Linux Faithful Still Getting It Wrong

As the continuing saga of the myDoom virus/worm unfolds, the Linux faithful are sticking with their kneejerk reaction that this cannot be the work of an OSS user/sympathizer. (See preceding blog entry for more detail.)

The lastest salvo? LinuxWorld – which should know better – has reprinted an article from the Moscow Times that says the virus has been traced back to a Russian ISP.

OK.

But the article is reprinted with this article summary (provided by LinuxWorld):

In a story that would completely exonerate the Linux community, accused by SCO of perhaps being behind this week’s e-mail virus, the Moscow Times is carrying a story this morning that the first e-mails infected with MyDoom back to addresses with Russian Internet providers.
MyDoom Comes From Russia With Hate, Moscow Times Confirms, Jan. 30,2004

How does this exonerate the Linux community?

Let’s look at the facts as they exists:

  • The virus appears to have originated from a Russian ISP.
  • The virus has many functions; it appears to be predominately coded to install trojan spam engines. It also targets (depending on variant) either SCO or Microsoft for DDOS attacks. It seems to at least try to install a keylogger, as well.
  • It targets Windows boxes only.

OK. So how does this Russian connection/spam-zombie reality exonerate the Linux community?

Let’s look at some other generalities that may come into play with this situation:

  • Most viruses target Windows, for two reasons: 1) Largest installed base, so best bang for your viral buck, and 2) As the Top Dog in software, MS is a target. Would be the same if Sun or Novell or Apple were software king. So myDoom targetting Windows is nothing exceptional.
  • Why would a virus target SCO for a DDOS? Really, the primary reason would be a grudge against SCO’s anti-Linux lawsuits. There could be some personal reason that the virus writer targeted SCO (old girlfriend works there…), but this one makes the most sense as a rule of thumb. So the writer is probably an OSS sympathizer.
  • The virus written for Windows does not mean that the virus writer likes MS apps; it means the opposite. Yet I’ve seen many comments that “Linux coders would never write for Windows….” Well, not for profit, maybe, but for destruction?? And would Windows coders – black hats or not – really care much about SCO? Why would a VB/C++ coder care about all this Linux/OSS stuff? If they were rabid MS fans, they’d probably welcome the SCO actions, not attack SCO.
  • The virus originated from a Russian ISP. Some facts:
    • The writer could be Russian or not.
    • The writer could live in Russia or not.
    • The writer appears skilled; this virus could have been written anywhere just hit the Internet via this Russian ISP (spoofed or real).
    • Russians are part of the Linux community – which is a global community
    • Russians – especially Russian OSS fans – are likely to be just as annoyed at SCO’s efforts against Linux as I am (I’m in the US).

So – again – how does the knowledge that the virus seems to be a spam bot and coming from Russia exonerate the Linux community?

The fact that the virus targets SCO – again, why??? – means that a skilled programmer wrote a spam bot that has an easter egg that nails SCO. Just for kicks.

Why SCO? Why not Amazon, Excite, some other higher-profile site? Because there is a grudge of sorts against SCO.

All the unfolding information appears to tell us is that this virus’ primary intent is not to thumb its nose at SCO.

That’s just gravy.

And it still points, sadly, to a Linux sympathizer behind the code. This does not mean the community condones such acts – for the most part, they deplore this and other similar acts – but it does mean that there is at least one OSS fan out there that has an active agenda against SCO.

Linux Faithful Get It Wrong

As you probably know by now, the nasty myDoom (or pick your pseudonym) virus is the virus that has a payload that, among other things, attempts to DDOS the SCO Group’s web site.

When this payload was first discovered, SCO and others said this was probably a disgruntled Linux person who was targeting SCO as payback for the litigation-happy company’s anti-Linux lawsuits. SCO even offered a hefty bounty to get the author of the virus.

Recently, MessageLabs has announced the virulent code probably originated in Russia.

OK.

But – for reasons that escape me – there seems to be a lot of Linux folks out there who are saying that SCO and others owes the open source community an apology. Why? As Pamela Jones, webmistress of Groklaw, put it, here’s why:

MessageLabs has announced that the MyDoom virus originated in Russia. That pretty much rules out any Linux enthusiast trying to get back at SCO, as far as I can see. Nobody in Russia cares about a legal case in the US that won’t affect them one bit. It looks like spammers and worse trying to shift the blame to cover the other ugly things this virus does, because it tries to install a keylogger to get your credit card and other such details, according to Symantec, something no Linux person has ever been involved in to the best of my knowledge….It appears somebody needs to apologize to somebody for leaping to ugly conclusions about the Linux community. [emphasis added]

— Pamela Jones on Groklaw, 01/24/2004

Slashdot – with opinions all over the place every day – had a similar thread.

I don’t get this – while the virus writer may be trying to better obfuscate his tracks by giving hints that this is just an anti-SCO virus, why does the writing living in Russia rule out an OSS person doing the dirty work?

  • Just because the virus began in Russia, does in mean it was written in Russia? Was it written by a Russian?
  • The SCO case affects everyone who uses/loves/wants to defend Linux. And these folks are all over the world. Hell, it was started by a Finn (Linus…).
  • While it’s true that SCO’s (many) lawsuits focus on US companies/users, there is no reason to expect it to end there. SCO has indicated it may go overseas to sue, as well. No on is safe.
  • All lawsuits are not equal. If SCO somehow managed to win this one against IBM, for example, the precedent set would ripple around the globe. And it would directly damage one of the largest tech companies in the world
  • Frankly, the SCO suit is more of a nuisance (or tragicomedy) for people like me – who have home boxes running Linux but no business plans that are dependent on it as it currently exists (OSS). Ditto for the folks in Russia/Denmark/Brazil and so on. Yet I’m still steamed at SCO – so might a (more talented) programmer in this or any other country. Again, Linux is global. Any attack – in whatever country – on Linux manifests itself in some manner as a global attack. That’s the reality; get over it. So a lone OSS dude in Russia could well be holding a grudge against SCO. Why is that so unthinkable?

Let’s keep hoping that it wasn’t an OSS fan that did this, but the virus originating in Russia does little to in any way prove that the author was or wasn’t just holding a grudge against SCO for it’s anti-Linux tactics.

You just can’t say.

So there is nothing to apologize for. Just as there is no reason for people to claim that the virus was the work of a disgruntled OSS developer.

Overall, I’m very disappointed in the OSS reaction to this latest, Mother Russia, development of the myDoom virus. I thought we were bigger than that.

*sigh* I guess Linux is growing up…

The biggest disappointment, to me, is Groklaw’s jumping on (helping create?) this bandwagon. This is a site that is the SCO anti-FUD. It’s dedicated to – and has done an exceptional job of – cutting though the SCO/MS FUD and giving the fact and gathering information in a practiced, deliberate manner.

Just as SCO saying that they have identified infringing code in Linux, figuring that the virus originated in Russia proves nothing.

Send Lawyers, Guns and Money…

I’ll bet the scientists and technologists slaving away in the early days of DARPA and at CERN never realized the bonanza this new-fangled Internet thingee would bring: Yes, lawsuits.

Now, I understand that – after football and overeating – litigation is The American Pastime. Yet it seems that, even for Americans, the tech industry is lawsuit happy.

Maybe it’s just because I’m closer to this industry than others, but I doubt it: This is my third career, and my previous one was as a journalist for trade publications, where each new job required learning a new industry. And – as a journalist – litigation was, of course, something compelling to write about.

Yet I don’t recall the flurry of legal action like I see every day in the tech industry. What the hell is going on? Is it just that the concept of bits vs. atoms (digital delivery vs. packaged products) is disrupting established industries, is it the way the patent department hands out software patents – unheard of only a couple of decades ago – like they were spitting out candy from a Pez dispenser, or what?

Look at some of the high/low lights of recent days/months:

  • Everyone is suing Microsoft, including the distasteful Eolas case.
  • SCO is suing everyone – they’ve abandoned their mission as a software/services company and turned into a full-time litigation factory. On the flip side, others have sued (RedHat) or are considering litigation against SCO.
  • The RIAA continues to file lawsuits againt file sharers, this time as “John Doe” cases.

And somehow I think it’s going to get worse before it gets better. I’m not a fan of this.

Why Linux Matters

READING:
Plainsong
Kent Haruf

Haruf’s book was nominated for a National Book award, but the book – while well done and an interesting read – doesn’t do anything special for me. Weaving together the disparate lives of a half-dozen or so inhabitants of a small agrarian Colorado community, the story never meshes enough to make it compelling.

All books

I devoted an earlier entry to Why Microsoft Stil Matters; this is the flip side I had planned on writing immediately afterwards, but just didn’t get to. Linus won’t mind the delay.

By Linux, I mean the product of Linux Torvalds and his minions. Much of what I say can also apply to Unix products – actual Unix products (AIX, Solaris) or, like Linux, non-certified Unix-like products, which includes MS-DOS (!). The emphasis on on Linux itself, but the generalizations are of Unix-like products, which I will refer to as Unix for the sake of simplicity.

Also, this list will, in many ways, compare/contrast Linux to Microsoft. This is only natural, as MS is the 800-pound gorilla, the yardstick against which one must compare other similar products or processes. But this does not means that it’s Linux or MS – as Linux has taught us, something can come out of nowhere and give any given gorilla a run for its money (figuratively and literally).

Without any further ado, some reasons that Linux matters:

  • Software is becoming a commodity: Microsoft has seen this coming, which is one of the reasons it attempts to lock users in with proprietary tools/code. However, like the file-sharing issues that are keeping record-company execs and movie moguls up at night, the reality is that there is a shift away from centralization to ubiquity. This has profound influences on Microsoft’s model, for example, and favors the work of Linux, which is so strongly decentralized. At the same time, this commodity nature means that software must be portable, so it can be embedded in the next widgit that comes along. Linux is perfect for this; MS’s offerings are not.
  • Linux has grown up: We’re finally at the stage where even Linus says that this year – 2004 – Linux will start to become desktop ready. Additionally, thanks to the support of companies such as IBM and Novell, Linux has moved from old 386 boxes to multi-processor supercomputers. The support of the traditional companies, such as IBM and HP, also means that it is easier to get Linux into the workplace. Before, the geeks would just sneak it in under the radar: The company intranet was run as a LAMP deployment, but the CEO would swear the company was an all MS house.
  • Linux is transparent: You can see and modify the code. Thus, you – a company/devloper – can work with the OS’s hooks to create new apps/tools. With Apple or MS, there is a complex series of contracts, cross-patent licensing and other non-computer work that all but guarantees a lack of product launch.
  • Unix is scriptable; MS is not: This is potentially my biggest gripe with MS products: While a limited amount of scripting is possible (batch files, the scheduler and so on), it does not have the robust scripting cababilities of Unix. In an age where computers have come out of the clean rooms and are on every desk doing every imaginable task, a strong toolkit is a time-saver. While MS makes great tools and allows – through easy-to-use GUI tools and wizards – some control, Unix scripting tools (crontab, tar, piping) allow a user with a little bit of experience to automate menial tasks. The best example I can think of is a simple back-up: Ask the average user how to do this on Window. Huh?? On Linux, a small script with tar and zip and move it to a backup directory/machine. Set the script via the crontab and never worry about it again. Also, MS’s scheduling is strange: I have several tasks on SQL Server running every day. Yet they don’t show up in the master scheduler; you have to know that the task is scheduled (and detailed/editable) in SQL Server. Ouch.
  • The SCO Fiasco: While there is an obvious strong negative to the SCO Group suing everyone and their mothers over Linux (follow the almost daily lunacy on Groklaw) – it makes the wary shy away from Linux – there are a few strong positives to come out of this (ongoing) mess:

    • It’s pulled the software community together. With the exception of Sun, MS and – to a degree – HP, everyone is pulling together on the side of Linux. And much is done without the often-counterproductive Slashdot-type efforts/remarks.
    • No publicity is bad publicity. Witness the surge in SCO’s stock even today over a year ago’s levels, even as SCO is getting discredited. On the other side of the public courtroom, Linux is getting plastered into every news story. Never heard about/know much about Linux before? Now you do, and – guess what? – you’re getting interested in what it can do…
    • SCO would not sue to win … nothing. Much like MS beginning to attack Linux, the SCO Group’s lawsuit legitimizes Linux to a degree: If it wasn’t of any value, why sue? But there is high perceived value. That helps Linux in that respect.

  • Linux is extensible: This is a reinforcement of some earlier points, but bears the emphasis. Because Linux is open, it can be easily extended. This means that more products will be made with/for it, and the base product improved in unexpected ways. While this lower barrier to entry will mean that a lot of dross will be created (witness the abandoned projects at Sourceforge.net), it will also open door that – in a MS-centric world – would not otherwise happen. In a MS-centric world, projects have to be approved by committee, with extensive research and so on, so the products are a lock to be winners: Like MS Bob and Clippy…
  • Linux is not designed to make money: Yeah, this one drives the Microsofties crazy. But I see Linux much like the Internet: It’s a tool to do other stuff. Imagine if the Internet had been heavily regulated, taxed and so on. We’d never have Amazon, online banking and reservations, blogs and more. Linux works the same way – it’s an open system that allows you to leverage it in the way you want, which just may be for-profit tool/service (think Google and their thousands of Linux boxes..).

Sure, this is an incomplete list – all such lists are. I didn’t even mention how – now that more and more tasks are getting computerized (and potentially exposed to the Internet), security is a real issue, as is stability. Linux has them; MS doesn’t.

And so on.

Pick your tool; make the most of it. Both Linux and MS matter; however, the balance of power is shifting toward – toward, not to – Linux. I don’t see this changing in the near future; I actually expect this trend to accelerate.

Technology Predictor Success Matrix

I wrote several days ago about a great series Tim Bray has going on his blog, which builds/evaluates a Technology Predictor Success Matrix.

Please read the series – it’s worth it – but it’s worth noting that the predictor that seemed to hold up best for a variety of technologies was the 80/20 Point: This is the point where you’re enjoying (roughly) 80 percent of the benefits after only 20 percent of the work.

While an imperfect indicator, it was the strongest of all Bray examined.

Thoughts?

More List Warm Fuzzies

I’ve spent a good part of the last couple of days creating the code and populating the List of Lists pages.

It’s been fun, and a learning experience.

The last code enhancement is to dynamically create a pulldown (onChange) menu that will take one to whatever page is selected – remember, these are static pages that are written out. Pretty cool, and – really – not that hard to do.

It’s been fun to fill out the lists (this will always be a work in process); I’d forgotten some of the books that I pulled off the shelf to garner info for; damn, I need more time to read!

People Love Lists

I’ve added a new feature to this blog – a List of Lists.

Basically, it’s a list of movies, books and so on that I find good (or bad, as the case may be).

What’s the point?

Well, there is no point. Just something I was curious to do. Lists such as this are telling: A few items in a handful of categories and you can get a pretty good idea of an individual.

  • Conservative vs. Liberal – Likes Sontag or the movie The War Room, probably liberal. Rates Michael Moore’s books/movies/TV as overrated crap – probably conservative.
  • Intellectual vs. Not – Lots of foreign movies? Loves NPR? Probably an intellectual (Note: Intellectual != intelligence; it can equal pretentious). Dude, Where’s My Car? or anything with Chris Farley on favorite movie list? Probably not an intellectual.
  • Techie vs. Not – Has a Computer Book or Web Sites category? Techie. Lists “the Internet/Web/e-mail” as overrated or annoying. Probably not.

This list is a work in progress; items/categories are not carved in stone (in bits, ya know?).

Another tool – PHP/mySQL back end, which pushes static pages to the front end (this site) – developed.

The Napsterization of Blogs

Sometime around the turn of this young century, a little, relatively unknown application/Web site changed everything forever: Napster. I refer to the original Napster, not the new, pale [and legal] imitation.

Napster was a killer app in more ways than one: Not only did it make the site – and, by extension, Internet access/smarts (preferably broadband access) – a must-see/must-know/must-use, but it struck the first, decisive blow in what will be seen the end of the RIAA’s current business model.

The latter was unintentional – or, at least, not the anticipated effect, collateral or otherwise.

And while the RIAA – and, next in line, the MPAA – haven’t yet really managed to steer their business carts in a different direction, the road has moved: They just don’t want to acknowledge this reality.

History, however, will see Napster as the begin of the end of the old intellectual property systems.

So what does this have to do with blogs?

Well, Napster changed the way end users interacted with music, as well. And, again, we are in a transitional phase for consumers, as well as for vendors.

Whereas before we overwhelmingly purchased LPs and then CDs, today the move is toward purchasing a song at a time. Some artists have resisted this move, and – for sites such as Apple’s iTunes – only permit full-album downloads, but they are in a minority and soon, I predict, this will go the way of the LP.

While the ability to pick and choose – instead of getting a whole album is compelling, there is a downside for the consumer: The consumers loses the cohesiveness of an album, the way a songwriter/singer meant the songs to be told. For many albums this is not that big a deal; for albums such as Pink Floyd’s “The Wall,” it destroys a carefully orchestrated composition.

The consumer also loses exposure to the unpopular (i.e, not in rotation on the radio) songs, yet many times I’ve purchased a CD for one song and ended up liking the entire CD or another song or two much more than the reason-to-purchase song.

Art and lyrics are also lost with online purchase – I keep waiting for iTunes and Rhapsody to add PDF downloads of the CD art/lyrics with the song. Could be a differentiator, if nothing else.

Again, what does this have to do with blogs?

To me, what Napster was to the shrink-wrapped CD, RSS is to blogs.

It’s changing the way people view blogs.

Take the example of Robert Scoble: He claims to scan roughly 600 blogs a day. Think he could do that with a browser?

No way!

He uses an aggregator, so he can scan his blog list (600+ blogs…), see the headlines of new stuff, click through to either the site or RSS teaser/full copy from there (I’m not sure what he does).

OK, but that eliminates many/all visits to sites: And like sampling the obscure songs on a CD, visiting a site shows you material that’s not in the “compelling material” (the blog entry, which equates to the song you purchased the CD for).

For example, on my site, I have a rotating Picture of the Day, with links to a full gallery. Other sites have this, side-channel elements describing books they’ve read, people they read, things such as that.

In an aggregator, that stuff in invisible. You’ll never know it’s there. You won’t miss it, but – like that great song that they never play on the radio – you’ll be poorer for missing it.

And what of those folks who put a lot of time and effort into making the blog a compelling visual experience? You know, where – from across the room – you can look at a distant screen and say, “Oh, I see you’re reading [blog]!” All the CSS tricks, the nice graphics, the DHTML widgets. You’ll miss them, as well – and they are often visual clues that give an insight into the blogger’s point of view, their sensibility (examples: Gnome-Girl, Joi Ito, Kottke)

I’m not saying that there is anything wrong with this: As with the Napsterization of music, the Napsterization of blogs merely changes the way people interact with blog – for good and bad.

The good is that more blogs can be accesses more easily, and with tools like OPML, more blogs can be linked/discovered. Additionally, the extensions to RSS – be it RSS 2.0, Atom or whatever – are moving to incorporate more information that may – after some shake out – offer an even better feed of blog data to aggregators. (RSS! It’s not just for blog entry anymore!)

The bad is the reasons I’ve mentioned: Missing ancillary blog material, missing the whole “feel” of a site (and you’re left with only the words, which sometimes is not the whole picture).

It’s getting the meat without the potatoes. More meat, to be sure, but not necessarily a balanced meal.

That’s what Napsterization has to do with blogs.

Yes, It Must Be Monday

Why would I say “Yes, it must be Monday”?

My car battery is dead – and I mean dead: no lights, not radio, no horn, no “click” when you try to start.

I haven’t used it for over a week (used the girlfriend’s, who was out of town on business), and apparently my trunk was popped (just a crack, so I didn’t see it). I guess that was enough to – over the course of a week – to drain the battery.

Was cold during this period, as well, so that helped (not!)…

Monday Monday….