Will someone at Crapital One please get their #%@$ together?

Capital One’s banking website is by far, the worst I’ve EVER seen.

Opera gives you a security warning that the site doesn’t support secure TLS renegotiations, and you should contact the site owner to upgrade their server.

When I went to check what server they were running, it turned out to be Windows Server with IIS behind some Linux-based caching servers. *UGH!*

Their No Hassle Rewards site doesn’t even load in any browser that is not running on Windows. I’ve tried everything. (Including Firefox, Opera, Chrome, Rekonq, and even for kicks, Konqueror)

It just doesn’t work without Windows. 

I ended up calling their tech support hotline, and they told me to have the Geek Squad look at my computer. I shit you not! (Not only is the Geek Squad’s sole purpose to rip Windows users off by charging them $200 for Norton Antivirus and a file system defrag, Best Buy recently fired most of them as it goes belly up because of their overall price gouging. I doubt they know anything about my Kubuntu system, at all.)

In the end, the only way I could end up getting my cashback rewards was to set up auto redemption at every $25.

Capital One’s tech support has people that are so stupid, they should be in the Tea Party.

A trip to the meme generator gives me this to close on….

Vista 8: Now with 500% more Microsoft spyware.

With Vista 8 it’s all about SUCKERS, SUCKERS, SUCKERS!!!!

For kicks, I loaded up the Windows 8 “Consumer Preview” in VirtualBox.

I was expecting the usual. More crap that nobody asked for. More anti-competitive Microsoft tie-ins. More lock-in with Microsoft services. More EULA mess. More spyware. I found pretty much all of this.

The setup process was much like Windows 7 up to a point, except there are now three entire pages full of toggle switches where the user must agree to sacrifice their privacy to use Windows 8 fully, in addition to a EULA written in legalese that goes on forever, which nobody who isn’t a lawyer will fully understand. If they don’t, then there will be huge swaths of missing features. (And since it is proprietary software, you absolutely cannot trust anything it says or does, so the choice is misleading anyway.)

As Dr. Richard Stallman has said, Windows is malicious software. Their privacy policies open up the user to all kinds of abuse for simply agreeing with the EULAs (which are mandatory if you wish to use Windows), and in the EULA you agree that Microsoft can slip in updates or change the EULA at any point in the future. So, if there is something malicious that Windows currently does not do, then it would be very easy for them to slip that into an update and push it out tomorrow.

They’ve done this sort of thing before, countless times. Anyone remember how “Windows Genuine Annoyance” wasn’t originally part of Windows XP?

Anyone remember when Windows XP and Vista would simply lock you out of your computer and forbid you access to anything even if the software was legally licensed and Microsoft just happened to screw up?

Idiot Exploiter being in Windows 98 without an uninstaller got Microsoft some DOJ attention, but it’s literally EVERYWHERE in Windows 8, and it’s more malicious than ever.

Here’s what you agree to send to Microsoft now to get a fully functional copy of Windows 8 if you take the default settings (Some of these have been a requirement of various Microsoft apps and Windows in the past, some are new. This is in addition to anything mandated by their EULA, so you can’t opt out of all of it even if you tried):

Every site you visit in Internet Explorer.

Everything you download with Internet Explorer.

Every URL you click on in an application from the Windows store, regardless what browser it opens in.

Every web resource that an application loads.

Every application you have installed on your computer, regardless of where it came from.

Your EXACT location. (Via IP geolocation or GPS coordinates.) when you use an app that uses this feature. Note: GPS coordinates are accurate to within a few inches.

Crash data for any application that has a problem, including a memory dump. (Those can include personal information like passwords, site login data, your bank account information, truly any information the app had in memory when it crashed.)

Which parts of Windows Help you have read, and what URLs you clicked on in that.

You agree that they can force application updates on you, silently, even to install malicious features,even if you didn’t want the update.

You agree that they can update Windows, including for the purpose of stuffing in more malicious features, even if you didn’t want the update.

Applications can use your name, account picture, location data, and various Windows Live features, as you.

Perhaps most disturbing at all, the Windows Store and many of the applications that come with Windows that can’t be removed, like their messenger program that censors its users and spies on what they say, require you to sign up with a Microsoft Account (which is, I guess what they’re calling Passport these days), and to fully utilize the software store, you have to link a major credit card/debit card to your account and agree to anything Microsoft or apps you use try to charge to it.

You agree in the EULA that Windows can update things like their Windows Media Digital Restrictions Malware and you won’t try to stop it.

The US DMCA makes it illegal to try to break their Digital Restrictions Malware, even if it’s because it fucked up and you’re just trying to use the content you “bought”. Or because Microsoft’s latest DRM’d music store flops and they take down their license renewal server. Happens.

If you use any of Microsoft’s “Cloud” features, you agree explicitly that they can share your information with advertisers or the federal, state, or local government units with or without a valid search warrant, and you also agree that you hold Microsoft harmless if they fuck up and delete your data. So don’t upload anything expecting to ever get it back out. But, these are problems with most cloud services, which is why you shouldn’t use them.

We live in an age where the government doesn’t even need warrants because people tell them everything they want to know, willingly. How many criminal cases has the government been able to make out of data that Microsoft, Amazon, Google, and Facebook have turned over? We might never know.

These reasons, and many more are why it’s time to consider making the move to Free and Open Source software. There’s no 20 page EULAs, no “activation”, no spyware, fewer headaches, and no bullshit.

Big companies have proven time and time again that they are not to be trusted with your information. Why do people agree to give them more and more of it all the time in light of this abuse?

If you need a starting point in learning about Free and Open Source software, what it is, and more reasons you should be replacing your proprietary software with it, here’s some places to read up about it.

https://en.wikipedia.org/wiki/Free_and_open_source_software

https://en.wikipedia.org/wiki/List_of_free_and_open_source_software_packages

https://www.gnu.org/philosophy/free-sw.html

http://www.opensource.org/osd.html

In short, there’s probably a suitable free and open source replacement for almost everything you use, even for operating systems such as Ubuntu and Fedora, office suites such as LibreOffice and Caligra Suite, even replacements for Photoshop, like The Gimp. Of course that’s just naming a few.

Look Daddy, I’m feeding your credit card to the ponies! OM NOM NOM NOM!!!!

Switch now, and you will not only have the peace of mind that nobody is using your computer against you or effectively leasing your own computer out to you, or using your software to censor or spy on you, but also that they can’t rack up fraudulent credit card transactions from an app that is targeted to your children which sells them pretend apples and hay to feed imaginary animals with.

One Apple customer was recently in the news, horrified, that his seven year old daughter managed to rack up the equivalent of about $350 US dollars to his credit card, which Apple simply allowed to go through. If you think Microsoft will be treating customers any better, I would suggest that you’re in for a painful life lesson.

One more disturbing trend….

Each version of Windows comes in yet more “editions”. “Edition” is just a nice way of saying they cripple it a bit more and a bit more to segment the market and create price points. This is something else you never see in Free and Open Source Software, because it would be pointless. Nevertheless, Microsoft has decided that Windows 8 will not play a DVD or Blu Ray without the “Media Pack”, which will be an additional fee.

How much? They declined to say. For reference, adding DVD playback to Windows Media Player in Windows XP cost $25, and adding Blu Ray support to Windows has typically meant a MONTHLY RECURRING SUBSCRIPTION fee because it requires downloading the new content restriction keys every month, so if you stop paying, your discs stop playing. Isn’t that cute?

Benjamin Mako Hill wrote about this deliberate software crippling in an essay about Windows NT 4. He called the disabled features anti-features. The point he made, quite concisely, was that if you pay Microsoft for anything other than the most expensive version, you’re literally paying them to remove features from your software. He also made a list with more examples of products with antifeatures.

There’s much more detail I could go into, but this is yet another wake up call that you deserve Freedom, and Free Software gives you the Freedom you deserve. The Free Software Foundation defines “Free” (as in freedom!) Software as giving the user these four freedoms.

• The freedom to run the program, for any purpose (freedom 0).
• The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

In short, you are free to study, modify, redistribute, and use the software, for any purpose, and you are never “under surveillance” by it or unable to help your friend by sharing the software with him or her.

Microsoft and Apple both have something in common; they try to make the user overlook all of the things they have to sacrifice just to use their software, by making it pretty on the surface. That pretty surface is only skin deep, and underneath it, the internals of the system are as bug-ridden and as DRM-encumbered as ever. Just because you paid for a license doesn’t mean they can’t come back later and terminate it, for any or for no reason, without a refund.

What’s most disturbing, above and beyond anything else I’ve talked about, is when the software is so tied to the hardware that the hardware is useless without their software (such as Windows on ARM or the iPad). What do you do if they throw you out? I guess you have a really expensive door stop. (Did someone say, Plasma Active? Yes, you should use Plasma Active.)

Windows 8 gives you a choice. You can keep surrendering more of your freedom to Microsoft and other malicious software companies every year, or you can get off their slippery slope right now.

Microsoft censors Windows Live users. Gives free speech a treatment that would make any tyrant dictator proud.

Ballmer still wants to “fucking kill Google”, but first, Bittorrent.

You’ll have to wait until May to see Sacha Baron Cohen’s new movie, The Dictator, but in the mean time, Sweaty Ballmer wants to show us how being a petty tyrant is done.

Torrent Freak reports that Microsoft is censoring Windows Live Messenger users.

When the user enters a link and it’s to a site that Microsoft doesn’t like, Microsoft’s new approach is to block it at their server and report back to the user that the site is “dangerous”.

So far they seem to do it with The Pirate Bay, which probably hosts and serves less malware and spyware than Microsoft itself (source source source) or sites that aren’t being blocked by them, such as CNET Download.com which delivers crapware bundles with legitimate software.

Since the censorship of links is done at the server level, it means that (not shockingly), Microsoft is monitoring, logging, and spying on everything you say or do while connected to their chat service. It also means that users of alternative messenger software which doesn’t come bundled with the ability to display malicious advertisements like Microsoft’s official client does will not escape the Microsoft server spying on them and kicking back any links that Microsoft doesn’t like. If Microsoft can’t keep their own software and websites from installing malicious software onto Windows PCs, they shouldn’t be blocking anyone else under that excuse.

Microsoft’s official terms of use for their spyware instant messaging network clearly forbid the user from taking any measures to protect themselves from Microsoft’s built-in advertising, which ranges from merely obnoxious, to becoming hijacked to serve malware, either by applying binary patching to their official software, adding “127.0.0.1 rad.msn.com” to their hosts file, using Privoxy as their system-wide ad filtering local proxy server, or using free and open source software such as Pidgin (which runs on many platforms) or Telepathy (which now has front ends for GNOME and KDE, and what I personally use with the Jabber instant messaging service).

The penalty for being caught doing any of this is the worst kind of censorship that Microsoft can impose on their users, total account deletion. Some choice excerpts from the EULA for Microsoft’s instant messaging service.

” In particular, we may access or disclose information about you, including the content of your communications”

“We may cancel or suspend your service and your access to the Windows Live ID network at any time without notice and for any reason.”

In addition, the terms point to a separate obnoxious Code of Conduct with such gems as:

“You will not use any form of automated device or computer program that enables the submission of postings without the express written consent of Microsoft Corporation.”

Among other things, you agree that you won’t post links on how to bypass the security of computer software or break DRM, piracy, “pornography” (which even the Supreme Court has been unable to define, but thank god we have Microsoft as the arbiter of all things wholesome), and of course you are responsible for anything that malicious Windows software decides to do once it has taken over your computer and starts spamming all your friends. (which is bound to happen sooner or later considering you’re using Windows).

Of course, Microsoft includes the clause that lets them delete your account for no reason at all, so really anything you do can (at their whim) be grounds for suspending or deleting your account.

Bottom line: Microsoft is malicious and abusive and anyone who bothers to read their burdensome, obnoxious, and dangerously open-ended and one-sided policies and licensing agreements would have already known this.

If anything, this should serve as another wake up call to ditch Microsoft and their abusive policies and a reminder that if you think Microsoft can be trusted, you’re living in a dream world.

Should Mozilla support h.264? It depends.

There’s news that Mozilla is considering supporting the patent-encumbered and dangerous MPEG-4 formats known as “h264″ and “aac”. LINK (As reported by The H Online)

It’s unfortunate that it has come to this, but I am in favor of doing it in the way they have described. Albeit unenthusiastically…

We know that there is a dangerous and criminal organization out there called the “MPEG-LA” that doesn’t innovate or produce anything, but acts as a “patent pool” to sue victims who try to implement media codecs without their permission. They “own” several thousand “essential” patents (meaning that you can’t implement the spec without violating them) describing what h264 with aac does.

Microsoft and Apple, which are also criminal cartels, are also members of the MPEG-LA, and are trying to wipe out the open and unencumbered VP8 and Ogg Vorbis combination known as WebM by refusing to support it in Safari and Internet Explorer.

Mozilla and Opera have so far not implemented MPEG codecs because they would be gouged by the MPEG-LA’s innovation tax.

The problem for the user, which is caught in the middle, is that sites that are out there today and insisting on MPEG-4, such as Vimeo, won’t work in Firefox or Opera in HTML 5 mode, and require the proprietary binary blob with gazillions of security problems known as “Adobe Flash” to play their content.

Mozilla is not proposing to ship the offending codecs themselves, but to just use the ones on the system, if any. On Windows, they can hook into DirectShow, on OS X they can hook into Quicktime, and on Linux they can hook into and use anything Gstreamer can play. Of course Android,  iOS, and Windows Phone (with all three people who have one) all have their own media codecs.

The problem with this is that it shifts the responsibility to the user to make sure they have codecs. In most cases, the platform in question is promoted by some big company that sees the MPEG-LA siphoning their profits as a cost of doing business, but the codecs are there nonetheless and Firefox is currently not making use of them. It’s the case where a person uses free and open source software, such as a Linux distribution,  and doesn’t want top be gouged and run nonfree MPEG Cartel-sponsored gstreamer codecs (from Fluendo), that they have to make a choice about whether to use the codecs that infringe US patents (such as the free and open source gstreamer codecs). In the case of proprietary software, the choice was already made for them, as most choices usually are.

Therefore, my position is… With the objection to the MPEG-LA cartel even being allowed to exist at all. That Firefox should use whatever the user has installed. Refusing to play formats for which the user already has codecs is ridiculous. The user should ideally be using software that respects his or her freedom (such as the gstreamer-bad and gstreamer-ugly codecs, which is where ones with patent problems end up). Even more ideally, the laws should be changed to invalidate every last software patent out there so that the user is free to do what they wish with their own computer, and programmers are free to make software that can compete with established monopolies like Microsoft and Apple. Until then, a couple of minority browsers ignoring those codecs won’t make those codecs go away any more than some Linux distributions not officially providing MP3 codecs has made MP3 go away. Those sites are out there, and users should not feel compelled to use proprietary software such as Internet Explorer, Safari, and Google Chrome to simply view them. Just as users who encounter MP3s, while this is unfortunate, should not have to use proprietary software to play those MP3s.

As a second point for this position, we know Microsoft slips trojan horses into competing browsers on Windows, and so if Mozilla doesn’t do it, Microsoft will wedge in another broken plug-in that is full of security problems to Firefox users on Windows. By making the change in Firefox, they can preempt Microsoft infecting Firefox with more things the user may not have approved of.

It’s unfortunate that this method will make it the user’s problem to decide if they care about using untaxed codecs, but you can thank Microsoft and Apple that someone is going to be stuck with the check.

Not amused by Spotify

Just a short post to anyone considering Spotify, don’t.

List of reasons (for me anyway):

Their Linux support is a joke. To access their API you have to agree to have proprietary software installed which can’t legally be bundled with software under the GPL. Their official statement appears to be “use Wine”. My reply: “Fuck that.”

Their monthly fee is several times more expensive than Last FM’s.

The artists get basically nothing from the fee you pay.  (Same is true for other internet radio services though. The MAFIAA keeps most of the money and gives the rest to the Billboard Top 10, so Justin Bieber gets paid for your listening to Alice In Chains.)

Oh yeah, their Android app crashed my tablet several times.

They require you to sign up with the voluntary spyware company called Facebook to get a Spotify account.

I scrubbed and I scrubbed, but they just don’t make water hot enough!

Google is being sued by some idiot using Safari on a Mac. US Congress critters investigate.

I noticed this yesterday and decided to comment.

There’s a big stink going on right now. Someone found out that Google was setting “third party cookies” (for their advertising servers) in Apple’s Safari browser, which defaults to not loading third party cookies (which I’ll get to in a moment).

Now it appears that someone using Safari on a Mac that expected privacy somehow, is suing Google. (The PC World article on the first link has a more accurate technical description of what’s going on)

In short, someone found a bug in Safari, and now Google is being sued and is under investigation by Congress. We know how much Congress can be expected to know about the internet based on their hilarious to horrifying attempts to regulate it as many of them uttered things like “I don’t know how this here internet thing works, but they tell me….” or the late Senator Ted Steven’s infamous “series of tubes” comment. To say nothing of the fact that Congress flip flops between mandatory tracking for all and bullshit “consumer privacy concerns” such as this one. (For those concerned with the former, the bill is called HR 1981, but a more fitting name would be HR 1984)

If this was a bug in Firefox, it would be fixed. If it was a bug in Chrome, it would be fixed.

Somehow, Microsoft and Apple users seem to think they can use proprietary secret software when they’re not allowed to know how it works and have privacy at the same time. Software which has a history of many bugs,  with vendors that typically take weeks/months/years to patch them once they’re made public. These companies also slip back doors into the software for various government agencies.

Apple was recently caught with a back door that they put into iTunes, it remained there for 3 years, undetected, which facilitated man in the middle attacks. (A government could use this to run a counterfeit iTunes server and load malicious software onto the victim’s computer. The article calls it a flaw, but we know what was really going on, and that it was likely just moved.).

There’s no way you can trust Microsoft or Apple’s software to protect your privacy. Anyone who has actually read the EULA for Windows (especially XP, Vista, and 7) should know that there are at least several dozen Windows components that phone home to Microsoft with your personal information. Most do it over an encrypted connection so that the user has a very hard time telling what is actually being sent to them. Apple isn’t any better.

Let’s get back to cookie controls. They’re a red herring. They’re totally bogus. They don’t do anything for you. Every browser has them, even Internet Explorer 6. They don’t do anything to protect you because cookies are passe. Tracking and spyware sites have developed data mining techniques that work well even if the user clears every cookie they ever set.

One method is to associate IP addresses with log ins. Facebook, Google, and Microsoft all do that. Even after you log out, it’s possible for them to track you personally. There’s other methods. Browsers like Firefox and Chrome are just now starting to implement watered down privacy controls for Adobe’s Flash software (which is proprietary software and a frequent cause of cross platform/cross browser security problems).

Flash has “supercookies”, or what is more technically known as Local Storage Objects. Flash LSO’s can be up to 150 KB (which is 37.5 times larger than a cookie), a site can store as many as they want on your computer (just like a cookie), and (unlike cookies), most browsers do very little to nothing about them. Silverlight has something similar, users of Windows where Silverlight is sneaked over the fence by Windows Update should take notice of that.

The take home message here is that it was ludicrous for this guy to expect any kind of enhanced privacy just because Safari has some lame cookie controls which are a piss poor clone of something Mozilla introduced well over 10 years ago. I really doubt that will stop this frivolous lawsuit, and I fully expect the anti-Google interests called Microsoft and Apple to play this up for all the drama it’s worth.

Microsoft hired the scumbags over at  Waggener Edstrom a while back to launch a smear campaign against Google, and Microsoft is already jumping on this Safari problem like a dog in heat. (I won’t link since I can’t seem to find an article that is telling people the truth about where the anti-Google smear is coming from. Waggener Edstrom specializes in astroturfing and attack ads. They’ve worked for companies like BP and Walmart, and for many a corrupt politician. (When you see that disgusting outrageous pants-on-fire “GMail Man” attack ad, that’s who made it).

If you’d like to know more about these people, Techrights has occasionally blogged about what they’re up to and who they work for.

So now that we’ve covered the facts about Microsoft and Apple, IE and Safari’s lack of real privacy controls, and why cookie controls do nothing.

There’s a number of things you CAN do to really prevent or limit how sites track you. Here’s some suggestions.

Firefox users can use Adblock Plus (just remember to opt out of the “acceptable ads nonsense). Delete Easylist’s filter subscription, and add these instead.

Better yet, use Chrome/Chromium with Chrome Adblock, remove Easylist, and use these instead. (Chrome Adblock is better than Adblock Plus for Chrome, the two are unrelated)

Firefox or Chrome 17+ users can install HTTPS Everywhere (The Chrome version is an alpha for the time being, but it does work)

Opera users can use Opera’s content blocker to block advertising and stat/tracking sites. Pre-made lists here. Remember to manually update them now and then or skip the process and let Opera Adblock do the same thing for you if you have Opera 11 or later.

Firefox and Chrome can also block Flash applets from automatically loading, saving you bandwidth and making flash applets that track you or load malicious software less effective. Firefox has Flashblock, Chrome users can enable the Click to Load option in the advanced settings for plug-ins.

Weaker protection for users who insist on inferior browsers with government spyware built in.

Internet Explorer 9 supports “tracking protection lists”, which are a small/watered down subset of true content blocking. Pre-made TPLs for IE here.

Safari users can use Safari Adblock, it’s from the same guy that made Chrome adblock. I’ve never used that one, but if it comes with Easylist, rip it out and add these.

The bottom line is that the only way to protect yourself from tracking servers is to not connect to or run applets from them to begin with.

Thoughts on Linux and so-called Secure Boot.

DRM, fun for the whole Family License Pack

The uEFI Forum is largely a bunch of SOPA promoters hoping to turn your PC into a locked platform using DMCA anti-circumvention laws.

Unfortunately, the next generation boot firmware for the PC not only fails to completely replace the PC BIOS (which will continue to be used for power on self test and hardware initialization). Those in the know, beyond the corporate media spin doctoring, know that uEFI is just a layer of DRM and corporate lock-in that rides on top of the 30 year old legacy BIOS that starts the computer in real mode just like it did in the 1980s.

uEFI is not a next generation PC boot firmware, we’re being sold a bill of goods. The biggest particular problem is “Secure Boot”. Users are being mislead into believing it has something to do with securely booting a computer while its true purpose is to lock the user into running whatever corporate-sponsored OS that came with the computer, and turning them into a criminal by forcing them to commit a US federal felony by circumventing it to install free software as the computer’s operating system instead.

For the latest lies from the corporate-sponsored media, we go to The H Online which has declared that “Securely booting Linux [is] a “difficult” proposition”. The H is becoming less of a legitimate news source about free and open source software, and becoming more like just any other anti-free and open source rag that mindlessly recites anything that Microsoft pays for. The Register is another example of such an occurance. Over time, Microsoft starts writing their Linux news and you get libellous headlines instead of information. It’s not like the Red Hat employee that they cite is helping dispel this propaganda. (more in a moment)

uEFI “Secure Boot” (which should be called Restricted Boot since it is designed to lock you into an ISV’s operating system software), is is a complex specification. It relies on a nebula of assumptions about the state of the hardware and the bootloader that are not necessarily true and are easily forged. Even if that was not the case, it relies on an assumption that there are no firmware bugs which can be used to subvert and bypass it. It will not provide any meaningful level of additional security to users of any PC operating system, even if it agrees to boot the operating system that the user is trying to use at all. It is designed to turn anyone who cracks it into a criminal, by forcing them to violate Section 1201 of the Digital Millennium Copyright Act and being liable to be sentenced to prison for trying to use their computer in freedom.

Cited in the contemptible malarkey is Matthew Garrett, a Red Hat employee. Red Hat is a member of the uEFI forum so that they can sign RHEL and won’t be stopped by Restricted Boot on any workstation or server that comes with their software. I’m pretty sure that this is why we won’t be seeing the GRUB 2 bootloader on RHEL any time soon. GRUB 2 is licensed under the GPL version 3, which  protects users from what the FSF refers to as “Tivoization”, which refers to the practice of using free software in a manner that locks the user out of their system with free software, by using DRM in that software.

If Red Hat shipped GRUB 2 and did not disclose their signing keys as teh GPL 3 requires(to protect the user from exploitative hardware/software vendors), they would be in violation of the GPL. The Free Software Foundation could revoke their rights to use the GRUB 2 software. Red Hat has a lot of resources and can probably maintain their fork of Grub 0.97 indefinitely so that they can cooperate with hardware makers to restrict the user. Red Hat benefits from user lock-in just as surely as Apple and Microsoft do if only their signing key is in the uEFI Secure Boot implementation on hardware that ships with their operating system, because there won’t be any of that pesky competition on any system that comes with RHEL.

So right off the bat, I don’t think Matthew Garrett can be a trusted source of information because he is obviously tainted by his employer, and has the same reasons to lie and mislead you as Stevan Sinofsky of Microsoft.

Canonical (Ubuntu) is also a member of the uEFI forum and can probably use Secure Boot on embedded ARM systems to trap people in Ubuntu. They can’t use GRUB 2, but there are bootloaders for ARM, some of them proprietary, which can be used instead. They can probably also sign Ubuntu LTS releases and get their signing key into workstations and servers that ship with Ubuntu, for much the same end result as the RHEL situation I described above. They could even use Grub Legacy in that situation. It didn’t just disappear, it’s still being carried by them if you look up “grub” in their software repository.

A better news flash would be that there never was, is, or will be a way to securely boot a PC, and that corporations are salivating at the prospect of using it to lock end users into their operating system software, to keep the user trapped with whatever their computer happened to come with. The headlines designed to smear Linux are just paid for by Microsoft. The “bootloader attacks” that Secure Boot is supposedly meant to deal with are mostly attacks on the Windows Activation system that rely on bootloader exploits to make Windows believe it is an OEM copy that came with the PC so that the user may use a copy of Windows without paying for it.

Microsoft isn’t interested in stopping the malware of the week from stealing your identity or subverting your system and using it to display (sometimes pornographic) advertisements, which are just two of the things that Windows is known well for. They are interested in stopping the user from being able to run their own software on their private property and from getting away with using a less crippled version of Windows than what came with their computer without forking over more money through the Anytime Upgrade scam.

I don’t believe the corporate ambitions of Red Hat or Canonical are any different.

This work by Ryan Farmer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

On SOPA

(This is made up of a set of email I sent to some of the contacts on my address book. I figured I might as well post it here too.)

A good deal of the major web sites have blacked themselves out today in protest of SOPA.

Many of them would not exist at all if SOPA/PIPA (also known as the Internet Blacklist Bills)  were to go into effect, or had it been in effect at the time they had started out.

The list of sites includes Wikipedia, Google, and Facebook, some of the most popular sites on the internet. They, and other productive businesses, are under a coordinated attack from large and entrenched companies who distort the news, promote proprietary closed source software and DRM, and troll innovative companies with bogus patents issued by the United States.

SOPA/PIPA doesn’t just threaten “pirates”. SOPA/PIPA threatens free and open source software, and free and open content. It gives the US government, without any court order, the ability to remove sites from the internet. Not just in the US, but worldwide. It must be stopped.

In my personal opinion, it would blow up in the face of the proprietary software companies that are promoting it, and possibly lead to a mass exodus to free and open source software (at least until the rich business criminals at Microsoft and Apple figured out a way to shut them down with unfair legal tactics). As tempting as it would be to otherwise just not care about SOPA/PIPA because it would likely cause these companies to  choke on their own greed, gloating at the prospect that the government thugs will take sites distributing this proprietary software down is not the right thing to do. An act of repression is not a good thing, even when it is likely to backfire and cause a revolt. (Besides, you’d think ICE actually had a job to do that isn’t getting done. Hint hint.)

The protest against SOPA/PIPA has forced the mainstream media to (sort of) do their jobs. They were silent on it before because many of the larger ones like MSNBC/CNN/Fox Noise actually supported it.

With sites like Wikipedia and many others gone black or having had large protest banners today, they had to come out of hiding.

The protests have done at least some good. They have raised awareness of this repressive piece of Anti-American legislation, and chased some of the supporters away from it. It lost at least three co-sponsors today as a direct result of the protests.

http://latimesblogs.latimes.com/technology/2012/01/sopa-blackout-sopa-and-pipa-lose-three-co-sponsors-in-congress.html

Many of them gave the MAFIAA (MPAA/RIAA) people a chance to attack the grassroots protests with rhetoric and smear.

Says former Senator, turned MAFIAA shill, Chris Dodd,

“Some technology business interests are resorting to stunts that punish their users or turn them into their corporate pawns, rather than coming to the table to find solutions to a problem,” says Chris Dodd, CEO of the Motion Picture Association of America, which supports the bills. “A so-called blackout is yet another gimmick, albeit a dangerous one, designed to punish elected and administration officials who are working diligently.”

http://www.usatoday.com/money/industries/technology/story/2012-01-18/SOPA-PIPA-protest-reaction/52641560/1

You might remember Senator Dodd, he resigned because the MPAA offered him a truckload of money to be a lobbyist working against the American public, and for the rich business criminals who make up the MPAA.

SOPA was largely written by members of ALEC. Most people don’t know what ALEC is, but ALEC is actually the government of the United States. The real one. It’s made up of corporations, lobbyists, dirty money, and private lawyers that hand off finished bills for the shills in Congress to introduce and pass.  They probably figured SOPA/PIPA would simply sail through like the rest of the US laws they write, such as the Digital Millennium Copyright Act. Normally, their attacks on education, the right to read, and the right to share and help your friends goes unnoticed. Indeed, the DMCA was mild compared to SOPA/PIPA. It managed to get rammed through back when the “social” media phenomenon of the internet was not as vibrant as it is now, or it too may have been shot down by overwhelming public outrage.

http://alecexposed.org/wiki/ALEC_Exposed

ALEC has written a number of state level laws and passed them off to their shills in state governments across the United States, including in Indiana. The “Right To Work” bills are largely their doing. An attack against living wages and jobs with good benefits. Companies wish to deal with workers on an individual basis so that they are expendable and, unable to bargain with their employer, have to accept whatever lousy pay and benefits they’re offered.

Wal-Mart (a member of ALEC) in particular is supporting that one, because it likes to hide the true cost of their merchandise. By avoiding unions, paying their employees minimum wage,  and giving most of them no health insurance or benefits. You may think you’re saving money when you shop there, but those employees who work 40 hours a week end up in the line for food stamps and Medicaid. Wal-Mart shifts the difference onto state and federal tax payers, who must foot the bill regardless of if they even shop at Wal-Mart.

SOPA/PIPA is only a symptom. In fact, I’d say that we’re fighting the wrong thing. The disease of bad government remains. You can’t fight a cancer by treating only the symptoms and hoping it goes away.

Finally, I notice that Chris Dodd speaks of middle class jobs being destroyed by “piracy”. I wonder what middle class jobs a branding company full of lawyers and former US senators actually produces. Are they talking about the Mexican cleaning crew that goes over their restrooms or something? (As for Microsoft, they employ very few Americans. Most of the development on Windows and IE is done in India and China.)

Our government has been taken over by these people. When Ben Franklin was asked whether we had a monarchy or a republic, he apparently answered “A republic, if you can keep it”.

Fighting off theocrats and big business interests who want to subvert our freedom, by fighting individual acts that they commit against us, is like trying to cure malaria by swatting at mosquitoes (to borrow part of a Richard Stallman quote about fighting off software patents).

We no longer have a republic, we have a Corporatocracy.

This work by Ryan Farmer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Are bandwidth caps a sneaky way for ISPs to profit from Windows malware?

Call me now for your "free" readin!

Back in the 1990s and early 2000s, there was a class of malicious software called a “dialer”.

The “dialer” malware type was Windows software that either tricked the user into running it (trojan horse)with the promise of porn or something, or found its way onto the system with minimal interaction from the user, like most malware for Microsoft platforms does. When launched, the software would typically pick up the modem and dial a foreign country or a 1-900 number, and instead of blocking the call, the phone company would let it go on and on as long as they could because they could pass along the bill and share in the ill-gotten profits.

The phone companies also partook of another scheme unrelated to computers, but which I will mention because it serves to point out the general pattern I am discussing. Remember those “free” psychic reading advertisements that came on the TV? The phone company would really start billing you $4 a minute after 3 minutes. (Fun fact: The psychics were fake. (duh) According to the FBI and FTC investigations of the so-called psychics, they were using a technique called cold reading. They had script that branched out like a tree and were designed to keep the victim on the phone and racking up charges for as long as possible.) The phone companies, again, sat back and shared in the ill-gotten gains.

Now the year is 2012, and more and more ISPs are imposing bandwidth caps. They claim that users using bittorrent heavily are among the reasons they need to overcharge. In reality, most of the traffic on the internet is generated maliciously by Microsoft Windows malware doing one of three things.

Worms trying to spread and shotgunning random IP ranges with port scans to try and “get lucky” and find infectable hosts. Since most Windows users use ineffective antivirus/no anti-virus and/or don’t install their updates, this is pretty easy to do.

Botnets sending spam. Microsoft Windows malware is responsible for over 95% of the spam emails and spam instant messages.

Botnets sending tons of garbage data in a coordinated attempt to bring down a web site running Linux or a BSD, which the attacker would likely never take down in a direct attack on the server itself. In fact, it’s not even the OS that crashes due to the onslaught (unless it’s Windows Server), it’s usually just that the site’s internet connection is swamped and no longer able to fit in any real requests.

I don’t use Microsoft software, but because many people do, I am still in danger if someone decided to DoS me.

Back on point, this traffic is immense, and many people leave their computer on for a great deal of time or 24/7. So if the malware floors their internet connection, even if only while they’re away from their computer to avoid suspicion, you will overrun your cap fairly soon and the meter for overages starts running.

AT&T DSL has a cap of 150 GB. Windows malware could overrun that entire allotment in 1-2 days, and have the rest of the month operating in your overage use, which AT&T silently sends you into at a rate of $10 per 50 GB. You could spend the better part of the month paying $30 a day + your $45 monthly fee for the DSL line simply because you use Windows. (That’s a bill of over $900 for those not bothering to fire up their calculator).

Ouch. The tragic part about this is that technically illiterate people like my mother will just blame “the damned computer” like they do so often when Windows causes them problems.

If you would rather not pay for spammers to use your PC to send me spam emails might I suggest Android or a GNU/Linux distribution?

Open source software tends to be more secure. For a variety of reasons. Closed source is not just about controlling the customer, it’s also about controlling the perception of a product. Hiding source code makes it easy to cover up bugs, work arounds for bugs, security problems, and inefficient, bloated, and downright incompetent code. Microsoft does this a lot, but it isn’t just them. Apple is a false choice that is much the same.

The idea that a sucker is born every minute is not only true, it’s the only way phone companies, cable companies, psychic hotlines, malware writers, and proprietary software companies stay in business and make so much money.

Microsoft to auto-destroy many copies of Windows with IE “upgrade”

U INFECTED BRO?

Today on The Heise Online, they mention that Microsoft is set to automatically download and install the latest version of Internet Explorer that manages to run on the particular Windows version installed. Since XP is the oldest thing they support, those users will get the obsolete Internet Explorer 8 browser, and Windows 7 users will no doubt get IE 9, which is only barely an improvement over IE 8.

I have no idea how they plan on updating Windows Vista users, but that will no doubt be another surprise for anyone foolish enough to actually be using it. There is IE 9 support for Vista (Which is where they will cut off support), but to get it you need a humongous “platform update” full of select backported crap from Windows 7.

Regardless of what version of Windows the user has, an Internet Explorer update is always dangerous since Microsoft continues to claim it is a system component and not a web browser. It means that at best, you need to reboot your computer, and if the upgrade goes wrong it can mean anything from Internet Explorer not working to the Windows shell failing in inappropriate ways. Internet Explorer installations and upgrades have had a significant number of cases of destroying the operating system beyond being salvageable since at least Windows 95.

No decent operating system claims the web browser is an integrated component that can’t be removed. The Internet Explorer situation is a continuing monopoly abuse and Internet Explorer itself is a relic from the 1990s, when Microsoft tried killing Netscape by forcibly installing their own web browser into Windows.

While we’re on the topic, most other operating systems don’t need to reboot after the user updates their web browser, file manager, media player, email client…..

This “almost comical if so many Microsoft victims weren’t suffering through it” situation makes me wonder what kind of a contrived setup those Microsoft funded “studies” used to get “99.999% uptime”. As soon as you apply any patch or update for Windows, it needs rebooted before the new files are used. Even if the user doesn’t want to reboot. Windows will pester them until they do or better yet, start a countdown and reboot the computer without regard to any work the user has left open and unsaved.

This was one factor, out of many, that frustrated me enough to leave Windows. Another factor is that they routinely triage security patches and frequently leave critical flaws open until the next month, like they did with BEAST this month.

That graph is funny, isn’t it? It’s not that Windows has gotten safer, it’s simply that Microsoft is stretching to classify updates that once would have rated critical as “important” based on the factors of “security improvements” in Windows that are often ineffective. (ASLR not being as random as it could be. NX/DEP being off by default for 32-bit software, many applications don’t bother using stack smashing protection because it exposes their programming flaws and causes them to crash, etc.) In many cases the user is left less than protected by what passes as Windows “security improvements” which is why malware is still rampant.

How can any human being tolerate this?

Help yourself to a decent operating system or at least a decent web browser. Firefox Chrome Opera