Nelson Manning

Pwn2Own Contest Results

The results are in at the Pwn2Own Contest held at the CanSecWest conference in Vancouver. The competition pitted a fully-patched version of Windows Vista with SP1 versus Mac's Leopard OS and Linux's Ubuntu. The idea of the contest is that if you can find an exploit in and take control of one of the three machines' OSes on the first day, then you win $20,000 USD plus the machine that you hacked. On the second day, they drop the bounty to $10,000 USD and open up some common third party software. Finally, the third day drops the prize to $5000 and opens up a large pool of commonly used software. As a testament to the robust security of all three OSes, none of the competitors attempted to crack them on the first day.

On day two, Independent Security Evaluators sniped Leopard via an unknown vulnerability in Apple's Safari browser. On day three, Shane Macaulay tagged Vista through Adobe's Flash software which is one of the most common pieces of software found on Windows machines of all varieties. Needless to say, that's a gigantic security hole that can potentially affect a multitude of Windows users, so if you're a Win-nut, you might want to stay away from any unknown flash applications until the security patch is released. For the Mac users--well, most of you never listen to common sense anyway, so hopefully your illustrious company will repair your damaged egos with the appropriate patch.

What about Ubuntu? Still untouched. Why? Because black-hats know that Windows machines and Macs are easier. Seriously, why bother with Linux when black-hats AND white-hats are locking the thing down for their own good? All the money is with the other two machines. Also, you can think of it this way: if you hacked the Ubuntu machine, you'd get a machine plus something you could download for free--with Windows and Leopard, you get the added monetary bonus of an overpriced OS.

Open Source Books

Icon of Open SourceHere's a topic that's near and dear to me as a writer: books. Another thing I consider wonderful as a technophiliac is open source stuff. Now, combine those two and you get Open Source Books! It's a wonderful concept that combines the free mentality of source code with literary and informational texts. It allows the average person with internet access to have a library of extremely useful information at their fingertips, and it's a whole lot cheaper than taking classes!

One of the first places I ran across when Googling up open source books was the O'Reilly website. For O'reilly's open source books, they use the Creative Commons License which is somewhere between, as they put it, all rights reserved and no rights reserved. My general understanding of Creative Commons is that the license a little different with each book, and you generally can't edit and redistribute the book with your name added to it like you can with source code in the GPL. However, you can find quite a few titles on here from books that are out of print or otherwise (for one reason or another) released for free as either PDF or HTML texts. These are useful for finding that tidbit of information you read somewhere but can't find anymore.

Another great resource is Archive.org's Open Source Books where you will find, to date, nearly 14,000 books in various languages. They also have a section for the old Project Gutenburg that contains many older books that have gone out of print and are now in electronic format. PG has been on the net for a long time, and they've been providing free books to the world before it became hip.

Take advantage of these resources to educate yourself about a variety of topics.

Adventures in GPL

I did a little game development back in the day. Nearly every programmer, at one point or another, has at least thought of producing the next hot game to hit the shelves. The way I started was to work with MUDs (Multi-User Dimensions) by editing the source code of premade game frameworks (code bases). All of the code bases I picked through had a special license called the DIKU license; the reason is that DIKUMUD was the first of this huge family tree of code bases. You could edit and distribute the code all you want, but you couldn't profit off of it commercially, and every time someone added even the most basic set of snippets onto the code, they would make a whole new code base and a special license that goes with the DIKU license. So, by the time you get to a third or fourth generation code base, you've got a novella of licenses to read through before you can even mess with it.

Then I discovered the GNU Public License. GPL is an extremely common license to run across these days, so it's worth a quick read so you know what's up. There's some really nice pluses to using GPL code in your project as well: the license is uniform, the code is free, and you can use it commercially! A common misconception is that GPL licensed software can't possibly be commercial because it's open source, so people will not pay you for the game. Yes, the code will be open for people to see and modify if it's GPL, but you can still turn a very nice buck. First off, the graphics, sound, and everything else that you've created which isn't code will be your property, and you don't have to distribute it. Second, if it's an MMOG (Massive Multiplayer Online Game), you can charge a monthly fee, sell schwag, and all sorts of other options.

small screenshot of a game using the Crystal Space engineOne of the engines to come out under the GPL license is the Crystal Space engine, and you can find some very nice screen shots and demos on the website that show the engine off. There have been commercial games, online games, and your general open source free-as-in-beer games to be developed with Crystal Space. There's plenty of other engines out there as well including: Axiom, Daimonin, Delta3D, Entropia Engine and the list goes on and on. The downside is that you won't be able to effectively produce an offline shelf-game and charge an insane rate for it like most game publishers do--people can just download the source code, compile it, and pirate the graphics. However, even if you had proprietary code, they would just go ahead and pirate the binaries anyway, so you'd be up the creek. At least with GPL, you earn cool points for releasing your code for the common good instead of getting ripped off by pirates.

The Open Source Wave

Ever hear of Parsix? I hadn't until I was looking for something to replace Xubuntu on this laptop for fun. It's, I guess, a combination of Parsi (romanized phonetic of the Persian language name) and Linux. Parsi+x. Makes sense to me, at least. The lowdown on Parsix is that they just released the 1.0r0 version of their flavor on 25-01-08. It features a slick, black and blue GNOME 2.20.3 theme, 2.6.23.14 kernel with CFS v24.1, and a nice little set of starter software for the liveCD.

The coolest thing about this wave is that you can see region and language specific distros popping up all around the world. For example, the Fedora-based Linpus distribution which is the first Chinese distribution to support UNICODE. It's now up to version 9.3, and is the first distro to pass LSB 2.0 Certification. There's a report of high hardware compatibility too, so you don't have to do a lot of driver-shopping.

Aside from just the OS, there's plenty of open source software which is being converted into all sorts of languages from Afrikaans to Zapotec. The only problem is having to do complex keyboard mapping or work-around solutions for when you need to do something in another character set. One of the ways Parsix makes it easier for its users to exist both in the ASCII world as well as their own is a simple Alt+Shift shortcut which switching from the ASCII characterization to Parsi.

For the Greek contingent, there's an option of Knoppel, a localized version of Knoppix, and Zeus-Linux. ZL is a Slackware clone, but they updated it and did some bug-fixes to make it worth your while. Currently, they report not having a Greek-language installer, but they're planning on releasing one as of v2.

But open source stretches beyond just language, price, and culture barriers. It can now be on your cellphone via Google's Android OS. Android uses a Linux kernel! Hopefully, this will be the big break all open source developers and users are looking for.

So, if you want to play around with some localized versions of Linux, just Google up some of these or many others and give them a try!

About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning robert@meinit.nl
Syndicate content