Categories
Apple and Mac OS X Computers Linux Ubuntu Windows

The antivirus paranoia culture

Recently, I’ve spent some time looking at the computer section of Yahoo! Answers, and it’s a fascinating place from a sociological perspective. If the questions and answers popular there are indicative of what common attitudes and practices are among Windows and Mac users, then this is how a typical user operates:

  • Install free antivirus software
  • Install Limewire and use it to download copyrighted songs and movies as well as software cracks.
  • Run as administrator all the time (no limited user account).
  • Get infected with a virus or rogue.
  • Ask for suggestions about a better antivirus.
  • Consider that maybe paid antivirus solutions may be more effective than free ones.
  • Consider that Frostwire may be safer than Limewire.
  • Switch antiviruses.
  • Switch P2P application.
  • Get infected again.
  • Try to remove the infection with MalwareBytes.
  • Spend hours trying to remove infections with various other programs.
  • Eventually give up and reformat entire drive without backing up files.
  • Continue cycle.

There also seems to be a popular misconception that Windows’ malware problem has to do primarily with its popularity and not any flaw in security (like running as administrator by default all the time). So when a trojan (which requires user stupidity, not a flaw in the security of the operating system) appears for Mac OS X, the Windows users on Yahoo! Answers say “Aha! See? Macs get viruses too. They’re no more secure than Windows” and the Mac users on Yahoo! Answers say “Oh, no. What antivirus should I use to protect my Mac? I thought Macs were immune to viruses.”

I hope you see the problem here. Antivirus software companies may not be so nefarious as to actually create viruses (though maybe they do—we don’t have any irrefutable evidence either way), but they have definitely created a culture of paranoia and not just healthy fear.

Most computer users are paralyzed when it comes to security. They have no concept whatsoever as to what makes a computer secure or insecure. They just think “If I run ‘the best’ antivirus software, I can do whatever I want and my computer will be safe.”

Yet, I’d be willing to bet that most of these people would be better at spotting a fake valet before handing over the keys to their cars and would know better than to actively seek out burglars to give out their bank ATM cards and PIN codes to.

What can we do to turn around this culture of paranoia and turn it into proper, healthy fear properly channeled through education and good practice?

I used to be part of this culture, back when I was an exclusive Windows user. I got malware of some kind and panicked. And I thought if I just got a “better” antivirus and changed from Internet Explorer to Firefox that my security would be so much better.

It wasn’t until I got more familiar with the worlds of Mac OS X and Ubuntu that I realized privilege separation matters. Yes, it’s theoretically conceivable that malware could infect a limited user account if it were designed that way, but if it did and was detected in a short amount of time, then it could be easily removed. Malware as it is now thrives because it digs deeply into the Windows system files so that booting into safe mode or trying to use system restore to get rid of it isn’t enough. If you use a limited user account, no system files will be affected, and if malware were ever designed to affect a limited user account, you could just delete that account and carry on.

More importantly, the paranoia comes from a total lack of understanding about how computers become infected with malware. They have the same understanding of computer diseases that “doctors” had about human diseases centuries ago. It’s a bad humor. It’s punishment for doing something evil. It’s not germs you actually have to come in contact with.

A lot of malware comes in not through software flaws but through user flaws. Social engineering is a great way to get malware installed because Microsoft, Apple, and Linux developers can do nothing about it through better programming. If you can trick the user into installing “the codec you need to watch this video” or “this pirated version of iWork” or “this cool new software,” then any kind of built-in security goes out the window.

Couldn’t these users who suffer from such paranoia and ignorance save themselves a lot of heartache if they did a few simple things?

  1. Use a limited user account in Windows
  2. Take ten minutes to read up on social engineering and how not to be a victim of it
  3. Back up personal files regularly
  4. Use Norton Ghost or Acronis True Image to image a working installation so a reinstall wouldn’t take so long
  5. Install system security updates

The way a lot of people run their computers, it’s like having rampant unprotected sex and then getting an HIV test every six months. That won’t stop HIV! Get a condom! Computers have condoms too, even though Microsoft doesn’t make them very easy to put on.

Categories
Apple and Mac OS X Computers Education Linux Ubuntu

The woman who dropped out of MATC after mistakenly buying a Ubuntu laptop from Dell

I know I’m probably the millionth person to comment on this (is millionth even a word?), but I have only two things to say.

1. To the anti-Linux folks and tech “journalists” who blame this on Linux not being “friendly” enough for new users or being for only those who want to tinker with their computers, how exactly would Ubuntu (or any Linux distro) have been friendlier or easier to use in this case? Does Ubuntu have any control over the fact that Verizon gives you the impression its software is necessary to set up an internet connection? Or that Verizon’s CD provides Windows-only software for it? Does Ubuntu have any control over the fact that Microsoft has made Microsoft Office closed source and not made a Linux version? Does Ubuntu have any control over MATC’s requirements misleading people into thinking they need Windows when Linux will do just fine? Did this woman really have to drop out of college because of the laptop?

2. To the supposedly pro-Linux folks who feel the need to harass this woman through Facebook or whatever, shame on you. Should she have known better to research what computer she was buying before plunking down $1100? Sure. Is she an idiot? No. She’s just an idiot when it comes to computers, and I know a lot of otherwise brilliant folks who are idiots when it comes to computers (I was a computer idiot only five years ago myself). There’s no need to send hate mail her way when the people really at fault are the “journalists” who don’t actually do any kind of investigative reporting and rely solely on catchy headlines and misinformation to gain readership and website hits.

A friend of mine recently went back to school for interior design and previously had been a Mac user. Surprise, surprise—she got herself a Windows computer, because she knew AutoCAD wouldn’t run on her iBook. Somehow, though, I can’t picture WKOW 27 running a news story on Mac OS X forcing her to drop out of college because it doesn’t run AutoCAD, even if she had stuck with her iBook.

Edit: Here’s an example of a Mac user on Yahoo! Answers who is having trouble with the .exe file to set up her Belkin wireless router. Anyone going to run a news story on it? Doubtful.

Categories
Apple and Mac OS X Asus Eee PC Computers Linux Ubuntu Windows

Would Apple’s netbook be the next iPod?

I remember back in 2003 when only a handful of early adopters in America were buying portable audio players. If I’m recalling correctly, some of the big players at the time were RCA and Creative, among others. Once 2004 rolled around and the 3rd-generation iPods came out, suddenly “everyone” I knew had an iPod. Soon, even armed with my Sandisk player, I had unknowing friends call my portable audio player an iPod. The iPod took over a growing trend and made itself a virtual monopoly in portable media devices.

In recent years, phones have been getting more internet-connected. Blackberries have been the standard for business travellers, but most everyday folks have had crappy no-name web browsers in their phones that can do only some very basic tasks. Suddenly, the iPhone came along, and now… well, not nearly “everyone” but it’s getting close to half of the people I know are getting iPhones or planning to get an iPhone when they can afford it. I had high hopes for the Google phone or the Blackberry Storm; however, all the reviews I’ve read of them have been mixed and make it sound as if the iPhone, despite its own flaws, cannot be beat for sex appeal to the masses.

Now we have these netbooks that are “popular” in the sense that early adopters are excited about them, but really very few people I know have netbooks let alone know of their existence. I bought an Eee PC 701, and I still love it but, like many netbook owners, know that the netbook has not reached its full potential. Some Linux users are optimistic, since most netbooks come with a Linux-preinstalled option, that netbooks could be the key to a Linux-for-home-user revolution of sorts. If that’s to happen, OEMs have to wake up and start making a netbook that is unreservedly the best. I’ve read literally hundreds of reviews of various netbooks, and with every review, there’s something seriously wrong. Some key is placed in the wrong place. The keyboard is too small. The sound is tinny. The processor is too slow. The battery life is too short. The Linux distribution it comes with is crippled.

Why is it so difficult? Really. If an OEM (Dell, HP, Acer, Asus, etc.) came out with a netbook that had these characteristics, I guarantee it’d blow the sales of the other netbooks out of the water:

  • 92%-sized keyboard with important keys in the right places
  • No weird side buttons for the touchpad
  • Nice aluminum casing, no cheap plastic
  • Sleeps when you close the lid, wakes when you open the lid
  • Ubuntu-based Linux that takes advantage of the full Ubuntu repositories
  • “Easy” interface that can easily (meaning a box that checked or unchecked, ticked or unticked) be changed to a more typical “advanced” interface
  • 2- or 3-second boot time
  • Definitely cheaper than the corresponding Windows option
  • Battery life of longer than 4 hours
  • Kernel supports 2 GB of RAM without user modification
  • Ships quickly, no extended delays

Why is that so hard to find? Why does Dell’s Mini come with some weird architecture that isn’t compatible with the regular x86 .deb packages? Why does HP’s Mini-Note use a Via processor? Why does any netbook run with a crippled version of Xandros or with Linpus Linux? Trust me, OEMs, for your own financial good, fix these problems quickly and come up with an all-around great product, not just a sufficiently-good-for-early-adopters product.

If the rumors I’m reading are true and Apple may enter the netbook market soon, this could be another iPod coup. I don’t agree with all the design decisions Apple makes. In fact, I actually am opposed to Apple’s whole approach to user interfaces. I cannot deny, however, that Apple thinks out its decisions and tries to create what they consider a good user experience. And they know how to make their products sexy. See, I don’t mind having an ugly MP3 player that also has a radio, has a really long battery life, and costs half the price of an iPod. But I’m not most people. Most people would much rather have a sleek iPod that costs more, has a cool scroll wheel, and works with iTunes.

I’d love to see Linux get some real success among home users, but if there’s not a Linux netbook that I can unreservedly recommend to friends and family before Apple comes out with one, I’m afraid Linux may miss the boat on this one. Or, even if Apple doesn’t come out with a netbook exactly, if the current line of netbooks stays flawed, netbooks themselves may die out, and the iPhone may take over yet another niche.

Categories
Apple and Mac OS X Asus Eee PC Computers Music I Like Ubuntu

How my own stupidity killed my Sansa Clip

So my last MP3 player (the much-lauded but ultimately disappointing Cowon iAudio 7) died because of a manufacturer error (even though Cowon claimed the repair was not under warranty). This time, I killed my MP3 player (my 2 GB Sansa Clip) with my own stupidity.

The long story
I love Ubuntu, and I keep coming back to it, but every now and then I get distro cravings and have to try something else. I hadn’t had a distro craving in probably over a year. I kept reading all these great things about Mandriva, though, and how well it works with the Eee PC 701.

So I tried downloading it to my bootable USB “key” (i.e., the Sansa Clip) and extracting the .iso the way I did for Ubuntu and eeeXubuntu. No go, though. I got a boot error of some kind (I think it was some busybox thing). When I read up online about how to install Mandriva on the Eee, I found out you have download some premade all.img file and install via FTP. So I dd‘ed the all.img to my Sandisk player, knowing all would be overwritten and thinking I could restore anyway. None of my Ubuntu adventures had affected the Sansa Clip adversely, so I wasn’t worried.

As a sidenote, Mandriva’s installer made me really appreciate the simplicity and speed of Ubuntu’s installer. The Mandriva installation took literally hours, and the first mirror I selected for doing the FTP install kept having trouble fetching packages (with no easy way of switching to another mirror). It also had this annoying Windows-like habit of asking you a question, doing some processes that took an hour or so to execute, and then asking you another question, and then doing more processes. Why can’t it just ask you all the questions up front and then do all the processes?

After Mandriva finally installed, I wasn’t that impressed, but I thought I’d at least give it a go (and I will). Even though resume from suspend worked with the prepackaged Xandros, I couldn’t get it to work with any *buntu flavor, and I’d heard it would work out of the box with Mandriva. Not so. When I try to wake up the computer with a keystroke, nothing happens. If I press the power button quickly, it looks as if it’s about to wake up but then shuts down completely. Very disappointing.

So my next task was to get my Sansa Clip back to its previous state. I realized that the all.img file I dd‘ed over was extremely small, so even though the Sansa Clip was officially 2 GB, it made my drive appear to GParted to be only a few MBs in size. GParted couldn’t recognize the full size, so I thought if I deleted the entire partition and created a new one, that’d be fine. But Mandriva’s GParted, for some reason, doesn’t let you create FAT32 or non-Linux partitions (I’m sure there are packages that could be installed that could add that support—I had no idea what those were).

For a quick fix, since it was nearby, I opened up my wife’s Macbook Pro and used the Mac Disk Utility to erase the Sansa Clip drive and format it as FAT. Bad move. The Disk Utility wiped it out completely, including the firmware!

So when I finally ejected the Sansa Clip and then tried to plug it into my Eee PC, it would not be recognized. It was totally dead. It wouldn’t turn on. It wouldn’t show a little display on the screen saying it was connected to a computer. fdisk -l on the Eee side also showed nothing connected. Same deal when I plugged it back into the Macbook Pro. And finally, same deal when I plugged it into my Windows PC at work.

The real shame of it is that it probably still works… or would work if I were able to get the firmware back on there, but without the firmware installed, the Sansa Clip doesn’t know when it’s connected to a computer, and I need to connect it to a computer to get the firmware installed.

It’s official: I’m a moron. Mandriva, I hope you appreciate all I went through to get you installed.

The short story
I erased the firmware off my Sansa Clip, and now it’s totally useless. Good thing it was cheap.

Categories
Apple and Mac OS X Computers Windows

Why does Microsoft port Office to Mac?

So I know Microsoft has recently been trying to counter-market Apple’s “I’m a Mac, I’m a PC” campaign with the Mojave thing, the senseless Seinfeld-Gates commercials, and the “I’m a PC!” declarations. Wouldn’t a simple tactic be just to discontinue porting Microsoft Office to Mac?

After all, I know there are people who use Internet Explorer-only websites and so have not been able to switch from Windows to Mac (now that the latest version of Internet Explorer for Mac is 5). If Microsoft stopped porting Office to Mac, that’d hurt Apple even more, wouldn’t it?

Well, I suppose they know what they’re doing. Maybe they’re worried about antitrust lawsuits or something. I’m no Gates or Ballmer.

Categories
Apple and Mac OS X Computers Life Ubuntu Windows

The limitations of car-computer analogies

I’m less understanding of those who don’t want to learn how to take care of and fix their own computers than of those who don’t want to learn how to take care of fix their own cars. In many ways, cars and computers are similar—both cars and computers are complicated machines made up of various hardware pieces and some software (newer cars have software, anyway).

Nevertheless, there are some important differences between the two as well.

  • Even if you’re getting ripped off for car repair services, rarely will the cost of a repair rival the cost of buying a new car. The same cannot be said for computers.
  • While there are certainly communities and jobs that involve a lot of driving and no computer work, we are increasingly living in a digital age. If you work an office job of any kind, chances are you spend upwards of 50 hours a week on the computer, combining work and home use. Unless you are a truck driver, it’s very unlikely you are spending upwards of 50 hours a week driving.
  • Car repair is often more involved than computer repair. Yes, there are exceptions. It’s much easier, for example, to change an air filter in a car than to change a processor in a computer. That said, if you regularly do your own repairs on a car, you need an extensive workshop of tools and a dedicated garage. And it’s sad to say, but cars these days are being made so as to make it difficult to do your own maintenance. When I was growing up, my dad showed me how to change the oil and oil filter on my car. When I got a newer car, the oil filter was positioned in such a way that it wasn’t possible to get to it without a car-lift and specialized tools. Usually, with a computer, if there are hardware repairs or replacements that need to be done, all you need is about nine square feet of space, two screwdrivers, and your own two hands.
  • Computer repair is less physically dangerous. Yes, it’s possible if you do something stupid, you could probably electrocute yourself with some of the electronics inside the computer, get a minor cut from some of the sharp metal edges of the computer frame, or get a bruise on your pinky if you stick it in the fan while it’s running (shame on you for not unplugging the computer first). Still, I know of no one who has suddenly died from interaction with a home computer. I do, however, know people who have been seriously injured or killed by cars. If a car isn’t in proper working order (particularly the tires and brakes), you could kill someone. It’s okay to fiddle with your computer, as probably the worst you’ll do is fry your motherboard or cut a wire. It’s not okay to fiddle with your car unless you know what you’re doing.

The other thing to keep in mind is that almost all problems with a car are hardware-related. If there is a software problem with a car, you can’t just boot your Linux CD into the car and scan for viruses or edit configuration files. Computers can have hardware problems (loosely connected cords, failed hard drives, dusted-up fans), but the vast majority of computer problems are software-related.

Not everyone repairs her own car or computer, and that’s fine. Nevertheless, the level of ignorance of basic, common sense computer use I see goes way beyond the ignorance of good driving practices I see. Not everyone obeys traffic signals, changes their motor oil regularly, or drives defensively. But almost everyone I know who drives knows to fill up the tank when it’s low on gas or petrol. Drivers know to turn off the car if they aren’t using it for extended periods of time. They know not to drive 100 Km per hour in 1st gear.

I don’t see this same level of common sense amongst most computer users I know. They don’t think it’s worth their time to get to know how to take care of their computers (back up important data, learn how to navigate menus, avoid social engineering).

I’m not saying all this to be some kind of snob. I was in that place before, not long ago. I was a computer user who lacked common sense for a long time. Eventually I finally embraced computer literacy, because I realized it makes sense to do so since I had to spend a lot of time using the computer at work and began increasingly spending more time using it at home as well. I don’t think it’s that most computer users are stupid or lazy. I think it’s mainly that they’re scared.

To most computer users I know, computers are mystifying. When you’re scared of something and don’t understand anything about how it works, it’s easy to use it only for what you need it for and then ask for help whenever you need help instead of exploring things for yourself. I’ve had to teach a Mac OS X user how to install VLC, teach another Mac user how to add songs to iTunes, teach a Windows user how to change her Firefox homepage—these are all things that can be easily explored through the GUI if you just click on a few menus and read the directions.

If we do want to make an analogy between cars and computers, let’s consider a little bit of social engineering. Someone goes to a website and sees she “needs” to download an “ActiveX plugin” to view the site properly. All of a sudden, the computer slows down and there are pop-ups everywhere, and if she closes one pop-up two more pop up in its place. This is like driving to a store and having someone in front of the store say “Can you give me the keys to your car? You’ll need someone to watch your car while you go in the store.” Would you give that person your key? If it’s not a store and it is a restaurant, do you quickly learn to tell the difference between a genuine valet and a con artist valet? Maybe not with 100% accuracy, but I’d say most computer users indiscriminately click on things without considering what is trustworthy and what is untrustworthy, while they’ll at least consider whether a valet might be a real valet or not.

I’m not really sure what the solution to the problem is. How can we demystify computers for computer users who are afraid of computers? How can we convince them it’s okay to explore menus and read the messages in those menus? How can we get them to recognize that it’s worth getting to know how to take care of something you spend 50+ hours a week using? All I know is that the car-computer analogy doesn’t fly in terms of maintenance and repair.

Categories
Apple and Mac OS X Computers Ubuntu Windows

Freedom for the short-term or the long-term?

As a Ubuntu Forums veteran, I’ve seen many disgruntled potential migrants return to Windows from Ubuntu because they wanted things to “just work.” They would say things like “I don’t really care about software freedom. I just want to be able to play video files and do what I need to do. The computer is just a tool.”

Just as in debates about feminism, there needs in software freedom discussions to be a distinction between short-term freedoms and long-term freedoms. If you use a proprietary operating system like Windows and use proprietary formats like .doc and .wmv, you will have a lot of short-term freedom. Buy any device from a consumer-oriented electronics store, and it will be Windows-compatible. Visit any website with Internet Explorer, and it will probably work. Watch any video online, and it will probably play. You can buy from the iTunes store. You can use Netflix’s Watch Now! Any commercial software will be available for purchase for your computer. It seems as if you can do anything. Isn’t that freedom? Yes, it is—it’s short-term freedom.

My wife isn’t really into the whole software freedom thing, and she uses a proprietary operating system (Mac OS X) and lots of proprietary software (Adobe CS3, Safari), but she recognized the other day the importance of long-term software freedom and open standards when she tried to watch a video at TBS.com on her Mac. It couldn’t be done. It was an embedded Windows Media Player video, and she tried downloading some helper software, but that didn’t work either. Eventually she gave up, frustrated. Why would they make it Windows-only? That’s stupid. Why couldn’t they make it Quicktime?

Well, in that moment (just as when we both found out Netflix wouldn’t support either of our operating systems with its streaming video feature), she knew what it was like to be a Linux user. You don’t get any support. But why should you have to switch to Windows just to play a video? Is that really freedom? If I’m free, shouldn’t I be free to choose what operating system I want to run? My wife loves Mac OS X and would never want to switch back to Windows. She considers running Mac a software freedom, even if it means sacrificing the short-term freedom of watching a TBS.com video. I love Ubuntu and would never want to switch to Windows, either. I’ve made many sacrifices of short-term freedom as well.

What proprietary formats (yes, Quicktime is one of them, too, as I explained to my wife) do is tell you “You have the freedom to do what you want… as long as you play by our rules.” That’s not long-term freedom. That’s bait and switch.

Take, for example, someone else I know who loves her Mac Mini but feels compelled to get a Windows computer for her new job, because they use Windows-only software, and she’s worried about .docx files not working on Mac. When you get dictated to what operating system you have to run and what computer you have to get, that is also not freedom. And this .docx business is the most ridiculous thing I’ve ever heard of. It’s not even backward-compatible. If you have Microsoft Office 2003, you can’t handle .docx without some helper program to convert the file.

Open standards are good, and some short-term sacrifices along the way have to be made in order to get them adopted. In 2003, very few people were using Firefox, and there were many sites that didn’t work with Firefox, because there was very little incentive to follow W3C standards since “everyone” used Internet Explorer. Now, there are very few sites that don’t work with Firefox, since smart businesses realize they will lose potential customers if their sites work with only Internet Explorer. And increased Firefox compatibility has benefited Safari and Opera indirectly as well. Now people have a lot more long-term freedom on the web in terms of web browser choice.

You could argue, of course, that open standards and formats are not the same as open source, and that is true. Frankly, I’d be down with that. If people wanted to use proprietary software to create .odt word processing files and .ogg music and video files, I think even open source software users would benefit, and there would be very little software restriction.

If we are to get to that point of long-term software freedom, there have to be some people (like those early Firefox users) willing to make a few short-term software freedom sacrifices in order to have open source software and open formats more widely adopted. That’s why I like what Mark Shuttleworth and the Ubuntu community are doing with Ubuntu. It’s one of the few distributions that is treading a thin line on the free/proprietary line. It wants to be as free as possible while also recognizing that people are still very much reliant on proprietary software. Other Linux distributions tend to be overzealously long-term freedom-oriented or overzealously short-term freedom-oriented.

Yes, the computer is a tool, but if someone dictates which tool you use for a task, is that really freedom?

Further reading
Ubuntu’s Shuttleworth blames ISO for OOXML’s win

Categories
Apple and Mac OS X Computers Linux Ubuntu Windows

Do comparisons have to be fair?

If you’ve spent any time on a Linux forum, you know people there love to debate about Linux v. Windows v. Mac OS X. Throw in the term user-friendly or easier, and you’ll likely fan the flames so they can be put out only by a discussion thread closure.

One type of objection Linux defenders often raise is the idea of a fair comparison. For example, someone may assert that Windows “just works” out of the box and that Ubuntu is difficult to install and doesn’t detect everything. To be fair, a Linux defender responds, people generally buy computers with Windows preinstalled and preconfigured by the OEM (Dell, HP, etc.), and you’re comparing a preconfigured operating system to one you’re installing and configuring yourself.

Obviously, the Linux defender, in this case, has a point. After all, if you install Windows from scratch and don’t have all the necessary drivers available, it’s actually a nightmare to install and configure, much more so than Ubuntu is. Even if you do have the necessary driver CDs, it’s less of a nightmare but takes an extremely long time to set up.

It is worth exploring, though, whether we have to make fair comparisons or not. Yes, Windows is a pain to install and configure yourself, but if most people never have to install Windows themselves, how relevant is that point?

Imagine, if you will, a new fast food chain trying to unseat McDonald’s, or a new everything-store trying to topple Wal-Mart. Well, McDonald’s and Wal-Mart will have the advantages of name-brand recognition, infrastructure, inertia, and low prices (due to economies of scale). It wouldn’t be enough to say “My fast food tastes better than McDonald’s'” or “My store has employees who are happier than those at Wal-Mart.” That doesn’t mean you can compete. It also makes little sense to say, “Well, people who don’t want to shop at my store because of travel distance aren’t making a fair comparison, since Wal-Mart is already well-established and has stores all over, and I have only one store so far.” While someone may be understanding that you have difficulty gaining customers who live within ten miles of a Wal-Mart and five hundred miles away from your store, they’re still not going to drive five hundred miles to get to you.

The major flaw in my analogy, of course, is that the customer isn’t going to complain that the store is five hundred miles away. Customers understand that it’s hard to compete with well-established businesses… even if they ultimately choose the well-established business over the “underdog.”

So there are two sides to this. On the one hand, disgruntled would-be migrants to Linux from Windows should recognize that difficulties migrating do not always have to do with quality of workmanship—a lot of the problems Linux faces for impressing home users have to do with Microsoft (like McDonald’s and Wal-Mart) being the dominant force in home computing. Just as Wal-Marts are “everywhere” and the new store has only one location, Windows computers for home users are everywhere and supported by almost all major hardware and software vendors. You can stick with Windows if you want, but you do have to understand that it’s hard to unseat what has inertia and lots of money and name recognition.

At the same time, Linux advocates like myself need to remind ourselves that fair comparisons are fair only in theory and are often contrived and meaningless. Yes, a Windows installation can be difficult without driver CDs, but most Windows users won’t install Windows themselves, and a large percentage of Windows users who do install Windows will also have driver CDs for their hardware.

Categories
Apple and Mac OS X Computers Linux Ubuntu Windows

The effectiveness of “security through obscurity”

I don’t believe that security through obscurity is ideal or ultimately effective. I don’t believe it’s a generally good security approach. Nevertheless, it is not often the same as no security at all. Security through obscurity can have its place.

A few years ago, when it was brought to light that the newest (at the time) Ubuntu version stored the administrative password in plain text, that incident was a huge embarrassment to Ubuntu developers, and they fixed the security hole within hours of it having been brought to their attention. Nevertheless, it had been in place for months prior to being brought to the developers’ attention. Were any Ubuntu installations compromised because of this bug? Probably not.

Likewise, most people don’t know that physical access to a computer means (except in rare cases) total administrative access. If you encrypt your drive, you can prevent unauthorized access to your files. If you put a password on the BIOS and disable booting from CD, you can slow down or make more inconvenient the unauthorized access. Maybe that’ll stop people from compromising your computer if you’re away from it for only a few minutes.

Many users are naive to just what prolonged physical access means, though, in terms of security, and that’s dangerous, because then security through obscurity works against you. I used to believe (before I started using Linux) that having my laptop prompt me for a password upon waking the computer would mean that if my laptop were ever stolen, no one could get my files. Before I booted a Knoppix CD on his laptop, my dad used to think a fingerprint scanner would prevent people from seeing his files. In these cases, the “security” is obscured for the user and not the thief.

If a thief makes her living by taking the data off your computer (probably for the purposes of identity theft) and not solely by selling the hardware, she probably knows exactly how to access your data, whether it be resetting the BIOS password, booting from a live CD, or even moving the hard drive to another computer.

There have been quite a few debates about whether recovery mode in Ubuntu should exist or perhaps be hidden by default. In Windows, if you need emergency administrative access, you need to boot a CD. In Mac OS X, you have to know the relatively obscure hold-down-Cmd-S-while-booting procedue to get into recovery mode. In Ubuntu, though, it’s right there in the boot menu. Just press the down arrow once and you’re in recovery mode, which means you have root (or total administrative) access to the computer.

On the one hand, obscuring recovery mode might give people a false sense of security (thinking it’s difficult to gain root access). On the other hand, having it in the boot menu kind of advertises it, and you might have a curious sibling or roommate who selects it and starts getting playful on the command-line, and she might not have done so if it weren’t in her face the way it is.

Outside of the computer world, it’s a bit like keeping the key to your house underneath the welcome mat. Doing so is definitely bad security. On the other hand, most people won’t know exactly where you keep your key or if you keep it under the welcome mat at all. If you post up a big sign next to your door saying “Hey, the key is underneath this welcome mat!” you’ll be sure to have your home broken into.

When it comes to computer security, definitely encryption and restriction of physical access should be publicized more as real security options, but I do believe there are tradeoffs to embracing and eschewing security through obscurity. Just make sure you are obscuring access for others and not for yourself.

Categories
Apple and Mac OS X Computers Linux

Ubuntu: The Open Source Apple Challenger?

Mark Shuttleworth’s vision
I know I’m not the only Ubuntu user blogging about Mark Shuttleworth saying he wants to make Ubuntu better-looking than OS X in the next two years. He also says

I can’t say we will succeed at this, but we will make a significant attempt to elevate the Linux desktop to the point where it is as good or better than Apple. We’ll also open up the debate to a broad community, rather than just software engineers—we’ll preserve the bazaar, but also redefine what success means for this particular crowd, so things are not just stable but also lovely. We can’t outspend Microsoft or Apple in terms of user-interface studies or the like, but we can invest in this.

I have a lot of respect for Mark Shuttleworth. He made a lot of money off open source, saw and filled a niche in the Linux community, and recognized the need for a balance between being a total corporate sellout and a total free software zealot.

But I think he’s either, in recent interviews, not sharing his total vision for Ubuntu, or not realizing why people like Mac OS X.

What’s so great about Macs and Apple anyway?
My wife is a Mac user. She has her Macbook Pro (recently traded up from a Powerbook), her iPhone, and her iPod (now a portable hard drive, since the iPhone is now her music player). I love Ubuntu and my Eee PC on which I’ve loaded it. I know, though, that no matter how much I like Ubuntu, my wife is having a better computing experience. It doesn’t have to do with software quality or availability, pretty looks, or hardware peripherals support.

In one of his recent MacWorld Expo keynotes, Steve Jobs talked about recognizing the importance of tightly integrating software and hardware. I don’t like how he’s locked people into his hardware with his software (right now Apple has already filed suit against Psystar, which recently began selling Mac OS X-preinstalled non-Apple computers), but he is right about how important that tight integration is.

What Apple offers you, and you realize this the moment you walk into an Apple store, is a total experience. You want a computer? They’ll sell you computers that are designed to work with the software on them. You want a portable music player? They’ll sell you one that’s designed to work with the music software on the computer they just sold you. You want a TV accessory for watching YouTube videos and renting movies and TV shows? They’ll sell you that, too. The software programs all talk to each other, and the software talks to the hardware, and the hardware is all meant to complement well the other hardware.

Yes, I have my criticisms of Apple and Mac OS X, just as many Ubuntu fans do. I don’t find Mac OS X intuitive at all. I don’t like DRM in the iTunes music store. I don’t like how they actively fight against people trying to use non-iTunes software to sync iPods. I don’t like how their end user license agreement makes you use only Apple computers with Mac OS X. Nevertheless, they’re doing something way beyond making good or beautiful software.

The Canonical store
This is what I would love to see, Mark Shuttleworth, and maybe it might take more than even your hundreds of millions to get set up, but I’m dreaming here. It’s okay to dream, I hope. For Ubuntu to surpass Apple, there should be a Canonical store—a brick and mortar store. You can start with a couple of them—maybe one in London, one in New York—and expand from there.

A Canonical store would be much like an Apple store. There would be computers on display that ran Ubuntu and were guaranteed to work with Ubuntu in every way (no non-working resume-from-suspend, or no it-worked-in-a-previous-version-but-after-you-upgrade-there-might-be-a-sound-problem). There would be portable media players that were designed to work well with Rhythmbox and vice versa. These would also be on display. There would be Canonical cinema displays that played nice with Xorg, so all you would have to do is plug it in, click on an icon on the Gnome panel to auto-detect displays and have an extended desktop with proper screen resolutions on both your Ubuntu laptop and the Canonical cinema display. You would be able to buy Ogg and MP3 songs from major and independent music labels through a Rhythmbox plugin (the Magnatune and Jamendo plugins they have now are a good start). More importantly, all the printers and other peripherals sold at the Ubuntu store would be guaranteed to work with Ubuntu.

Ubuntu’s fruit would be free
How, some of you Ubuntu users are wondering, would this be any different from the Apple store? It sounds like an exact clone of Apple. We don’t want to be Apple. We want to be Ubuntu. We want to be different. We are not Windows. We are not Mac OS X. We are a Linux distribution. If people want a Mac, they should get a Mac. Leave them to their iPods and Apple TVs. This would be different, though, my dream Canonical store. It would be different in the only important way that Linux is different from OS X and Windows—the software would be open source.

It’s about software freedom, and that’s what the Canonical store would provide you with. Yes, there would be a limited number of default and recommended hardware combinations available at the Canonical store, but if Psystar (provided it still exists after the Apple lawsuit) wanted to sell Ubuntu preinstalled computers, instead of suing Psystar, Canonical would partner with Psystar. People could buy hardware from the Canonical store if they wanted their hardware to be guaranteed to work well with Ubuntu, but nothing would stop geeks from buying Linux-friendly hardware from NewEgg or TigerDirect (they could scour the out-of-date entries in Ubuntu Wiki entry on hardware support while the general public would walk into a Canonical store and not worry about doing all the research). Rhythmbox would be designed to work well with whatever portable media player Canonical sold, but the specs would be open so that anyone could use a regular MSC transfer on other portable media players.

If Ubuntu sets that up, I think they might actually have a chance of beating Apple, but it also means getting into the hardware business (or setting up a very close partnership with a hardware vendor).

What direction will Canonical go?
Of course, one could argue that Canonical could go the way of Microsoft and stay a software company (only with free software instead of proprietary software), but Windows can work that way because vendors support it instead of Windows supporting itself. You end up having to install a lot of drivers and software after a Windows installation just to get basic functionality. An Apple approach would be much more in line with a Ubuntu user experience, especially since the Linux kernel provides the drivers for hardware and package management provides all the software for the end user.

The Microsoft approach is “We make the operating system and very little else. All you hardware and software companies better just make sure your stuff works with our operating system.”

The Apple approach is “We make the operating system and the computers and the software. We’ll bundle it all together and make sure it works well together. It’d be awesome if you third-party people made your stuff work with our stuff, too.”

What should Canonical’s approach be? In my dream world (and I hope Mark Shuttleworth agrees with this), it would be “We make the operating system and highly recommend these computer configurations in order to work well with our software and will bundle everything together, but we have opened up the source code and specs for everything, so if you want to go a way other than our way, go for it. We fully support you in branching off and using something else.”

That might take care of Bug #1, or at least help Canonical surpass Apple.