Linux in Canada

Flxstr writes "Lots of Linux articles in Canada's national newspaper today, starting with Calgary switching from SUN Unix to Red Hat Linux. Another article discusses whether Linux will become a target for viruses as its popularity grows. This article mentions how Linux costs less, so more firms are becoming interested. Finally, an article discusses how pushes by major vendors such as IBM, HP, and others is speeding acceptance of Linux over other alternatives. Altogether, some good articles for any CIO's desk."

Linux, eh?

[strictnein]

Linux, eh?

What's that, a Pengiun? There ain't no penguins in Canada!

Re:Linux, eh?

[WormholeFiend]

We may not have native penguins, but we have polar bears and killer whales.

Eat your heart out, Antarctica.

Re:Linux, eh?

[irokitt]

Linux, eh?

Dude, that is like, so funny, 'cause there's like, no funny words in American speech, dude.

Re:Linux, eh?

[RLW]

If you think those are vicious then you should be really impressed: we have Republicans !

Run for your lives Cananda!

Re:Linux, eh?

[AKAImBatman]

Check my journal for the start of my "Linux Evaluation" series. I started this after someone asked me to publish the results of my personal Linux testing.

Here's the link

Re:Linux, eh?

[Directrix1]

The thing keeping Linux from running everything at my workplace is: * The prevalence of MS SQL in the workplace, a lot of proprietary systems use Jet (I guess out of pure ignorance of the alternatives) * The necessity for an open source Small Business Server (with A/R, and Sales Orders / Invoicing / Inventory) * The pain in the ass that is multiple packaging standards

Linux of course costs less

[ObviousGuy]

Canadian dollars cost less than American dollars.

Re:Linux of course costs less

We have higher turnouts for elections, less voter apathy and a greater social sense. Less crime, less intrusion of government into our private lives. If that makes us "socialist", I'm damn happy to be one.

Re:Linux of course costs less

[liquidsin]

Yeah, but that means that my linux license, after exchange, will end up costing me $927.74 CAD.

Re:Linux of course costs less

[RLW]

Today. With the slide of the US $ that many not be true tomorrow.

What I really want to know is does the localized version of Canadian Linux end all querries with , eh?
Also given Canadian law regarding the dual language requirements, since Linux is not a product for sale does it still have to support Canadian French?

Re:Linux of course costs less

[dolson]

You forgot: That Canada that burned the White House down in 1812!

Proprietary in one form or the other

[stecoop]

If they were serious about saving money why did they invest in Intel? Why not AMD to really make a statement about proprietary lines go with the IBM Power PC.

Re:Proprietary in one form or the other

[stecoop]

The IBM Power PC on slashdot didn't paste correctly IBM Power PC

Re:Proprietary in one form or the other

[pegr]

*cough* Nortel *cough*

Re:Proprietary in one form or the other

[barc0001]

Because it's usually enough work to get the PHBs to go for one (relative) unknown variable. Two is corporate suicide (for the IT guy) if anything goes wrong.

Viruses spread by stupidity not OS'es.

[Jason+Straight]

As we all really know viruses are spread by stupidity of users, not the OS'es, so Linux popularity on the desktop will be it's deciding factor to virus targeting.

As it becomes easier to use and more useful to dumbasses who still open attachments they aren't expecting, it will likely be targeted more by virus writers.

Re:Viruses spread by stupidity not OS'es.

[xarak]

Yeah, but The important question is : will the stupid user ruin everyone else's life? With Linux, I think, a lesser chance than Windoze.

Re:Viruses spread by stupidity not OS'es.

[sjgm]

Unless those stupid users are running everything as root, something that I can definitely see happening.

Re:Viruses spread by stupidity not OS'es.

[Jason+Straight]

Yeah, to some extent. I think the distro's and desktop makers are doing a good job making things like rpm and apt usable to non-root users through wrappers. For most people if they had to be root to install software all the time they'll just run as root all the time.

Many people will be confused by the security model of unix and run as root all the time so they don't have to su to traceroute, make install, etc...

Re:Viruses spread by stupidity not OS'es.

[noselasd]

I don't see that as a much lesser chance. My mail is filled with
virus mails, wether they come from windows or linux(root or non-root) users doesn't make much diffrence.

Re:Viruses spread by stupidity not OS'es.

[xarak]

Agreed, but that'll be on an @home basis. Companies will not allow this kind of behaviour, as the first thing any admin learns on Unix in general is to swallow the peice of paper the root password came on.

Long live the sudo in this respect, it simply eradicates the need for a more complex (and thoroughly unuseable in Windows case) privilege system. Maybe users will be able to install packages for personal use, but only using urpmi, pointed at a regulated rpm database,m legislated by the admin.

Re:Viruses spread by stupidity not OS'es.

[Coryoth]

As we all really know viruses are spread by stupidity of users, not the OS'es, so Linux popularity on the desktop will be it's deciding factor to virus targeting.

It's possible to secure against stupidity - well, not completely, but better than MS has. Given a decent SELinux install, and an email app written for it, running an email virus would get a nice dialog:

'Tis executable has attempted to access files "addressbook.xml" and ports "25, 3169" which it is not currently priviliged to access. Please run the executable under a different domain and role to execute it properly'

Sure, someone will be dumb enough to run it anyway, but that would put a second thought into the minds of many a dumb user.

Jedidiah.

Re:Viruses spread by stupidity not OS'es.

[xarak]

I'll send you my gran for you to explain a kernel recompile, and what use she'll be getting out of it while typing 2-3 letters and surfing for recipes.

Re:Viruses spread by stupidity not OS'es.

[sjgm]

Long live sudo indeed.

At work, a user has to have an incredibly good reason to have administrative access to his/her machine, though. Some companies have got it right, but others haven't.

Many companies have virus scanners on their incoming mail systems, however, which would hopefully take care of the worms coming from corporate networks.

Most of the worms that I receive come from DSL/Cable modem lines so I suspect that if Linux had a large enough install base among clueless users at home we might still end up with people logging on as root for everything and running random executable attachments (even jumping through hoops to do so...)

Re:Viruses spread by stupidity not OS'es.

[theNote]

This is problem you need to address differently than just SUing.

The idea of a username/password combo to protect resources is quickly becoming a thing of the past, as the trend to recognition of the individual continues.
I for one can't wait to do away with uname/password headaches.
For example, in a PKI/Smart Card/Biometric authentication system, your rights are based on who you are and not what uname/pass you have.

In this scenario, what are you going to do?
Impose some artificial barrier to privledge escalation?
Any attempt will become nothing more than a "Are you _sure_ you want to execute this?."
These kind of protections are already in windows, and users will inevitably click "yes".

Re:Viruses spread by stupidity not OS'es.

[advocate_one]

Kernel compiling??? yet another myth... I've been running Linux now on the desktop since 1999 and have yet to compile a kernel... there is no requirement at all for the vast majority of users to do this at all... The modular kernel supplied with your distro should fill all your needs... if not then you are one of a very small minority.

Re:Viruses spread by stupidity not OS'es.

[Ernest+P+Worrell]

Companies will not allow this kind of behaviour.
It's a fact ... installing linux will magically make all Network Admins and CIOs competent and know how to do their job well. Even non-IT people will instantly become smarter and more productive with Linux.

Re:Viruses spread by stupidity not OS'es.

[Jim_Maryland]

The issue behind the privileged user is that the rights should not be easily accessible to a users account. My login that I use for day to day work should not include privileges associated with a root or administrator role. I should have to intentionally have to switch to that role using mechanisms like sudo, su, runas, or actually logout/login as root or administrator.

The argument people make about users (particularly home users) running with privileged accounts is generally based on the fact that poorly written software (sometmes the fault of software, sometimes the OS features used by software) requires additional privileges or the user is just too inexperienced to know the dangers or running with the privileged account. This misconception must change for home users. Most UNIX/Linux admins in commercial environments probably take this for granted while Win32 adminstrators often have to bypass this for software reasons (some applications require the privileges so they are forced into this). For home users, maybe adding a message to the /etc/motd file stating that "running as the root account for general use is a bad thing" could change this practice.

Essentially, I don't see the su, sudo, runas mechanisms going away anytime soon.

Re:Viruses spread by stupidity not OS'es.

[pegr]

At work, a user has to have an incredibly good reason to have administrative access to his/her machine, though. Some companies have got it right, but others haven't.

I have yet to see a machine, regardless of OS, that I couldn't root within minutes, given physical access. So having your users not have root access on their local machines is just like the privacy lock on the bathroom door... It helps polite people stay polite but really doesn't keep anybody out who wants in...

Re:Viruses spread by stupidity not OS'es.

[Srin+Tuar]

Trust me, passwords are NEVER EVER going to go away.

Even sci-fi recognizes that.

A wildly optimistic sci-fi show such as star trek, which uses biometric identification with the computer for most things, still asks for a password to enable the self-destruct sequence.

Also, biometrics are a lot easier to steal than most people recognize. The problem is- once your biometric data is compromised, its kinda hard to change your auth tokens isnt it?

Re:Viruses spread by stupidity not OS'es.

Doesn't seem to be a problem on OS X. In fact root is disabled by default and plenty of people use Macs just fine.

Re:Viruses spread by stupidity not OS'es.

[Coryoth]

The LSM required for SELInux has been a patch to the 2.4 kernel, but it is now been folded into the 2.6 kernel, that means it is easier for distributions to carry it.

SELinux will be standard in Fedora Core 2.

As for tools - check out Tresys, they make tools for configuring SELinux policies. Likewise, the NSA provides a variety of userland tools set up to work with SElinux. If more people would start coding the the system it can only help. So, all you open source developers - get busy working on SELinux support.

Jedidiah.

Re:Viruses spread by stupidity not OS'es.

[slipstick]

This came up in a seperate article earlier in the week and I still don't see how Linux users could ever be affected by a supposed "exectable" sent in an e-mail.

As far as I know there are no linux e-mail apps that run a file automatically. Files have to be specifically marked as executable and I know of no way to do that within an e-mail. So you would have to be not just stupid but brain dead to save the attachment, mark it as executable, and than click on it before it could possibly have an affect. Someone that stupid can't be helped.

Bugs on the other hand are a seperate issue and not the fault of "stupid" users. Securing against these is the developer's business so maybe SELinux would help there?

Re:Viruses spread by stupidity not OS'es.

[theNote]

I'm not saying passwords are going away, just that switching contexts, passworded or not, is an artificial barrier.
In the end, the user (assuming a home user), does have the root rights, even if they have to type in 50 username/password combos.
This is why I called it an artificial barrier.
Any user who wants to run some attachment to an email that looks like its from their buddy will do it. At that point all the prompts and context switching just become an annoyance to the user, rather than a security mechanism.

Re:Viruses spread by stupidity not OS'es.

[slipstick]

No we don't know that.

Viruses are spread by the stupidity of developer's that code apps that run executable attachments automatically or by a single click.

There was a time when I could tell people in all seriousness that they COULDN'T be infected by a virus through e-mail. Than Outlook came along and all hell broke loose. Outlook is the most popular so I blame it's developers but it could be any e-mail app that automatically runs .bat,.exe,.com etc. files. How is that the user's fault! They shouldn't have been able to do this in the first place!

Bugs in code that allow specially crafted JPEG's or something to run are a seperate issue. Still the "fault" of developers but it can happen to anyone. This again is hardly the fault of stupid users.

I'm all in favor of calling users stupid when they are but it isn't their fault that MS ruined the e-mail experience.

Re:Viruses spread by stupidity not OS'es.

[Solosoft]

Microsoft has nipped these issues in SP2 Rc1.

You now have a "Security Center" which houses such things as your "automatic update", "firewall" and 3rd party anti-virus. These will constantly bug the fuck out of you untill you make them happy. (trust me I had to fuck around quite a bit to get it to shut up, I like doing my own updates). This should solve ALOT of these issues since "users" will be forced to run a Firewall and a Virus Scanner. It even makes sure it's upto date. This way the latest worm can hit you, all the Virus Companys release a patch boom ... most of the Windows XP SP2 users are safe.

It's finally come to the time when microsoft has to FORCE the user to do these simple chores. They tried asking, and bugging and everything and no one listens.

I for one am quite impressed with MS and there doing a really good job on that service pack

Windows XP SP2
If your intrested in checking it out it is quite impressive. Fixed alot of little problems SP1 never bothered to fix :/

Re:Viruses spread by stupidity not OS'es.

[Jason+Straight]

Ok, so the majority of them. And a majority of what isn't is still the stupidity of the users not doing their updates. Which will happen as much with linux, or more. People will go to linux with the illusion that it's more secure, and think they don't have to do updates.

Re:Viruses spread by stupidity not OS'es.

[Srin+Tuar]

>I'm not saying passwords are going away, just that
>switching contexts, passworded or not, is an
>artificial barrier.

Not necessarily- thats only true in a closed single-user world.

Remember: the user is not just the user, hes also all the other processes to whom he's delegated authority. In this case, the "artificial" barrier is quite real and useful.

Think of it this way: you may want to run a neat screen saver bob just emailed to you. You want it to be able to draw to the screen and make sound, but you dont want to let it open network connections or delete files from your disk.

You must delegate to it authority to your screen and sound.(you cant give it powers you dont possess). But you dont want to delegate to it ALL of your authority.

Thats where these little barriers come in.

Re:Viruses spread by stupidity not OS'es.

[Coryoth]

This should solve ALOT of these issues since "users" will be forced to run a Firewall and a Virus Scanner. It even makes sure it's upto date. This way the latest worm can hit you, all the Virus Companys release a patch boom ... most of the Windows XP SP2 users are safe.

Only if the patch spreads faster than the virus - and remember, the virus gets a head start (especially if it uses spam networks to get started as some of the previous efforts have).

Anti virus software is nice, and it certainly minimises the effects, but it is far from an answer to the problem. What is needed is a much more comprehensive system to seal off viruses. That's what SELinux and it's isolation and least privilege model helps provide. There is no comparison between it, and having slightly faster updates of your virus definition files.

Jedidiah.

Re:Viruses spread by stupidity not OS'es.

[Solosoft]

For sure it is not a long term solution. But one big enough to make some effect on the way they go. With the death of Windows 98 support and most people moving to XP this should solve some of the problems and hopefully slow down some of these virii. They also make it much harder meaning less "crappy" virii will float around

Atleast we can all hope so ...

Re:Viruses spread by stupidity not OS'es.

[Jason+Straight]

Still, 90% of the virus/trojan traffic is due to morons who open attachments or don't do updates. I mean, don't get me wrong I hate MS as much as the next guy, but I think us linux users might have our heads in the clouds if we think linux hasn't had many because it's so secure. It's only as secure as the dumbass behind the keyboard is what I'm getting at.

The computer has to trust the user to be useful, and if the user tells the computer to install software that's _exactly_ what it should do. Problem is when some dipshit decides to install a virus becuase it looks like an attachment from a friend.

I don't use windows myself for many reasons, some of them I consider security reasons, one of the most annoying of those security issues is IE browser hijacking, and spyware activex crap.

So sure MS is way more inviting than linux is for many reasons, but linux is far from immune from user stupidity.

Damn it all

[grub]

According to the Bank of Canada's website US$699 ~= CA$917.79

Re:Damn it all

[The+One+KEA]

http://www.xe.com/ucc says that US$699 is CAD$928.57.

I wonder which exchange rate Calgary would choose ;-)

Re:Damn it all

[B3ryllium]

Don't forget the 14.5% sales taxes (at least here in BC) ...

Re:Damn it all

[DR+SoB]

Or 15% here in Ontario, 12% in Quebec, 16% in Nova Scotia, or a whooping 18% in New Foundland.

Re:Damn it all

[grub]

7% PST and 7% GST here in Manitoba, eh?

Any wpg.mb.ca /.'s want to get out for beers this long weekend? Mail me!

Re:Damn it all

[Feyr]

15% in quebec

Re:Damn it all

[kbahey]

But PBS takes my Canadian dollar at par.

Can't we convince SCO to do the same and take 699$Cdn as well?

Re:Damn it all

[Noren]

Just the 7% GST sales is applicable in Alberta to the general public.

But GST does not apply at all to the government of the City of Calgary, as the current interpretation of the Canadian Consitution forbids one "order of government" from taxing another.

A more favourable environment for Linux

In my opinion, Canada is definitely a more favourable environment for Linux. Partly because of less Microsoft influence spreading FUD about it, and partly because they don't develop laws designed specifically to stifle technology like the DMCA and the Patriot act.
I used to be proud to be an American because of our technological culture ... I'm not proud any more :(

Re:A more favourable environment for Linux

[Frymaster]

they don't develop laws designed specifically to stifle technology like the DMCA and the Patriot act.

or the encryption/munitions legislation... why do you think the openbsd team resides in canada? (calgary in fact... i can see theo's house from my office window right now :))

Re:A more favourable environment for Linux

[Ubergrendle]

Microsoft is up here and is just as aggressive in corporate centres as in the US. However, Canada's national government has slightly different objectives than the US government or businesses, and that is a huge opportunity for Linux.

First off, for national defense or other confidential government affairs, linux would be the logical way to go -- its completely open source. The government could hire a Canadian company to customise and secure a linux kernel for specialised functions. If Canada buys Windows, however, there's no guarantees about security, and lets be honest...I find it perfectly reasonable to assume that there's a nudge-nudge/wink-wink backdoor in microsoft products for the NSA or CIA to leverage if necessary.

The other issue is languages. French isn't very popular in the US, but about 20% of our population speaks it and we're officially a bilingual country. We also have a whole territory (e.g. think 'province-lite') that is native speaking (Nunavut). When Windows 2000 came out here, the French version was several months behind...and it was more Parisienne French instead of Quebecois French, which was what was promised.

Finally, I think there's huge savings to get off the 'upgrade now' software assurance lifecycle. For government terminal functions (e.g. get a new driver's license) baseline it, secure it, and let it run for 10 years. No need to refresh you hardware and software every 3 years. Hell, refresh every 5 years and you've increased your equity by 40%.

Re:A more favourable environment for Linux

[Sepper]

and it was more Parisienne French instead of Quebecois French, which was what was promised.

So true... don't know how much time I lost because the french Windows install default to AZERTY instead of QWERTY keyboard...

"Dammit, Where was the 'M' Key again?"

The devil is in the details

Re:A more favourable environment for Linux

Hold on, now.

The article says Canada is replacing Sun Microsystem with Linux, not Microsoft.

So the 'financially backed' commercial Unix vendor is being eviscerated, not Microsoft.

Why nobody has mentioned this is beyond me.

Re:A more favourable environment for Linux

[ArsonSmith]

Ack!! A MicroSoft spy!!!!!!! Theo look out.

Re:A more favourable environment for Linux

[Ubergrendle]

Becuase we're bilingual, Canada insists all federal based systems, documentation, etc etc be included in both French and English. Its a necessity to win Federal contracts. And there *is* a formal recongised Canadian French version, similar to Internation English or UK English vs US English.

Don't confuse regional dialect with formal language. I can find you some southern US drawls or english cockney that you would never understand!

PS In general, Parissiene French have a very demeaning attitude towards the colonial french. I'm sure the differences were exaggerated as a matter of social convention.

Re:A more favourable environment for Linux

[LqqkOut]

and partly because they don't develop laws designed specifically to stifle technology like the DMCA and the Patriot act.

As I see it, those laws are greatly decreasing the chances of my PDA bursting into flames!!

Re:A more favourable environment for Linux

[tsmithnj]

You shame yourself by basing pride in your country solely on technological culture.

Re:A more favourable environment for Linux

[jhoffoss]

I'd find that a little scary if I were Theo.

Re:A more favourable environment for Linux

[yanos]

When Windows 2000 came out here, the French version was several months behind...and it was more Parisienne French instead of Quebecois French, which was what was promised.

But what is the difference with linux here? As far as I know, kde-francophone consist mostly of French people (from France) and the translation of the 2 months old kde 3.2 is not finished yet.

Re:A more favourable environment for Linux

[Bilange]

When Windows 2000 came out here, the French version was several months behind...and it was more Parisienne French instead of Quebecois French

What was wrong with that? I was able to understand it, and im not aware of anyone having troubles reading W2k's french messages/UI.

Re:A more favourable environment for Linux

[YetAnotherDave]

I think theo finds lots of things scary - and I like that in a guy who writes OS code :)

Re:A more favourable environment for Linux

[jhoffoss]

I'll second that!

More viruses for Linux?

[MBAFK]

Even if this is teh case I think the bigger problem will be when we have more Joe Blogs users who surf the internet as root. I see a lot of n00bs doing it and we always try and talk them round.

Even with the distro installers creating a normal acount its still worryinglt common. Run as root and you are more likely to be pwned in a nasty way.

Re:More viruses for Linux?

[dema]

It will be interesting to see what happens as(if?) linux gains enough popularity. The distro installers will create a standard account for the user and allow them to set a root password. But I think the difference will come in that the default accounts usually aren't admin-level, unlike Windows. If you asked the average Joe Sixpack Windows user if his account has admin privelages, he'll likely just stare at you in confusion.

Re:More viruses for Linux?

[advocate_one]

oh fer heck's sake can we ditch this "run as root" crap...

No modern distro (Suse 9, Mandrake 10 etc.) lets you run as root now. They specifically exclude root from the login screen and even if you do manage to achieve root login, your menu and desktop options are severely restricted to maintenance tasks only.

you really have to be extremely determined to browse the net and do your email as root these days...

Re:More viruses for Linux?

[d^2b]

Maybe mozilla should refuse to run as root unless the user jumps through some hoops. It seems like the global benefits would outweigh the minor inconvenience. Oh, of course any ideas about "run application X" as root first to set up some preferences would result in well deserved headaches for the developers :-)

Re:More viruses for Linux?

[denis-The-menace]

-Joe users like that will be HOME users.
-Joe users in a business will not be allowed to SU to Root, never mind login as root.

In windows, the "assumed-default user level" is Admin. "Restricted user" level (aka User-level) is still a big after thought for 90% of Developers. Businesses have just begun using "Restricted user".

In Unix/Linux, the "assumed-default user level" is User. This has been the case for 20+ years!

Re:More viruses for Linux?

[ingenuus]

Protecting root is important in the "root = god" security paradigm, but even in the best case (perfect implementation and no local root exploits), that only protects the bulk operating system and none of the user's programs or files. Worms can still propagate. Viruses can still copy or destroy all the user's precious data.

Using a separate user account for all internet usage and app testing would help, and in fact, taken to an extreme leads to SELinux and its kin which provide for complex access controls based upon combinations of programs, users, and resources. Fedora seems to be going in that direction and, as a result, might become my default OS if it makes managing applications hassle-free -- by pre-determining the proper ACLs for common applications, securely distributing them, and by providing tools for quick context-sensitive ACL management.

For a while, Microsoft was investigating similar security measures such as Argus Pitbull, but alas, it appears that they make more money with insecure systems.

/me blushes.

[benow]

Not only is the city now run on linux, but the Light Rail Transit system is powered by wind power. Go Calgary (about time they did something to balance all the non-renewable promotion coming from this town). Now, they just need to move the University away from Sun.

A (Mostly) Proud Calgarian.

Re:/me blushes.

[Craig+Davison]

Last time I was at the university labs (1999), the numbers of Suns were shrinking (all the old Sparcstation 2s were moved out), and huge numbers of PCs running Windows NT 4 and a custom version of Redhat 6 were put in.

I think all the terminals were gone too, to make room for PCs. I actually enjoyed working on the VT220s, using screen and vi. Talking to my peers, however, I was in the minority.

AFAIK the backend servers are still Sun hardware (Sun still does NFS best!). And those rooms with the Sparcstation 5 & 10s still had 4' high Sun logos on the wall when I left.

Re:/me blushes.

[74nova]

that is indeed very cool news on all parts. wind power, eh? (no joke intended, i use that "eh" myself)

my question lies with avoiding sun. to me, they represent extremely reliable, however overpriced, machines with good operating systems. im not terribly sold on solaris, i think linux could do as well on the hardware, but i think the sparc hardware is of superior quality and design. our older ultras around here do way more than an x86 from the same era could. obviously i am still in school, so i am biased, but its an honest question. what are your reasons for wanting to avoid sun? again, its an honest question, i want to know the points against sun, specifically hardware and their software.

Re:/me blushes.

[slackerboy]

I just had this vision of all of these trains with big sails on top of them...

Still, it's always good to here that some cities are realizing the importance of renewable energy.

Re:/me blushes.

[benow]

Well, a couple: price/performance and service mentality.

- Sun boxes are better built, and more expensive. For most tasks, PCs running linux are the better choice. For the rare others (datacenters, highend workstations (arguably), big number crunching), they may be a better choice, tho there's less and less reasons for using them. Also, support is not cheap.

- The service mentality is a different issue... one shared by most of the large vendors (m$, oracle, etc). An open (software) platform breaks the service mentality of one way distribution, shifting the focus from a 'user' to a 'participant', even if only at a small level. The 'participant' is encouraged to have a fuller understanding of the system they use, and can contribute directly back into the system, if so desired. Doing similar with any closed, 'push-based' OS is more difficult, if impossible.

Don't get me wrong, generic pc hardware is just that, generic. It may not perform as well as a more refined solution, but it's cheap and quite hackable. Often, the free support of the community is quite good, too.

Andy

Re:/me blushes.

The nice thing for Microsoft is that if they can get all the institutions to scuttle the Sun hardware, they are one step closer. All they then have to do is convince management to put the Windows CD in the drive of all those 'linux' systems.

It's a win-win situation for the institutions. They can 'try' linux and wipe it if/when it doesn't work out. And not be stuck in Unix.

Re:/me blushes.

[ispepalocacoc]

It looks as though the cpsc department at the UofC is considering using fedora. The IT department is using Redhat AS 3, and they are also replacing their aix cluster with a linux one. Some engineering labs are also running some version of Redhat (I'm not allowed into those to see).

Besides in CPSC, I doubt SUN will be around here much longer....

Re:/me blushes.

[benow]

Mmm, yeah, the wind project stands out. There's been remarkably little R&D put into the energy sector (I read 1% somewhere). The wind project is a fine example of progress. A great match for the windy Alberta plains. More info on the wind field can be had here. Actually, half of the energy for my boxen comes from green sources.

<bile>
Calgary does have it's share of earth blood on it's hands, however. There are far too many single passanger lifeless bimbo's driving Cadillac Escalades for the commute to their new white picket fenced house on the edge of the city, of which there are more being built all the time. (Calgary is largest city by area in the world, yet has <1M people). If the town needs anything, it's a sense of responsibility for it's environmental misdirection. That being said, the engineers of the earthbound carbon consuming behemoths are unworthy their skin.
</bile>

Andy

Re:/me blushes.

[uberdave]

What they do is have propellers on the front of them. As they move, the propellers spin in the air. This in turn drives a generator, and the power is supplied to the drive motors. The newer ones have air scoops to improve efficiency.

Re:/me blushes.

[benow]

Sun did convince the UofC to move their labs to solaris on Sun hardware a few years ago. Threw in a great deal (eager to strengthen relations with the school from which sprung James Gosling, engineer of java). Financially and technologically, Sun is now not the best way to go... linux is cheaper, and, a global effort of the self interested in an open environment. Any closed system has a hard time competing with that. Also, the sysadmins are not dumb. Solaris is a good (if closed) OS and Sun make good (if overpriced) hardware. Running an MS OS in the labs makes very little sense technologically, and moving to an MS OS from Linux, even less.

Re:/me blushes.

[billnad]

To sum up the wind power. No, we do not have sails on our rapid transit, there is a sub sect of our power company Enmax called Greenmax or something and in a windy area south of Calgary there are hundreds of big windmills generating electricity.

Is this very common anywhere else?

Re:/me blushes.

[handslikesnakes]

Wind power? In Cowtown?
I'm kind of ashamed now. Deadmonton's LRT is a creaky 30 year old thing.

Re:/me blushes.

[Craig+Davison]

So the Linux boxes are gone? I remember them being Pentium 233s, so they could be considered obsolete at this point.
I remember some DOS boxes for 455. Are these the same machines, or new?

Re:/me blushes.

[felis_panthera]

Mount Royal College is already running Linux, and switching over to RedHat over the summer break...

Re:/me blushes.

[retinaburn]

Away from Sun Brrrr won't it get even colder here. What am I talkin about the Big Smoke is warm, and we are the only part of the country that matters ;)

"Canada's national newspaper?"

[handslikesnakes]

We have more than one, you know.

Re:"Canada's national newspaper?"

[saforrest]

We have more than one, you know.

I'm guessing the poster is from Toronto.

Re:"Canada's national newspaper?"

[saforrest]

Nice try, but the National Post is owned by Izzie Asper's Winnipeg based "CanWest" outfit.

What are you talking about? Sure, CanWest-Global is Winnipeg-based, but the mention of "Canada's national newspaper" in the the article was clearly referred to the Globe and Mail, since it linked to the Globe in multiple places.

Re:"Canada's national newspaper?"

[peter_gzowski]

I'm guessing the poster is from Toronto.

Maybe not. It could be Conrad Black.

Re:"Canada's national newspaper?"

[AndroidCat]

Calling the Globe and Mail "Canada's national newspaper" is very amusing to the rest of Canada. More properly, it's Toronto's national newspaper.

Re:"Canada's national newspaper?"

[imarsman]

Hmm. Just heard the term "our national newspaper" used this morning on the radio here in Victoria, BC in an interview with someone from Washington state. Can't say that I knew if the interviewer was referring to the Globe or National Post.

There's just as much ignorance and navel gazing here in BC (on the west coast) as in Ontario. The difference is that people out here often speak dirisively of people from Ontario while people from Ontario speak well of BC and usually wish they could live here. I've lived in both places.

Re:"Canada's national newspaper?"

[davecb]

handslikesnakes wrote We have more than one, you know.

Really? Were you thinking of the National Examiner^b^b^b^b^b^b^b^b Post, then?

--dave
[For those who don't know about the newspapers up here, the Post made a valiant attempt to outcompete the Globe. Alas, their accuracy was a bit low and their tendancy to spin a bit high, so they get teased a bit about that]

Re:"Canada's national newspaper?"

[bug-eyed+monster]

Heheh, amen. I grew up in Ontario and live in Vancouver now and I totally agree with you. I have half a mind to start a campaign asking for the

Re:"Canada's national newspaper?"

[bug-eyed+monster]

Oops, gotta stop posting drunk... Anyway, yeah people here seem to have a pathological hatred for Ottawa, and they think Ontarians hate them too, but it's not really the case. Weird world.

PLEASE...

Will someone please tell these morons that the underlying architecture of *nix based OS's with their permission structures, and the need for admin passwords to do any system level changes, make them MUCH harder to write a serious virus for. SCREAM it if they don't hear you. I'm really starting to get tired of this crap.

Re:PLEASE...

[ShadowRage]

I think this is a funny one.

someone's trying to talk from a virus writer's POV

Re:PLEASE...

[13Echo]

There is a difference. It actually works on UNIX and Linux. WINNT's methods of operating as a standard user are a pain in the ass, and you often have to log out and log back in to perform the most simple of tasks.

You almost HAVE to run as Admin on Windows to operate without a snag in the even of a simple system tweak. Shoot - you can even adjust power management as a standard user.

Re:PLEASE...

[RAMMS+EIN]

Sorry if I sound harsh, but you are very wrong.

1) A basic virus doesn't need root permissions. It can wipe out _your_ files (which are the most precious files on the system - you can get the system files by reinstalling). It can sit in your crontab and periodically try to spread. It can write your .profile and launch itself every time you log in.

2) Do you install software? Does that mean you run an install script (directly or through a package manager) as root? Have you checked the script code for virii? Would you expect an average user to?

3) Certain bugs allow privilige escalation (a process that runs as a normal or non-priviliged user gets root permissions). After that, the virus can do anything it likes.

4) Bugs in processes that run as root (suid root programs, many daemons, the kernel) can be exploited (sometimes remotely and/or automatically) to gain root priviliges. Or, generally, the user and group the process runs as; it's bad enough if someone takes control of your mail system, even if they can't access the rest.

I'm sure I have omitted things here, but I think you get the message. Linux (or any UNIX-derivate) is not as secure as some would have you believe. Not even the design is very secure, nor is its design more secure than Windows's, but I'll leave that to somebody else to point out.

Re:PLEASE...

[AndroidCat]

How about something as simple as script file or executable owned by root, but writable by anyone? Change the contents, and the next time it gets used by a priviliged user, UR 0w3n3d!

Files like that should be rare, but have you done a full security audit to make sure none exist? Never underestimate what sneaky software can do once it gets a foothold.

Re:PLEASE...

[Louis+Guerin]

You're not wrong.

But I think the most important weapon in *nix's arsenal in the upcoming war against worms, viruses, trojans and whatall, is the community. A community which designs multiple apps for the same task (diversity), sticks to security-focussed design principles (priorities), and will work to update a vulnerable piece of software winthin hours of a vulnerability's emergence. Linux, particularly, is a very competitive market; much more so than any other segment of the OS industry. There are many distributions, including many commercial distributions, with what amount to very similar products, all vying for marketshare.

First, the code is strong and well-audited, and runs on a more secure base. Second, the diversity of *nix environments will slow the advance of any given exploit, and buy the community valuable time to fix the holes as and when they appear. Third, if they know what's good for them, the commercial *nix distributions will be absolutely GAGGING for an opportunity to provide better support than their rivals, because that and marketing is all that really separates them. This will mean R&D money being funneled into projects like OpenBSD (from which numerous security standards have come to the "softer" *nices), Spamassassin, ClamAV, Debian-Security, SELinux and so on. This can only be a good thing.

Seriously, it's just about a new way of thinking about the issue. Not to say that nobody will get burnt - any war has casualties - but *nix is far better situated to defend itself in this war than any previous system has been. I'm cautious, but I'm not worried.

L

Less monoculture

[Coryoth]

Windows is also more standardized than Linux, Mr. Friedrichs says. There are a number of distributions of Linux from different vendors, with differences significant enough that a virus or worm designed for one won't necessarily have the same effect on all the others. That fragmentation is a good thing when it comes to discouraging virus writers who want their work to have the maximum impact.

There's another advantage that they don't mention. Linux plays nicely with the BSDs, Solaris, OS X, and most other operating systems, so it really is easier to have a diverse environment - not just diverse distributions, but diverse operating systems and architectures.

Yes, Windows will work okay on a heterogenous network, but it doesn't really like it much. Compared to the shared UNIX foundations of Linux, OS X and BSD it is much easier to have all of them happily running side by side on the network sharing resources. Linux or Solaris workstations for the research division, Macs for the designers, Linux and/or BSD for the servers, developers get to choose their platform... and maybe even a nice pretty GNOME or KDE desktop for the paper pushers.

Jedidiah.

Re:Less monoculture

[I+confirm+I'm+not+a]

Linux plays nicely with the BSDs, Solaris, OS X, and most other operating systems

I was off work, ill, and working from home (I'm a web-developer - SunONE-ASP on Raq boxes) and needed my girlfriend's XP laptop to talk to my server. Normally that's no problem - server runs Samba. But I didn't have SunONE ASP, so I had to use Microsoft IIS ASP (the server's dual-boot). Could I get a Windows XP laptop to talk to a Windows 2000 server? Could I hell! Now I accept I'm not the most capable Windows admin, but c'mon! How hard can it be!

Moral: Linux plays nice with other operating systems. Windows barely gets along with earlier versions of Windows.

Re:Less monoculture

[xutopia]

you don't get it. Microsoft makes sure that viruses work between Windows versions, not essential business programs.

Re:Less monoculture

[GileadGreene]

There's another advantage that they don't mention. Linux plays nicely with the BSDs, Solaris, OS X, and most other operating systems, so it really is easier to have a diverse environment - not just diverse distributions, but diverse operating systems and architectures.

True. That's a function of having open standards at the interface level. Standards that Windows is just as welcome to make use of - they just choose not to.

The idea of homogeneous interface specifications and heterogeneous implementations is a good one, and does provide a level of diversity that can limit the impact of viruses preying on implementation-level vulnerabilities. However, we can't let that slightly higher level of security breed complacence. It is entirely possible that interface-level vulnerabilities could bring every compliant implementation down (which is a good argument for more careful design and auditing of interface standards).

Re:Less monoculture

[I+confirm+I'm+not+a]

It's a development server, at home. I have better things to do with money/tech than devote it to work.

...but yes, I am an idiot.

virus-targeting, and the cause of the problem

[perlchild]

About those viruses becoming more prevalent...
Can someone balance that FUD with equivalent numbers from MacOS X?? It's a lot more popular than Linux, and both haven't been plagued with viruses(yet) in widely publicised numbers.
The bit about multi-user was nice, but user-education about the benefits of proper privilege separation is very low, and needs to be addressed by those people who think changing OSes is a solution to the social problem of viruses. Of course, a lot of CIOs would rather use viruses to justify spending half a mil to change servers, than 10000$ on training... Even on equivalent returns...
That's also a social factor.

Re:virus-targeting, and the cause of the problem

[Mr.+Flibble]

Perhaps it is beginning to start?

there is so! :D

[Bajanman]

live feed even! http://www.montrealcam.com/en-biodome.html

linux in canadian universities...

[Lord+Haha]

I goto SMU and I know that we (as in cs faculty) have been slowly getting the univeristy aquianted with the whole open source ideas. Problem is there are still many people to educated, the in house tech support peeps still havn't fully grasped the whole idea I don't use Windblows and manage to be able to figure out how to map a network drive without logging 1st into the NT network and using all the XP "special" login scripts...

Re:linux in canadian universities...

[sewagemaster]

for me it's the other way around. i went to mcgill for my undergrad and doing my masters at concordia now. last year 90% of the computers ran *nix. it was until recently - last semester that they switched all the linux machines to dual boot - redhat/winxp.

The general undergraduate population are Microsoft peons, but the proportion of Linux users increases as you move to higher percentiles grade-wise. Also, I've been told that most undergraduates drink heavily.

as for the students, you're completely right about them being m$ peons. but it's not just the undergrad students now. it's the same with grad folks at BOTH universities (i know people from both schools). maybe it's because these are the same folks that wouldnt have gone into grad schools should the bubble never had burst?

at mcgill, that redhat room in the Trottier is always empty. all these computers with 18" LCDs just sitting in the room and not being used. you even notice there's a lot less greese on these keyboards....

about the professors, i've had an interview the prof 2 years ago with the TSP lab at mcgill for a summer job. i was clear from my resume that my previous work experience was coding in *nix... for whatever reason he didnt seem too happy hearing that i didnt use M$ visual C++.

the sysadmins at concordia are much better than ones at mcgill. other than carl and steven at mcgill, none of the other ones know anything about unix. the grad computers arent managed properly, and you have a whole bunch of students downloading and running warez on their computers. one of them actually got a threat letter from the MPAA for downloading gigs of movies last year....

Re:It's an awk!

[saforrest]

Actually, Brian Kernighan, the K in 'AWK' and 'K&R', is Canadian. Or at least he was born here.

However, he's been in the States long enough to mispronounce the last letter of the alphabet.

Re:'Canada's national newspaper' !?!?!

[B3ryllium]

Now now, very few Canadians actually hate Americans. Many joke, but few hate.

Not only do we have more than one newspaper, we are also proud to announce that we have more than one telephone, as well as more than one automobile!

Viruses on Linux? Yeah, right.

[Tuxedo+Jack]

It takes user stupidity to infect a Linux box with a virus, namely because you _don't run as root_ unless it's necessary (su, please) and no code is therefore fully trusted. Therefore, it takes an idiot running as root, _multiple_ steps thanks to the encrypted archive files), and a Linux port of a virus to infect a Linux box.

With Windows, it's open, input password, extract, run. Wow. You're boned. Simple, ain't it?

Linux is secure simply because no one runs as root for daily work. Those who do are either idiots or have _really_ strong bowels.

Re:Viruses on Linux? Yeah, right.

[asmellysock]

Why does a virus/worm need to run as root? It can run as the current user and do anything he could do, including deleting or modifying his files, emailing itself, etc. It might have trouble setting itself up as a server, or continuing to run after the user logs out.

Re:Viruses on Linux? Yeah, right.

[hendridm]

Who says Linux users aren't running as root? I've seen plenty of companies where the Windows user logs in Administrator because someone was too lazy to set it up the right way. I could equally see a "consultant" setting up a small business with Linux boxes and giving root priveleges to minimize user-perceived problems. I can also imagine a lot of users out there who buy SuSE or Fedora from their local book store, install it, and just use the root account because it worked when they tried it...

Re:Viruses on Linux? Yeah, right.

[Lord+of+Ironhand]

As already pointed out in this thread, the most important data to most people (the homedir) can already be deleted by programs (viruses?) running as that user.

There's something else that does help though: for a file to be executed under Linux, it has to have the executable access permission set, which is normally not the case when you download/save a file from a browser or e-mail program. As long as mail programs take very good care not to execute things, this means we're pretty safe after all.

But it would still really help to have more fine-grained access control such as provided by SELinux, Systrace and LIDS.

Re:Viruses on Linux? Yeah, right.

[rikkus-x]

Rubbish. You don't need root access to 'infect' a Linux box. It would be very easy to write a virus which deletes all the user's files, sends itself to everyone in their addressbook, listens on a port, joins in DDoS, etc. All without root access.

The main difficulty faced by someone writing a virus for Linux is getting someone to run it in the first place. It's pretty hard to persuade a KMail user, for example, to execute a virus. They have to save an attachment and give it execute permission first.

Rik

Re:Viruses on Linux? Yeah, right.

[Mordaximus]

Erm, believe it or not, there are a few people in the world who run Windows day to day with user accounts, and switch to administrator to do installations, etc.

The kind of user that gives his account admin privs under windows is the same user who would run as root on a linux box, because they don't know any better or they really don't care. These individuals will never be protected by any operating system.

PS. I believe Lindows runs as root by default.

Re:Viruses on Linux? Yeah, right.

[mritunjai]

Viruses ?? Say "worms".

Given that majority of "mal-ware" in past few months was "worm-ware", it is not a very alien thought for any other OS.

Worms rely on social engineering and tricking unsuspecting users into running them. Few points to note on what worms do-

1. Open an Open Relay on port xyz
2. DDoS
3. Key logger
4. Act as Backdoor/Trojan

Mind that, NONE of these activities "need" root priviledges... and a worm that can open a backdoor hole so that you can later be exploited through any N number of local root exploits is equally harmful.

Now, only things that stands between malware-writers and a compromised box are-

1. The human in charge of the box (aka User)
2. Well designed software

EMailing a worm-script to a *nix user doesn't work right now because majority of email clients on *nix do not make a file executable while saving it to disk... so even if the user is tricked into accepting that file, he/she cannot just click it and run it (which is from another point BTW, another "usability" issue too!!)... they need to

1. Save it
2. Find their way through command prompt/file browser to the file
3. execute command "chmod +x blah", or right-click the file, select properties and check the "executable" box
4. execute command "./blah" or click on the file.

Thats just TOO many steps and even the most gullible people will give up way before that and hit "open" just to see that binary file being opened in vi/vim/emacs/Kedit/Gedit etc with lots of funny characters.

So, its the very user-unfriendly nature of *nix that stands between the malware-writers and their zombie machines.

Re:Viruses on Linux? Yeah, right.

[GoRK]

It pretty well takes user stupidity to infect yourself on windows these days, too, though. It's not that there aren't any security holes in the OS or Outlook/Outlook Express that virus writers have exploited, but most of the problem is still technically the 'trojan-horses' that people run unknowingly.

Re:Viruses on Linux? Yeah, right.

[slipstick]

Huh? How is a tarball executable? or is that not what you meant?

Why not Open BSD

[Offspring22]

Theo lives in Calgary, so why not support the local boy :) Another Calgarian

Something is wrong here

[mkro]

From the "virus" article:

Alec Taylor, senior manager of platform strategy at Microsoft Canada Co. in Mississauga, agrees Linux is likely to get more of the kind of unwanted attention Windows has had from virus writers. "It's a challenge that we all face and we're all targets in the software industry," Mr. Taylor says.

... and that was it. That is the end of the Microsoft quote. Wtf? No mention of communism? No "Yeah, but the TCO of a virus attack is larger on Linux"? I'm speechless. Mr Taylor can probably expect a phonecall from Mr. Balmer tonight.

Re:'Canada's national newspaper' !?!?!

[AssCork]

Cool. When did Steve get a car?

Real World Linux offers discounted LPIC exams..but

[darthcamaro]

The main reason why the Globe and Mail, ran these articles is because the Real World LInux show (www.realworldlinux.com) starts next week.
The Linux Professional Institute (LPI) is offering discounted LPIC exam certifications at the event, BUT here's the CATCH.
They're offering the exams at the same time the Keynote Speaches are being delivered...I guess the braniacs at LPI figured that tech's are a bunch of 'properller-heads' and won't understand the business of Linux...
I think I'm just gonna get an RHCT and screw the LPIC.

Not in the online edition ...

[LoFat+ByLine]

... but in the print: a full page infomercial from M$ consisting entirely of:

a) Anecdotes about random Canadian companies that still prefer Microsoft products.

b) a big TCO diagram pulled from an IDC study "conducted for Microsoft."

Clever Microsoft, focussing on their core business market:
CIOs with no critical thinking skills ...

Mayo!

[Knight+Thrasher]

Linux takes in Canada. Microsoft says 'Eh?' RIAA continues to cry over inability to force ISPs in Canada to release the names of folks running linux servers that utilize file sharing apps.

Re:Mayo!

[BHearsum]

Erm, s/RIAA/SOCAN/

Re:Mayo!

[tb3]

Erm, s/RIAA/CRIA/
SOCAN is the artists' association.

What about viruses?

[bersl2]

Another article discusses whether Linux will become a target for viruses as its popularity grows.

I say bring it on.

Linux systems might be vulnerable to root exploits (as are all things on a network), but I want to see how well we would do against viruses.

As we've all seen, Windows systems are very vulnerable to fire-and-forget attacks, which pick up momentum as they infect. I want to see how well an automated attack can propagate itself against Linux.

Advanced IT

[andawyr]

A few years ago (10?) the Alberta government started to move the primary focus of Alberta business away from the Oil patch. At that point in time, Alberta was sort of a one-trick pony - most of the head offices for the Oil industry were here (and situated in Calgary), with a large number of the smaller businesses supporting the larger (fewer) oil companies.

If the Oil economy went down, so did the rest of Alberta. Bad.

Over the past 10 years, business diversity has increased a tremendous amount; the oil industry is still a large part of our economy, but not so large that we'd be hammered to death if the price of oil dropped substantially. It would hurt, but much less than it would have 10 years ago.

Part of the reason for this success is the high level of technology in this province. Calgary especially is very high tech, and this latest story just enforces that point. Businesses tend to move fairly quickly here, and are able to take advantages of the benefits of newer technology.

Through the use of and research into technology, Calgary is both a very good place to work and live.

Re:Advanced IT

[swordgeek]

I disagree.

Oh yes, Calgary is certainly a good place to live and work. There certainly IS high tech here in spades.

But have we achieved the lofty goal of a diverse economy? Not hardly!

Why is there high tech in Calgary? To support the oil companies. Who buys computers in Calgary? The oil companies. Who supports the arts, sports, and culture in Calgary? The oil companies.

Look at our venues: The Pengrowth Saddledome, The Epcor centre for the performing arts, Talisman centre, and so on. Look at the consumers of computer cycles in town: Big oil companies doing geophysical mapping.

Calgary is full of businesses that aren't gas and oil, but most of them would crumble without the G&O industry feeding them.

As for the rest of the province, the second industry behind oil is agriculture, and for the last decade or so, has absolutely tanked. Edmonton is probably the best off right now, because of the numerous biotech spinoffs from the University of Alberta.

Nonetheless, we are still a HEAVILY oil-dependent province, despite what our government likes to claim. If oil drops down to $18/barrel again for an extended period, we'll be fighting with the maritimes for the title of poorest location in Canada.

Dancing Dog? :-(

[danZenie]

" Linux was like the dancing dog -- it's not about how well it does, it's that it does it at all."

that is very disrespectful. how about a dancing penguin?

We may be ahead of the curve on this...

[Eric+Damron]

"Another article discusses whether Linux will become a target for viruses as its popularity grows."

Yes, it will and distros like Lindows that run the default user as root had better get their act together. Poor judgement calls like that could make Linux the next security joke right behind Microsoft.

I just installed Mandrake 10.0 and noticed that it offers an open source anti-virus product called "CLAM." According to the docs this product will automatically update its virus definition files. So assuming that these files are kept current we may be way ahead of the curve on this.

Re:We may be ahead of the curve on this...

I just installed Mandrake 10.0 and noticed that it offers an open source anti-virus product called "CLAM." [...] So assuming that these files are kept current we may be way ahead of the curve on this.

The only trouble is, because there are no viruses for Linux in the wild, we don't have virus scanners for them. ClamAV is a scanner for Windows viruses. I use it to keep our mailserver from filling up with Windows viruses, even though it's a FreeBSD server and we only use Linux and MacOSX clients.

Re:We may be ahead of the curve on this...

[advocate_one]

oh no... not the Lindows runs as root crap again... please, that is just so untrue... if anything does run as root out of the box these days it's XP Home Edition as an OEM install... and the vast majority of users don't even realise it either or that they should set a password for their admin account either...

Re:We may be ahead of the curve on this...

[Eric+Damron]

I think there are a few viruses for Linux but they can't do much if you don't run as root.

Anyway, I agree that ClamAV is mostly for file/mail servers that are on a network with Windows boxes. However, as viruses do appear for Linux ClamAV will be able to detect them.

Re:We may be ahead of the curve on this...

[Eric+Damron]

Really? Well I won't be dogmatic about it. I never have run Lindows but that is what I have read. It would be great if I were wrong about this but I read that in order to make everything work for their users they made the default user root.

And you are correct about XP. It's really scarry that Microsoft tells everyone that security is their top priority and then they do that.

Re:We may be ahead of the curve on this...

[surgeonsmate]

Yes, it will and distros like Lindows that run the default user as root had better get their act together. Poor judgement calls like that could make Linux the next security joke right behind Microsoft.

If Microsoft is a joke, then how come Bill Gates is laughing all the way to the bank?

Good Day, Eh!

[Eberlin]

Good day, eh! This Linux thing is a very good thing for the economy and all that. However the only penguin we acknowledge comes from Pittsburg and we don't like that Mario Lemieux guy all that much. If it sucks as bad as that hockey team did this season, I wouldn't stake my reputation on that penguin eh.

How 'bout we make our own brand called Maple Leaf Linux or Red Toque. Or maybe we can call it Gretzky Linux and charge 99 Canadian for it.

Heck in Edmonton the best one-two combination was Gretzky to Kurri -- The Great One and a great Finnish guy. Gretzky did his best work with the aid of a Finnish product! So is Linux good? You bet! I give it a hat trick rating.

Standardization

[dmomo]

This is true, and granted, as more apps for the linux desktop become widely used, exploits involving them will be more easily propagated.

Re:'Canada's national newspaper' !?!?!

[schovanec]

Last May. - Steve

This is probably redundant by now...

[meme_police]

...but Calgary should be switching to OpenBSD. They'd have plenty of top notch support nearby.

Virus

[WindBourne]

Virus writering/crackers are master at spending little energy. They will write them to go for the easiest target possible with the most damage being a side effect.
As soon as linux is one of the easiest targets, then we will see lots of them. Until that time, well...

Virus' Due to install base?!?

[fritz1968]

Mr. Friedrichs says the majority of viruses and worms today are aimed at Windows, because of its large installed base. Threats that target Windows also tend to have more impact and get more publicity than those aimed at Linux, because there are so many Windows-equipped computers for them to affect, he says.

From what I have read and understand, the install base has nothing to do with it (or very little at least). The problem is that MS software is so easy to crack.

For example, MS Exchange has roughly a 85 million install base. That email system has been hit hard over the past several years. Lotus Notes has not been hit nearly as hard (if at all) during the same time frame. If install base had anything to do with it, then one would assume that Lotus Notes has a substantially lower install base than MS Exchange. The fact is that Lotus Notes has a comparable install base (of roughly 90 million).

It's the insecure software that is the problem, people!

Re:Virus' Due to install base?!?

[sik0fewl]

Very interesting. You don't happen to have the source(s) at hand, do you?

Re:'Canada's national newspaper' !?!?!

Does Office Bob still have the other phone?

Re:'Canada's national newspaper' !?!?!

[hey]

I might point out that the telephone was invented in Canada!

Privilages

[phorm]

As linux popularity increases... we can hope for some of the following:

a) Lindows doesn't become the primarily popular distro
b) Users will *not* run as root - see (a)
c) Root SSH disabled (most distros do enable root SSH by default) or no bootup SSH server

Open SSH ports (or NFS for that matter, but it generally needs some more setting up) with root access and easy passwords would be the gold for virus writers. The same for root-level user access. Give the users their sandbox, let them play in it, and let the viruses be restricted to them too.

Yes, virii will happily nuke a user's files, and possibly attempt to email themselves outward (we *can* protect against this in many ways in 'nix) - but at least they won't have the potential to bork an entire system... and if they're restricted to ~/ or other public areas then they should be much easier to clean.

My concern is that to allow installation to be simple enough: applications will become something like "You must be root to install this application. Please enter your root password" - in which case viruses will follow suite and, well, same problem as windows. Maybe the concept of becoming "superuser" would instill enough paranoia to keep users from clicking and becoming root, but I doubt it.

However, that's home users. For businesses - don't give employees root - and suddenly you have a much tighter environment. We're setting up a lot of linux machines here at work. I've made a base image for them, bound the individual machines to DHCP static IPs as well. My primary server has a public key in authorized_keys for all the desktops, so updates/changes are as simple as:

for IP in $LINUX_MACHINES
{
ssh $IP /mnt/nfs/myupdatescript.sh &
}

(in this case I obviously allow root logins via SSH, but none of these machines have a public IP)

Re:Privilages

[Vindicator9000]

You have good points.

My concern is that to allow installation to be simple enough: applications will become something like "You must be root to install this application. Please enter your root password" - in which case viruses will follow suite and, well, same problem as windows. Maybe the concept of becoming "superuser" would instill enough paranoia to keep users from clicking and becoming root, but I doubt it.

In my experience, a lot of Windows 2000/XP home users don't even know that they're running as admin, or that they have a choice not to. I work as a Windows admin, and often someone will ask me how come their home machine keeps installing software "on its own," usually meaning they clicked yes on the "Do you want to install GAIM?" box somewhere. I explain that some software companies are less than ethical, and that the best way to guard against that is to not run as admin, and not to install anything unless they explicitly asked for it. Then I give them a pre-prepared file on how to create user accounts and set rights on 2000/XP machines, along with a disk containing Ad-Aware, Firefox, the latest XP service pack, the Blaster patch, and appropriate readme files (I keep 5 or 6 of these on my desk). Invariably they tell me later that the situation has improved, and that they never even thought about doing it that way - they even ask me if they can copy the disk for their friends. I think that part of the reason its sucessful is because it gives users a greater sense of responsibility when they login to the admin account.

Anecdotal evidence for sure, but the response from users has been so overwhelmingly good for me to ignore. All OSs intended for home users should setup a separate admin account, and take steps to inform users to use it only when necessary.

Diversity is No Defense

[RAMMS+EIN]

"if you want to really defend yourself, the way you defend yourself is by diversity."

It cuts on both ends. More diversity means less chance that _all_ your systems will be compromised, but increases the chance that some of them will. I think you are better of using one system that you know how to secure and keep secure well.

In my case, that would be any open-source *NIX - *NIX because I know the workings reasonably well, and open-source because I can verify it's not doing something sneaky.

Re:Tux would NOT wear a suit!

[trailerparkcassanova]

'e should be wearin' a toque, eh? With a little slab o' back bacon sittin' there beside 'em, 'eh?

What say to that, eh?

User stupidity

[phorm]

The problem is, that even in linux a dumb user is still a dumb user. Instead of this:

"Install: Bonzai buddy will be installed to C:\program files\pwned"

You get something like:
"Install: Bonzai buddy will be installed to /usr/local/bin/pwned, /etc/pwned"
"Error, you need to run as root to install this program. Please enter your root password:"
*****
"Thank you. Installation will now continue"

You don't think it will happen? Just wait. Safety comes in that the user doesn't always get the root password (and is patched against root exploits)... at least in a business environment Vs home (and at home *MY* family members ain't getting the root password).

Re:User stupidity

[davecb]

Many user-level programs in Unix and Linux happily install in per-user mode without asking for the root password*.

Make this all and the end users won't have the root password, and therefor won't be able to authorize installing a virus... even assuming they don't realize that asking for the password is an unexpected behavior.

--dave
[* developers are doing just that]

Re:User stupidity

[phorm]

With the bazillion different project in Linux that already don't co-operate very well. Getting them all to follow the same standard might be a little difficult.

Windows install

[RAMMS+EIN]

What?! Windows install doesn't allow you to select keymap?

Re:Windows install

[NamShubCMX]

Yes, after you have to enter that lenghty serial number...

at least it doesn't echo *s :)

Linux and Mac OS Inevitably Will be Virus Infected

[Laebshade]

I wrote an article on my website about this very topic almost 3 weeks ago, but it is not as quite in-depth as the Globe article and is from a different angle.

Linux in Canada, eh?

[thebra]

Well I say Linux in every where! I just installed Fedora, with out a hitch, and am excited to see how easy it has become (I tried once and failed greatly in '95 or so). Viruses? Well of course, but I can't imagine any thing like Windows OS has experienced. Before downloading the ISOs I installed W2k and less than 10 mins had a virus that was rebooting my pc. (blaster!) Right now the only "virus" I'm afraid of is when I am root.

How to make virus works on Linux...

[fprog26]

Have uncle bob have his root password in the "KWallet Password manager", because it so more convenient...

Make Konqueror use some KPart plugins or KIOslave
like those for cmd or apt-get,
have a web page that "FORCE" the user to say "YES",
launch apt-get or cmd with sudo and do some damage.

Another way would be to fool the user to enter his root password.

Don't worry experience shows that people are easy to trick.
Just think about how many people have all those junks like weather thingy,
internet time synch and similar.

And for those not realising VBA on KDE is replaced with JavaScript,
KJSEmbed can do enough harm via DCOP,
if misused properly much like VBA can do on Windows, so please.

I never said that it's not convenient,
much more like VBA was convenient on Windows or WScript for such matter.
The 'real' problem is educating 'dummy users' who just install, click, accept anything on their box,
if they do it on Windows... don't worry they will do the same thing on Linux.

People who don't apply security patches for Konqueror or the Linux Kernel will be as
problematic as those who don't apply 6 month old
security patch on Windows and that still get CodeRed infected.

I know Linux tends to release patch faster and such, but for 'dumb uncle bob' that might
not save him from some worms that exploit some bug in some Linux applications.

Let's assume there's a root exploit bug in Konqueror or X11 or KDE.
Let's assume there's a patch.
Let's assume user bob, don't know what's a patch, he ask neighboor's X once every 6 months when his in trouble or things get screwed up.
Let's assume some guy wrote some rootkit exploitable program for that bug as a "convenient" example NOT to be used.
Let's assume some ScriptKiddie find that webpage and say cool, let's make some worm, just to look cool at school among his geek friends.
So, he write some worm make use of KJSEmbed, DCOP or whatever he might find
and send the thing as an innocent HTML attachement to a bunch of people randomly.

Guess what happened?

But yeah Linux can't get virus...
it's just more tricky to trick people out, but not impossible.

So, think twice!
You can have easy-to-use, features or security, pick any two.

http://jedidiah.stuff.gen.nz/

[RAMMS+EIN]

Man, that's a BEAUTIFUL website!

Calgary on Linux? WTF??!!!

[swordgeek]

Last time I checked out contract list, we were still supporting a fairly large number of Sparc/Solaris boxes at the city of Calgary. Much of the storage has migrated from antique Sun systems to NetApp, though.

I don't know what part of the city's infrastructure has moved to Linux, but it's certainly not all of it. This article seems a bit...blind.

Re:Calgary on Linux? WTF??!!!

[shking]

The City of Calgary moved their Oracle servers to Linux and saved a pile of $$$. They are looking at migrating the rest of their unix servers to linux as well. Virtually all desktops are Windows NT (migrating to XP) except for some graphic arts types who have macs. Web servers are mostly Windows/IIS and sometimes Sun/Apache, but occasionally there's a kewl oddball

Re:'Canada's national newspaper' !?!?!

[Gramie2]

Yes, it's a good thing that we don't have concentration of media ownership up here.

P.S. Try Googling "Izzy Asper" or "CanWest"

Re:'Canada's national newspaper' !?!?!

[Citizen+of+Earth]

Not only do we have more than one newspaper, we are also proud to announce that we have more than one telephone, as well as more than one automobile!

Hell, I'm even thinking of getting a second igloo.

Re:'Canada's national newspaper' !?!?!

[B3ryllium]

Well I knew that :P lol :)

IBM

[ibm5_25]

My question is why can't you buy an IBM Laptop with Linux on it? They had that huge promotion a while back.. with all the ads etc.. yet I havn't found a new IBM with Linux on it..

Re:'Canada's national newspaper' !?!?!

[B3ryllium]

Shush! You should only ever use Canada.com's search-the-web option. ;-)

Re:Windows has ACLs you know.

[slipstick]

If user's are smart enough to save an attachment, mark it as executable and than click on it than their smart enough not to run as root.

Re:Linux and Mac OS Inevitably Will be Virus Infec

[codepunk]

Actually I think you are full of crap. Your little article only spreads the same FUD that I always hear but you offer absolutely no technical explanation as to how this mythical linux virus problem is going to occur.

Re:Tux would NOT wear a suit!

[trailerparkcassanova]

Ya'll should say "Did I git mah 'merican accent right?.

Bimetrics == uname

[Fractal+Dice]

I don't understand why parent was modded up - the method of authentication is not relevant to the security model.

The underlying OS has to uniquely identify users - the username is just an alias for you (uids in *nix). The password is a challenge that you must answer and can be altered if discovered by a would-be identity thief.

Smart cards are the way to go. You program them to hold the userids and passwords and handles all the drudgery of entering a userid and password. However, it's still the same system underneath.

Biometrics combines userids and passwords into one, great for forensics, awful for authentication. As soon as the scanner can be fooled with false input (contact lens, fake fingerprint, etc), the entire system is useless until replaced/upgraded to read a new metric. Just look at all the success thieves have had with designing covers to put over bank machines to grab card numbers - now imagine not being able to ever change your account/pin number after it is stolen.

If you want a security model that doesn't require using su, you build your OS/apps around group permissions and check for gid=0 instead of checking for uid=0 (to use *nix terminology).

WIll Linux become a target? You bet!

[mark-t]

If Linux popularity grows significantly enough, you can certainly count on Linux being targetted by virus writers.

However...

It's worth noting that the only people that will be adversely affected by this are the average dumbed down user that didn't know any better than to practice good system administration and security skills on his own computer. Of course, some may argue that a decent OS shouldn't require a person to know anything about good administration -- that the OS should take care of that, and they may have a point... but computers aren't sentient yet, and until they are, there's a burden that some person is just going to have to bear. Sorry about that.

Meanwhile...

Businesses that run Linux will remain largely unaffected by the sweep of virii that target Linux, since they will have corporate interests in keeping their systems reliable and secure and will have someone available to ensure that their system remains so.

Bottom line, virii for Linux may become more prevalent than even windows virii, if Linux becomes popular enough, but the virii will cause personal data loss at most, and no severe economical impact that many windows have because many times there's nothing that anyone could have reasonably done in advance of the infection to have prevented it.

Antivirus software for Linux

[rkaa]

FYI:

NORMAN make antivirus software for Linux.

Journalists: STOP the FUD......Pretty Please!!

[IceAgeComing]

Really, it's such a simple idea:

If you use GPL code, you publish somewhere the modifications you make under the GPL.

THAT'S IT. END OF STORY. JOURNALISTS, YOU CAN GO HOME NOW.

Instead, we get heart-wrenching human interest CRAP like the following:

(From speeding acceptance of linux)

Linux evangelists have prophesied for years that the open-source operating system would challenge Microsoft Corp.'s Windows. But it wasn't until the past year or so, when International Business Machines Corp., Novell Inc. and Hewlett-Packard Co. seriously threw their collective and considerable weight behind it, that a challenge became a real possibility.

Victory, however, will not come cheaply.

The problem is that the future of Linux was never dependent on its quality. If quality were all that is required to win, everyone would be watching movies on Beta videotape and working on Apple Macintosh computers.

The problem is cultural.

The open-source community, an ad-hoc worldwide network of programmers dedicated to creating free software, has been too shrill, evangelistic and hot-eyed for corporate interests to deal with; the ferocity of their anger at proprietary software became the Linux community's own worst enemy -- nobody wants to gamble a corporate future on fanatics, no matter how worthy their bible.

Why do journalists slather this "human community" BS on top of this very simple idea?

It's like they're trying to freak people out! How completely idiotic is that???!!!

Re:'Canada's national newspaper' !?!?!

[tricops]

Now now, very few Canadians actually hate Americans. Many joke, but few hate.

As an American living in Canada, I would agree that this is true. Of course it gets old being harassed about being American (fortunately I'm long past that stage now). Also, while few Canadians seem to outright hate Americans, I've run into enough of them that seem to think a large number of Americans are brainless idiots, as though Canada doesn't have its own share (and vice versa).

Frankly, I'm sick of the rivalry whether it be joking, real, or whatever. It goes both ways like anything else... :P

Re:It's an awk!

[psavo]

Hmm. What for a Canadian needs 'Ö'?

Re:It's an awk!

[saforrest]

Hmm. What for a Canadian needs 'Ö'?

Touché. :) The English alphabet.

Re:Windows has ACLs you know.

[slipstick]

Why would you assume that KDE would do this? If they do I will personally remove it and submit a patch!

The fact is if this happens in open source you would likely so a fork and a major backlash.

Re:We have it worse

[theshowmecanuck]

I am a Canadian who has been living in Missouri (get the name? :-)... I moved from Alberta... I think the provincial premier Ralph (who I think of as 'Ralffff, do I have a drinking problem?') Klein and the federal Alliance party's Alberta members make Bush look left wing. They want to privatize medicare, give Bush style tax cuts to the rich, and have already driven most folks on welfare into British Columbia.

Calgary leading the way again

[agraupe]

I think it is great, as a Calgarian, that our city is adopting Linux. I hope this extends to the f***ing school board! It's like hell, having to use Win2K or OSX when both are hobbled by paranoid-schitzophrenic techs! I guess I need a reminder why I hate windows so much... About the viruses: don't run as root! Quite simple, really. Anyone who does daily work as root DESERVES to get a virus, in my opinion.

Re:'Canada's national newspaper' !?!?!

[RobinH]

As an American living in Canada, I would agree that this is true. Of course it gets old being harassed about being American (fortunately I'm long past that stage now). Also, while few Canadians seem to outright hate Americans, I've run into enough of them that seem to think a large number of Americans are brainless idiots, as though Canada doesn't have its own share (and vice versa).

I live in Canada and work in the states. I'm in Mississippi right now. I FEEL YOUR PAIN. I'm pretty sick of even the nicest people, upon hearing where you're from, having to dump on you all the stupid and mostly untrue BS they've heard about your country, and what they think is wrong with it.

Frankly, I'm sick of the rivalry whether it be joking, real, or whatever.

Amen, brother. If you figure out how to make it stop, let me know.

It's a Mirage: Dinosaurs Don't Do Software

[Vagary]

From what I gather, Alberta has become business-oriented by slashing corporate and income tax rates (because the oil brings in basically enough money to run the province). Since Calgary has the second-highest number of company HQs in Canada (after Toronto), there are a fair number of tech people developing internally-used software and doing IT. Also, for reasons I'm unsure of, the University of Alberta has very strong Computer Science and Electrical Engineering Depts.

However, Alberta's per-capita spending on R&D is below all the other "have" provinces -- I'd guess because alcoholic politicians and oil tycoons don't care about science. Alberta also has very low venture capital activity (there's a reason the TSX Venture Exchange used to be in Vancouver). As a result, there are way less pure-software companies than Vancouver, Toronto, Montreal, and Ottawa.

Re:'Canada's national newspaper' !?!?!

[Sri+Lumpa]

"I live in Canada and work in the states. I'm in Mississippi right now. I FEEL YOUR PAIN. I'm pretty sick of even the nicest people, upon hearing where you're from, having to dump on you all the stupid and mostly untrue BS they've heard about your country, and what they think is wrong with it."

I'm a Frenchman living in England. How do you think *I* feel?

Re:'Canada's national newspaper' !?!?!

[RobinH]

I'm a Frenchman living in England. How do you think *I* feel?

I was an Anglophone in Quebec... that trumps yours anyday! :-)

So, when do we all start group therapy?

Quote left out

[sad_]

linux is aboot freedom, it is aboot choice, it's aboot...
excuse me, can you tell me what it is 'aboot' again?

Re:'Canada's national newspaper' !?!?!

[Sri+Lumpa]

"So, when do we all start group therapy?"

LOL.

I don't have any problem actually. Of course working with a mix of Spanish, Portuguese, Iraqui, Venezuelians and English (of course) helps smooth the differences.