Scientific Battlegrounds in Diets

There's an interesting article currently carried by the NYTimes (free reg. yada yada) that talks about the world of dieting, National Institutes of Health, Atkins as well as low-carb vs low-fat. The interesting thing, from a scientific perspective, is the sheer lack of study - and the reticence from the scientific community to question the party line.

Are Apple's OS X updates poisoned?

Are Apple's OS X updates poisoned?

OSX Runs on BSD: This is very important information for the Linux community, because it reveals another very serious security problem in the BSD kernel.

According to the BugTraq mailing list, a hacker named Russell Harding has posted full instructions online for how to fool Apple's SoftwareUpdate feature to allowing a hacker to install a backdoor on any Mac running OS X. A security mailing list has alerted Apple Computer OS X users to a program that could let a hacker piggyback malicious code on downloads from the company's SoftwareUpdate service.

The exploit takes advantage of SoftwareUpdate, Apple's software updating mechanism in OS X, which checks weekly for new updates from the company. According to Harding, who claims to have discovered the exploit, the feature downloads updates over the Web with no authentication and installs them on a system. So far, there are no patches available for this problem.

"Apple takes all security notifications seriously and is actively investigating this report," a company representative said.

Harding stressed that the exploit is a simple one if using several well-known techniques, including domain-name service (DNS) spoofing and DNS cache poisoning.

DNS spoofing is an attack where an individual seeks out a numerical IP (Internet Protocol) address (for example, 1.2.3.4) corresponding to a specific Internet address (for example, www.cnet.com), but an attacker's computer intercepts the request. The attacker then sends back a false IP address that corresponds to a hostile server.

DNS cache poisoning has similar results, but instead of intercepting a request for an IP address, the attacker uses a variety of techniques to replace the valid address in an official DNS server with an address pointing to the attacker's computer.

When SoftwareUpdate runs normally, a person's computer connects via HTTP to an Apple.com page and sends a simple request for an XML document containing the latest inventory of OS X software. The Apple.com site returns the document, which the person's computer then cross-checks against what it has installed.

After the check, OS X sends a list of software that needs to be updated to another page on Apple.com. If an update for the software is available, the SoftwareUpdate server responds with the location of the software, its size, and a brief description. If not, the server sends a blank page with the information, "No Updates."

On his Web site, Harding provides two programs that he says have been customized for carrying such an attack. One program listens for DNS queries for updates, and when it receives them replies with spoofed packets rerouting them to the attacker's computer.

The second program, which is downloaded onto a victim's Mac and masquerades as a security update, contains a copy of the encrypted communications program, Secure Shell.

Automatic updates of software--particularly operating system software--is a growing trend. Several Linux ( news - web sites) companies offer this feature for their distributions of the open-source operating system, and Microsoft recently launched a similar service called Microsoft Software Update Services.

ZDNet U.K.'s Matt Loney reported from London. News.com's Robert Lemos contributed to this report.

Re:Are Apple's OS X updates poisoned?

[Gumber]

Besides being completely off topic, this has nothing to do with a BSD kernel vulnerability. How, exactly, a BSD kernel vulnerability would be very important to the linux community is behind me, other than issues of sympathy.

Non-creative activities

[Voltronalpha]

Videogames for the most part are about reward for effort and penalty for failure. If you do anything on that bias you might find yourself being less creative, and thus dropping the activity in that part of the brain, I'm an artist and an avid gamer this irreversible line is a bunch of hooey.

When was the last timne a clinical study aimed to prove something was bad or good failed at doing so.

Open Source Failure

What Open Source Zealots Don't Get

The News Forge editorial, We can put an end to Word attachments [link via Camworld], by Richard Stallman of the Free Software Foundation, illustrates perfectly why the free software/open source movement is never going to penetrate the mainstream consumer consciousness.

Caveat: I like open source software. I like the concept and I support it. What I dislike is the zealotry of hardcore open source/free software advocates, like Stallman, and their total disregard for how consumers view and use software. These zealots are stuck in a dogma that is constructed from the viewpoint of someone who develops software, not from the viewpoint of consumers who use software for reasons other than developing more software (which constitute the vast majority). The zealots of open source/free software present the movesment as serving manking, but in fact they have an overwhelming tendency to ignore the needs of any user not like themselves. This essay isn't an anti-open source rant, nor is it flag-waving support of Microsoft's monopolistic practices. It is intended to be a pragmatic look at why open source hasn't lived up to the hype.

Stallman's point in his editorial is that people shouldn't send Word attachments via email. Much of Stallman's rhetoric is justifiable. In fact, I think it's not only counter-productive, but rude, to send Word attachments to people who use open source software incapable of reading a .doc file. I'm continually annoyed myself by people who send HTML mail, never mind the lunatics who use Microsoft Word as their text editor in Microsoft Outlook. Email is much more efficient as plain text. If Stallman had positioned his screed as "use the right tool for the right audience in the right medium" I would have been totally on board with him.

However, much of Stallman's rhetoric is the usual open source/free software wheel-spinning that shows little consideration for or understanding of the vast majority of computer users. This part of the second paragraph sticks out:
Most computer users use Microsoft Word. That is unfortunate for them, because Word is proprietary software, denying its users the freedom to study, change, copy, and redistribute it.
There are all kinds of problems with Stallman's rhetoric, but this is the most glaring and is the ultimate of example of What "Open Source Zealots Don't Get." Here's the underlying concept that the open source movement has continually failed to understand. Ready? Here it is:
Most computer users don't give a crap about studying or changing software.
Get it? 99.985% of Microsoft Word users have absolutely no desire to view -- never mind modify -- the source code of Word. Why would they? They don't know how to code! Nor do they want to learn! It's like asking them to re-design the shovel to make it more appropriate to their needs. Hey, sure maybe 0.015% of shovel-users customize their shovels, but most people use the tool off-the-shelf, as is.

Stallman is right that people would like to freely copy and distribute software, but this is where we run up against the dirty secret of open source: open source developers like to scratch their own itch. And, unfortunately, that attitude doesn't jive with creating consumer applications, so those consumer needs get left up to businesses that need to make money off their product to exist.

Open source developers tend to work on projects that solve their own problems (which usually revolve around building software and working with others who build software). That's why we have great open source operating systems, web servers, compilers, etc., but are severely lacking in open source office suites, graphics and design tools, games, etc. Independent open source developers don't come together to develop those kind of applications like they do to develop web servers, compilers, and databases because developers typically don't have a desperate need for those kinds of apps. No itch, so why scratch?

Yes, I know there are some alternatives out there (primarily because the zealots have this mistaken idea that Linux will compete with Windows and Macintosh for the consumer desktop). I know about KOffice, AbiWord, GNOME Office, OpenOffice, and Sun Microsystems StarOffice.The only competitive contender on that list is StarOffice, which, of course, started as a proprietary application. Sun Microsystem's CEO, Steve McNeally, acquired StarOffice and open sourced it purely to attempt to spite Microsoft; Bill Gates just laughed. The Gimp is a fine graphics program, but it doesn't measure up (especially running under Windows) to Adobe Photoshop, or even Jasc Paint Shop Pro. And where are the competitive open source competitors for Adobe's Illustrator, ImageReady, PageMaker, InDesign, Premier, AfterEffects, etc.? What open source app would professionals choose over Macromedia Dreamweaver, Fireworks, Freehand, Flash, Shockwave, Director, Authorware, etc? Answer: they don't exist.

Open source developers don't care enough about those applications to develop them, and they sure don't care enough to develop them for the non-open source platforms (e.g. Windows, Mac) that most of the world uses. The bottom line is...well, the bottom line. If consumers want these kinds of tools that are of interest to consumers, but not of use to the geeks who know programming languages, then the consumers are either going to have to learn to code themselves (ain't gonna happen; we all have other careers) or the consumer will need to pay to have someone else develop them.

The demands for these consumer apps gets filled by corporations who exercise proprietary control over their intellectual property in order to recoup the development costs, because the companies have to hire developers to scratch someone else's itch. And that proprietary control means patents and copyrights1, because to make money off a product you must, repeat MUST, control reproduction and redistribution. And businesses are about making money.

If anyone had been able to demonstrate a competitive, scalable business model for a company that develops open source software, then I might get on board. But even RedHat, the open source developer with probably the most solid foundation and best shot, is still hemorrhaging money. Developing open source software works as a hobby; so far no one has been able to make developing open source software work as a business.

A bunch of developers might come together to develop a super open source web server like Apache to solve their own problems, but they don't get the same personal satisfaction from developing, for example, an open source consumer desktop publishing application or a GUI desktop -- witness the struggle to get KDE and GNOME to some usable point, and remember that Eazel tanked. Problems like those that have plagued the attempt to put an open source GUI on the Linux operating system illustrate another problem with open source: too many cooks in the kitchen screw up the menus. (Oooh. Pun!)

Choice is sometimes counterproductive to usefulness, and usefulness is paramount for a consumer application. This is where "network externalities" -- the economy of increasing returns -- comes into play. If ACME Industries makes ACME WonderSoap, the soap doesn't become more useful to the consumer (e.g. it doesn't clean your armpits better) if more people use it. That might be better for ACME, but my armpit gets just as fresh whether ten thousand or ten million people use ACME WonderSoap. Not so with software. If ACME industries makes a word processor, ACME WonderWord, then ACME WonderWord is much more valuable to me if ten million people use it as opposed to ten thousand, because we're all using the same tool. The best illustration of the concept of an economy of increasing returns is the Microsoft monopoly. People won't switch to Linux and StarOffice, because everyone else in their workplace or community is using Microsoft Windows and Microsoft Office. In a networked environment where you have to share your output and input, life is more difficult if you're not using the same tool. This is where the open source approach shoots itself in the knew -- every Microsoft Windows XP desktop works the same, but if I want to get my officemate to help me with something, and I'm running GNOME and StarOffice and he's using KDE and KOffice, then we might as well be working on Windows and Macintosh. There's no increasing returns, when there's no consistency.

The open source response to that is "it's not the tool, it's the standard." If every tool adhered to an open standard, then they'd all work together. Which is basically Stallman's point -- use text or HTML instead of the proprietary Word .doc format. It's a lofty and valuable goal. But until the day when Stallman or someone else can figure out a way to get open source developers to scratch someone else's itch with the same fervor and quality with which they scratch their own, it's just not a realistic goal.

1I think copyright is an idea that has run it's course, but we're not at the point yet where it can be tossed out the window. And the little known fact is that Stallman has to support copyright, even if he won't announce it very loudly, because the GNU General Public License is founded on copyright. Putting software in the public domain doesn't satisfy Stallman's zealotry because someone can still use public domain software as the foundation or part of proprietary software. Instead, Stallman advocates copyleft, whereby instead of relinquishing copyright, the software developer retains copyright and licenses the software and source code under the condition that any changes or modifications also be licensed under the same restrictions. It's admirably clever, but I think Stallman ought to be as concerned as the RIAA about copyright. If copyright unravels, so does the GPL. [back]

Dilbert

[skydude_20]

My way to trim the pounds: Still pumped from using the mouse

Re:The studies have been done.. by interested part

hmmm... I think you might be on to something here, let's just rearrange some letters. ASSRON MOHOLE -- A__R_N M____E -- A M E R _ _ A N -- AMERICAN! It turns out you were just missing I and C - lucky I found 'em for ya!

Re:The studies have been done.. by interested part

Assron is strikingly like enron, you should forward that to a stand up comedian, I see a quality joke there.

Re:Some Points Not Yet Discussed

wacko

IM A FAT TROLL!

Let me crush you with my 250lbs of fat! Linux will crash under my sheer weight!