaning up the malware would be a lot easier, as you could create another account, and one by one quarantine and examine user files you copy over from the compromised account to the newly created account and then delete the compromised account.

In Ubuntu (and in most Linux distributions and Mac OS X), the default account operates mainly as a limited user account, with write access to mainly its own user directory, and then the user in the admin group (in the case of Ubuntu and Mac OS X) is able to “sudo” and temporarily escalate privileges for particular tasks after password authentication. On non-Ubuntu Linux distributions, the authentication is a temporary login to the root (total access) account.

While a lot of people make the case that separating user privilege from system privilege alone guards against malware infestation (and they probably have a point), I’d at least argue that that separation makes cleanup after an infection a lot easier. The only trustworthy cleanup I know of a Windows-compromised computer is a complete reinstallation of the operating system.

But then there is social engineering. This could be anything from a tainted email attachment a friend innocently sends you and you open to a website asking you to download a “codec” (disguised malware) to play a video. The point is that the flaw isn’t the operating system itself but you, the user. If you’re tricked into installing a piece of malware, it won’t matter what kind of security you have set up. Don’t listen to Linux users who will tell you that you have to first make a file executable and then run it. With all the “user-friendly” graphical tools now available, all someone has to do is create a malicious “cool” .deb file for Ubuntu and trick Ubuntu users into downloading it, double-clicking it, and authenticating with their password. That .deb can run any command then with root privileges and compromise your entire system. It could install a keylogger or a rootkit.

Another time you shouldn’t listen to Linux users is when they try to say a lack of malware on Linux has nothing to do with marketshare, since Linux dominates the server scene, and Linux servers are not more compromised by malware than Windows servers. While what they’re saying is true, it’s also misleading. Most corporate servers are run by trained professionals or at least knowledgeable amateurs, and they’re less likely than the general populace to fall for a phishing scam or other kind of social engineering attack. This is not, true, however, for home users. Nevertheless, the point is moot. If security by minority has any validity, I think you can rest pretty easy that within the next three years, Ubuntu won’t reach over 50% of home user marketshare, no matter how successful it is or how many “years of the Linux desktop” pass by.

But don’t Linux viruses exist?
Yes, but they are either proof-of-concept ones created for research purposes or ones that took advantage of flaws that have since been patched. There aren’t any Linux viruses that are actual threats to Linux systems. If malware relies on social engineering, though, and you’re tricked into installing it, then your system is screwed either way—running an antivirus program won’t help you.

Should you run antivirus just in case?
Well, obviously I can’t stop you. You can also wear a gas mask around all the time when walking through perfectly healthy air. I won’t stop you from doing that either. But in either case, I’m not going to pretend what you’re doing makes sense.

Most antivirus applications in Linux scan for Windows viruses, and if a Linux virus came into existence and actually was a threat, it wouldn’t automatically be in your antivirus application’s definitions anyway, since the virus is new. So you wouldn’t be protected. A vaccine against polio isn’t going to protect you from getting AIDS. Neither is an outdated set of virus definitions going to protect you against a new threat.

Shouldn’t we protect Windows users?
Some have made the case that it is our responsibility to protect our Windows-using friends and relatives by scanning files before they’re sent to Windows users. While that case could be made, I don’t think Linux home users make up a large enough demographic to protect Windows users in such a way. It’s about as effective as building a wall around a city for protection but having the wall go less than 1/10 way around the city. Great. The attackers will just go to a different entrance to attack the city. (See the first link in the Further Reading section for more details.)

This brings up a good point, though. If you’re using Ubuntu as a regular desktop or laptop computer, you don’t need to run antivirus, but if you’re using Ubuntu as a mail server, you probably should install and use antivirus. In fact, many mail servers are Linux-based, so you would be part of a very large wall—an actual first line of defense.

What good is antivirus?
I do have to say, though, I think antivirus is mainly a resource hog and almost a placebo. It’s something that makes people think they’re secure without actually making them secure. In fact, every time I’ve seen a Windows-using family member or friend get infected with malware, that person has always been running antivirus, antispyware, etc. You can’t rely on a program to protect you. You have to learn good security practices yourself—don’t run as administrator regularly, use strong passwords, learn to recognize social engineering and phishing scams, do not visit sketchy websites, etc. Relying on anti* programs for protection is like thinking the vaccinations you get from the doctor protect you against all disease in life. You can’t then just have unprotected promiscuous sex, never wash your hands, eat anything you find in the forest, and have extensive physical contact with sick people, and then expect to stay healthy.

Antiviruses operate in two ways, and ultimately neither way ends up being effective for home use. One way is maintaining a list of known viruses. Well, when a new virus shows up, it won’t be in that list before it’s done some serious damage. The other way is trying to identify malware based on the content of the file. This leads to a lot of false positives and essentially defeats the point of antivirus, since it ends up being the user deciding what files are trustworthy or not… or just getting used to overriding the false positive identification of the antivirus application to the point that it’s like whitelisting everything. I would actually argue that you don’t need antivirus in Windows either. I know that sounds brash, but I believe it’s true. If you want Windows to be secure, use a limited user account, show file extensions for all files, use Thunderbird instead of Outlook, learn how to identify and avoid social engineering, and use strong passwords.

Conclusion
Frankly, I’ve never seen a real epidemic threat to Ubuntu users, but if one appeared, I promise you that having antivirus installed would not protect you from it. Saying you don’t need antivirus in Ubuntu is not complacency—it’s common sense. Learn about real security good practices and stop clinging to the antivirus placebo.

Further Reading
A succinct sum-up of this rather long-winded blog post you’re reading
A short write-up on Ubuntu security
A more in-depth write-up on Ubuntu security