Home » BSD

BSD

Predicting the future, circa 2003

In the heat of the moment, I searched my blog this weekend for quotes that could potentially be taken out of context and found something rather prophetic that I wrote in the heat of the moment 11 1/2 years ago:

Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job.

Who ended up with that job? Me, about a year after I left that gig. It actually turned out I was pretty good at it, once I landed in a shop that realized it needed someone to do that job, and utilized that position as part of an overall IT governance model.

Read More »Predicting the future, circa 2003

Bash is worse than heartbleed! Oh noes!

A really bad remote code execution bug surfaced yesterday, in Bash–the GNU replacement for the Unix shell. If you have a webserver running, or possibly just SSH, it can be used to execute arbitrary code. It affects anything Unixy–Linux, BSD, Mac OS X, and likely many proprietary Unix flavors, since many of them have adopted the GNU toolchain.

This could be really bad. Some people are calling it potentially worse than Heartbleed. Maybe. I’m thinking it’s more along the lines of MS08-067. But there’s an important lesson we must learn from this.Read More »Bash is worse than heartbleed! Oh noes!

Curious conspiracies… or maybe just progress all at once

In the wake of Truecrypt’s sudden implosion, someone sent me a link to this curious blog post. I can see why many people might find the timing interesting, but there are a number of details this particular blog post doesn’t get correct, and it actually spends most of its time talking about stuff that has little or nothing to do with Truecrypt.

What’s unclear to me is whether he’s trying to say the industry is deliberately sabotaging Truecrypt, or if he’s simply trying to make a list of things that are making life difficult for Truecrypt. His post bothers me a lot less if it’s just a laundry list of challenges, but either way, the inaccuracies remain.Read More »Curious conspiracies… or maybe just progress all at once

Thanks for the misinformation, Disney

In one of its throwaway kid’s sitcoms, Disney insinuates that open source software contains spyware and using it is a ‘rookie mistake’.

Open source software rarely contains viruses or spyware. Since it’s open for examination, changes to the code that have any funny business in them tend to be rejected. For that matter, code with unintended bad consequences tends to either be rejected, or quickly changed.
Read More »Thanks for the misinformation, Disney

Open-source licenses, the CISSP, and the real world

You may have a question about open-source licenses on your CISSP exam. I don’t remember the specifics and wouldn’t be able to repeat them anyway, but I had a question on my exam where knowing the differences was helpful in finding the right answer.

And I had to deal with an issue this past week involving open-source technologies where the licenses made a big difference.

Read More »Open-source licenses, the CISSP, and the real world

Open sourcing code doesn’t necessarily mean people will rush to it

John C. Dvorak wrote a nice layman’s introduction to open source on PCMag.com. But he makes at least one big false assumption.

Dvorak says he’d love to see old code open sourced. Some examples he sought, such as CP/M, CP/M-86, and GEM, have already been open source for years. Caldera, after buying the intellectual property of the former Digital Research from Novell, released just about everything that wasn’t directly related to DR-DOS, some of it as GPL, and some under other licenses. The results have hardly been earth shattering.

Read More »Open sourcing code doesn’t necessarily mean people will rush to it

That PC wasn\’t broken, it was just spyware

I “repaired” a PC this weekend. Actually it wasn’t much of a repair. It had problems: disk errors, applications crashed a lot, the computer crashed a lot, startup times were slow, and at times the computer was really unresponsive.

At first I suspected viruses, but I quickly found the virus software was up to date, which was a good thing.

The problem was spyware.