Dear AJ, On Fri, 26 Dec 2008, Alvin ONeal wrote:
With respect to Ubuntu--it's getting there... It's not worth the predators' time right now, but once it is, along will come the viruses and trojan horses, etc.
That's been a concern of mine too - especially because I don't know if people of that moral fiber would follow the convention that anything loaded as a module to the kernel should be licensed gpl and provide a readme with a link to the licence, contact information, and source code.
If the pre-requisite information (source, makefile, README, license, vogon poetry, yadda-yadda :^) does not get uploaded, signed and accepted by the community, it tends to not reach repositories. That is true for the Debian/Ubuntu gang, also I believe for the yummies and 'rpm' repos (bless 'em :^), the BSD folks are simply too vigilant to let anything squeak through (think Roman Catholic Penguins... maybe worse!) and the Gentoo gang - hedonists! (well what can I say? I understand they throw great parties...)
That said there is nothing that keeps a user (or a rootkit :^) from diddling your /etc/apt/sources.list file and directing aptitude to load and trust a cesspool of malware, but hey, where would the story be without a dark side?
I run `apt-get install trojans virii malware` every few months just to see,
On a practical level it is important to understand that Zimmerman, back when he managed Debian list security, re-wrote the aptitude system to normally force digital signature of all '.deb' packages. The result of this is that you need to be part of a rather extensive 'web of trust' in order to contribute code to most repositories. BTW Merry Christmas Matt!
...but it seems that the current package maintainers just aren't concerned enough with those windows ports... It's a pity because that's what most of my friends run on their computers and I just can't relate. It creates a sort of culture divide that I just can't cross...
The cultural divide you allude to between Window$ and Linux is even wider and deeper than this. Suppose, for instance, you only read one book. Suppose you knew because you had been told, that in life you could never meet the author(s), but you could, should and must trust this good book. Now, if you met and started talking to someone who knew many authors and read many books, you might resent, or at least be confused by the need for more than one good book. If this person continued to yammer about how good these other authors and other books were, you might become sullen, resentful... maybe even violent?
The good book is not the real problem, could the problem be those who thoughtlessly place their trust in a monopoly? I am either describing the Protestant Reformation, or the Free Open Source movement, sometimes, as a writer, I get confused.
Yet even cynics quote the good Book: IKMMKM = "I Know Mine,and Mine Know Me" (Source John 10:14) Hell, even I, in my hypocrisy and error, occasionally use Micro$oft Word. Oh Good Shepard, feed my sheep... Merry Christmas, and a prosperous 2009 Kindest Regards, Paul Flint (802) 479-2360 /************************************ Based upon email reliability concerns, please send an acknowledgment in response to this note. Paul Flint Barre Open Systems Institute 17 Averill Street Barre, VT 05641 http://www.bosivt.org http://www.flint.com/home skype: flintinfotech Work: (202) 537-0480 Fax: (703) 852-7089 Consilium gratuitum .~. valet /V\ quanti /( )\ numerantur ^^-^^
