Linux in Canada

Flxstr writes "Lots of Linux articles in Canada's national newspaper today, starting with Calgary switching from SUN Unix to Red Hat Linux. Another article discusses whether Linux will become a target for viruses as its popularity grows. This article mentions how Linux costs less, so more firms are becoming interested. Finally, an article discusses how pushes by major vendors such as IBM, HP, and others is speeding acceptance of Linux over other alternatives. Altogether, some good articles for any CIO's desk."

Linux, eh?

[strictnein]

Linux, eh?

What's that, a Pengiun? There ain't no penguins in Canada!

Re:Linux, eh?

I had a penguin living here in my igloo but my BSD Daemon killed him long ago...

Re:Linux, eh?

[WormholeFiend]

We may not have native penguins, but we have polar bears and killer whales.

Eat your heart out, Antarctica.

Re:Linux, eh?

[irokitt]

Linux, eh?

Dude, that is like, so funny, 'cause there's like, no funny words in American speech, dude.

Re:Linux, eh?

[RLW]

If you think those are vicious then you should be really impressed: we have Republicans !

Run for your lives Cananda!

Re:Linux, eh?

[AKAImBatman]

Check my journal for the start of my "Linux Evaluation" series. I started this after someone asked me to publish the results of my personal Linux testing.

Here's the link

Re:Linux, eh?

[Directrix1]

The thing keeping Linux from running everything at my workplace is: * The prevalence of MS SQL in the workplace, a lot of proprietary systems use Jet (I guess out of pure ignorance of the alternatives) * The necessity for an open source Small Business Server (with A/R, and Sales Orders / Invoicing / Inventory) * The pain in the ass that is multiple packaging standards

Linux of course costs less

[ObviousGuy]

Canadian dollars cost less than American dollars.

Re:Linux of course costs less

We have higher turnouts for elections, less voter apathy and a greater social sense. Less crime, less intrusion of government into our private lives. If that makes us "socialist", I'm damn happy to be one.

Re:Linux of course costs less

[liquidsin]

Yeah, but that means that my linux license, after exchange, will end up costing me $927.74 CAD.

Re:Linux of course costs less

Yes. Canada. That great country of people who ran from the US so as to stay loyal to the King of England and not fight in the revolution.

Re:Linux of course costs less

[RLW]

Today. With the slide of the US $ that many not be true tomorrow.

What I really want to know is does the localized version of Canadian Linux end all querries with , eh?
Also given Canadian law regarding the dual language requirements, since Linux is not a product for sale does it still have to support Canadian French?

Re:Linux of course costs less

Yes. Canada. The country where your slaves fled to for their freedom. The country where women had the right to vote long before American women. The country where blacks could sit anywhere in a bus they wanted. The country where we can wear our flags on our backpacks as we travel the world without fear of being killed.

That Canada.

Re:Linux of course costs less

[dolson]

You forgot: That Canada that burned the White House down in 1812!

Proprietary in one form or the other

[stecoop]

If they were serious about saving money why did they invest in Intel? Why not AMD to really make a statement about proprietary lines go with the IBM Power PC.

Re:Proprietary in one form or the other

[stecoop]

The IBM Power PC on slashdot didn't paste correctly IBM Power PC

Re:Proprietary in one form or the other

[pegr]

*cough* Nortel *cough*

Re:Proprietary in one form or the other

Was that last run-on, non-sensical statement written in Canadian English?

Re:Proprietary in one form or the other

[barc0001]

Because it's usually enough work to get the PHBs to go for one (relative) unknown variable. Two is corporate suicide (for the IT guy) if anything goes wrong.

Calgary

"starting with Calgary switching from SUN Unix to Red Hat Linux"...that's why the Flames will NOT be winning Lord Stanley's Mug! w00t! CanuckleHeads!

Re:Calgary

[ianc7]

I think that the Canucks might have something to do with that too.

Re:Calgary

Clearly you are not from the west coast, or 'CanuckleHeads' would have spelled that out.

Re:Calgary

[B3ryllium]

Canucks RULE!

Although giving the flames a two man advantage was kinda dumb ... :)

Re:Calgary

Or almost any of the other 14 playoff teams, for that matter.

Re:Calgary

Yup that was dumb. But by my count the Canucks gave up two two man advantages.

The first 5 on 3 the flames got that wierd bounce and sunk the puck behind Clouts, then scored again while 5 on 4.

The Canucks successfully killed the second 5 on 3 near the end of the third period despite the fact that two of their best defencemen (Ohland and Malik) were in the penalty box.

Good game eh?

Welcome to my friends list B3ryllium.
--aoteoroa

(yes. I know this is offtopic but nobody is forcing you to browse with a threshold of zero)

Re:Calgary

I missed the beginning of the game, due to a college course (and a car failure). They were very insistent about the too many men on the ice call, so I assume that's when the first two man advantage occured :)

But yeah, it was definitely a good game. :)

Viruses spread by stupidity not OS'es.

[Jason+Straight]

As we all really know viruses are spread by stupidity of users, not the OS'es, so Linux popularity on the desktop will be it's deciding factor to virus targeting.

As it becomes easier to use and more useful to dumbasses who still open attachments they aren't expecting, it will likely be targeted more by virus writers.

Re:Viruses spread by stupidity not OS'es.

[xarak]

Yeah, but The important question is : will the stupid user ruin everyone else's life? With Linux, I think, a lesser chance than Windoze.

Re:Viruses spread by stupidity not OS'es.

We also know that there hasn't been in decent virus written in 10 years, and the programs you are referring to are called "Trojan Horses". Maybe you meant worms, but they are viral without being viruses. Heck, the GPL is viral.

Re:Viruses spread by stupidity not OS'es.

[sjgm]

Unless those stupid users are running everything as root, something that I can definitely see happening.

Re:Viruses spread by stupidity not OS'es.

[Jason+Straight]

Yeah, to some extent. I think the distro's and desktop makers are doing a good job making things like rpm and apt usable to non-root users through wrappers. For most people if they had to be root to install software all the time they'll just run as root all the time.

Many people will be confused by the security model of unix and run as root all the time so they don't have to su to traceroute, make install, etc...

Re:Viruses spread by stupidity not OS'es.

You never heard of the Witty worm?

Re:Viruses spread by stupidity not OS'es.

[noselasd]

I don't see that as a much lesser chance. My mail is filled with
virus mails, wether they come from windows or linux(root or non-root) users doesn't make much diffrence.

Re:Viruses spread by stupidity not OS'es.

-----
so Linux popularity on the desktop will be it's deciding factor to virus targeting
-----
Precisely my argument against kernel packages.

If they aren't interested in learning how to build their own kernel they're probably not going to add much value to the userbase. Learning how to build a kernel helps to get the user past the "nifty little point-and-click gadget" mentality and opens the door to understanding how many different pieces of code must work together properly for a system to work.

I know, I know. I'm an "elitest". That's NOT TRUE. How long does it take to learn how to build a kernel? About 3 hours give or take for compiler time. How much value does it add to the understanding of the user? Endless.

+++ATHZ

Re:Viruses spread by stupidity not OS'es.

[xarak]

Agreed, but that'll be on an @home basis. Companies will not allow this kind of behaviour, as the first thing any admin learns on Unix in general is to swallow the peice of paper the root password came on.

Long live the sudo in this respect, it simply eradicates the need for a more complex (and thoroughly unuseable in Windows case) privilege system. Maybe users will be able to install packages for personal use, but only using urpmi, pointed at a regulated rpm database,m legislated by the admin.

Re:Viruses spread by stupidity not OS'es.

[Coryoth]

As we all really know viruses are spread by stupidity of users, not the OS'es, so Linux popularity on the desktop will be it's deciding factor to virus targeting.

It's possible to secure against stupidity - well, not completely, but better than MS has. Given a decent SELinux install, and an email app written for it, running an email virus would get a nice dialog:

'Tis executable has attempted to access files "addressbook.xml" and ports "25, 3169" which it is not currently priviliged to access. Please run the executable under a different domain and role to execute it properly'

Sure, someone will be dumb enough to run it anyway, but that would put a second thought into the minds of many a dumb user.

Jedidiah.

Re:Viruses spread by stupidity not OS'es.

With Mozilla quickly becoming it's own operating system, however, it won't be long before exploit writers figure out how to use {bad Java, bad Shockwave, bad plugins} to populate ~/lib or ~/.mozilla/plugins with .so libraries which open up proxies, backdoors, sniffers, etc.

+++ATHZ

Re:Viruses spread by stupidity not OS'es.

As we all really know viruses are spread by stupidity of users, not the OS'es

I doubt if we all know that. I also doubt that you have asked each and every person to validate that assertion.

Viruses are spread by virus writers exploiting an OS whose architecture allows such exploitation via the stupidity of users.

Re:Viruses spread by stupidity not OS'es.

[xarak]

I'll send you my gran for you to explain a kernel recompile, and what use she'll be getting out of it while typing 2-3 letters and surfing for recipes.

Re:Viruses spread by stupidity not OS'es.

[sjgm]

Long live sudo indeed.

At work, a user has to have an incredibly good reason to have administrative access to his/her machine, though. Some companies have got it right, but others haven't.

Many companies have virus scanners on their incoming mail systems, however, which would hopefully take care of the worms coming from corporate networks.

Most of the worms that I receive come from DSL/Cable modem lines so I suspect that if Linux had a large enough install base among clueless users at home we might still end up with people logging on as root for everything and running random executable attachments (even jumping through hoops to do so...)

Re:Viruses spread by stupidity not OS'es.

Personally, I consider that a complete waste of time. The less time spent administering a (any) computer.. the better.

Re:Viruses spread by stupidity not OS'es.

[theNote]

This is problem you need to address differently than just SUing.

The idea of a username/password combo to protect resources is quickly becoming a thing of the past, as the trend to recognition of the individual continues.
I for one can't wait to do away with uname/password headaches.
For example, in a PKI/Smart Card/Biometric authentication system, your rights are based on who you are and not what uname/pass you have.

In this scenario, what are you going to do?
Impose some artificial barrier to privledge escalation?
Any attempt will become nothing more than a "Are you _sure_ you want to execute this?."
These kind of protections are already in windows, and users will inevitably click "yes".

Re:Viruses spread by stupidity not OS'es.

[advocate_one]

Kernel compiling??? yet another myth... I've been running Linux now on the desktop since 1999 and have yet to compile a kernel... there is no requirement at all for the vast majority of users to do this at all... The modular kernel supplied with your distro should fill all your needs... if not then you are one of a very small minority.

Re:Viruses spread by stupidity not OS'es.

No argument that kernel packages work. No doubt if you compile a kernel you'll end up with pretty much the same thing as what the distro offers.

We were talking about the vectors of virus propagation. Inevitably this is traced back by users doing things that they wouldn't do if they were familiar with the principles on which their system works.

Once we have an EasyInstall Linux that comes up with a Windows-style screen the virus writers won't be far behind. A user doesn't need to be root to install malicious Mozilla plugins. In a single user environment this is Bad. In a multi-user household it would be easy to say,"Oh, little Johnny's online, not Daddy."

I forsee user tracking via plugin profiling. Who needs cookies?

+++ATHZ

Re:Viruses spread by stupidity not OS'es.

That would be really cool, but how long will it take until SELinux is integrated to that level? The thing has been around for years, and as of yet there's very little distro support and almost no tools.

My conclusion is that most Linux users don't see any problems with the Unix security model and don't want to change things. Maybe it will take some Linux Viruses to get people to come around.

Re:Viruses spread by stupidity not OS'es.

[Ernest+P+Worrell]

Companies will not allow this kind of behaviour.
It's a fact ... installing linux will magically make all Network Admins and CIOs competent and know how to do their job well. Even non-IT people will instantly become smarter and more productive with Linux.

Re:Viruses spread by stupidity not OS'es.

You don't even need to 'exploit' Mozilla to do that -- it has it's own ActiveX-like auto-installer. One click and you're running code from the web.

Check out http://texturizer.net/firefox/extensions/ and imagine what evil things you could do. Just a little social engineering is all it would take.

Re:Viruses spread by stupidity not OS'es.

[Jim_Maryland]

The issue behind the privileged user is that the rights should not be easily accessible to a users account. My login that I use for day to day work should not include privileges associated with a root or administrator role. I should have to intentionally have to switch to that role using mechanisms like sudo, su, runas, or actually logout/login as root or administrator.

The argument people make about users (particularly home users) running with privileged accounts is generally based on the fact that poorly written software (sometmes the fault of software, sometimes the OS features used by software) requires additional privileges or the user is just too inexperienced to know the dangers or running with the privileged account. This misconception must change for home users. Most UNIX/Linux admins in commercial environments probably take this for granted while Win32 adminstrators often have to bypass this for software reasons (some applications require the privileges so they are forced into this). For home users, maybe adding a message to the /etc/motd file stating that "running as the root account for general use is a bad thing" could change this practice.

Essentially, I don't see the su, sudo, runas mechanisms going away anytime soon.

Re:Viruses spread by stupidity not OS'es.

[pegr]

At work, a user has to have an incredibly good reason to have administrative access to his/her machine, though. Some companies have got it right, but others haven't.

I have yet to see a machine, regardless of OS, that I couldn't root within minutes, given physical access. So having your users not have root access on their local machines is just like the privacy lock on the bathroom door... It helps polite people stay polite but really doesn't keep anybody out who wants in...

Re:Viruses spread by stupidity not OS'es.

[Srin+Tuar]

Trust me, passwords are NEVER EVER going to go away.

Even sci-fi recognizes that.

A wildly optimistic sci-fi show such as star trek, which uses biometric identification with the computer for most things, still asks for a password to enable the self-destruct sequence.

Also, biometrics are a lot easier to steal than most people recognize. The problem is- once your biometric data is compromised, its kinda hard to change your auth tokens isnt it?

Re:Viruses spread by stupidity not OS'es.

Doesn't seem to be a problem on OS X. In fact root is disabled by default and plenty of people use Macs just fine.

Re:Viruses spread by stupidity not OS'es.

[Coryoth]

The LSM required for SELInux has been a patch to the 2.4 kernel, but it is now been folded into the 2.6 kernel, that means it is easier for distributions to carry it.

SELinux will be standard in Fedora Core 2.

As for tools - check out Tresys, they make tools for configuring SELinux policies. Likewise, the NSA provides a variety of userland tools set up to work with SElinux. If more people would start coding the the system it can only help. So, all you open source developers - get busy working on SELinux support.

Jedidiah.

Re:Viruses spread by stupidity not OS'es.

It is true that bad pieces of code are infecting many computers because many users are not very computer-savvy but that is not always the case. I've seen users who have unknowingly allowed bad pieces of code to run when Outlook came up and the 1st e-mail on the Inbox was displayed in the preview pane. OK, this is an Outlook example but I think that the same scenario could theoretically happen with a Linux e-mail client if it is not properly designed. When we blame it all on stupid users, aren't we really overlooking some risks that ought to be accounted for? I am not a security expert but are Linux users really that secure against hackers, trojan worms, viruses, etc? Much of the discussion here is focusing on allowing bad code to run as root but could you not be infected by a trojan that spies your keystrokes even if the code is running is yourself?

Re:Viruses spread by stupidity not OS'es.

In fact sudo is SO EASY on the Mac, that it would be pretty trivial for a virus to trick people into typing their admin passwords -- it's something a user does all the time.

Re:Viruses spread by stupidity not OS'es.

You stupid little gits.

Both parent and grandparent NEED to learn the difference between it's and its.

Dumbasses.

Re:Viruses spread by stupidity not OS'es.

[slipstick]

This came up in a seperate article earlier in the week and I still don't see how Linux users could ever be affected by a supposed "exectable" sent in an e-mail.

As far as I know there are no linux e-mail apps that run a file automatically. Files have to be specifically marked as executable and I know of no way to do that within an e-mail. So you would have to be not just stupid but brain dead to save the attachment, mark it as executable, and than click on it before it could possibly have an affect. Someone that stupid can't be helped.

Bugs on the other hand are a seperate issue and not the fault of "stupid" users. Securing against these is the developer's business so maybe SELinux would help there?

Re:Viruses spread by stupidity not OS'es.

As we all really know viruses are spread by stupidity of users, not the OS'es

Bullshit!

1. MSBlaster didn't require anything except an Internet connection.
2. The last round of Outlook exploits didn't even require the user to view the e-mail, let alone open an attachment.
3. The latest exploits of IE allow a malicious site to download and execute code without any action/confirmation on the part of the user.

If these are not stupid OS tricks, then I do not what the hell is.

Re:Viruses spread by stupidity not OS'es.

[theNote]

I'm not saying passwords are going away, just that switching contexts, passworded or not, is an artificial barrier.
In the end, the user (assuming a home user), does have the root rights, even if they have to type in 50 username/password combos.
This is why I called it an artificial barrier.
Any user who wants to run some attachment to an email that looks like its from their buddy will do it. At that point all the prompts and context switching just become an annoyance to the user, rather than a security mechanism.

Re:Viruses spread by stupidity not OS'es.

[slipstick]

No we don't know that.

Viruses are spread by the stupidity of developer's that code apps that run executable attachments automatically or by a single click.

There was a time when I could tell people in all seriousness that they COULDN'T be infected by a virus through e-mail. Than Outlook came along and all hell broke loose. Outlook is the most popular so I blame it's developers but it could be any e-mail app that automatically runs .bat,.exe,.com etc. files. How is that the user's fault! They shouldn't have been able to do this in the first place!

Bugs in code that allow specially crafted JPEG's or something to run are a seperate issue. Still the "fault" of developers but it can happen to anyone. This again is hardly the fault of stupid users.

I'm all in favor of calling users stupid when they are but it isn't their fault that MS ruined the e-mail experience.

Re:Viruses spread by stupidity not OS'es.

Windows viruses are spread by DLLs as much as user stupidity. The fact that a virus can attach itself to the operating system each time a library is loaded at runtime is the single biggest reason for the virus/worm/trojan problems we have today.

My point: unless Linux uses DLLs we can be relatively sure it will be safer than windows in both corporate and household environments. Irregardless of user stupidity/curiosity.

Re:Viruses spread by stupidity not OS'es.

[Solosoft]

Microsoft has nipped these issues in SP2 Rc1.

You now have a "Security Center" which houses such things as your "automatic update", "firewall" and 3rd party anti-virus. These will constantly bug the fuck out of you untill you make them happy. (trust me I had to fuck around quite a bit to get it to shut up, I like doing my own updates). This should solve ALOT of these issues since "users" will be forced to run a Firewall and a Virus Scanner. It even makes sure it's upto date. This way the latest worm can hit you, all the Virus Companys release a patch boom ... most of the Windows XP SP2 users are safe.

It's finally come to the time when microsoft has to FORCE the user to do these simple chores. They tried asking, and bugging and everything and no one listens.

I for one am quite impressed with MS and there doing a really good job on that service pack

Windows XP SP2
If your intrested in checking it out it is quite impressive. Fixed alot of little problems SP1 never bothered to fix :/

Re:Viruses spread by stupidity not OS'es.

[Jason+Straight]

Ok, so the majority of them. And a majority of what isn't is still the stupidity of the users not doing their updates. Which will happen as much with linux, or more. People will go to linux with the illusion that it's more secure, and think they don't have to do updates.

Re:Viruses spread by stupidity not OS'es.

... assuming security systems will magically somehow recognize people and somehow know they're not using a stolen identity...

Re:Viruses spread by stupidity not OS'es.

[Srin+Tuar]

>I'm not saying passwords are going away, just that
>switching contexts, passworded or not, is an
>artificial barrier.

Not necessarily- thats only true in a closed single-user world.

Remember: the user is not just the user, hes also all the other processes to whom he's delegated authority. In this case, the "artificial" barrier is quite real and useful.

Think of it this way: you may want to run a neat screen saver bob just emailed to you. You want it to be able to draw to the screen and make sound, but you dont want to let it open network connections or delete files from your disk.

You must delegate to it authority to your screen and sound.(you cant give it powers you dont possess). But you dont want to delegate to it ALL of your authority.

Thats where these little barriers come in.

Re:Viruses spread by stupidity not OS'es.

[Coryoth]

This should solve ALOT of these issues since "users" will be forced to run a Firewall and a Virus Scanner. It even makes sure it's upto date. This way the latest worm can hit you, all the Virus Companys release a patch boom ... most of the Windows XP SP2 users are safe.

Only if the patch spreads faster than the virus - and remember, the virus gets a head start (especially if it uses spam networks to get started as some of the previous efforts have).

Anti virus software is nice, and it certainly minimises the effects, but it is far from an answer to the problem. What is needed is a much more comprehensive system to seal off viruses. That's what SELinux and it's isolation and least privilege model helps provide. There is no comparison between it, and having slightly faster updates of your virus definition files.

Jedidiah.

Re:Viruses spread by stupidity not OS'es.

[Solosoft]

For sure it is not a long term solution. But one big enough to make some effect on the way they go. With the death of Windows 98 support and most people moving to XP this should solve some of the problems and hopefully slow down some of these virii. They also make it much harder meaning less "crappy" virii will float around

Atleast we can all hope so ...

Re:Viruses spread by stupidity not OS'es.

They probably weren't aware that they would be under such close scrutiny.

You need to work on your capitalization.

Re:Viruses spread by stupidity not OS'es.

Ok, so the majority of them

My point exactly... your point was, as I recall
As we all really know viruses are spread by stupidity of users, not the OS'es

Done yet?

Re:Viruses spread by stupidity not OS'es.

[Jason+Straight]

Still, 90% of the virus/trojan traffic is due to morons who open attachments or don't do updates. I mean, don't get me wrong I hate MS as much as the next guy, but I think us linux users might have our heads in the clouds if we think linux hasn't had many because it's so secure. It's only as secure as the dumbass behind the keyboard is what I'm getting at.

The computer has to trust the user to be useful, and if the user tells the computer to install software that's _exactly_ what it should do. Problem is when some dipshit decides to install a virus becuase it looks like an attachment from a friend.

I don't use windows myself for many reasons, some of them I consider security reasons, one of the most annoying of those security issues is IE browser hijacking, and spyware activex crap.

So sure MS is way more inviting than linux is for many reasons, but linux is far from immune from user stupidity.

Damn it all

[grub]

According to the Bank of Canada's website US$699 ~= CA$917.79

Re:Damn it all

Don't forget to pay your CA$917.79 licensing fee you cock-smoking, back-bacon chewing teabaggers.

Re:Damn it all

[The+One+KEA]

http://www.xe.com/ucc says that US$699 is CAD$928.57.

I wonder which exchange rate Calgary would choose ;-)

Re:Damn it all

I have writen a custom caluclator to keep track of world conditions and let me plugin your $699. And I get CA$2e98723879.33333334??? Oh you piece of crap wait till I break you in half..... Stay Tuned Ill Be Back.

Re:Damn it all

[B3ryllium]

Don't forget the 14.5% sales taxes (at least here in BC) ...

Re:Damn it all

[DR+SoB]

Or 15% here in Ontario, 12% in Quebec, 16% in Nova Scotia, or a whooping 18% in New Foundland.

Re:Damn it all

[grub]

7% PST and 7% GST here in Manitoba, eh?

Any wpg.mb.ca /.'s want to get out for beers this long weekend? Mail me!

Re:Damn it all

[Feyr]

15% in quebec

Re:Damn it all

[kbahey]

But PBS takes my Canadian dollar at par.

Can't we convince SCO to do the same and take 699$Cdn as well?

Re:Damn it all

[Noren]

Just the 7% GST sales is applicable in Alberta to the general public.

But GST does not apply at all to the government of the City of Calgary, as the current interpretation of the Canadian Consitution forbids one "order of government" from taxing another.

Re:Damn it all

ah, who cares, that's france not canada

A more favourable environment for Linux

In my opinion, Canada is definitely a more favourable environment for Linux. Partly because of less Microsoft influence spreading FUD about it, and partly because they don't develop laws designed specifically to stifle technology like the DMCA and the Patriot act.
I used to be proud to be an American because of our technological culture ... I'm not proud any more :(

Re:A more favourable environment for Linux

[Frymaster]

they don't develop laws designed specifically to stifle technology like the DMCA and the Patriot act.

or the encryption/munitions legislation... why do you think the openbsd team resides in canada? (calgary in fact... i can see theo's house from my office window right now :))

Re:A more favourable environment for Linux

[Ubergrendle]

Microsoft is up here and is just as aggressive in corporate centres as in the US. However, Canada's national government has slightly different objectives than the US government or businesses, and that is a huge opportunity for Linux.

First off, for national defense or other confidential government affairs, linux would be the logical way to go -- its completely open source. The government could hire a Canadian company to customise and secure a linux kernel for specialised functions. If Canada buys Windows, however, there's no guarantees about security, and lets be honest...I find it perfectly reasonable to assume that there's a nudge-nudge/wink-wink backdoor in microsoft products for the NSA or CIA to leverage if necessary.

The other issue is languages. French isn't very popular in the US, but about 20% of our population speaks it and we're officially a bilingual country. We also have a whole territory (e.g. think 'province-lite') that is native speaking (Nunavut). When Windows 2000 came out here, the French version was several months behind...and it was more Parisienne French instead of Quebecois French, which was what was promised.

Finally, I think there's huge savings to get off the 'upgrade now' software assurance lifecycle. For government terminal functions (e.g. get a new driver's license) baseline it, secure it, and let it run for 10 years. No need to refresh you hardware and software every 3 years. Hell, refresh every 5 years and you've increased your equity by 40%.

Re:A more favourable environment for Linux

[Sepper]

and it was more Parisienne French instead of Quebecois French, which was what was promised.

So true... don't know how much time I lost because the french Windows install default to AZERTY instead of QWERTY keyboard...

"Dammit, Where was the 'M' Key again?"

The devil is in the details

Re:A more favourable environment for Linux

Hold on, now.

The article says Canada is replacing Sun Microsystem with Linux, not Microsoft.

So the 'financially backed' commercial Unix vendor is being eviscerated, not Microsoft.

Why nobody has mentioned this is beyond me.

Re:A more favourable environment for Linux

[gstoddart]

and it was more Parisienne French instead of Quebecois French, which was what was promised.

Given that Quebecois is an almost entirely unrecognizeable form of French to anyone not from Quebec nobody would make a second version of the product to try to accomodate that.

I once knew people from France who, when travelling to Quebec, needed to talk to everyone in English because the Quebecois was undecipherable.

I mean, I bet if you install Windows in Jamaica you don't get a Jamaican-patois out of the OS.

"Click 'ere to Reboot Now Mon" woul be just silly.

Re:A more favourable environment for Linux

[ArsonSmith]

Ack!! A MicroSoft spy!!!!!!! Theo look out.

Re:A more favourable environment for Linux

[Diabolus777]

In recent news we had the CRIA (canadian RIAA) suing
illegal mp3 sharing. They wanted ISPs to be forced to share client information in order to get suing material to court.

A federal judge ruled that sharing files over P2P isnt copyright infringement. In order to be considered illegal distribution, the user should make a real effort to distribute the files. Just putting them in a network shared environment isnt considered a concious distribution effort.

Now, the Prime Minister of Canada Paul Martin (who was never elected by the way) decided that he will overrule that judgement because he cares about the "patrimoine".

What's next?

Re:A more favourable environment for Linux

[Ubergrendle]

Becuase we're bilingual, Canada insists all federal based systems, documentation, etc etc be included in both French and English. Its a necessity to win Federal contracts. And there *is* a formal recongised Canadian French version, similar to Internation English or UK English vs US English.

Don't confuse regional dialect with formal language. I can find you some southern US drawls or english cockney that you would never understand!

PS In general, Parissiene French have a very demeaning attitude towards the colonial french. I'm sure the differences were exaggerated as a matter of social convention.

Re:A more favourable environment for Linux

[LqqkOut]

and partly because they don't develop laws designed specifically to stifle technology like the DMCA and the Patriot act.

As I see it, those laws are greatly decreasing the chances of my PDA bursting into flames!!

Re:A more favourable environment for Linux

[tsmithnj]

You shame yourself by basing pride in your country solely on technological culture.

Re:A more favourable environment for Linux

Shhhh. We all like to pretend that Linux is really socking it to Windows, rather than devouring its host from the inside.

Re:A more favourable environment for Linux

[jhoffoss]

I'd find that a little scary if I were Theo.

Re:A more favourable environment for Linux

[yanos]

When Windows 2000 came out here, the French version was several months behind...and it was more Parisienne French instead of Quebecois French, which was what was promised.

But what is the difference with linux here? As far as I know, kde-francophone consist mostly of French people (from France) and the translation of the 2 months old kde 3.2 is not finished yet.

Re:A more favourable environment for Linux

[Bilange]

When Windows 2000 came out here, the French version was several months behind...and it was more Parisienne French instead of Quebecois French

What was wrong with that? I was able to understand it, and im not aware of anyone having troubles reading W2k's french messages/UI.

Re:A more favourable environment for Linux

Don't feel so bad. (As a Canadian) I am sorely disappointed by the (SHOCKING) lack of Linux adoption and utter ignorance of it. At least smart technical people in the U.S. know about Linux. Its pretty rare to have any serious work done in Canada on Linux. Everyone and everything is done on MS! This is doubly pitiful when you consider that MS is considered a better choice for industrial control, automation and research! The US might have the DMCA and RIAA breathing down your necks, but at least there are high-end computers in research labs. The University of Florida has in one lab 10x as much computing power as all of the research computers (combined) in Western Canada. The pitiful part is that 1. no one cares 2. most people have no idea what a large computer would possibly be useful for. "Why would I want a computer that fast? "I don't care if I get the answer back in 1/10 of a second or 1/100 of a second". --obviously someone who has never seen a computer working for several weeks on a problem, but wildly typical, especially among politicians and corporate-types. It's better to be sad about the loss of a rich computing heritage, than never to have had one at all. There is no FUD in Canada because there is no Linux in Canada.

Re:A more favourable environment for Linux

[YetAnotherDave]

I think theo finds lots of things scary - and I like that in a guy who writes OS code :)

Re:A more favourable environment for Linux

[jhoffoss]

I'll second that!

More viruses for Linux?

[MBAFK]

Even if this is teh case I think the bigger problem will be when we have more Joe Blogs users who surf the internet as root. I see a lot of n00bs doing it and we always try and talk them round.

Even with the distro installers creating a normal acount its still worryinglt common. Run as root and you are more likely to be pwned in a nasty way.

Re:More viruses for Linux?

[dema]

It will be interesting to see what happens as(if?) linux gains enough popularity. The distro installers will create a standard account for the user and allow them to set a root password. But I think the difference will come in that the default accounts usually aren't admin-level, unlike Windows. If you asked the average Joe Sixpack Windows user if his account has admin privelages, he'll likely just stare at you in confusion.

Re:More viruses for Linux?

Mozilla doesn't need to be root to use plugin .so libs from ~/.mozilla/plugins.

How much longer before a bad webpage, bad Java, bad Shockwave has a stripped down edition of an IRC bouncer in your plugins directory?

+++ATHZ

Re:More viruses for Linux?

[advocate_one]

oh fer heck's sake can we ditch this "run as root" crap...

No modern distro (Suse 9, Mandrake 10 etc.) lets you run as root now. They specifically exclude root from the login screen and even if you do manage to achieve root login, your menu and desktop options are severely restricted to maintenance tasks only.

you really have to be extremely determined to browse the net and do your email as root these days...

Re:More viruses for Linux?

[d^2b]

Maybe mozilla should refuse to run as root unless the user jumps through some hoops. It seems like the global benefits would outweigh the minor inconvenience. Oh, of course any ideas about "run application X" as root first to set up some preferences would result in well deserved headaches for the developers :-)

Re:More viruses for Linux?

[denis-The-menace]

-Joe users like that will be HOME users.
-Joe users in a business will not be allowed to SU to Root, never mind login as root.

In windows, the "assumed-default user level" is Admin. "Restricted user" level (aka User-level) is still a big after thought for 90% of Developers. Businesses have just begun using "Restricted user".

In Unix/Linux, the "assumed-default user level" is User. This has been the case for 20+ years!

Re:More viruses for Linux?

how the F did the parent article get modded up to +5 insightfull??? wtf are the mods smoking these days???

Re:More viruses for Linux?

[ingenuus]

Protecting root is important in the "root = god" security paradigm, but even in the best case (perfect implementation and no local root exploits), that only protects the bulk operating system and none of the user's programs or files. Worms can still propagate. Viruses can still copy or destroy all the user's precious data.

Using a separate user account for all internet usage and app testing would help, and in fact, taken to an extreme leads to SELinux and its kin which provide for complex access controls based upon combinations of programs, users, and resources. Fedora seems to be going in that direction and, as a result, might become my default OS if it makes managing applications hassle-free -- by pre-determining the proper ACLs for common applications, securely distributing them, and by providing tools for quick context-sensitive ACL management.

For a while, Microsoft was investigating similar security measures such as Argus Pitbull, but alas, it appears that they make more money with insecure systems.

/me blushes.

[benow]

Not only is the city now run on linux, but the Light Rail Transit system is powered by wind power. Go Calgary (about time they did something to balance all the non-renewable promotion coming from this town). Now, they just need to move the University away from Sun.

A (Mostly) Proud Calgarian.

Re:/me blushes.

[Craig+Davison]

Last time I was at the university labs (1999), the numbers of Suns were shrinking (all the old Sparcstation 2s were moved out), and huge numbers of PCs running Windows NT 4 and a custom version of Redhat 6 were put in.

I think all the terminals were gone too, to make room for PCs. I actually enjoyed working on the VT220s, using screen and vi. Talking to my peers, however, I was in the minority.

AFAIK the backend servers are still Sun hardware (Sun still does NFS best!). And those rooms with the Sparcstation 5 & 10s still had 4' high Sun logos on the wall when I left.

Re:/me blushes.

[74nova]

that is indeed very cool news on all parts. wind power, eh? (no joke intended, i use that "eh" myself)

my question lies with avoiding sun. to me, they represent extremely reliable, however overpriced, machines with good operating systems. im not terribly sold on solaris, i think linux could do as well on the hardware, but i think the sparc hardware is of superior quality and design. our older ultras around here do way more than an x86 from the same era could. obviously i am still in school, so i am biased, but its an honest question. what are your reasons for wanting to avoid sun? again, its an honest question, i want to know the points against sun, specifically hardware and their software.

Re:/me blushes.

[slackerboy]

I just had this vision of all of these trains with big sails on top of them...

Still, it's always good to here that some cities are realizing the importance of renewable energy.

Re:/me blushes.

[benow]

Well, a couple: price/performance and service mentality.

- Sun boxes are better built, and more expensive. For most tasks, PCs running linux are the better choice. For the rare others (datacenters, highend workstations (arguably), big number crunching), they may be a better choice, tho there's less and less reasons for using them. Also, support is not cheap.

- The service mentality is a different issue... one shared by most of the large vendors (m$, oracle, etc). An open (software) platform breaks the service mentality of one way distribution, shifting the focus from a 'user' to a 'participant', even if only at a small level. The 'participant' is encouraged to have a fuller understanding of the system they use, and can contribute directly back into the system, if so desired. Doing similar with any closed, 'push-based' OS is more difficult, if impossible.

Don't get me wrong, generic pc hardware is just that, generic. It may not perform as well as a more refined solution, but it's cheap and quite hackable. Often, the free support of the community is quite good, too.

Andy

Re:/me blushes.

The nice thing for Microsoft is that if they can get all the institutions to scuttle the Sun hardware, they are one step closer. All they then have to do is convince management to put the Windows CD in the drive of all those 'linux' systems.

It's a win-win situation for the institutions. They can 'try' linux and wipe it if/when it doesn't work out. And not be stuck in Unix.

Re:/me blushes.

[ispepalocacoc]

It looks as though the cpsc department at the UofC is considering using fedora. The IT department is using Redhat AS 3, and they are also replacing their aix cluster with a linux one. Some engineering labs are also running some version of Redhat (I'm not allowed into those to see).

Besides in CPSC, I doubt SUN will be around here much longer....

Re:/me blushes.

[benow]

Mmm, yeah, the wind project stands out. There's been remarkably little R&D put into the energy sector (I read 1% somewhere). The wind project is a fine example of progress. A great match for the windy Alberta plains. More info on the wind field can be had here. Actually, half of the energy for my boxen comes from green sources.

<bile>
Calgary does have it's share of earth blood on it's hands, however. There are far too many single passanger lifeless bimbo's driving Cadillac Escalades for the commute to their new white picket fenced house on the edge of the city, of which there are more being built all the time. (Calgary is largest city by area in the world, yet has <1M people). If the town needs anything, it's a sense of responsibility for it's environmental misdirection. That being said, the engineers of the earthbound carbon consuming behemoths are unworthy their skin.
</bile>

Andy

Re:/me blushes.

[uberdave]

What they do is have propellers on the front of them. As they move, the propellers spin in the air. This in turn drives a generator, and the power is supplied to the drive motors. The newer ones have air scoops to improve efficiency.

Re:/me blushes.

[benow]

Sun did convince the UofC to move their labs to solaris on Sun hardware a few years ago. Threw in a great deal (eager to strengthen relations with the school from which sprung James Gosling, engineer of java). Financially and technologically, Sun is now not the best way to go... linux is cheaper, and, a global effort of the self interested in an open environment. Any closed system has a hard time competing with that. Also, the sysadmins are not dumb. Solaris is a good (if closed) OS and Sun make good (if overpriced) hardware. Running an MS OS in the labs makes very little sense technologically, and moving to an MS OS from Linux, even less.

Re:/me blushes.

[billnad]

To sum up the wind power. No, we do not have sails on our rapid transit, there is a sub sect of our power company Enmax called Greenmax or something and in a windy area south of Calgary there are hundreds of big windmills generating electricity.

Is this very common anywhere else?

Re:/me blushes.

There's a small subsection for Windows and DOS (yes, DOS) machines. Some of the old Sparc 5s have been moved out for Windows machines, but not many. Currently I'd estimate the undergrad lab at 55% Sunblade 100s, 25% Sparc 5s, 17% Windows and 3% DOS.

Re:/me blushes.

[handslikesnakes]

Wind power? In Cowtown?
I'm kind of ashamed now. Deadmonton's LRT is a creaky 30 year old thing.

Re:/me blushes.

[Craig+Davison]

So the Linux boxes are gone? I remember them being Pentium 233s, so they could be considered obsolete at this point.
I remember some DOS boxes for 455. Are these the same machines, or new?

Re:/me blushes.

[felis_panthera]

Mount Royal College is already running Linux, and switching over to RedHat over the summer break...

Re:/me blushes.

Ya, the DOS boxes are still for 455. I imagined they haven't changed in some years. Oh and there's one (DOS?) box for 421 that has some FPGA attached to it.

As for Linux boxes, most (almost all) of the grad labs in ICT, not to mention professors' computers, are running Linux.

Plus there's the OpenBSD lab (P2s or P3s IIRC) on first floor MS (restricted to 457 students). And of course there's the old graphics lab, still using 10 year-old SGIs.

Re:/me blushes.

[sliderr]

Btw, the city isn't run solely on linux. Sun is still there.

The hardware that was replaced however, was quite old as mentioned...and it was not connected to new and faster storage for the most part.

Sun isn't going anywhere, they still have great hardware and solaris still works quite well.

Everything of course has it's advantages and disadvantages and it's also often in how it's tuned, whether it be hardware or software design.

Re:/me blushes.

[retinaburn]

Away from Sun Brrrr won't it get even colder here. What am I talkin about the Big Smoke is warm, and we are the only part of the country that matters ;)

Umm, no

Outside of Microsoft, there's no place that I can even remotely believe treats security as an afterthough at best.

Good lord, just a few days ago Microsoft was touting how making a non-executable stack would improve security.

I guess the 1970's have finally hit Redmond...

It's an awk!

Or would that be a GNU-awk?

Re:It's an awk!

[saforrest]

Actually, Brian Kernighan, the K in 'AWK' and 'K&R', is Canadian. Or at least he was born here.

However, he's been in the States long enough to mispronounce the last letter of the alphabet.

Re:It's an awk!

[psavo]

Hmm. What for a Canadian needs 'Ö'?

Re:It's an awk!

[saforrest]

Hmm. What for a Canadian needs 'Ö'?

Touché. :) The English alphabet.

"Canada's national newspaper?"

[handslikesnakes]

We have more than one, you know.

Re:"Canada's national newspaper?"

[saforrest]

We have more than one, you know.

I'm guessing the poster is from Toronto.

Re:"Canada's national newspaper?"

Nice try, but the National Post is owned by Izzie Asper's Winnipeg based "CanWest" outfit.

Re:"Canada's national newspaper?"

[saforrest]

Nice try, but the National Post is owned by Izzie Asper's Winnipeg based "CanWest" outfit.

What are you talking about? Sure, CanWest-Global is Winnipeg-based, but the mention of "Canada's national newspaper" in the the article was clearly referred to the Globe and Mail, since it linked to the Globe in multiple places.

Re:"Canada's national newspaper?"

[peter_gzowski]

I'm guessing the poster is from Toronto.

Maybe not. It could be Conrad Black.

Re:"Canada's national newspaper?"

[AndroidCat]

Calling the Globe and Mail "Canada's national newspaper" is very amusing to the rest of Canada. More properly, it's Toronto's national newspaper.

Re:"Canada's national newspaper?"

[imarsman]

Hmm. Just heard the term "our national newspaper" used this morning on the radio here in Victoria, BC in an interview with someone from Washington state. Can't say that I knew if the interviewer was referring to the Globe or National Post.

There's just as much ignorance and navel gazing here in BC (on the west coast) as in Ontario. The difference is that people out here often speak dirisively of people from Ontario while people from Ontario speak well of BC and usually wish they could live here. I've lived in both places.

Re:"Canada's national newspaper?"

[davecb]

handslikesnakes wrote We have more than one, you know.

Really? Were you thinking of the National Examiner^b^b^b^b^b^b^b^b Post, then?

--dave
[For those who don't know about the newspapers up here, the Post made a valiant attempt to outcompete the Globe. Alas, their accuracy was a bit low and their tendancy to spin a bit high, so they get teased a bit about that]

Re:"Canada's national newspaper?"

[bug-eyed+monster]

Heheh, amen. I grew up in Ontario and live in Vancouver now and I totally agree with you. I have half a mind to start a campaign asking for the

Re:"Canada's national newspaper?"

[bug-eyed+monster]

Oops, gotta stop posting drunk... Anyway, yeah people here seem to have a pathological hatred for Ottawa, and they think Ontarians hate them too, but it's not really the case. Weird world.

PLEASE...

Will someone please tell these morons that the underlying architecture of *nix based OS's with their permission structures, and the need for admin passwords to do any system level changes, make them MUCH harder to write a serious virus for. SCREAM it if they don't hear you. I'm really starting to get tired of this crap.

Re:PLEASE...

[ShadowRage]

I think this is a funny one.

someone's trying to talk from a virus writer's POV

Re:PLEASE...

It's the same for Windows NT OSes. The only difference is that accounts default to Administrator privileges in XP. Of course, if somebody made a linux distribution for use by people accustomed to Windows, they would have to do the same thing.

Re:PLEASE...

[13Echo]

There is a difference. It actually works on UNIX and Linux. WINNT's methods of operating as a standard user are a pain in the ass, and you often have to log out and log back in to perform the most simple of tasks.

You almost HAVE to run as Admin on Windows to operate without a snag in the even of a simple system tweak. Shoot - you can even adjust power management as a standard user.

Re:PLEASE...

[RAMMS+EIN]

Sorry if I sound harsh, but you are very wrong.

1) A basic virus doesn't need root permissions. It can wipe out _your_ files (which are the most precious files on the system - you can get the system files by reinstalling). It can sit in your crontab and periodically try to spread. It can write your .profile and launch itself every time you log in.

2) Do you install software? Does that mean you run an install script (directly or through a package manager) as root? Have you checked the script code for virii? Would you expect an average user to?

3) Certain bugs allow privilige escalation (a process that runs as a normal or non-priviliged user gets root permissions). After that, the virus can do anything it likes.

4) Bugs in processes that run as root (suid root programs, many daemons, the kernel) can be exploited (sometimes remotely and/or automatically) to gain root priviliges. Or, generally, the user and group the process runs as; it's bad enough if someone takes control of your mail system, even if they can't access the rest.

I'm sure I have omitted things here, but I think you get the message. Linux (or any UNIX-derivate) is not as secure as some would have you believe. Not even the design is very secure, nor is its design more secure than Windows's, but I'll leave that to somebody else to point out.

Re:PLEASE...

[AndroidCat]

How about something as simple as script file or executable owned by root, but writable by anyone? Change the contents, and the next time it gets used by a priviliged user, UR 0w3n3d!

Files like that should be rare, but have you done a full security audit to make sure none exist? Never underestimate what sneaky software can do once it gets a foothold.

Re:PLEASE...

[Louis+Guerin]

You're not wrong.

But I think the most important weapon in *nix's arsenal in the upcoming war against worms, viruses, trojans and whatall, is the community. A community which designs multiple apps for the same task (diversity), sticks to security-focussed design principles (priorities), and will work to update a vulnerable piece of software winthin hours of a vulnerability's emergence. Linux, particularly, is a very competitive market; much more so than any other segment of the OS industry. There are many distributions, including many commercial distributions, with what amount to very similar products, all vying for marketshare.

First, the code is strong and well-audited, and runs on a more secure base. Second, the diversity of *nix environments will slow the advance of any given exploit, and buy the community valuable time to fix the holes as and when they appear. Third, if they know what's good for them, the commercial *nix distributions will be absolutely GAGGING for an opportunity to provide better support than their rivals, because that and marketing is all that really separates them. This will mean R&D money being funneled into projects like OpenBSD (from which numerous security standards have come to the "softer" *nices), Spamassassin, ClamAV, Debian-Security, SELinux and so on. This can only be a good thing.

Seriously, it's just about a new way of thinking about the issue. Not to say that nobody will get burnt - any war has casualties - but *nix is far better situated to defend itself in this war than any previous system has been. I'm cautious, but I'm not worried.

L

Re:PLEASE...

This will work to some small degree. It may slow down virus propigation but by less than an order of magnitude. And as Linux matures and the real software vendors take leads, everything may come down to only one or two real choices for 95% of the Linux users (Assuuming real linux market share and serious corporate use). We would then be right back to the monoculture of windows. It's bound to happen. So even that argument is currently weak (There are only a handful of useable mail programs, for what you are talking about there would have to be hundreds, all working with different protocols and apis) and will only get waeker over time.

Less monoculture

[Coryoth]

Windows is also more standardized than Linux, Mr. Friedrichs says. There are a number of distributions of Linux from different vendors, with differences significant enough that a virus or worm designed for one won't necessarily have the same effect on all the others. That fragmentation is a good thing when it comes to discouraging virus writers who want their work to have the maximum impact.

There's another advantage that they don't mention. Linux plays nicely with the BSDs, Solaris, OS X, and most other operating systems, so it really is easier to have a diverse environment - not just diverse distributions, but diverse operating systems and architectures.

Yes, Windows will work okay on a heterogenous network, but it doesn't really like it much. Compared to the shared UNIX foundations of Linux, OS X and BSD it is much easier to have all of them happily running side by side on the network sharing resources. Linux or Solaris workstations for the research division, Macs for the designers, Linux and/or BSD for the servers, developers get to choose their platform... and maybe even a nice pretty GNOME or KDE desktop for the paper pushers.

Jedidiah.

Re:Less monoculture

[I+confirm+I'm+not+a]

Linux plays nicely with the BSDs, Solaris, OS X, and most other operating systems

I was off work, ill, and working from home (I'm a web-developer - SunONE-ASP on Raq boxes) and needed my girlfriend's XP laptop to talk to my server. Normally that's no problem - server runs Samba. But I didn't have SunONE ASP, so I had to use Microsoft IIS ASP (the server's dual-boot). Could I get a Windows XP laptop to talk to a Windows 2000 server? Could I hell! Now I accept I'm not the most capable Windows admin, but c'mon! How hard can it be!

Moral: Linux plays nice with other operating systems. Windows barely gets along with earlier versions of Windows.

Re:Less monoculture

[xutopia]

you don't get it. Microsoft makes sure that viruses work between Windows versions, not essential business programs.

Re:Less monoculture

[GileadGreene]

There's another advantage that they don't mention. Linux plays nicely with the BSDs, Solaris, OS X, and most other operating systems, so it really is easier to have a diverse environment - not just diverse distributions, but diverse operating systems and architectures.

True. That's a function of having open standards at the interface level. Standards that Windows is just as welcome to make use of - they just choose not to.

The idea of homogeneous interface specifications and heterogeneous implementations is a good one, and does provide a level of diversity that can limit the impact of viruses preying on implementation-level vulnerabilities. However, we can't let that slightly higher level of security breed complacence. It is entirely possible that interface-level vulnerabilities could bring every compliant implementation down (which is a good argument for more careful design and auditing of interface standards).

Re:Less monoculture

You're an idiot.

Dual booting a server should have been the tip-off.

Re:Less monoculture

Real Moral: You are both a shitty tech and a ASP programmer.

Re:Less monoculture

[I+confirm+I'm+not+a]

It's a development server, at home. I have better things to do with money/tech than devote it to work.

...but yes, I am an idiot.

virus-targeting, and the cause of the problem

[perlchild]

About those viruses becoming more prevalent...
Can someone balance that FUD with equivalent numbers from MacOS X?? It's a lot more popular than Linux, and both haven't been plagued with viruses(yet) in widely publicised numbers.
The bit about multi-user was nice, but user-education about the benefits of proper privilege separation is very low, and needs to be addressed by those people who think changing OSes is a solution to the social problem of viruses. Of course, a lot of CIOs would rather use viruses to justify spending half a mil to change servers, than 10000$ on training... Even on equivalent returns...
That's also a social factor.

Re:virus-targeting, and the cause of the problem

Can someone balance that FUD with equivalent numbers from MacOS X?? It's a lot more popular than Linux, and both haven't been plagued with viruses(yet) in widely publicised numbers.

Animators, graphic artists, typesetters, and the rest of us Mac users simply haven't gotten around to writing worms and viruses yet.

Re:virus-targeting, and the cause of the problem

Neither have all the Linux geeks who are drawn to OSX's NSD core.

Which is kind of weird, when you think about it.

Re:virus-targeting, and the cause of the problem

[Mr.+Flibble]

Perhaps it is beginning to start?

there is so! :D

[Bajanman]

live feed even! http://www.montrealcam.com/en-biodome.html

Re:Your kidding?

[ianc7]

No we're just going to rename the country 'Soviet Canuckistan'.

linux in canadian universities...

[Lord+Haha]

I goto SMU and I know that we (as in cs faculty) have been slowly getting the univeristy aquianted with the whole open source ideas. Problem is there are still many people to educated, the in house tech support peeps still havn't fully grasped the whole idea I don't use Windblows and manage to be able to figure out how to map a network drive without logging 1st into the NT network and using all the XP "special" login scripts...

Re:linux in canadian universities...

> I goto SMU ... Problem is there are still many people to educated ... still havn't fully ... without logging 1st into the NT network

Well, I agree with you on the "educated" part...

Re:linux in canadian universities...

I've been an undergrad at Concordia , and am now a grad student at McGill , and having been turned onto Linux in the former, I've noticed the following (qualitative!) trends at both Montreal institutions:

Sysadmins :

All sysadmins I've encountered at either Univ. are definite LInux LOverS, running clusters at home and upgrading daily, and spending most of their day time patrolling univ. machines as root. They also seem to enjoy dealing with Linux-related problems, despite taking much longer to solve them.

Professors:

My supervisors at Concordia and McGill have both equated Microsoft with Beelzebub, and make rude remarks about Redmond in their lectures.

Students:

The general undergraduate population are Microsoft peons, but the proportion of Linux users increases as you move to higher percentiles grade-wise. Also, I've been told that most undergraduates drink heavily.

Research Labs:

All research group machines I've used run Linux (save for an IRIX machine at McGill), but the grads/postdocs tend to prefer Windows.

General-purpose Labs:

At Concordia I dare say Linux was run on ~90% of the general lab machines (granted, most were double-booted). At McGill, only ~20% of lab machines run Linux. Both schools have "Linux-only" rooms, which are equivalent to either "VIP lounges" or "Smoking Section", depending on the last digit of the square root of 2.

Hector Savage

Re:linux in canadian universities...

You forgot to mention: both schools suck.

Re:linux in canadian universities...

[sewagemaster]

for me it's the other way around. i went to mcgill for my undergrad and doing my masters at concordia now. last year 90% of the computers ran *nix. it was until recently - last semester that they switched all the linux machines to dual boot - redhat/winxp.

The general undergraduate population are Microsoft peons, but the proportion of Linux users increases as you move to higher percentiles grade-wise. Also, I've been told that most undergraduates drink heavily.

as for the students, you're completely right about them being m$ peons. but it's not just the undergrad students now. it's the same with grad folks at BOTH universities (i know people from both schools). maybe it's because these are the same folks that wouldnt have gone into grad schools should the bubble never had burst?

at mcgill, that redhat room in the Trottier is always empty. all these computers with 18" LCDs just sitting in the room and not being used. you even notice there's a lot less greese on these keyboards....

about the professors, i've had an interview the prof 2 years ago with the TSP lab at mcgill for a summer job. i was clear from my resume that my previous work experience was coding in *nix... for whatever reason he didnt seem too happy hearing that i didnt use M$ visual C++.

the sysadmins at concordia are much better than ones at mcgill. other than carl and steven at mcgill, none of the other ones know anything about unix. the grad computers arent managed properly, and you have a whole bunch of students downloading and running warez on their computers. one of them actually got a threat letter from the MPAA for downloading gigs of movies last year....

Yeah, we want a Tux in Canada logo

Tux wearing a winter jacket and a beaver hat, holding an axe and a bucket of maple water.

Re:Yeah, we want a Tux in Canada logo

That's "sap", you, uh, sap.

Re:'Canada's national newspaper' !?!?!

[B3ryllium]

Now now, very few Canadians actually hate Americans. Many joke, but few hate.

Not only do we have more than one newspaper, we are also proud to announce that we have more than one telephone, as well as more than one automobile!

Viruses on Linux? Yeah, right.

[Tuxedo+Jack]

It takes user stupidity to infect a Linux box with a virus, namely because you _don't run as root_ unless it's necessary (su, please) and no code is therefore fully trusted. Therefore, it takes an idiot running as root, _multiple_ steps thanks to the encrypted archive files), and a Linux port of a virus to infect a Linux box.

With Windows, it's open, input password, extract, run. Wow. You're boned. Simple, ain't it?

Linux is secure simply because no one runs as root for daily work. Those who do are either idiots or have _really_ strong bowels.

Re:Viruses on Linux? Yeah, right.

Mozilla plugins? JavaIRC? I'm on the lookout for a maliciously installed Java Back Orifice.

The downside: It's not running 'til the user starts Mozilla.

The upside: 92.8% of America won't use a computer without a web browser.

+++ATHZ

Re:Viruses on Linux? Yeah, right.

[asmellysock]

Why does a virus/worm need to run as root? It can run as the current user and do anything he could do, including deleting or modifying his files, emailing itself, etc. It might have trouble setting itself up as a server, or continuing to run after the user logs out.

Re:Viruses on Linux? Yeah, right.

[hendridm]

Who says Linux users aren't running as root? I've seen plenty of companies where the Windows user logs in Administrator because someone was too lazy to set it up the right way. I could equally see a "consultant" setting up a small business with Linux boxes and giving root priveleges to minimize user-perceived problems. I can also imagine a lot of users out there who buy SuSE or Fedora from their local book store, install it, and just use the root account because it worked when they tried it...

Re:Viruses on Linux? Yeah, right.

[Lord+of+Ironhand]

As already pointed out in this thread, the most important data to most people (the homedir) can already be deleted by programs (viruses?) running as that user.

There's something else that does help though: for a file to be executed under Linux, it has to have the executable access permission set, which is normally not the case when you download/save a file from a browser or e-mail program. As long as mail programs take very good care not to execute things, this means we're pretty safe after all.

But it would still really help to have more fine-grained access control such as provided by SELinux, Systrace and LIDS.

Re:Viruses on Linux? Yeah, right.

[rikkus-x]

Rubbish. You don't need root access to 'infect' a Linux box. It would be very easy to write a virus which deletes all the user's files, sends itself to everyone in their addressbook, listens on a port, joins in DDoS, etc. All without root access.

The main difficulty faced by someone writing a virus for Linux is getting someone to run it in the first place. It's pretty hard to persuade a KMail user, for example, to execute a virus. They have to save an attachment and give it execute permission first.

Rik

Re:Viruses on Linux? Yeah, right.

Yes, but after it mails itself to all the user's correspondents and deletes $HOME what else should it do? Isn't it's job done?

Re:Viruses on Linux? Yeah, right.

[Mordaximus]

Erm, believe it or not, there are a few people in the world who run Windows day to day with user accounts, and switch to administrator to do installations, etc.

The kind of user that gives his account admin privs under windows is the same user who would run as root on a linux box, because they don't know any better or they really don't care. These individuals will never be protected by any operating system.

PS. I believe Lindows runs as root by default.

Re:Viruses on Linux? Yeah, right.

Or better yet, they don't log in as Administrator & use the "runas" command (Windows equivalent to su) instead.

Re:Viruses on Linux? Yeah, right.

[mritunjai]

Viruses ?? Say "worms".

Given that majority of "mal-ware" in past few months was "worm-ware", it is not a very alien thought for any other OS.

Worms rely on social engineering and tricking unsuspecting users into running them. Few points to note on what worms do-

1. Open an Open Relay on port xyz
2. DDoS
3. Key logger
4. Act as Backdoor/Trojan

Mind that, NONE of these activities "need" root priviledges... and a worm that can open a backdoor hole so that you can later be exploited through any N number of local root exploits is equally harmful.

Now, only things that stands between malware-writers and a compromised box are-

1. The human in charge of the box (aka User)
2. Well designed software

EMailing a worm-script to a *nix user doesn't work right now because majority of email clients on *nix do not make a file executable while saving it to disk... so even if the user is tricked into accepting that file, he/she cannot just click it and run it (which is from another point BTW, another "usability" issue too!!)... they need to

1. Save it
2. Find their way through command prompt/file browser to the file
3. execute command "chmod +x blah", or right-click the file, select properties and check the "executable" box
4. execute command "./blah" or click on the file.

Thats just TOO many steps and even the most gullible people will give up way before that and hit "open" just to see that binary file being opened in vi/vim/emacs/Kedit/Gedit etc with lots of funny characters.

So, its the very user-unfriendly nature of *nix that stands between the malware-writers and their zombie machines.

Re:Viruses on Linux? Yeah, right.

[GoRK]

It pretty well takes user stupidity to infect yourself on windows these days, too, though. It's not that there aren't any security holes in the OS or Outlook/Outlook Express that virus writers have exploited, but most of the problem is still technically the 'trojan-horses' that people run unknowingly.

Re:Viruses on Linux? Yeah, right.

>it has to have the executable access permission set, which is normally not the case when you download/save a file from a browser

One word: Tarball.

Re:Viruses on Linux? Yeah, right.

[slipstick]

Huh? How is a tarball executable? or is that not what you meant?

Re:Viruses on Linux? Yeah, right.

Tarball preserves permissions + WinZip-like Shell = Virus.

Why not Open BSD

[Offspring22]

Theo lives in Calgary, so why not support the local boy :) Another Calgarian

Something is wrong here

[mkro]

From the "virus" article:

Alec Taylor, senior manager of platform strategy at Microsoft Canada Co. in Mississauga, agrees Linux is likely to get more of the kind of unwanted attention Windows has had from virus writers. "It's a challenge that we all face and we're all targets in the software industry," Mr. Taylor says.

... and that was it. That is the end of the Microsoft quote. Wtf? No mention of communism? No "Yeah, but the TCO of a virus attack is larger on Linux"? I'm speechless. Mr Taylor can probably expect a phonecall from Mr. Balmer tonight.

Re:'Canada's national newspaper' !?!?!

[AssCork]

Cool. When did Steve get a car?

Real World Linux offers discounted LPIC exams..but

[darthcamaro]

The main reason why the Globe and Mail, ran these articles is because the Real World LInux show (www.realworldlinux.com) starts next week.
The Linux Professional Institute (LPI) is offering discounted LPIC exam certifications at the event, BUT here's the CATCH.
They're offering the exams at the same time the Keynote Speaches are being delivered...I guess the braniacs at LPI figured that tech's are a bunch of 'properller-heads' and won't understand the business of Linux...
I think I'm just gonna get an RHCT and screw the LPIC.

Virus software on Linux

I have been searching for good antivirus software for linux and have come across many different vendors. I personally like BitDefender better which has versions available for Samba Fileservers and Mail servers running Postfix, Qmail and Sendmail. I purchased our products from iDREUS at http://www.idreus.com/index.php?page=product&produ ct_id=8

Not in the online edition ...

[LoFat+ByLine]

... but in the print: a full page infomercial from M$ consisting entirely of:

a) Anecdotes about random Canadian companies that still prefer Microsoft products.

b) a big TCO diagram pulled from an IDC study "conducted for Microsoft."

Clever Microsoft, focussing on their core business market:
CIOs with no critical thinking skills ...

Mayo!

[Knight+Thrasher]

Linux takes in Canada. Microsoft says 'Eh?' RIAA continues to cry over inability to force ISPs in Canada to release the names of folks running linux servers that utilize file sharing apps.

Re:Mayo!

[BHearsum]

Erm, s/RIAA/SOCAN/

Re:Mayo!

[tb3]

Erm, s/RIAA/CRIA/
SOCAN is the artists' association.

What about viruses?

[bersl2]

Another article discusses whether Linux will become a target for viruses as its popularity grows.

I say bring it on.

Linux systems might be vulnerable to root exploits (as are all things on a network), but I want to see how well we would do against viruses.

As we've all seen, Windows systems are very vulnerable to fire-and-forget attacks, which pick up momentum as they infect. I want to see how well an automated attack can propagate itself against Linux.

Re:What about viruses?

IMHO once the viruses start, package managers like dpkg and supporting programs like apt (which downloads updates and dependencies) will be the winners. Certainly, it is not much longer for goot GUI versions of those tools to be ready... they are nearly there now.

Advanced IT

[andawyr]

A few years ago (10?) the Alberta government started to move the primary focus of Alberta business away from the Oil patch. At that point in time, Alberta was sort of a one-trick pony - most of the head offices for the Oil industry were here (and situated in Calgary), with a large number of the smaller businesses supporting the larger (fewer) oil companies.

If the Oil economy went down, so did the rest of Alberta. Bad.

Over the past 10 years, business diversity has increased a tremendous amount; the oil industry is still a large part of our economy, but not so large that we'd be hammered to death if the price of oil dropped substantially. It would hurt, but much less than it would have 10 years ago.

Part of the reason for this success is the high level of technology in this province. Calgary especially is very high tech, and this latest story just enforces that point. Businesses tend to move fairly quickly here, and are able to take advantages of the benefits of newer technology.

Through the use of and research into technology, Calgary is both a very good place to work and live.

Re:Advanced IT

Calgary is both a very good place to work and live.

Sure, if you don't mind it being a little sleeper town that practically shuts down after sundown. Calgary. Yawn. It's got to be the most boring downtown per capita of any city in Canada. But then I couldn't live anywhere in Canada outside of Montreal or Toronto.

Re:Advanced IT

Calgary. Yawn. It's got to be the most boring downtown per capita of any city in Canada.

No, you're thinking of Edmonton. :o)

(note, I live in Edmonton.)

Re:Advanced IT

[swordgeek]

I disagree.

Oh yes, Calgary is certainly a good place to live and work. There certainly IS high tech here in spades.

But have we achieved the lofty goal of a diverse economy? Not hardly!

Why is there high tech in Calgary? To support the oil companies. Who buys computers in Calgary? The oil companies. Who supports the arts, sports, and culture in Calgary? The oil companies.

Look at our venues: The Pengrowth Saddledome, The Epcor centre for the performing arts, Talisman centre, and so on. Look at the consumers of computer cycles in town: Big oil companies doing geophysical mapping.

Calgary is full of businesses that aren't gas and oil, but most of them would crumble without the G&O industry feeding them.

As for the rest of the province, the second industry behind oil is agriculture, and for the last decade or so, has absolutely tanked. Edmonton is probably the best off right now, because of the numerous biotech spinoffs from the University of Alberta.

Nonetheless, we are still a HEAVILY oil-dependent province, despite what our government likes to claim. If oil drops down to $18/barrel again for an extended period, we'll be fighting with the maritimes for the title of poorest location in Canada.

Dancing Dog? :-(

[danZenie]

" Linux was like the dancing dog -- it's not about how well it does, it's that it does it at all."

that is very disrespectful. how about a dancing penguin?

Re:Dancing Dog? :-(

I assume that phrase was taken from this:

----------------------

Software likes to think of itself as 'engineering' but it's not. It's not structured, it's not methodical, it's not repeatable, it's not quanitatively quality controlled, it's not maintainable, it's not documented correctly, it's not impervious to new flaws after it's finished, it's never finished.

Project managers don't, requirements assessments can't, cost estimates are from Mistress Cleo. Nobody understands what success is supposed look like and no one can tell the difference between success and failure.

It's neither mass produced art nor is it artistic engineering nor is it special or inciteful. It's an ordinary product made by people who have to be extraordinary simply to overcome all of it's other failures. It's the dancing bear - interesting not because it dances so well but because it dances at all. It is a controlled crash.

We may be ahead of the curve on this...

[Eric+Damron]

"Another article discusses whether Linux will become a target for viruses as its popularity grows."

Yes, it will and distros like Lindows that run the default user as root had better get their act together. Poor judgement calls like that could make Linux the next security joke right behind Microsoft.

I just installed Mandrake 10.0 and noticed that it offers an open source anti-virus product called "CLAM." According to the docs this product will automatically update its virus definition files. So assuming that these files are kept current we may be way ahead of the curve on this.

Re:We may be ahead of the curve on this...

I just installed Mandrake 10.0 and noticed that it offers an open source anti-virus product called "CLAM." [...] So assuming that these files are kept current we may be way ahead of the curve on this.

The only trouble is, because there are no viruses for Linux in the wild, we don't have virus scanners for them. ClamAV is a scanner for Windows viruses. I use it to keep our mailserver from filling up with Windows viruses, even though it's a FreeBSD server and we only use Linux and MacOSX clients.

Re:We may be ahead of the curve on this...

[advocate_one]

oh no... not the Lindows runs as root crap again... please, that is just so untrue... if anything does run as root out of the box these days it's XP Home Edition as an OEM install... and the vast majority of users don't even realise it either or that they should set a password for their admin account either...

Re:We may be ahead of the curve on this...

[Eric+Damron]

I think there are a few viruses for Linux but they can't do much if you don't run as root.

Anyway, I agree that ClamAV is mostly for file/mail servers that are on a network with Windows boxes. However, as viruses do appear for Linux ClamAV will be able to detect them.

Re:We may be ahead of the curve on this...

[Eric+Damron]

Really? Well I won't be dogmatic about it. I never have run Lindows but that is what I have read. It would be great if I were wrong about this but I read that in order to make everything work for their users they made the default user root.

And you are correct about XP. It's really scarry that Microsoft tells everyone that security is their top priority and then they do that.

Re:We may be ahead of the curve on this...

[surgeonsmate]

Yes, it will and distros like Lindows that run the default user as root had better get their act together. Poor judgement calls like that could make Linux the next security joke right behind Microsoft.

If Microsoft is a joke, then how come Bill Gates is laughing all the way to the bank?

Good Day, Eh!

[Eberlin]

Good day, eh! This Linux thing is a very good thing for the economy and all that. However the only penguin we acknowledge comes from Pittsburg and we don't like that Mario Lemieux guy all that much. If it sucks as bad as that hockey team did this season, I wouldn't stake my reputation on that penguin eh.

How 'bout we make our own brand called Maple Leaf Linux or Red Toque. Or maybe we can call it Gretzky Linux and charge 99 Canadian for it.

Heck in Edmonton the best one-two combination was Gretzky to Kurri -- The Great One and a great Finnish guy. Gretzky did his best work with the aid of a Finnish product! So is Linux good? You bet! I give it a hat trick rating.

Re:Good Day, Eh!

It's Pittsburgh ! They fought the Post Office and won.

Re:Good Day, Eh!

Oh my. Didn't know we had that many sore Penguins fans around here.

Re:'Canada's national newspaper' !?!?!

[DR+SoB]

Care to name the other? lmao.. And BTW, that is there motto, so it makes sense..

-Toronto, Canada.

Corel is based in Canada

[vasqzr]

I wonder what they think?

Corel is pretty big into Linux, at least they used to be, maybe the government is trying to set them up to fight Microsoft, at least in Canada.

Word Perfect Office -> MS Office, Linux -> Windows

Re:Corel is based in Canada

Corel is pretty big into Linux, at least they used to be

Corel got completely out of Linux when MS bought them.

maybe the government is trying to set them up to fight Microsoft

Spoken like someone who's never been here.

In the late 1990s, our Prime Minister met with Bill Gates to pledge unending support for MS. There was a ton of coverage in the media, with some people wondering why someone of Mr. Gates' position would bother coming here.

My wife works for the government - nobody - as in __NOBODY___ in the IT department knows anything besides MS, and nobody wants to learn. People outside of the IT department are completely clueless.

Standardization

[dmomo]

This is true, and granted, as more apps for the linux desktop become widely used, exploits involving them will be more easily propagated.

Re:'Canada's national newspaper' !?!?!

[schovanec]

Last May. - Steve

This is probably redundant by now...

[meme_police]

...but Calgary should be switching to OpenBSD. They'd have plenty of top notch support nearby.

Re:This is probably redundant by now...

Does Oracle support OpenBSD?

The City of Calgary does use OpenBSD where it can.

Root is not a big deal for viruses

There is enough "local root" vulnerabilities that it doesn't make any difference whether the end user has root privs or not -- if they are stupid and run trojans, the hackers will find a way to own them.

Also, most of the Windows virus activity is now Spambots -- which have no need at all at run as "root" (carefully coded viruses run fine as a non-Admin user on Windows).

Virus

[WindBourne]

Virus writering/crackers are master at spending little energy. They will write them to go for the easiest target possible with the most damage being a side effect.
As soon as linux is one of the easiest targets, then we will see lots of them. Until that time, well...

Virus' Due to install base?!?

[fritz1968]

Mr. Friedrichs says the majority of viruses and worms today are aimed at Windows, because of its large installed base. Threats that target Windows also tend to have more impact and get more publicity than those aimed at Linux, because there are so many Windows-equipped computers for them to affect, he says.

From what I have read and understand, the install base has nothing to do with it (or very little at least). The problem is that MS software is so easy to crack.

For example, MS Exchange has roughly a 85 million install base. That email system has been hit hard over the past several years. Lotus Notes has not been hit nearly as hard (if at all) during the same time frame. If install base had anything to do with it, then one would assume that Lotus Notes has a substantially lower install base than MS Exchange. The fact is that Lotus Notes has a comparable install base (of roughly 90 million).

It's the insecure software that is the problem, people!

Re:Virus' Due to install base?!?

[sik0fewl]

Very interesting. You don't happen to have the source(s) at hand, do you?

Windows has ACLs you know.

[uberTr011]

Uh, if you log into linux as root and run email attachments, you'll get a virus too (assuming its a linix binary/script). Y'see, windows does have filesystem ACLs. Windows mentality is what needs to change. Logging in as Administrator is the equivalent of logging in as root, and we all know running stuff as root is bad.

Re:Windows has ACLs you know.

[slipstick]

If user's are smart enough to save an attachment, mark it as executable and than click on it than their smart enough not to run as root.

Re:Windows has ACLs you know.

[uberTr011]

It's only a matter of time until KDE implements this feature in kmail to automate the process... that is unless, you've changed your mind about Linux being for the masses.

Re:Windows has ACLs you know.

[slipstick]

Why would you assume that KDE would do this? If they do I will personally remove it and submit a patch!

The fact is if this happens in open source you would likely so a fork and a major backlash.

Re:'Canada's national newspaper' !?!?!

Does Office Bob still have the other phone?

Re:'Canada's national newspaper' !?!?!

[hey]

I might point out that the telephone was invented in Canada!

Privilages

[phorm]

As linux popularity increases... we can hope for some of the following:

a) Lindows doesn't become the primarily popular distro
b) Users will *not* run as root - see (a)
c) Root SSH disabled (most distros do enable root SSH by default) or no bootup SSH server

Open SSH ports (or NFS for that matter, but it generally needs some more setting up) with root access and easy passwords would be the gold for virus writers. The same for root-level user access. Give the users their sandbox, let them play in it, and let the viruses be restricted to them too.

Yes, virii will happily nuke a user's files, and possibly attempt to email themselves outward (we *can* protect against this in many ways in 'nix) - but at least they won't have the potential to bork an entire system... and if they're restricted to ~/ or other public areas then they should be much easier to clean.

My concern is that to allow installation to be simple enough: applications will become something like "You must be root to install this application. Please enter your root password" - in which case viruses will follow suite and, well, same problem as windows. Maybe the concept of becoming "superuser" would instill enough paranoia to keep users from clicking and becoming root, but I doubt it.

However, that's home users. For businesses - don't give employees root - and suddenly you have a much tighter environment. We're setting up a lot of linux machines here at work. I've made a base image for them, bound the individual machines to DHCP static IPs as well. My primary server has a public key in authorized_keys for all the desktops, so updates/changes are as simple as:

for IP in $LINUX_MACHINES
{
ssh $IP /mnt/nfs/myupdatescript.sh &
}

(in this case I obviously allow root logins via SSH, but none of these machines have a public IP)

Re:Privilages

[Vindicator9000]

You have good points.

My concern is that to allow installation to be simple enough: applications will become something like "You must be root to install this application. Please enter your root password" - in which case viruses will follow suite and, well, same problem as windows. Maybe the concept of becoming "superuser" would instill enough paranoia to keep users from clicking and becoming root, but I doubt it.

In my experience, a lot of Windows 2000/XP home users don't even know that they're running as admin, or that they have a choice not to. I work as a Windows admin, and often someone will ask me how come their home machine keeps installing software "on its own," usually meaning they clicked yes on the "Do you want to install GAIM?" box somewhere. I explain that some software companies are less than ethical, and that the best way to guard against that is to not run as admin, and not to install anything unless they explicitly asked for it. Then I give them a pre-prepared file on how to create user accounts and set rights on 2000/XP machines, along with a disk containing Ad-Aware, Firefox, the latest XP service pack, the Blaster patch, and appropriate readme files (I keep 5 or 6 of these on my desk). Invariably they tell me later that the situation has improved, and that they never even thought about doing it that way - they even ask me if they can copy the disk for their friends. I think that part of the reason its sucessful is because it gives users a greater sense of responsibility when they login to the admin account.

Anecdotal evidence for sure, but the response from users has been so overwhelmingly good for me to ignore. All OSs intended for home users should setup a separate admin account, and take steps to inform users to use it only when necessary.

Re:'Canada's national newspaper' !?!?!

I think Microsoft probably has more influence here than south of the border, because they can so easily sum up support for trade sanctions south of the border. They just have seen Linux or *BSD as a serious threat here yet.

As to Canadian attitudes towards Americans, all kidding aside, I've never met an 'average' American I didn't like (nevermind hate), and I expect I'm a pretty typical Canadian. I can't say I really even think of Americans as 'foreign', we are really the same people for the most part. That said, it isn't hard to see the current American administration are a bunch of dangerous, lying, lunatics (Canadians merely have cheating, flip-flopping, bozos -- the 'degree' of our government problems isn't comparable), and that the American system of government is profoundly flawed (allow corporate and business interests to completely dominate the interests of citizens: even American media is looking pretty manipulated). I think 'pity' and some 'there but for the grace of God go I' describes my feelings for Americans these days -- not hate.

Diversity is No Defense

[RAMMS+EIN]

"if you want to really defend yourself, the way you defend yourself is by diversity."

It cuts on both ends. More diversity means less chance that _all_ your systems will be compromised, but increases the chance that some of them will. I think you are better of using one system that you know how to secure and keep secure well.

In my case, that would be any open-source *NIX - *NIX because I know the workings reasonably well, and open-source because I can verify it's not doing something sneaky.

Re:Tux would NOT wear a suit!

[trailerparkcassanova]

'e should be wearin' a toque, eh? With a little slab o' back bacon sittin' there beside 'em, 'eh?

What say to that, eh?

User stupidity

[phorm]

The problem is, that even in linux a dumb user is still a dumb user. Instead of this:

"Install: Bonzai buddy will be installed to C:\program files\pwned"

You get something like:
"Install: Bonzai buddy will be installed to /usr/local/bin/pwned, /etc/pwned"
"Error, you need to run as root to install this program. Please enter your root password:"
*****
"Thank you. Installation will now continue"

You don't think it will happen? Just wait. Safety comes in that the user doesn't always get the root password (and is patched against root exploits)... at least in a business environment Vs home (and at home *MY* family members ain't getting the root password).

Re:User stupidity

I don't advocate the "root password" approach because it lends credibility to TCPA.

Just like the flaw in TCPA root passwords won't prevent exploits from worming their way in through legitimate channels. TCPA doesn't guarantee that a web page won't exploit a cookie/Java/Shockwave/RealPlayer/WMP/ActiveX combination to drop MailForward.exe in C:\Windows\startup (or whatever it's called nowadays). Root passwords won't prevent Mozilla from including untrusted .so libs from ~/.mozilla/plugins.

How much longer before malicious coders figure out how to nudge Mozilla into including .so files from /tmp? Whole new realms of happiness.

+++ATHZ

Re:User stupidity

[davecb]

Many user-level programs in Unix and Linux happily install in per-user mode without asking for the root password*.

Make this all and the end users won't have the root password, and therefor won't be able to authorize installing a virus... even assuming they don't realize that asking for the password is an unexpected behavior.

--dave
[* developers are doing just that]

Re:User stupidity

[phorm]

With the bazillion different project in Linux that already don't co-operate very well. Getting them all to follow the same standard might be a little difficult.

Re:Man...

SuperNET and other high speed internet connections are actually the fastest in the world in Canada.

Are they faster than South Korea? I don't know, I'm asking because I want to know.

Windows install

[RAMMS+EIN]

What?! Windows install doesn't allow you to select keymap?

Re:Windows install

[NamShubCMX]

Yes, after you have to enter that lenghty serial number...

at least it doesn't echo *s :)

Linux and Mac OS Inevitably Will be Virus Infected

[Laebshade]

I wrote an article on my website about this very topic almost 3 weeks ago, but it is not as quite in-depth as the Globe article and is from a different angle.

Re:'Canada's national newspaper' !?!?!

Care to name the other?

Canada has at least two national newspapers that I'm aware of:
- The National Post (note 'national')
- The Globe and Mail (was Toronto Globe and Mail)

And BTW, that is there motto, so it makes sense..

It makes sense to blindly repeat company mottos? I suppose rather than saying 'Microsoft' it would make sense to say 'The Technology Company That Cares'? And rather than say 'Windows XP', it would make sense to say 'The Operating System That Just Works'? C'mon. Think.

Linux in Canada, eh?

[thebra]

Well I say Linux in every where! I just installed Fedora, with out a hitch, and am excited to see how easy it has become (I tried once and failed greatly in '95 or so). Viruses? Well of course, but I can't imagine any thing like Windows OS has experienced. Before downloading the ISOs I installed W2k and less than 10 mins had a virus that was rebooting my pc. (blaster!) Right now the only "virus" I'm afraid of is when I am root.

Linux? I had one of those once

Linux is in Canada. Some of the IBM computers shipped come with Linux. The drive then gets formatted. Most people haven't heard of it, of those who have, 90% think it was written last week and will wait till it's been out at least a year or so. Many people ask "are there any games for it?" while others ask "I don't want to try it till I can use my mouse with it, when do you think that will happen?" Canada really is about 10 years behind the rest of the world in Linux adoption.

How to make virus works on Linux...

[fprog26]

Have uncle bob have his root password in the "KWallet Password manager", because it so more convenient...

Make Konqueror use some KPart plugins or KIOslave
like those for cmd or apt-get,
have a web page that "FORCE" the user to say "YES",
launch apt-get or cmd with sudo and do some damage.

Another way would be to fool the user to enter his root password.

Don't worry experience shows that people are easy to trick.
Just think about how many people have all those junks like weather thingy,
internet time synch and similar.

And for those not realising VBA on KDE is replaced with JavaScript,
KJSEmbed can do enough harm via DCOP,
if misused properly much like VBA can do on Windows, so please.

I never said that it's not convenient,
much more like VBA was convenient on Windows or WScript for such matter.
The 'real' problem is educating 'dummy users' who just install, click, accept anything on their box,
if they do it on Windows... don't worry they will do the same thing on Linux.

People who don't apply security patches for Konqueror or the Linux Kernel will be as
problematic as those who don't apply 6 month old
security patch on Windows and that still get CodeRed infected.

I know Linux tends to release patch faster and such, but for 'dumb uncle bob' that might
not save him from some worms that exploit some bug in some Linux applications.

Let's assume there's a root exploit bug in Konqueror or X11 or KDE.
Let's assume there's a patch.
Let's assume user bob, don't know what's a patch, he ask neighboor's X once every 6 months when his in trouble or things get screwed up.
Let's assume some guy wrote some rootkit exploitable program for that bug as a "convenient" example NOT to be used.
Let's assume some ScriptKiddie find that webpage and say cool, let's make some worm, just to look cool at school among his geek friends.
So, he write some worm make use of KJSEmbed, DCOP or whatever he might find
and send the thing as an innocent HTML attachement to a bunch of people randomly.

Guess what happened?

But yeah Linux can't get virus...
it's just more tricky to trick people out, but not impossible.

So, think twice!
You can have easy-to-use, features or security, pick any two.

Re:Tux would NOT wear a suit!

What say to that, eh?

Y'all, y'all, I, uh, y'all, gots nuthin' ta says to y'alls, y'all.

Did I get my American accent right?

We have it worse

We have "Progressive Conservatives" and "Liberals" that are basically the same as Republicans, except they have sneakier names (particularly the Liberals).

Re:We have it worse

Our furthest right wing PC or Alliance politician is far more liberal than even the most moderate Republican. And our Liberals make the Democrats look like bible-thumping totalitarians.

You've obviously never read any politics in Canada or the US if you can make that comparison.

Re:We have it worse

[theshowmecanuck]

I am a Canadian who has been living in Missouri (get the name? :-)... I moved from Alberta... I think the provincial premier Ralph (who I think of as 'Ralffff, do I have a drinking problem?') Klein and the federal Alliance party's Alberta members make Bush look left wing. They want to privatize medicare, give Bush style tax cuts to the rich, and have already driven most folks on welfare into British Columbia.

http://jedidiah.stuff.gen.nz/

[RAMMS+EIN]

Man, that's a BEAUTIFUL website!

Calgary on Linux? WTF??!!!

[swordgeek]

Last time I checked out contract list, we were still supporting a fairly large number of Sparc/Solaris boxes at the city of Calgary. Much of the storage has migrated from antique Sun systems to NetApp, though.

I don't know what part of the city's infrastructure has moved to Linux, but it's certainly not all of it. This article seems a bit...blind.

Re:Calgary on Linux? WTF??!!!

[shking]

The City of Calgary moved their Oracle servers to Linux and saved a pile of $$$. They are looking at migrating the rest of their unix servers to linux as well. Virtually all desktops are Windows NT (migrating to XP) except for some graphic arts types who have macs. Web servers are mostly Windows/IIS and sometimes Sun/Apache, but occasionally there's a kewl oddball

Re:Your kidding?

[ricklow]

In Soviet Canuckistan, the country renames you!

Re:Man...

Umm ... relax. "flapping heads" was clearly a South Park reference. The poster wasn't serious.

Re:'Canada's national newspaper' !?!?!

[Gramie2]

Yes, it's a good thing that we don't have concentration of media ownership up here.

P.S. Try Googling "Izzy Asper" or "CanWest"

Re:'Canada's national newspaper' !?!?!

[Citizen+of+Earth]

Not only do we have more than one newspaper, we are also proud to announce that we have more than one telephone, as well as more than one automobile!

Hell, I'm even thinking of getting a second igloo.

Re:'Canada's national newspaper' !?!?!

[B3ryllium]

Well I knew that :P lol :)

IBM

[ibm5_25]

My question is why can't you buy an IBM Laptop with Linux on it? They had that huge promotion a while back.. with all the ads etc.. yet I havn't found a new IBM with Linux on it..

Re:'Canada's national newspaper' !?!?!

[B3ryllium]

Shush! You should only ever use Canada.com's search-the-web option. ;-)

Re:Linux and Mac OS Inevitably Will be Virus Infec

[codepunk]

Actually I think you are full of crap. Your little article only spreads the same FUD that I always hear but you offer absolutely no technical explanation as to how this mythical linux virus problem is going to occur.

Re:Tux would NOT wear a suit!

[trailerparkcassanova]

Ya'll should say "Did I git mah 'merican accent right?.

Bimetrics == uname

[Fractal+Dice]

I don't understand why parent was modded up - the method of authentication is not relevant to the security model.

The underlying OS has to uniquely identify users - the username is just an alias for you (uids in *nix). The password is a challenge that you must answer and can be altered if discovered by a would-be identity thief.

Smart cards are the way to go. You program them to hold the userids and passwords and handles all the drudgery of entering a userid and password. However, it's still the same system underneath.

Biometrics combines userids and passwords into one, great for forensics, awful for authentication. As soon as the scanner can be fooled with false input (contact lens, fake fingerprint, etc), the entire system is useless until replaced/upgraded to read a new metric. Just look at all the success thieves have had with designing covers to put over bank machines to grab card numbers - now imagine not being able to ever change your account/pin number after it is stolen.

If you want a security model that doesn't require using su, you build your OS/apps around group permissions and check for gid=0 instead of checking for uid=0 (to use *nix terminology).

Some people use Lindows ...

Some people use Lindows ... wich run root as default and is no really offering the choice to be non root , you can only add users after the instal is complete and if you know what/where to look for.

I know its not real Linux but dont worry one virus on Lindows taking over the system will translate in the main press ( funded by microsoft article ) as Linux can be entirely overtaken by a virus

WIll Linux become a target? You bet!

[mark-t]

If Linux popularity grows significantly enough, you can certainly count on Linux being targetted by virus writers.

However...

It's worth noting that the only people that will be adversely affected by this are the average dumbed down user that didn't know any better than to practice good system administration and security skills on his own computer. Of course, some may argue that a decent OS shouldn't require a person to know anything about good administration -- that the OS should take care of that, and they may have a point... but computers aren't sentient yet, and until they are, there's a burden that some person is just going to have to bear. Sorry about that.

Meanwhile...

Businesses that run Linux will remain largely unaffected by the sweep of virii that target Linux, since they will have corporate interests in keeping their systems reliable and secure and will have someone available to ensure that their system remains so.

Bottom line, virii for Linux may become more prevalent than even windows virii, if Linux becomes popular enough, but the virii will cause personal data loss at most, and no severe economical impact that many windows have because many times there's nothing that anyone could have reasonably done in advance of the infection to have prevented it.

Antivirus software for Linux

[rkaa]

FYI:

NORMAN make antivirus software for Linux.

Re:Man...

Umm ... relax.

Who are you? Saddam Hussein?

Journalists: STOP the FUD......Pretty Please!!

[IceAgeComing]

Really, it's such a simple idea:

If you use GPL code, you publish somewhere the modifications you make under the GPL.

THAT'S IT. END OF STORY. JOURNALISTS, YOU CAN GO HOME NOW.

Instead, we get heart-wrenching human interest CRAP like the following:

(From speeding acceptance of linux)

Linux evangelists have prophesied for years that the open-source operating system would challenge Microsoft Corp.'s Windows. But it wasn't until the past year or so, when International Business Machines Corp., Novell Inc. and Hewlett-Packard Co. seriously threw their collective and considerable weight behind it, that a challenge became a real possibility.

Victory, however, will not come cheaply.

The problem is that the future of Linux was never dependent on its quality. If quality were all that is required to win, everyone would be watching movies on Beta videotape and working on Apple Macintosh computers.

The problem is cultural.

The open-source community, an ad-hoc worldwide network of programmers dedicated to creating free software, has been too shrill, evangelistic and hot-eyed for corporate interests to deal with; the ferocity of their anger at proprietary software became the Linux community's own worst enemy -- nobody wants to gamble a corporate future on fanatics, no matter how worthy their bible.

Why do journalists slather this "human community" BS on top of this very simple idea?

It's like they're trying to freak people out! How completely idiotic is that???!!!

Re:'Canada's national newspaper' !?!?!

[tricops]

Now now, very few Canadians actually hate Americans. Many joke, but few hate.

As an American living in Canada, I would agree that this is true. Of course it gets old being harassed about being American (fortunately I'm long past that stage now). Also, while few Canadians seem to outright hate Americans, I've run into enough of them that seem to think a large number of Americans are brainless idiots, as though Canada doesn't have its own share (and vice versa).

Frankly, I'm sick of the rivalry whether it be joking, real, or whatever. It goes both ways like anything else... :P

Re:Linux and Mac OS Inevitably Will be Virus Infec

[Laebshade]

Correction, I was full of crap. After relieving myself, I sat down at my desk to read the above crap.

but you offer absolutely no technical explanation as to how this mythical linux virus problem is going to occur.

I offer no technical explanation, because none was really needed. It wasn't a technical article. The "mythical linux virus problem" as you call it, I did explain how it was going to occur, though not to your high standards. No OS is completely secure. And it never will be. Did you even read my article completely, or do you have problems comprehending? From my article:

A lot of computer users are switching to Linux, and some companies, such as SuSE and Mandrake, are attempting to compete on a consumer level with Microsoft, by aiming to make an easy to install, configure, and use Linux distribution. It can be done, that much is apparent, but the real question is, should it be done? What do you think will happen when the majority of computer users aren't using Windows? Do you just think the virus writers will stop because they've completed their ultimate goal of putting down the big man Bill Gates, whom, according to this site, is already dead? Do you think they'll put their keyboards, assembly knowledge, and bookmarks for leading vulnerability sites' lists away and say, "Now that Windows is gone, I don't have to write any more viruses! No more trojans, no more spyware!"?

This is not FUD. This is inevitable. And you didn't RTFA obviously.

The age-old question...

Another article discusses whether Linux will become a target for viruses as its popularity grows.

This entire argument has gone stale. Over and over again, I keeep hearing this argument: "gee, if Linux was as popular as Windows, it would be exploited just as much!" or, perhaps more damagingly, "no matter how good the OS is, those stupid users will always compromise security by deliberately executing attachments."

I call bullshit! Let's look at Windows' recent record:
1. MSBlaster, arguably one of the most damaging in a long list of Windows vulnerabilties, was a "buffer overrun" problem. It only required a connection to the Internet, unprotected by a firewall, to corrupt Win NT, 2000, XP, or win server 2003 installations: no user intervention required!
2. Outlook is vulnerable to a long list of viruses, but it used to be that you had to click an attachment: no longer! Now, the latest versions of the Beagle/Bagle virus allow you to be infected by only selecting the email message; you don't even have to view it! Again, no stupid user intervention required!
3. IE, another Microsoft masterpiece vulnerable to a long list of viruses, has a vulnerability that makes it vulnerable to "drive-by" downloads such as the Xupiter toolbar. How long before a virus gets downloaded the same way? Again, no stupid user intervention required!

These are all stupid design mistakes; they have nothing to do with software bugs or intrinsic security errors or even stupid user intervention! They are all stupid, stupid design mistakes! I see no reason where these kinds of things would happen in a Linux environment where peer review would catch and kill these kind of grievous errors before they became code. No, I only see these kinds of errors where one man (call him King Gates) determines that these kind of things MUST be allowed to lock more users in and damn the potential security problems!

Mod me down if you must, but, damnit, the user is NOT at fault here; the only people at fault are the stupid designers of these grievous security holes!

Calgary leading the way again

[agraupe]

I think it is great, as a Calgarian, that our city is adopting Linux. I hope this extends to the f***ing school board! It's like hell, having to use Win2K or OSX when both are hobbled by paranoid-schitzophrenic techs! I guess I need a reminder why I hate windows so much... About the viruses: don't run as root! Quite simple, really. Anyone who does daily work as root DESERVES to get a virus, in my opinion.

Re:'Canada's national newspaper' !?!?!

[RobinH]

As an American living in Canada, I would agree that this is true. Of course it gets old being harassed about being American (fortunately I'm long past that stage now). Also, while few Canadians seem to outright hate Americans, I've run into enough of them that seem to think a large number of Americans are brainless idiots, as though Canada doesn't have its own share (and vice versa).

I live in Canada and work in the states. I'm in Mississippi right now. I FEEL YOUR PAIN. I'm pretty sick of even the nicest people, upon hearing where you're from, having to dump on you all the stupid and mostly untrue BS they've heard about your country, and what they think is wrong with it.

Frankly, I'm sick of the rivalry whether it be joking, real, or whatever.

Amen, brother. If you figure out how to make it stop, let me know.

It's a Mirage: Dinosaurs Don't Do Software

[Vagary]

From what I gather, Alberta has become business-oriented by slashing corporate and income tax rates (because the oil brings in basically enough money to run the province). Since Calgary has the second-highest number of company HQs in Canada (after Toronto), there are a fair number of tech people developing internally-used software and doing IT. Also, for reasons I'm unsure of, the University of Alberta has very strong Computer Science and Electrical Engineering Depts.

However, Alberta's per-capita spending on R&D is below all the other "have" provinces -- I'd guess because alcoholic politicians and oil tycoons don't care about science. Alberta also has very low venture capital activity (there's a reason the TSX Venture Exchange used to be in Vancouver). As a result, there are way less pure-software companies than Vancouver, Toronto, Montreal, and Ottawa.

Re:'Canada's national newspaper' !?!?!

[Sri+Lumpa]

"I live in Canada and work in the states. I'm in Mississippi right now. I FEEL YOUR PAIN. I'm pretty sick of even the nicest people, upon hearing where you're from, having to dump on you all the stupid and mostly untrue BS they've heard about your country, and what they think is wrong with it."

I'm a Frenchman living in England. How do you think *I* feel?

Re:'Canada's national newspaper' !?!?!

[RobinH]

I'm a Frenchman living in England. How do you think *I* feel?

I was an Anglophone in Quebec... that trumps yours anyday! :-)

So, when do we all start group therapy?

Quote left out

[sad_]

linux is aboot freedom, it is aboot choice, it's aboot...
excuse me, can you tell me what it is 'aboot' again?

Re:'Canada's national newspaper' !?!?!

[Sri+Lumpa]

"So, when do we all start group therapy?"

LOL.

I don't have any problem actually. Of course working with a mix of Spanish, Portuguese, Iraqui, Venezuelians and English (of course) helps smooth the differences.