Linux Solutions

Linux is fast becoming the word on everyone’s lips. Well not just Linux, but more the world of open source that has slowly slid its way into the minds of technology developers and tech-loving consumers.

Netbooks are going to be the biggest cause for excitement amongst users. Garntner, has made the bold prediction that around 8 million of the tiny systems will be sold next year, with an estimated – and totally unbelievable – 50 million sales by 2012. Currently netbooks come pre-loaded with a copy of Windows XP, but as Microsoft say they are stopping XP installations in June 2010. The problem for Microsoft is that Netbooks run on low-power chips and cheaper hardware, meaning that installing Windows Vista would pretty much grind a Netbook to a halt.

So you’ll not be surprised to know that Ubuntu distributors Canonical Ltd have been getting cosy with processor maker ARM to design a Linux version that will suit the netbooks lightweight features. For anyone who isn’t aware, ARM are the guys who designed the processor for the Google G1 Android phone. Netbooks can currently run versions of Linux but they haven’t really been designed as ‘web-only’ yet. Generally they appear as bare-bones operating systems, with a basic interface, which does not sit well with customers who just want it to look pretty as well as being functional. ARM and Canonical’s aim is to, ahem, sex up the Linux version for the average punter to enjoy.

Handheld systems are getting the biggest push right now. Palm has been hinting that is set to launch its new platform at the Consumer Electronics Show in January. Their new release will be aimed squarely at the users of Blackberry and iPhone, and many analysts believe that a Linux-based operating system is what we will see from the company who are struggling in a competitive industry.

It seems that the tide is turning as open source acceptance begins to show its real worth. Consumers are finding themselves using the technology more and more - and a lot of the time they don’t even realise it. The next few months will certainly be very interesting to watch, and I can’t help be excited about what ARM and Canonical come up with.

An interesting story has emerged today regarding one Russian man’s attempt to lay claim to emoticons – a series of punctuation marks used to convey an emotion in a text message.

The Russian, entrepreneur Oleg Teterin claims that he was granted the trademark for the [;-)] emoticon by the Russian federal patent agency, however critics have been keen to point out that emoticons have been used in the public domain for many years now, putting a dampener on Teterin’s claim.

Mr Teterin says he will chase down any firms that are using the emoticon without his permission. He ranted on Russian television channel NTV, frothing at the mouth presumably, “I want to highlight that this is only directed at corporations, companies that are trying to make a profit without the permission of the trademark holder.”

Local newspaper Kommersant wrote that he said that companies could legally use the emoticon after “buying an annual licence from us,” referring to his company Superfone, who currently sell advertising on mobile phones, but he also says that it won’t cost too much, just “tens of thousands of dollars”.

Luckily for you and me, we won’t have to worry about using the symbols in our texts as he’s only targeting large companies. He claims that other similar symbols that resemble the one he has trademarked fall under his ownership meaning that there will be none of this [:-)] none of this [:)] and most certainly none of this [;)]

Most observers have seen through his mad-cap plan, believing that it is just a gimmick or publicity stunt. For example, in one of the best quotes I’ve ever heard, Nikita Sherman, president of Russian social networking site odnoklassniki.ru exclaimed: “You’re not likely to find any retards in Russia who’ll pay Superfone for the use of emoticons”.

Some company directors have laughed Teterin’s claims off, saying that they will not pay for emoticons on principle, like Vvmpelkom director Alexander Malis who suggested jokingly that he should patent brackets.

According to the media in Russia, Mr Teterin is not the first person to try to stake a claim on the symbols. Kommersant said that in 2005 a St Petersburg court upheld an appeal from German outfit Siemens, who were ‘under threat’ from an equally as insane Russian over the [;-)] symbol.

The world, it would seem, has gone mad after all.

I swear that this should be my last story about browsers before Christmas…

A password security test by Chapin Information Services, a security consultancy, has found that Google’s much complained about Chrome browser has tied in joint LAST place with the Safari browser.

In all 21 security tests were carried out on the browsers – which worryingly none of did particularly well.

Joint winner (?) of the tests was Firefox 3.0.4 and Opera 9.62 who both scored a terribly lame 7 out of 21, in an absolutely pathetic bunch of scores. Internet Explorer 7 fared much worse, with just 5 out of 21. Lagging way behind in the scores were Safari 3.2 for Windows and Google Chrome who both past a paltry two out of 21.

The tests measured how well browsers protected passwords and other details saved by users from phishing schemes and hackers. The security team inspected each of the browsers security architecture to find whether there were any noticeable flaws or vulnerabilities that hackers could use to steal a web users data.

Google Chrome seems to have felt the brunt of the security team’s tests after they pointed out three major flaws in the browsers security that were reportedly present in the beta, and were still present in the final version.

Chapin claims that Chrome fails to check the location of the password requests or the where they actually end up. In addition to this, invisible form elements can trigger password management functions in the browser without a user approving there information being filled in.

Richard Chapin, the company’s founder said, “These three problems, combined with seventeen others so far identified in Chrome’s password manager, form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity.”

Chapin highlighted that Opera had the best level of performance of all the browsers tested at withstanding this type of attack. Mr Chapin says that he actually discovered a similar vulnerability in Firefox version 2 a couple of years back: “The Password Manager component of Firefox can be exploited to send a username and password combination to an attacker’s computer without the user’s knowledge,” they warned

Chapin’s tests are quite an eye opener, but as a person who doesn’t trust putting all my password in my browser anyway I don’t think I have to worry, that being said, I know a few people who are too lazy to manually type passwords in, and I reckon there is a lot more.

On a bizarre side-note, Google’s Chrome was the only browser to pass one test: “not filling in a form when auto-complete is set to off”.

FSF (the Free Software Foundation), the organisation behind the GPL open source licence, has decided to file a lawsuit against Cisco for copyright infringement, demanding an injunction against the networking company.

The FSF filed the suit yesterday at a Federal court in New York, alleging the Cisco’s Linksys consumer network equipment divisions have violated the terms of the license of programs of which the FSF holds the copyright. According to the FSF the two companies have been working together since 2003 to ensure that licensing rules are adhered to.

The FSF claim that Cisco has been distributing public copies of firmware that contains the FSF’s programs “without providing complete and corresponding source code or an offer for source code as required by the Licenses,” since May 2006, listing 13 Linksys products as the culprits.

The organisation would like the courts to stop Cisco from distributing the 13 products and are demanding damages. As well as this, the organisation wants Cisco to turn over any profits made from the products.

Licensing compliance engineer at the FSF, Brett Smith, said the organisation wants Cisco to comply with all the relevant free software licences throughout their product range, and has also requested that the company appoints a free software compliance officer that would be responsible for making sure Cisco remain compliant after this case is resolved.

Cisco have responded to the lawsuit with a statement that says the company is disappointed about the FSF’s accusations, claiming that its takes its free software obligations seriously:

“We are currently reviewing the issues raised in the suit but believe we are substantially in compliance. We have always worked very closely with the FSF and hope to reach a resolution agreeable to the company and the foundation.”

Cisco acquired Linksys back in 2003 for around $50 million, but there acquisition came with an open source problem in the Linksys WRT54G wireless “G” network router. The problems with the device stemmed from the fact the router used open source software, but they never released the software to end users – a requirement of the FSF’s open source license.

Smith said cried foul of Cisco’s non-compliance: “It’s not difficult to find ’source code’ on the Linksys site,” he said. “But you only have to dig a little deeper to find the problems. Those source code downloads are often incomplete or out-of-date. Cisco also provides written offers for source, but we regularly hear about requests going unfulfilled.”

“We also have serious reservations about their ability to ensure that they comply with relevant free software licenses in the future,” Smith added. “Addressing these issues is every bit as important as fixing the existing violations, but in our discussions Cisco seemed uninterested in doing so.”

Google’s not so quietly released beta of its Chrome browser is over, as the new version sheds its newbie skin and steps in to the light. The search giants vice president Marissa Mayer spilled the beans to Michael Arrington at LeWeb 2008, saying that the open source, browser which hit the ‘shelves’ over three months ago is due to be given its full release soon.

Google revealed that they are responding to demand for the browser from customers including OEMs. Whether the browser will be given a full release is uncertain, and the company has a habit of keeping its products in beta form for a long time – presumably that mistakes can be brushed over with the excuse – “ah, but its just the beta”.

Although the browser will run on both Windows and Linux-based systems, the Mac version of the browser remains elusive. And according to the reports, the browser is far from completion.

Also, in related news Google announced an early developer release of Native Client earlier this week that consists of a runtime, a browser plugin, and a set of GCC-based completion tools.

Native Client has the task of running native code from web-based applications on x86 Widows, Linux and Mac. The company revealed the Native Client on Monday for testing by the open source community, and want them to challenge the usability and security of the browser.

The company has proposed a ‘two sandboxes’ system, which are called the inner and outer sandboxes, which prevents untrusted modules from the web spreading throughout your system. Google’s model sees application calls made by using ptrace in Linux and Mac OS X. Access control lists have been proposed for Native Client on Windows.

Native Client wants code from web-based applications such as photo sharing and editing to run natively on you x86 machine.

Brad Chen, with Google’s Native Client Team, said: “For example, imagine that you run a photo-sharing website and want to let your users touch up their photos without leaving your site. Today, you could provide this feature using a combination of JavaScript and server side processing.”

“This approach, however, would cause huge amounts of image data to be transferred between browser and the server, leading to an experience that would probably be painfully slow for users who just want to make a few simple changes. With the ability to seamlessly run native code on the user’s machine, you could instead perform the actual image processing on the desktop CPU, resulting in a much more responsive application by minimizing data transfer and latency,” he added

Google is keen to ensure that application like this are “browser neutral”, allowing application and content creators to build their applications without having to work around browser compatibility issues that are rampant at the moment.

Some people have noted that Google’s Native Client looks to be a challenge by the company against Microsoft’s Windows desktop. But should Microsoft be worried?

All things considered, Native Client could provide more options for Windows-application developers that are keen to put their software online and freeing themselves from the desktop and allowing them to not be tied to Microsoft’s Silverlight browser-based plugin for video and audio. How far are Microsoft willing to work with Google making its Windows API’s open and available to the sandbox architecture.

Mozilla, creator of the world’s second most popular browser – Firefox, has released the second beta for the upcoming Firefox 3.1 browser to testers on Monday. This new release arrives hot on the heels of the last beta, released 7 weeks ago. The browser is available in 54 languages, Firefox 3.1 beta 2 includes some major changes compared to previous versions according to Mike Beltzner, who is involved in the development of Firefox.

“It’s not even been six months since we released Firefox 3 but what we’ve noticed is that the Web continues to move really, really quickly, and so do we. So, even before the release of Firefox 3, we’d already been working on what will become the next release of Firefox and when we took stock a couple of months after the release, we realized that we’ve done a couple of really, really impressive and incredible things,” he said

Beltzner said that the biggest difference to the browser is the improvement in speed. Firefox 2 was fast, Firefox 3 was faster and 3.1 looks to have the same sort of improvement, he claims.

“We’re going to be shipping a new Javascript engine called ‘TraceMonkey’ that’s going to really improve the performance of the browser, especially for Web applications, but overall throughout the Web you should start feeling once again a browser even faster than Firefox 3. The idea was instead of waiting for a long release cycle we’d make sure we got some of these improvements into the hands of users as soon as possible,” he said excitedly.

The introduction of “Private Browsing Mode”, more affectionately known as Pr0n Mode, allows users to browse the internet without leaving a trail of breadcrumbs behind them.

“[Firefox beta 3.1] has a more granular set of history deletion tools. It used to be that if you wanted to clear the history of your browser it was an all-or-nothing affair. Now you can say, ‘You know what, just erase the last couple hours of browsing history,’ or even ‘I want all traces of this particular Web site erased,’” Bletzner spelled out to LinuxInsider (who get all the best interviews).

As well as TraceMonkey, Mozilla has included some other notable enhancements, Beltzner said. Web Worker Thread is a technology layer improvement that allows developers to move some of the heavy processing of their sites away from the browser, reducing the weight on the browser, and improving performance. Other changes include improved Web Rendering support, added support for Acid3 and CSS properties, as well as the completion of the HTML 5 offline specifications. Results from the previous beta have seen Mozilla remove the irritating tap-switching and preview problems, which is great to see.

How the new browser will fare against the new Internet Explorer will be interesting to see. Comparisons have already been drawn between the Pr0n Mode and IE 8’s InPrivate function. And with the beta testers in full swing by now, Mozilla need to make sure everything works perfect if they want to lure people off of the world’s worst browser – Internet Explorer. What? You didn’t expect an impartial article on a Linux blog did you?

Google have released a SIM and hardware-unlocked G1 handset specifically for developers that are normally available on the T-Mobile network with a copy of Google’s Android operating system installed.

Google spoke about the handset on its Android website: “The device ships with a system image that is fully compatible with Android 1.0, so you can rely on it when developing your applications. You can use any SIM in the device and can flash custom Android builds that will work with the unlocked bootloader.”

The handset’s obviously aimed squarely at the developer mob, however non-tech savvy phone lovers could easily get there hands on one for $399 plus a $25 fee to join the Google Android developer’s club, however Google is limiting sales to one-per-user.

Avi Greengart, research director of mobile devices for Current Analysis spoke with Linux magazine, LinuxInsider:

“It is possible that a consumer who really wants an Android phone today, but lives in an area outside T-Mobile’s coverage area, would want to pick one of these up.

“But you need to register as a developer first, so you’re jumping through a few hoops. More importantly, it allows programmers and weekend hackers to write Android applications and run them on a real device - the SDK (software development kit) and an emulator have been online for months now - without having to sign up for a contract and a data plan,” he added.

Google has made it clear that if you are not sure what you are doing with the hardware then you should maybe steer clear: “Since the devices can be configured with system software not provided by or supported by Google or any other company, end users operate these devices at their own risk,” Google notes.

Android and Android-based handsets are likely to change beyond all recognition over the next few years and developer as well as customers will be hopeful that this is not the last time Google lets us play with everything.

“I don’t think Android plays by different rules from other mobile operating systems - it will benefit from a variety of devices, form factors, vendors, and carriers. It’s still a very young OS, and I wasn’t expecting more than just the single HTC handset out before the end of the year,” Greengart said.

The Android Developer phone is to be made available in 18 countries around the world, throughout Europe, Asia and Australia and of course, the US.

A new Trojan that has the ability to tamper with multiple devices on a local network has been found by security researchers. The malware send users to impostor websites even if the machines are fully security shielded, or run non-Windows operating systems.

The malware is a spin off of the DNSChanger Trojan that researchers say is known to change the domain name settings of users’ systems. Researchers from the McAfee Avert Labs, claim the updated Trojan makes a single infected system pollute the DNS settings of however many computers are connected to the same local network by undermining its dynamic host configuration protocol, or DHCP, which dynamically allocates IP addresses.

Craig Schmugar from McAfee said that, “Systems that are not infected with the malware can still have the payload of communicating with the rogue DNS servers delivered to them. This is achieved without exploiting any security vulnerability.”

This Trojan is quite frightening. Imagine if you were to take your laptop to an internet café for example and it is infected by the new version of DNSChanger.

Another user comes in and connects to the same network, asking for an IP address. Your infected laptop injects as DHCP offer command that instructs the new user’s laptop to rout all DNS requests through a dodgy DNS server. The new user can not use his laptop to view trusted sites, as it would be an impostor site.

A user could take steps to avoid the Trojan. Schmugar suggests hard-coding a DNS server in a systems configuration settings. You can do this on a windows C or laptop by going in to your network connections (in control panel), scrolling down to Internet Protocol (TCP/IP) and clicking properties, then type in the primary and secondary for your DNS service.

Schmugar said that “the DHCP attack doesn’t exploit a vulnerability in either users machines or network hardware”, which allows it to work with a wide variety of everyday home routers. The Trojan uses a ndisprot.sys driver installed on the network. Then it sets up camp and monitors network traffic for DHCP requests and sends false information that contains the IP address to the DNS server.

Although the malware is not widespread, it is rather worrying that this kind of Trojan is on the horizon, and you could only imagine the chaos that would ensue if this got in to a large corporations network.

The upcoming Internet Explorer 8 from Microsoft is to feature a user-created list of websites that aren’t “compatible” with the browser, after trials found that some major websites don’t display properly.

The browser is to aim its list at users that the company feel are not net experts. By agreeing to use the list with IE8 users will be able to view their chosen sites without IE8 breaking them.

Microsoft will compile the list, which is to be based on customer feedback data. To make the list, the website must be “global high-volume sites”, which means ones like bbc.co.uk, Facebook and Myspace. Microsoft’s program manager Scott Dickens wrote on his blog that the company will determine high volume sites on a “market-by-market basis”.

Microsoft said it will contact sites on the list to let the webmasters know that because of IE8’s awful faults – their website experience will be ruined. That’s nice of them. The company will however, tell the webmaster how to do his job and instruct him on making his site compatible. When this happens, the site can be removed from the faulty list.

IE8 Beta has rendered millions of web pages and sites un-viewable because the company has made the first browser that is “standards-compliant”. Much of the Web 2.0 phenomenon will be left in tatters, as IE users perform the upgrade.

But fear not, Microsoft have attempted to soften the blow by allowing users to view a website in two different ways: Default and ‘Compatibility view’. Default uses standards such as CSS 2.1 and HTML 5.0, whereas compatibility view lets users switch to the old standards mode.

The browser comes equipped with a ‘broken website’ button that should be pressed if compatibility issues arise. The problem for Microsoft is that users testing the beta just want to open the browser and view the website. The company noticed that the majority of those non-web-savvy people were not clicking the button like they had hoped, although defended itself with the comforting thought that technologically minded users were happy to use the button.

To add to the chaos that will no doubt ensue, a number of sites have ignored Microsoft’s request to pour man-hours and effort in to making their sites IE8 compatible. And quite right.

Microsoft want hundreds of high traffic sites to test everything with the default standards mode, or to add an HTTP header on the site to instruct IE8 to view the site in compatible mode. Dickens said that the BBC, CNN, Facebook and Myspace still don’t work, and don’t look willing to budge.

What do Microsoft insist on the world revolving around them, and What will be the implications if some of the big sites stand their ground? I for one can’t wait to see what happens.

It seems that those pesky kids are up to know good once more. A band of scam artists have targeted the popular Firefox browser from Mozilla with a Trojan that activates on start-up of the browser and steals any username and passwords a user types in.

The password thieving piece of software is built in to a Firefox plug-in, according to BitDefender, a security firm based in Romania. The Trojan, ChromeInject-A is downloaded onto a Windows PC, that already has malware and spyware issues.

Once the file has burrowed its way on to the users hard drive, it lies in wait until the user opens Firefox. The malicious code looks for data exchanged between an infected machine an a list of pre-programmed banking sites across Europe, America and Australia.

As if you haven’t guessed by now, the virus is of Russian origin. All the stolen details get fed back to a server located in the country.

So far BitDefender say that confirmed incidents of the malware’s success are “very low”, so that attack is not classed as especially serious. It is worth noting however that the concept of this type of virus is very clever indeed. Latching on to the rising popularity of a browser, that allows user built software to be downloaded as a plug-in is novel, and Firefox had best be on high alert – even if this one has had little impact.

Attacks like this are certainly not unheard of. Just two years ago Firefox found itself with a dodgy plug-in that included the malware FormSpy, but it was caught out before any major damage was caused.

In related Firefox news, Amazon – the nets most popular retailer – hailed the arrival of its long awaited MP3 download service, but a group of code monkeys had something else to announce – the arrival of a Firefox plug-in that linked the company to PirateBay.

The Amazon Service sells albums from £3, and individual tracks for just 59p. However the plug-in form the coders allows you to browse the Amazon download store, and then download the songs for free – not including the cost of your connection.

The extension was not deliberate according to the designers:

“We are not affiliated with The Pirate Bay, and do not host or even link to any illegal content,” they wrote.

“This artistic project addresses the topic of current media distribution models vs. current culture and technical possibilities,” the creators said to TorrentFreak.

The plug-in claims to work on all of Amazons products, not just MP3s. The site was down for a period with the message: “The Ship was hit. We’re offline”

Users can use the add-on on any Amazon page, and a ‘download 4 free’ button sits on the toolbar. PirateBay claims to have 25 million peers.