Jason Antman’s Blog

Shawn Powers wrote an interesting article on LJ, Where Do YOU Send NetBook Users For Help?, which speaks about the myriad different distributions used on NetBooks (like the eeePC and its’ brethren), many of which are significantly different from the usual mainstream distros.

My comment:

From a vendor’s point of view, it probably seems a good idea. However, there are two major problems that I see in it. Firstly, while there aren’t a gigantic number of people that can give aid with Linux, there are quite a few – especially in one of the hottest areas (that I’ve seen) for the eeePC, colleges and universities. Unless the vendor is prepared to offer high-quality OS and application tech support, they should do all they can to make use of whatever Linux support resources already exist. Ubuntu is becoming increasingly common, so the best move (in my mind) would be to re-brand Ubuntu, but keep the functionality the same, therefore making use of (arguably) a relatively large experience base, by Linux standards. If you’re a hardware company, and don’t focus on providing (software) technical support, the smartest thing to do is to try and maximize the amount of third-party software support that’s available.

Secondly, and perhaps more importantly, we’ve finally started to reach a time when Linux is becoming standardized. Most popular distros follow (more-or-less) the LSB specification, and Gnome and KDE have become the accepted standards for pretty much all non-geek graphical environments. It’s taken years to reach this point, and the introduction of mass-market netbooks, many with their own customized distros, is not helping, nor is it smart on the manufacturers’ part.

Perhaps the biggest problem is that the manufacturers themselves just see Linux as an OS that doesn’t cost them anything, without seeing the big picture. If they truly understood Free software, they’d be working to improve on existing technology, while retaining the existing code as a base, rather than struggling to differentiate their offering. If I was to start selling Linux-based netbooks, I think the solution is quite simple, just by following the trends in the Linux world: sell a “business” version that runs RedHat or CentOS, maybe SuSE, and a “consumer” version that has Ubuntu (which, as far as I’ve seen, is the most popular with the non-linux crowd). Rather than trying to build my own distro and differentiate it from everything else, I’d build on what little Linux experience the general public has, by using the most common distros. If the marketing guys want differentiation so badly, that’s the wonder of Free software – just add vendor-specific logos and a custom theme.

On a personal note, I’ve had an eeePC 701G Surf since December 2007. The *first* thing I did when I got it was create a 4GB SDHC card with a full install of my favorite distro, and set it up to boot from the SDHC. I haven’t booted Xandros more than twice. Even the “expert” mode, which is somewhat like a normal desktop environment, is severely lacking in common tools, administrative tools, and security (the user separation is abysmal). I would’ve been much more happy to see it ship with a good install of Ubuntu, even locked down with a “simple” desktop for the default user. Things like sed, awk, grep, and an SSH server should be instaled on every Linux system. Also, just a theory – set each system to have a unique, randomly generated root password, and print it on a label on the bottom of the machine.

Miscellaneous Geek Stuff

• S. 3325 Passes Senate Judiciary | Public Knowledge

Interesting Links and Resources

For quite some time, I’ve been frustrated with Blogger. First of all, its’ publishing system is horribly inefficient. As everything is static HTML, at this point, writing this blog entry alone will require it to re-publish approximately 6 MB to my server. Seems sort’a pointless. Not to mention, it doesn’t allow any of the stuff that I really want, such as multiple categories with per-category RSS, or good searching. It also means that, though this blog is hosted on my own server, I’m dependent on Blogger to add posts.

I’m still horribly busy dealing with insurance companies and the police in relation to my stolen truck, as well as looking around and trying to figure out what my next vehicle will be, and how much I can spend on it.

Anyway, I’ve decided that at some point in the future, I’ll be migrating to WordPress for the blog. It will, of course, be hosted on my own machine, and will hopefully also include a migration of everything from this Blogger account. And, somehow, will include some sort of redirection from old posts to the relevant new ones. Most importantly, though, I plan on deferring the project until I get my multiple static IP service from Optimum Online, as the new blog (and the rest of my subdomains) will be moved from GoDaddy forwarding to their own subdomains setup as Apache name-based VHosts.

Stay tuned for progress updates…

Projects blog, wordpress

Internet Security

So, this semester I’m taking a class on Internet Security. Our textbook is Management of Internet Security, 2nd Edition by Michael E. Whitman and Herbert J. Mattord. It seems pretty basic, and very much focused on the management side of things (as opposed to technical). The table of contents is as follows:

1. Introduction to the Management of Information Security
2. Planning for Security
3. Planning for Contingencies
4. Information Security Policy
5. Developing the Security Program
6. Security Management Models and Practices
7. Risk Management: Identifying and Assessing Risk
8. Risk Management: Assessing and Controlling Risk
9. Protection Mechanisms
10. Personnel and Security
11. Law and Ethics
12. Information Security Project Management

Now, given that it’s really a “management” book, I can’t say I’m surprised that it reads like an essay that was graded on a scale of buzzwords-per-sentence. However, it seems to be missing the one chapter that’s the most important – actually, the only chapter that would be in the book if I wrote it – “How to get management to allocate the money you need for proper security.” In fact, skimming over the book, I found a lot of content on general management planning, job descriptions, sample policies, and a lot of other pie-in-the-sky stuff, but not one concrete section dedicated to the most difficult part of security – getting the “resources” to do it right!

Microsoft Lies

Why we would spend time analyzing corporate mission statements in an Internet Security class, I have no idea. That seems, to me, too much like what we covered in “Management of Technological Organizations.” But, we do, and one of the examples used is Microsoft’s Mission and Values statement. Perhaps, being the F/OSS advocate that I am, my reading of it was a bit cynical. Let’s take a look at it.

“At Microsoft, our mission and values are to help people and business throughout the world realize their full potential.” Well, we’re off to a good start. Aside from the fact that they want you to realize that potential using only their software, and use their power and money to actively monopolize (or attempt to) most industries that they enter, this seems pretty run-of-the-mill.

Corporate Citizenship: “Every successful corporation has a responsibility to use its resources and influence to make a positive impact on the world and its people. Microsoft’s Global Citizenship Initiative is focused on mobilizing our resources across the company and around the world, to create opportunities in the communities where we do business, and to fulfill our commitment to serving the public good through innovative technologies and partnerships.” Well. Now we’re getting somewhere. Apparently “a positive impact on the world and its people” is defined as trying to monopolize every sector that Microsoft touches, whether attempting to crush and then buy-out the competition, or through flat-out FUD and billion-dollar marketing campaigns. Hmm… innovative partnerships… as in Novell?

Legal and Corporate Affairs: “Microsoft’s Legal and Corporate Affairs Group works on the cutting edge of business and regulatory issues around the world.” Well, I can’t argue with that, they sure are on the cutting edge. What started with Bill Gates mailing out whiny letters about pirated Altair BASIC has now turned into a global juggernaut, capable of forcing the creation of ISO standards at their whim, and successfully quashing any dissent about obviously flawed and under-reviewed “standards” (which, in fact, simply describe current software, rather than setting any real standard).

Values: As a company, and as individuals, we value integrity, honesty, openness, personal excellence, constructive self-criticism, continual self-improvement, and mutual respect. We are committed to our customers and partners and have a passion for technology. We take on big challenges, and pride ourselves on seeing them through. We hold ourselves accountable to our customers, shareholders, partners, and employees by honoring our commitments, providing results, and striving for the highest quality.

1. integrity – i.e. not creating a draft ISO standard and then offering monetary incentives for acceptance.
2. honesty – when it works. Intentionally making Vista-Capable labeling so ambiguous that it even confuses Microsoft executives? Fine.
3. openness um… did they seriously say that? Openness like… protocol interoperability? Standards that can be implemented without patent violations? An “Open Specification Promise” that doesn’t come with a three page FAQ? Nope. Not Microsoft.
4. constructive self-criticism – Ok, I’ll give them this one. They do, rarely, criticize themselves. Though “constructive” usually means making comments about the poor design of a previous product, and suggesting that everyone upgrade to the new version.
5. continual self-improvement – I’ll give them this one too. In fact, they’re so crazy about it that they’ve been improving the same codebase for decades!
6. mutual respect – See above.
7. We hold ourselves accountable to our customers – Ok. They are offering to allow users to downgrade from Vista to XP.
8. striving for the highest quality – I don’t think so. They’re striving for products that have the highest market share. As long as the quality is acceptable to the majority of users, and the products do what the majority of users need, that’s fine. But wait… apparently they even missed that goal with Vista.

This is just the opinion of one person. My motivations may be diverse, and surely there’s a bit of zealotry in there. After all, if Ford told me I couldn’t put fog lights on my car myself, I had to bring it to the dealer and pay $400, I’d stop buying their cars – and make sure everyone else knew what they did. But there’s also my ever-present desire to make sure people know both sides of the story, and all the facts. The mainstream media (specifically dumbed-down television) rarely reports on the less cheerful side of Microsoft, like the ISO “standard” scandal, or the Vista letters, or the Vista-Capable fiasco. And I find this to be horribly disturbing. Many people don’t realize that there are alternatives to Microsoft products, even ones that are provided by such big names as Sun Microsystems and IBM. But, most striking, is Microsoft’s overwhelming monopoly. Windows’ market share is currently 90.66% or higher. I ask you, what other industries which affect not only consumers, but nearly every aspect of our daily lives (as computing does) would be allowed to have such a monopoly? It has happened in many other American industries – oil, steel, the railroads, telephone service. Where is the government now?

What happened to the America that made massive monopolies illegal? Have we forgotten a supremely part of our history that began in 1980 with the Sherman Act? Or even the recent events with Bell? In order to truly stimulate competition in the software industry, and provide for not only choice but the improved quality, reliability, and security that comes with true software competition, something needs to be done. For starters, how about breaking Microsoft into separate entities – browser, Office, OS, server, etc. And – the important part – preventing any package sales, discounts, or bundling between the separate types of software (and separate companies).

Ideas and Rants microsoft, rutgers, school, security

I don’t know if I’m the only one experiencing this, but this is the third time in two days that I’ve gotten a 503 when trying to view my bookmarks on del.icio.us. This is posing a problem, as I use the service to keep my bookmarks in sync between five computers.

As of the time of this post, I’m able to get to the site again, but I was unable to get there – or update my bookmarks on my main workstation at work – for about ten minutes.

Miscellaneous Geek Stuff bookmarks, del.icio.us

Unfortunately, my truck was stolen this past Friday while at work. I probably won’t be posting much in the neat future, as I’m going to be quite busy trying to get things back together (insurance, etc.) while also working and taking classes.

EMS, Personal

After a few crazy weeks at work, the pay check is finally here, and I’ve decided to allocate some of the money to hardware upgrades of my personal machines. While Nagios gives me a good idea of where performance is a problem, I’m still running a large amount of “legacy” hardware (my home router/firewall is a 350MHz P-II desktop) and hardware age is a significant factor in my upgrade plans.

So, I set out looking for a program (most likely some backend scripts that dump data to MySQL, and then a PHP front-end) to perform a hardware inventory – essentially, run a script on each box, find out the system details, and dump it in a DB. Now that my pool of upgrade candidates is above a dozen machines, at multiple locations, some of which are single-use boxes often neglected/forgotten, doing this in my head isn’t the easiest.

So, while I’ve been googling and searching some mailing list archives, I’m also developing a set of requirements.

The chief requirements:

• Ability to run a script on a remote machine and have the results returned in a meaningful format. Most likely, a single script, run as root (SUID or sudo) that returns nice, formatted, SQL-ready results (so the parsing of platform-specific command output will happen on the client, with every client returning a normalized data set).
• Ability to track hardware changes – i.e. disks swapped from one box to another, NIC replacement, processor upgrade, etc.
• Each piece of hardware tracked individually, allowing future support of fully tracking components, spares, etc.
• Support for future barcoding of components and physically-performed inventory.

Some of the data that I’d like collected:

• Data on a machine stored by chassis vendor name and serial numer/service tag.
• Hostname associated with each box.
• Architecture, number of CPUs/cores and type, model, speed, socket (for upgrade planning/ordering).
• Motherboard model/manufacturer, serial number, HW and SW/FW revisions, manufacture date.
• Storage (internal & directly connected external) – type, interface, capacity, specifications/manufacturer and model.
• Amount fo RAM, type of RAM, and configuration of cards (number of empty slots).
• PCI card configuration – number and type/mfr/model of cards, as well as number of empty slots
• For all NICs – MAC addresses, current IPs, as well as link type/speed and connected switch/port.

I’d also like some level of software inventory, especially for those machines that may be running “forgotten” services:

• nmap scan results.
• OS-generated list of running services, with GUI including a blacklist of “default” services not to be displayed, and possibly also cross-links to Nagios status.
• Possibly a parsed output from ps, using a blacklist as shown above.
• If a firewall is running on the system, a list of all open ports.

I’ll be checking out some options today. Unfortunately, I have a feeling that there’s most likely nothing that supports my requirements, and I’ll probably end up implementing a lot of this myself.

Projects configuration, inventory

From PRNewsWire: Microsoft and Novell Deliver Joint Virtualization Solution Through Partners. The headline of the press release: “Supported by Dell and other channel partners, solution includes SUSE Linux Enterprise Server running as optimized guest on Windows Server 2008 Hyper-V.”

Now, maybe I’m not up on the news regarding my favorite distribution, but it seems to me that a deal allowing SuSE to be virtualized as a guest under Windows is not only “joint”, but plain moronic. Despite the marketing efforts of Microsoft, Unix-based systems (including Linux) have always had the upper hand in availability, reliability, and performance.

I must say, from what I’ve heard, Windows Server is getting *much* better in these areas – and I’ve even heard that the latest version includes an option to install without a graphical environment, and even includes a command-line that’s useful. It’s about time.

However, it seems to me, that any virtualization deal between Microsoft and a Linux distributor can provide only one logical solution: Windows Server virtualized as a guest in a high-availability Linux host. More importantly, without the insane per-processor licensing – a per-VM instance license that’s hardware-agnostic and allows VMs to be migrated across hardware as the admin sees fit.

Oh, and one more insight. If Microsoft wants to be a serious player in the virtualization arena, here’s a few “simple” steps:

1. Get Windows Server to work correctly under Xen, VirtualBox, etc. Certify it. Provide the correct guest OS tool packages
2. Provide simple management of Windows in a virtualized environment – minimally, a standard SSH server that’s compatible with OpenSSH, a GUI-less environment, and a serial console.
3. Get rid of per-processor licenses. Provide a basic license that allows for, say, 10 VMs to be running at once, and allows as many installs as needed – the only licensing is based on the amount of VMs actually running. i.e., if you have 10 VMs and one gets corrupted, you can bring that one down and online a back-up image, without violating the license.
4. Make licensing processor-agnostic. Want to migrate a Xen VM (Windows guest) from a dual-core Pentium to an 8-core Xeon, or even a 16 processor SPARC? Sure, no problem.

Ideas and Rants microsoft, novell, suse, virtualization

It seems like every time I open up my Google Reader account, there’s news about another company that released a knock-off of my beloved Asus eeePC 4G Surf (701) (interestingly, it looks like eeepc.asus.com is down at the moment of writing). Even Asus has released numerous (I think the product like is now up to about 10 variations) follow-ups to the 7″ beauty, now up to 10″ in size (though, admittedly, I’m less-than-enthused about their Windows models).

With the new semester here, I am (unfortunately) back in class. And I’m very happy to report that I’m starting to see eeePCs in more and more hands. Granted, my classes are in the IT program, but I was quite surprised last night to be sitting in my Internet Security class and notice no less than four eeePCs in a class of about 25 people. While I’ve just relegated my own 4G to my server room bag, replacing it with a (used, surplus from work) IBM ThinkPad T41 (14.1″ display, 1.4GHz Pentium, 768MB RAM, and a DVD drive). Though my heart sank when I found that half of the eeePCs were running Windows, it seems that in my travels around campus, I’m seeing more and more eeePCs, and more laptops running Linux.

While the academic world has surely embraced new technologies, and non-mainstream technologies, quicker than other sectors (specifically considering Linux and the apparent popularity of the eeePC), it’s definitely a good omen. Seeing non-geek, and perhaps even non-CS and non-Engineering, students using Linux speaks quite well for the expansion of the Linux user base when these students graduate and enter the “real world”

Miscellaneous Geek Stuff asus, eeepc, linux

Tropical Storm Hanna is expected to reach the New Jersey area on Saturday, September 6, 2008. The latest predictions as of 20:00 September 4^th call for winds from 30-60 MPH and rainfall possibly in excess of 5 inches, at a rate of 1-1.5 inches per hour (as per the Bergen County Office of Emergency Management).

In light of this, please be advised that JasonAntman.com may experience some unscheduled downtime – mainly due to the fact that my internet connection (Verizon FiOS fiber, right now) is run with suspended pole-to-pole cables. If this does happen (and power is still available) I’ll make an effort to use the downtime as best as possible.

Projects downtime, emergency, hanna