Microsoft haven't been getting much good press lately. Shortly after the European Court upheld the ruling that the company had abused their dominant market position and fined them 497 million Euro, the Dutch Consumer Council advised users against moving to Vista after receiving more than 5,000 complaints in a month. (The original website site is here but if your Dutch is as good as mine, try this one.) Even long-time Microsoft advocates have abandoned the new operating system in disgust.

Last week the UK computer agency Becta advised schools not to sign licensing agreements with Microsoft because of fundamental concerns about academic licensing, Office 2007 and Vista. They've even complained to the UK Office of Fair Trading. "In a previous report, Becta said primary schools could typically save up to 50% and secondary schools more than 20% of their ICT costs if they switched to what is known as 'open source' software."

Vista may be Microsoft's last O/S. According to the technology pundit Robert X. Cringely, the future is the browser;


He wrote last week. And this week he writes about the coming cloud computing revolution and how we're all about to 0wned by Google;

Google's goal here is to help us, of course, but along the way the company will have marginalized most higher-end computing vendors, especially Microsoft. They will have also made us totally dependent on Google services in such a way that we'll never, ever, be able to extricate ourselves. We'll be slaves, but happy slaves, and Google will come to dominate all computing for the next generation.

Interesting times ahead, except perhaps for Microsoft shareholders.

Posted by Geoff Palmer at 6:35 AM | Permalink | Comments ( 4 )

If you're still using the WEP wireless protocol, please stop. It's not just been cracked, it's been shattered. Seriously.

In the old days -- that's like 2001 -- it was demonstrated that you could crack WEP by capturing and analysing between four and six million data packets. By 2004, improved techniques required between 500,000 and two million packets. And now it requires a mere 40-80,000 packets.

The latest crack comes from three cryptography researchers at the Technical University in Darmstadt, Germany who report;


But you'll need a supercomputer to process all that data, right? Nope.


There are now about a zillion sites out there for both Linux and Windows detailing the necessary steps to implement and execute this crack, including this YouTube video. (Pay attention to the PC's clock. The entire process takes just 9 minutes.)

So ditch WEP now! WPA is vastly more secure.

Posted by Geoff Palmer at 8:15 AM | Permalink | Comments ( 2 )

In Linux, you don't need to burn a CD or DVD image to a disc to take a look at its contents. Since "everything's a file", it's just a matter of mounting it.

ISO images -- from which CDs and DVDs are traditionally burnt -- are interesting (and useful!) because the don't just contain files but also the filesystem metadata. (That's stuff like boot code, filesystem structures and file attributes.) It means you can download a single file -- like the latest version Ubuntu -- and create an independently bootable operating system just by writing it to a disc.

So do you mount an ISO file?

mount -o loop  image_file.iso  /mnt/image

Simple as that!

(Of course you do need to be root to mount things. Ubuntu users should prefix that command with sudo. And you need a place to mount the image. I did that with the command mkdir /mnt/image -- also as root.)

Once it's mounted, you're free to browse it via any GUI-based browser.

ISOs are a brilliant way of backing things up. How? Again, it's really simple...

dd  if=/dev/hda1  of=/image_file.iso

where if indicates the input file and of the output file.

Note that dd requires a device address, not a directory. Imagine you're using a spare HDD for backups and have it mounted as /media/backups. A df -h lists it as...

Filesystem            Size  Used Avail Use% Mounted on 
/dev/hdb1              37G  177M   35G   1% /media/backups

Executing dd if=/media/backups of=backups.iso will return an error saying that /media/workspace is a directory. So execute dd if=/dev/hdb1 of=backups.iso instead. It'll work fine.

<--Previous Hidden Linux        Next Hidden Linux -->

Posted by Geoff Palmer at 11:47 AM | Permalink | Comments ( 1 )

Version 7.10 of the Ubuntu range hits the download servers today. Code-named "Gutsy Gibbon" it marks the 8th release of what is arguably the world's favourite flavour of Linux. It also marks Ubuntu's third anniversary. Their first release -- version 4.10 (release numbers are calculated as year.month) -- hit the servers in October 2004.

There's lots of new, updated and interesting stuff in this release. Check out these links depending on your passion; Ubuntu 7.10 Desktop, Kubuntu Desktop and Edubuntu, Ubuntu Server.

If you've never tried Linux before, I recommend Ubuntu. The forecast for the coming holiday weekend isn't great, so now's your chance to get acquainted. Here are the download sites;

• Ubuntu Desktop and Ubuntu Server
• Kubuntu
• Edubuntu
• Xubuntu

And if you're confused about the different flavours;

• As its name suggests, Ubuntu Server allows you to create and deploy a new server with any of the standard internet services such as mail, web, DNS, file serving or database management.
• Desktop users have a choice off regular Ubuntu (featuring the Gnome desktop manager) and Kubuntu (using the KDE desktop manager).
• Low-end PCs are catered for with Xubuntu (which uses the lightweight Xfce desktop manager).
• Edubuntu is perfect for kids and schools, designed specifically for educational deployment.

Posted by Geoff Palmer at 10:34 AM | Permalink | Comments ( 4 )

Local ISPs appear to be the target of the latest round of phishing emails. Recipients are asked to "verify" their account details by returning IDs and passwords along with other personal information, and even input the scrambled text of a security image.

As a phishing scam it's pretty clumsy. The English is bad, ("Verify Your Account now To Avoid It Closed"), they ask for distinctly non-Kiwi stuff like your Zip Code, and even though -- in my case -- the message appeared to come from "Customerservice@Paradise.net.nz", the return address is listed as customerserviceinfos@gmail.com.

On the other hand, it was an ostensible Paradise message targeted at a genuine Paradise user, and also incorporated Paradise logos. Some newcomers and email innocents may in fact be fooled. (If you have been, contact your ISP immediately, and at the very least change your password!)

It also contained one or two elements that suggest a degree of phishing sophistication, (no, I'm not going to be more specific). So in an effort to thwart the baddies, I filed a complaint with Google that one of their Gmail accounts was being abused. Hopefully they'll pull it before too much damage is done.

Have other local ISPs been targeted? Let me know. Post a comment.

Posted by Geoff Palmer at 9:17 PM | Permalink | Comments ( 2 )

Hot on the heels of this story about one million Chinese PCs succumbing to viruses last week comes a fascinating analysis of a viral nightmare called Storm that's thought to infect between one and 50 million computers worldwide. Although it's been around for a year, no one really knows the extent of its spread, and because of the way it's been designed, anti-virus companies "are pretty much powerless to do anything about it."

It seems the bad guys have learnt a lot of lessons from earlier worms. Storm is quiet. You're not likely to notice it because it doesn't cause any damage or a noticeable performance hit. "Like a parasite, it needs its host to be intact and healthy for its own survival." It also has a decidely 'biological' design; "Only a small fraction of infected hosts spread the worm. A much smaller fraction are... command-and-control servers. The rest stand by to receive orders. By only allowing a small number of hosts to propagate the virus and act as command-and-control servers, Storm is resilient against attack. Even if those hosts shut down, the network remains largely intact, and other hosts can take over those duties."

By using peer-to-peer networking instead of direct communication with a central server, and a payload that morphs every 30 minutes, it's very difficult to detect -- or track down who's behind it. Not that it seems to be doing much at the moment, other than delivering spam and attacking anti-spam sites. But once the infrastructure's there, what are we in for?

What's really creepy is that there doesn't seem to be a solution. "Redesigning the Microsoft Windows operating system would work, but that's ridiculous to even suggest."

Read more here.

Posted by Geoff Palmer at 4:13 PM | Permalink | Comments ( 2 )

With Telecom promising naked DSL by December, the broadband market looks set to (finally!) heat-up. But many users will find themselves trapped by their old email accounts. That's why you should start preparing now.

The problem's simple: wherever you are now you're almost certainly using an email address in the format username@current-ISP.co.nz. But what happens if you change Internet Service Providers? If you opt for Orcon over Xtra, for example? Or iHug over Telstra? It suddenly becomes a hassle because you need to warn everyone on your mailing list that you're now username@new-ISP.co.nz. If you run a small business that might also mean updating business cards, stationery, flyers and even advertising. And what then if, six months down the track, you're courted by even-newer-ISP.co.nz...?

The traditional solution is to use a free email account from the likes of Gmail, Hotmail or Mail.com, but they have their limitations. First, there are often some pretty onerous terms and conditions attached to their use -- Google's Gmail for example has three separate documents (1, 2, 3). Second, they're really popular which means it's really unlikely you'll snag a memorable mailbox name. (After all, who wants to be johnsmith63787@gmail.com?) Third, they don't look very professional. Free email accounts are often used by bogus businesses and Nigerian scammers. And finally, they can sometimes be tricky to integrate into non-Web-based email programs.

So what's the real solution? Simple. Buy your own domain name.

For around $1 a week you could own www.johnsmith.co.nz (still available at the time of writing). You don't have to build a website around it -- though of course you can if you want to. The important thing is that the johnsmith.co.nz domain name then belongs to you, and that means that any email sent to anything@johnsmith.co.nz will -- with a simple email redirection setting -- be forwarded to whichever ISP you happen to be using at the moment. If you change ISPs, just change the setting to point at your new one. It really is that simple.

There are other advantages too. You can put anything you like in front of the @ and the mail will still go to you. This can be used as a basis for filtering incoming mail. You might be known as jsmith@... to business contacts and jono@... to your friends, for example. Or you can set up multiple redirects so that mail addressed to NaggingWife@... goes to her-indoors' Xtra account, UnrulyTeen@... goes to the brat's Gmail account and MiserableSod@... goes to you.

You can even set up a cheapskate website on this basis. If your ISP offers free homepages (many still do but you have to ask for them to be activated), you can redirect www.yourdomain.co.nz to point to the homepage address and make it look like you have a proper stand-alone website.

Redirection -- whether it's to a website or email account -- is invisible to your users and correspondents.

So how do you set all this up? Visit a domain name registrar and see what they offer. The best local deal I've spotted so far comes from RegisterDirect where, for $59.95 a year, you can register a domain name and get unlimited mail forwarding. I'm sure readers will have other suggestions so check the Comments section below.

One final point: once you're set up, don't forget to change your return email address in the Account Settings section of your email package!

Posted by Geoff Palmer at 4:46 PM | Permalink | Comments ( 6 )

Eighteen months ago, in this very blog, I warned that legislation breaking up Telecom was hardly a cause for celebration. "Irrespective of the legislation, Telecom... [are] going to fight – even if they have little chance of winning. Why would they do that? Because every year's delay brings another billion dollars profit from the existing monopoly along with the possibility of political change." Last week they revealed the latest in those delaying tactics; the "naked DSL" debacle.

Naked DSL refers to broadband connections that aren't tied to telephone line rentals. From last week Telecom will allow them, but not to existing broadband customers and only at a connection rate of 50 customers per week split amongst competing providers. That means each of Telecom's competitors can sign up a heady five to ten new naked DSL'ers per week.

Orcon's retail manager Larrie Moore isn't impressed. "What is the point of launching a product that we can only sign up one or two customers a day on?" he said last Thursday.“The early adopters who are most likely to use this service already have broadband, and Telecom knows this. Not allowing existing broadband users to change to naked DSL is going to severely restrict the attractiveness of any proposition that we take to market.”

To put that 50-per-week in perspective, if naked DSL were extended to Telecom's existing broadband user base it would take around a century to convert everyone.

Telecom claim this restriction will be lifted within a month and that they're on track to deliver naked DSL to everyone by December. We'll see. Let's hope there are no last minute "technical difficulties". But let's take them at their word. That means the wide world of competing broadband is about to take off. You can start preparing for it now. I'll have a How To in a day or two. Watch this space...

Posted by Geoff Palmer at 8:23 AM | Permalink | Comments ( 3 )