Monthly Archives: January 2006

Fernando Gont’s Case: Lost of Good Will

Posted on by
Reply

It was on July 20 2005 12:18PM when Fernando Gont sent an email to bugtraq (at) securityfocus.com, a security mailing list full of people submitting information about software bugs or vulnerabilities from any software or hardware product. On his email, Fernando Gont disclosed the information about “ICMP attacks against TCP” [Security Focus 2005a].

Theo de Raadt, leader of OpenBSD operating system which claimed to be the most secure operating system in the world (OpenBSD 2005), was the person that Fernando talked to and seemed that both person has the same understanding on how to fix the problem. Theo invited Fernando to join OpenBSD Hackathon which is the place for all of computer expert gathered to fix software problems. [KernelTrap 2005]

And the problem begun. As Fernando sent several notifications to CERT/CC and NISCC, and privately notified several open source projects including OpenBSD, NetBSD, FreeBSD and Linux, as well as larger vendors such as Microsoft, Cisco, and Sun Microsystems, his intention is to fix this problem together with software vendors before the problem will be publicly disclosed.[KernelTrap 2005]

Cisco then replied the email claiming that Cisco has the patent of his work but refuse to give further details. Later on the thread, Cisco then admit that Cisco had withdrawn their patent. Cisco even accused Fernando working with terrorist.[KernelTrap 2005]

Microsoft also replied the findings saying that Fernando should inform Microsoft confidentially yet Fernando found out that Microsoft refused to give him credits for the discovery.[KernelTrap 2005]

The discovery was supposedly to be made public by January 2005 but it was repeatedly delayed until April 2005 as many vendors were not ready with fixes.[KernelTrap 2005]

Fernando regretted the hesitate responds from vendors to fix the problem.[KernelTrap 2005] The main point of the case is the hesitation from vendors to fix the problems and the idea of patenting the technology finding that supposed to be owned by public.

Continue reading

Importing Ubuntu CDs to Indonesia? Get Ready For Surprises

Posted on by
2

Applause for Ubuntu for being the the best Linux distro since last year according to DistroWatch. Giving out CDs for community is considered not good enough for them so they will also pay for the shipping fee as well. All you need to do to have those Ubuntu Linux CDs is to register, wait, and probably you will have to pay a small amount of money for repackaging on your local post office.

In Indonesia, The condition is not that simple. Although usually people will get the CDs yet they have to go through a hard time. Since the first time Ubuntu announced the Free CD Shipping, many Indonesian Linux enthusiasts have to face problems with Post office officer. Two common excuse that they are using is basically motivated by getting the money out of you pocket. Receipt? Yes, of course you can have a receipt. But it doesn’t mean anything there. Sue? What sue?

Continue reading

You think you should multitask?

Posted on by
1

Wishing that we, mere mortal, can do more than one task at a time is not an idiosyncrasy. 24 hours is not enough to do several task in a day. We believe that and live with it. We think, the more task we can do at a time, will make us a better person. We think, we should do that and for anyone who cannot do that, they should learn.

It is true that, nowadays, we have more gadgets to make us connected with friends and business partners. However, on the other side, those things disturb us to focus to finish our job.

Another example, you probably have a bad habit like me. Screen-sucking. It’s a term used for the people who waste their time by browsing the Internet for nothing.

This article from Time magazine explains how multitask people live and how gadgets have distraction effect to make you lost of focus.

*nix Admin Experience

Posted on by
Reply

This article is intentionally for those of you who is flabbergasted to encounter the existence of stupid living thing. Some of them got a job as a system administrator and sometimes be your manager or supervisor. This article will show you this species that we can easily found.

It is not about the OS, it is about morons and they’re just alive because we’re not allowed to kill them.

Open Source for Better Security

Posted on by
Reply

“Would you buy a car with the hood welded shut?”[ZDNET 2000]. Most people would answer no [ZDNET 2000]. Microsoft and other non-Open-Source software company have deliberately obstructed the availability of software source code. This practice, although adopted by many software companies, will lead to security problem as customers and users have no access to look inside the software product nor having the access to audit it. The customers and users should have the right to know what is inside the software and not just receive blind quality assurance that the software will not contain any secret code.

An approach presented by Open Source Initiative (OSI) and GNU GPL (GNU General Public License) provide software with several criterias and one of them is the availability of the source code in every software distribution. Using Open Source Software will lead to the freedom that customers or users will not fall into the pitfall of software licensing litigation, secure, and more ethical [Wheeler 2005]. Thus, the presence of source code will allow customers and users to have access to look inside the software product and have the chance to audit the software.

Continue reading