Computers

Everyone is talking about the way Windows Update silently updates itself when set to 'notify only' (but not when set to 'off', apparently). Bruce Schneier calls it 'a huge deal'.

And it is. But only if you never considered what it really means to run a proprietary OS like Windows.

Microsoft can remotely, silently modify your OS any way they choose. Does that scare you? What can you do about it? Only install their patches manually? But you still won't have a clue what those patches do. Not install them at all? The holes in a completely unpatched Windows XP give the entire world remote control over your PC, not just Microsoft.

Microsoft can make your computer cooperate with some external entities against you. Do you think that's worse than 'mere' remote vulnerabilities? But how do you know your existing, unpatched OS isn't already betraying you? (It was when it downloaded that update.) How are you going to protect yourself against that?

Use a host-based firewall? Your OS can bypass it; it works through Microsoft callbacks and lives on Microsoft sufferance. Use an external firewall? How can it tell the difference between legitimate browser access to tfosorcim.com and software calling home?

Running Windows in a tightly locked-down VM is a hard but tractable engineering problem. Running it on bare hardware with Internet access is like keeping a huge tiger susceptible to radio mind control in your living room. You build a Faraday cage around your house and keep a tranquilizer gun in your pocket, and you pat it on the head after it feeds. Eventually the force of habit puts you off your guard and you let your children play with it and pull the tiger's tail. But the tiger only needs to bite your head off once for this to be a losing proposition.

Windows only needs to let someone bring down or take over a billion computers worldwide once for all of today's troubles with 10-million-PC botnets to look like really small peanuts.

I'll end with an insightful (and obvious) comment from Schneier's blog:

To say that those keys are "high value" is a bit of a gross understatement. Imagine that you had a key that would let you arbitrarily load software onto 90+% of the computers in the world. How much would something like that be worth to the right person? [...] Heck, it's probably more than a lot of people working at Microsoft are going to make in their entire lifetime. (And you just wanted to get the code long enough to cause a problem, it would definitely be worth enough to kill a few people for.) That's a nuclear-weapons-grade secret.

There have been varying reports around the net about Linux support for the Asus M2A-VM motherboard (socket AM2, AMD 690G chipset + SB600 southbridge). It took me a while to verify all this information, mostly from forum and mailing list posts, before buying the board, so I'm posting this to save time for anyone else who might consider it. I'm running Gentoo ~amd64 kernel 2.6.22-gentoo-r6.

Update: the integrated graphics (Radeon X1250) can be used with three drivers:

* The x11 'vesa' generic driver. This, of course, provides no acceleration/XV/etc., but it works fine otherwise.
* The new free 'radeonhd' driver. I've tried the current sources and it, too, works in 2D mode with no acceleration, but at least it ought to improve with time. (If you don't know, radeonhd is the new free driver for modern ATI cards being developed mostly by Novell people using the complete, free specs ATI/AMD released recently. Just made me love that company a whole lot more.) BTW, it refuses to work with the DVI link. Just connect an RGB cable to the same monitor and it'll work (displaying on DVI too), so it's only a problem if you want dualhead.
* The binary ATI driver (fglrx). Version 8.42.3 worked and provided good OpenGL acceleration, but still no XV. However, when I put the board into dual channel mode with 4 RAM modules, trying to run X with fglrx resulted in a hard lockup. I didn't try too hard to make it work again.

There are many official dumps of Wikipedia available for download. Most are intended to be loaded into a MediaWiki database to run a Wikipedia clone. However, there are also static HTML dumps: every page is pre-rendered to HTML using MediaWiki's ordinary parser, so you can just dump it all on a web or file server.

Why is this useful? To set up fast read-only copies on intranets not connected to the Internet, or when your connection is slow or sporadic. On your laptop, say.

One caveat: the static HTML dump is about 5.5 GB large (with 7zip), but comes out to roughly 80 GB uncompressed, with many millions of files. (78GB actual disk usage on a reiser3 FS, YMMV.)

QT includes a class called QSettings, which stores a settings dictionary in a platform-transparent way. QT4 on *nix puts the settings in INI-style files under the directory ~/.config.



It so happened that I had a file called ~/.config in place, so QT couldn't create the directory. As a result, my new PyQt4 development tools lost all their settings every time I closed them. That's slightly annoying with the QT Designer; extremely annoying in the case of Eric4, which comes with more preference panels out of the box than Eclipse. In both cases, settings were lost in a completely silent way. There was no error message, not even on stderr. The only indication anything was wrong came the next time I ran the application, as it started with factory settings once more.



Luckily, since I was writing a QT4 application myself at the time, I could quickly look up the QSettings docs, find out where the settings were supposed to be saved, and diagnose the problem. An ordinary user of a QT4 application, however, would have had to resort to online support of some kind.

The new Vista license has been published by Microsoft, and people have been pointing out the differences from older Windows versions.

There's a new security advisory for the NVidia binary video driver for Linux (story also carried by KernelTrap and slashdot).

We immediately hear all the predictable arguments. On one side, that the bug is fixed in the latest (beta, unstable) version of the driver. On the other, that the bug was first reported way back in 2004.

Some people just don't seem to grasp the fundamental idea: that widely used, production-quality FOSS is, as a rule, more secure than closed software - even though the latter may be just as good on most other counts, such as stability and features.

Reposted from my old blog - the old comments are there.

---

Xen can run unmodified DomUs (guest OSs), including Windows [pdf] or potentially any x86 or x86_64 OS, if your CPU supports Intel VT (aka Vanderpool) or AMD-V (aka Pacifica and SVM). I've always known that in theory, but I guess I haven't been keeping up with the news. It turns out all Athlon64 CPUs for the new Socket AM2 (and apparently some or all Pentium D Preslers) support SVM, and the latest Xen 3.0.2 can use that.

Reposted from my old blog - the old comments are there.

---

Dr. David Brin complains (first and second blog posts) that kids today can't learn the basics of programming in a way that is fun and, above, all, trivially accessible to every computer-owner. There's no lingua franca of modern programming - a language that is both ubiquitous (comes with every PC) and accessible (very simple and suitable to learning basic imperative programming).

A storm of comments was generated by the Salon article. Most respondents didn't seem to understand Brin's real points. To be fair, the article itself was rather misleading. In any event, I'm responding here to what Brin wrote in his later replies, the first of which is here, starting with the words "your letter is cogent and intelligent". (Permalinks to individual comments on Blogger don't seem to be working.)