Marco Islas


Security in the Open Source world

Open Source

This post is, as all posts in this blog, personal, and does not represent the point view of my employer. Also, you may have read about this topic in another blog, nothing new, I just want to put in my blog something that have been in my mind for around a week, since all the CarrierIQ issue.

A person that I used to follow in twitter was mocking, no, he was not mocking, he was blaming to Android and the Open Source way it is distributed the fact that there is software preinstalled by the carriers that monitors all user interactions with the device, all the messages he sends, site he visit even if they are over a secure layer, or which app is the user running and which keys does he press. He said something like "There it is, you wanted open source.. you got it".

Some basic facts about this guy, he is an Apple Fanboy, which could be fine, but he is the kind of guy that don't anybody else to buy anything else that does not come from Apple, so, probably he refuse his parents because they are not Apple branded and probably he doesn't have any kid because obviously, he can't have an iKid.

So, the guy believes that closed source is more secure, at least that's what I understood on what he said. The fact: totally wrong. you Just can't say which one is more or less secure, there is closed source software that is the hell secure, the best you can get, and other that you can't trust. The same happens with open source software, there are goods and bads.

But, I believe that Open Source software by its nature tend to be more secure that closed source, this is why:

Open Source Software is builded to let the user know that is the software doing, learn from it modify it and distribute if you are using a GPL license, In some other ways, there is nothing to hide, and if there is a flaw there is a chance to see it and remove it. Something that is hard to do in closed source.

But, what happened to Android?. Well, that's also part of the Open Source nature, there are some licenses like the Apache or BSD license that let you get the code, modify it and distribute it closing it's source. Something that Android had to do in order to get the attention of the device makers and carriers, they have the ability to get open source software, something from the community, tune it up, and distribute it without letting the user know the "modified" code.

At the base, it is Android (An open source operating system with the code released to the public), but the carrier could insert some couple of lines or install software that make X or Y things that don't want the user to remove, or to know..

So, Open Source is insecure, it let the "bad" guys do what we don't!. Wrong Open Source Software gives you Freedom, freedom to use the software you want to. The carrier/vendor want to use it in that way, and sell it to you in that way, it is not the issue of the Open Source Software, is the carrier/vendor.

Let's see, if it were a fact of the Open Source Software, or just Android, why are there devices that don't have CarrierIQ installed (Any Google Nexus phone [with the original software] don't include that tracking software)?, Why is CIQ installed in other closed source device operating systems like iOS or BlackBerry, even in Symbian which at some time was Open Source?.

One way to avoid this kind of things is buy Open Source Software from a trustful source, or get a custom operating system that get this shit removed. If you are a developer, don't let the source to be closed and use a GPL compliant license, if you use GPL the better.

So, please, don't blame Open Source nature if you get a shitty software, blame the authors, they are the ones that are not doing a good job. And if it is closed source... just try to avoid it.

It is still here

Yeap, it is still here, the MacBook Pro 2010 is still with me, mostly because I didn't put my best to sell it months ago. If you are interested or if you know somebody that want a MacBook Pro in excellent state and at a lower price, please let him know.

If you want more details you can Check this link (Sorry it is in spanish) it contains more pictures of the computer and what is in the box.

My experience with Ubuntu 11.10 and the MacBook Pro 2011

Installing Ubuntu in the MacBook Pro

I've bought a MacBook Pro 2011 on March this year, and one of the plans for this computer was to use aside with Mac OS X, Ubuntu.

I have Linux already installed in the MacBook Pro 2010 that I've bought in November 2010, it runs like a charm, everything was working out of the box, with some minor changes and MacFanctld that required to be installed in order to slow down the fan when it is not required.

That's the computer that my parents will have now, and will use as long as the computer live (I really hope it lasts more than the Compaq, that was only 1 year with them).

The 2011 model comes with an intel Core i5 and a 320 GB hard drive, more than enough to me, basically, when I have to store a lot of data that I'm not going to use too frequently I store it in an external hard drive, that hard drive is a 1.5TB and also works as my time machine storage.

One of the features of the 2011 MBP is that it comes with a recent model of the Broadcom's 43xx wireless card. This card hasn't support in linux by the time I bought it, so, to me it was useless. Until the kernel 3.1 was released, then, I compiled and installed, and the wifi works pretty good.

But, there are things that I need to fix to get a fully working Ubuntu station on this Apple hardware: Battery life is pretty bad, I mean, really bad, with OS X it last for 5-7 hours, depending on what I'm doing, with Linux I get at most 3 hours (doing nothing), this is what annoys me most, Linux hackers should really make the battery experience be better, now that everyone is leaving desktops in favor of mobile devices.

Another thing that bothers to me is that I can't use the external monitor, I use it to work, I don't really know if it is because of the intel HD3000 or because of the thunderbold display adapter, but I think is the former. I guess there is a misconfiguration somewhere.

Well, I'll try to post my configurations and experience of Ubuntu on the MBP 2011 here.

Volvagia died


Many of you may already know this, since I tweeted/posted in Facebook hours ago, Volvagia, my old laptop (the one that I used before I get the MacBook Pro 2010) died a week ago. I think it could still be repaired, my brother and I are suspecting from the Microprocessor, and if that's the problem it may resurrect.

Volvagia was running Linux since the beginning, I formatted it one day after I bought it, when I was living in Salamanca, Guanajuato.

What makes Ubuntu 11.10 so great?

I've been a Ubuntu user since late 2007, when I stop using Slackware to use a more friendly Linux distribution, and with friendly I don't meant the wizards and click next next next next all the time, I usually don't like such interfaces unless they are well designed. I meant the easy that it is to install new applications.

OS X of course have an easy way to install applications (drag and drop and some install wizards) but ubuntu is even easier. Not only to install but to keep them updated. Well, that's one reason why I moved to Ubuntu on that time.

Ubuntu has been evolving, from the "pretty and updated Debian" to be a more unique Linux distribution, it is still based on Debian and takes much of the work being done in that great and nobel project, but also develop a branch in the user interface, that makes ubuntu a bit unique. Unity and the whole Ayatana project are making that difference.

I'm waiting for Ubuntu 11.10 and the Linux kernel 3.1 to be released as stable, I need the Linux kernel 3.1 to use the Broadcom 4331 wireless card.

Upgrading to Eclipse 3.7 - Helios

Everything seems to work fine. I had to make a clean install (basically uncompress the .tar.gz somewhere) and reinstall the plugins I use (Subclipse, Pydev). Luckily, there is a mayor version only once a year ;-).

After installation I notice that arrow keys and delete (Delete previous) were not working in the editor. The fix: re-assign the keys.

Affected keys are:
  • Delete Previous to backspace
  • Line Up to up arrow
  • Line Down to down arrow
  • Previous Column to left arrow
  • Next Column to right arrow
This is a known issue with eclipse, pretty annoying

Simple way to change the encoding of a bunch of files

$for i in `find . -iname "*py"`;
do echo $i;
iconv -f ISO-8859-1 -t UTF-8 "$i" > tmpfile;
mv tmpfile $i;
If you are doing it with vim, you can use

:set fileencoding=utf-8


Indian Cherokee kid

Finally, this blog is running on Cherokee Web Server

php-cgi on mac

If you know me then you know that I use Cherokee as webserver whenever it is possible. Usually I serve static content and some php/python stuff.

In the mac, I've never had to use PHP, until now, so I tried to configure Cherokee to support PHP, my surprise is that PHP as cgi is not supported by the PHP installation that comes with Mac, so, I have to install my own.

To do this quick, and easy, I used macports:

sudo port install php5 +fastcgi +pear

#To know other options available, just use
port variants php5

Sure, nothing new.. I just write it to have a note ;-)

Why Why Why Why????

Why Why Why why!!!!!!???

Can somebody please tell me why an application should rely on a case insensitive file system?

Unfortunately this is not the first case that I see such bad ass programs that require you to have the default filesystem on Mac OS. I just can think on lazy programmers that don't bother to cal {ls,cd,dir,myprogram} instead {LS,Cd,diR,MyProgram}.

Photoshop Fuck the WHAT?!!!
Previous page 1 2 3 4 ... 41 Next page
408 entries