A Disturbing Trend
"Lawyers in the Windows Vista Capable lawsuit against Microsoft want a federal judge to force the company to use Windows Update to notify potential class members of the suit, according to court documents." This is the opening paragraph in an article in ComputerWorld. A number of people, including myself think this is a bad idea.
My reasoning is that it opens the floodgates to an almost unstoppable method of advertisement (yes, that is my comment). The argument goes like this. First you allow "notices of relevance," and that might be legal or some other notice. Then you start getting internal marketing material along the lines of upgrade your Office suite today to Office Suite 2.0, now with more electrons. Then you get the wholesale selling of eyeballs to the highest bidder. And the scary thing is this is not something that is limited to the Windows Update service. There is no reason why a Linux repository cannot be easily populated with similar stuff. Red Hat needs some quick cash? Sell ad space. Apache needs to keep those download servers running? Sure, hawk the latest and greatest plug-in. In the Open Source world, this is the sort of thing that is less likely to take off because of the loud outcry from the user community. But in many cases, even a large outcry might only be noise in the wind.
We all agree that there are certain programs in cyberspace that are essential. It takes man-hours to build them and man-hours to support them before they even make it to the "street" and get implemented. We are lucky that most of this development is done as a labour of love, so that the costs are in general deferred. But there are costs. Programmers have to eat, servers need power and programs need bandwidth to be downloaded. In government sectors, we call that G&A or overhead. Specifically, it is the quantifiable but non-reimbursable costs that get rolled into the charges that are passed along to the customer. This is true in every industry, they just tend to be a lot more hidden than in government cost accounting. As we watch our economy sink, these overhead charges become more illuminated as a way to reduce costs. And when the software is something that we all depend on, such as Apache for example (I could have said Firefox or DNS or DHCP), just how loud would the noise have to be to be effective?
But, when the overhead is born on the backs of the programmers and foundations, cutting overhead becomes a very tricky business. It is difficult to cut something that is essential to your business. Do you turn the lights off or shut the servers down two days a week? Cut back on heating and air conditioning or cut out bonuses? These are all very real issues and it is not a large leap of logic to think that any business (and I am using the term loosely here) would look at alternate ways to increase or bring in new revenue, an not only new, but guaranteed counts, because when you go to sell space to advertisers, they want to know what sort of return on investment they are going to get. How many eyeballs or butts in the chair or hits on the web site or feet through the door can they expect? And then you better measure up.
But that is not the most disturbing fact. What is most disturbing is that it has already started. McAfee does it with their commercial virus updates, Symantec does it, Real Player does it. And I do foresee a day when it will, sadly, be part of the routine patch process.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide