Blackmoor Vituperative

Massachusetts has a problem. The Commonwealth can’t keep its CIO or pass an IT budget. Louis Gutierrez, the of CIO Massachusetts’s Information Technology Division, resigned earlier this week. Does this mean the end of the state’s pioneering ODF (Open Document Format) rollout?

First let’s look at why Gutierrez is leaving.

As he said in his resignation letter, it’s because, “IT innovation in Massachusetts state government ran out of steam in August, when the legislature closed its formal session without action on the IT and facilities bond. I am presiding over the dismantling of an IT investment program — over a decade in the evolution — that the legislative leadership appears unwilling to salvage at this time.”

This is widely seen as a blow to open-standards. In particular, this won’t do the planned rollout of the ODF for state use in January 2007 any good.

The use of ODF has been a controversial subject in Massachusetts for over a year now. Peter Quinn, Gutierrez’s predecessor as CIO, resigned on January 9th because of personal attacks based in part on his support for ODF.

While Massachusetts is theoretically still switching to ODF for its official documents, without a budget to implement the change, it’s hard to see it happening.

(from Linux Watch, Massachusetts CIO change worries ODF supporters)

Hopefully, the troops who do the actual work are still pushing the ODF train uphill, and the musical chairs for CIO is just a bump in the road.

“It really is a nightmare. User education is a complete waste of time. It is about as much use as nailing jelly to a wall,” Overton said. “There is no good trying to teach them what phishing is, what rootkits are, what malware is, etc. They are not interested; they just want to do their job.”

[…]

Jill Sitherwood, an information security consultant at a large financial institution, has seen education both fail and succeed. “I have to believe it works,” she said. “When we give our awareness presentations, what signs to look for, I have seen a spike in the number of incidents reported by our internal users.”

But online consumers are a tougher crowd to get through to.

“We have a special page on our Web site to report security incidents. We had to shut the e-mail box because customers didn’t read (the page) and submitted general customer service queries,” Sitherwood said.

(from ZDNet, Security expert: User education is pointless)

I have been saying for years that most people are too stupid to be safely allowed near a computer, and for years I have been getting criticized for saying so. When computers can be made as safe to use — safe for the user, safe for the machine, and safe for the rest of the world — as a VCR, then and only then should they be placed in the hands of an average person. And even then, there will still be a significant number of people for whom the time will always blink 12:00.

If your copy of Vista does not pass Microsoft’s anti-piracy sniff test, you won’t be able to use the Aero user interface, Windows Defender anti-spyware and ReadyBoost memory-expanding technologies that will be built into the premium versions of Vista. (Will other Vista elements, like Vista Ultimate Extras, get the WGA lock-down? The Softies had no comment when I asked.)

[…]

There are also some WGA and Volume Activation 2.0 myths that Microsoft is out to debunk, officials said. If a Vista machine doesn’t pass WGA or Volume Activation 2.0 muster, Microsoft cannot and will not “shut it off,” officials said. (If you fail to activate Vista in 30 days, however, it sounds like your Internet access is shut down after an hour. Sure sounds like a “kill” switch by any other name.)

(from ZDNet, What Microsoft still isn’t saying about WGA and Volume Activation 2.0

Remember: at least 20% at least 42% of the 60 million people hassled by WGA (aka Windows Genuine Aggravation) are licensed users who have obtained the software legitimately.

Just say “no thanks” to Vista.

Jesse Ruderman, a Mozilla security staffer, attended the presentation and was called up on the stage with the two hackers. He attempted to persuade the presenters to responsibly disclose flaws via Mozilla’s bug bounty program instead of using them for malicious purposes such as creating networks of hijacked PCs, called botnets.

“I do hope you guys change your minds and decide to report the holes to us and take away $500 per vulnerability instead of using them for botnets,” Ruderman said.

The two hackers laughed off the comment. “It is a double-edged sword, but what we’re doing is really for the greater good of the Internet. We’re setting up communication networks for black hats,” Wbeelsoi said.

(from ZDNet, Hackers claim zero-day flaw in Firefox)

On the bright side, the idiot hackers have publically confessed, so the federal case against them when their crime goes to court should be a slam dunk. Say hello to your new cellmate, hacker scumbag.

Update:

Apparently it was just a joke. Just good-natured fun. Those wacky hackers.

Intel’s lab in Pittsburgh, affiliated with Carnegie Mellon University, is showing off a technology concept at the Intel Developer Forum here this week called Dynamic Physical Rendering, which could ultimately lead to a shape-shifting fabric.

Apply the right voltage and software program and the flat piece of fabric turns into a 3D model of a car. Change those parameters and it transforms into a cube. Dynamic Physical Rendering has grown out of the ongoing Claytronics project headed up by CMU professor Seth Goldstein.

“Rather than look at a 3D model on a CAD (computer-aided design) program, a physical model would be manifested on your desk,” said Babu Pillai, who, along with Jason Campbell, is heading up the project. “The material would change shape under software control.”

(from ZDNet, Attack of the killer prototype robots)

Intel literally has, in hand, the first prototype of a new type of nonvolatile memory chip that its executives think could someday supplant flash memory and thus change the face of the industries such as cellular phones, music players and possibly even PCs.

Intel, as part of a lengthy joint venture with ST Microelectronics, has produced the first Phase Change Memory or PCM chips — nonvolatile memory chips that work well for both executing code and storing large amounts of data, giving it a superset of the capabilities of both flash memory and dynamic random access memory.

This means it can both execute code with performance, store larger amounts of memory and also sustain millions of read/write cycles.

It’s necessary to invest in technologies such as PCM because flash memory will eventually hit a wall in which it can no longer scale with silicon manufacturing.

(from eWeek, Intel Previews Potential Replacement for Flash)

Microsoft has filed a federal lawsuit against an alleged hacker who broke through its copy protection technology, charging that the mystery developer somehow gained access to its copyrighted source code.

For more than a month, the Redmond, Wash., company has been combating a program released online called FairUse4WM, which successfully stripped anticopying guards from songs downloaded through subscription media services such as Napster or Yahoo Music.

Microsoft has released two successive patches aimed at disabling the tool. The first worked — but the hacker, known only by the pseudonym “Viodentia,” quickly found a way around the update, the company alleges. Now the company says this was because the hacker had apparently gained access to copyrighted source code unavailable to previous generations of would-be crackers.

(from ZDNet, Microsoft sues over source code theft)

I see two possible explanations for this. Either it is inconceivable to Microsoft that anyone could break their Digital Rights Mafia scheme without having inside information, or they are subverting the legal system in order advance their corporate interests (again).

The Free Software Foundation has recently clarified “inaccurate” information about GPLv3. The clarification closely follows the release of a position paper signed by top Linux developers, in which they announce their objections to the proposed GPLv3. Linus Torvalds was a noteworthy exception. He recently explained why he didn’t sign the GPLv3 position statement, but why he still supports the GPLv2 open-source license.

As much as I despise the Digital Rights Mafia, I have to agree with two of the points made by the Linux kernel developers. First, adding anti-Digital Rights Mafia conditions to the GPL imposes something that GPL v2 is justly praised for lacking: end use restrictions. You do not have to agree with anyone’s politics or agenda to work with them on a GPL v2 project — all you have to do is agree to share your work. It’s politically and culturally neutral. I don’t think enough people appreciate how valuable that is. Second, the additional restrictions section is a huge problem. The Linux kernel developers declare that this section “makes GPLv3 a pick and choose soup of possible restrictions which is going to be a nightmare for our distributions to sort out legally and get right. Thus, it represents a significant and unacceptable retrograde step over GPLv2 and its no additional restrictions clause.” That’s about as clear as anyone can put it, I think.

So as much as I sympathize with the goals of the people working on GPL v3, I don’t think I’ll be using it, or working on any projects that do. (Not that I am doing much open source programming — or programming at all — now that I am at Circuit City, but I hope that this is a temporary situation.)

The local government in the German city has transferred 100 staff members in the Lord Mayor’s department to a Debian configuration, and it intends to migrate 80 percent of the city’s PCs by mid-2009.

It has not been an easy transition for the government, which first announced its intention to move to Linux in 2003 and which had scheduled the first launch to occur in 2005.

But the project, dubbed LiMux, hit numerous delays after a dispute over software patents, extended contractual negotiations and a 12-month extension to the project’s pilot phase.

“The tests are over. We have fixed the bugs and solved some of the problems,” Florian Schiessl, deputy chief of the city’s Linux project, told CNET News.com sister site ZDNet UK on Monday. “Everything we wanted done for the first release is working at the moment.”

Schiessl said it would be impossible to migrate all city workers to open source, but that 80 percent would move across by between late-2008 and mid-2009.

(from CNET News.com, Munich fires up Linux at last)

It sounds like Munich is taking a measured, common-sense approach to migrating away from expensive, proprietary software to open source and open standards. The up-front cost of migrating is significant, of course, as it would be for any large-scale migration. Migrating their entire infrastucture to XP or Vista would cost as much or more. In the short term, they will benefit from the additional security Linux offers over Windows, as well as being free from Windows’ onerous licensing restrictions, but the real savings from migrating to Linux and open source software is long-term, and I am glad that Munich’s administrators are farsighted enough to realize this.

Miscreants are using an unpatched security bug in Internet Explorer to install malicious software from rigged Web sites, experts warned Tuesday.

[…]

“Fully patched Internet Explorer browsers are vulnerable,” Ken Dunham, director of the rapid response team at VeriSign’s iDefense, said in an e-mailed statement. “This new zero-day attack is trivial to reproduce and has great potential for widespread Web-based attacks in the near future.”

(from ZDNet, Porn sites exploit new IE flaw)

On the one hand, I am curious why ZDNet specifically mentions porn. The exploit could just as easily be on a web site with photos of kittens. On the other hand, I am wondering why on the gods’ green earth anyone is still using Internet Explorer to begin with. Use Firefox, you knuckleheads!