|
|
Does a GPG pass-phrase provide a real benefit to the majority of users?
It seems that there will be the following categories of attack which result in stealing the secret-key data:
- User-space compromise of account (EG exploiting a bug in a web browser or IRC client).
- System compromise (EG compromising a local account and exploiting a kernel vulnerability to get root access).
- Theft of the computer system while powered down when the system was configured to not use swap or to encrypt the swap space with a random key at boot time.
- Theft of a computer system while running or that did not have encrypted swap.
- Theft of unencrypted backup media.
Category 1 will permit an attacker to monitor user processes and intercept one that asks for a GPG pass-phrase as well as to copy the secret key. Category 2 will do the same but for all users on the system.
Category 3 will give the potential for stealing the private key (if it’s not encrypted) but no direct potential for getting the pass-phrase.
Category 4 has the potential for copying a pass-phrase from memory or swap. I am inclined to trust Werner Koch (and anyone else who submitted code to the GPG project) to have written code to correctly lock memory and scrub pass-phrase data and decrypted private key data from memory after use. But I really doubt the ability of most people who write code to interface with GPG to do the same. So every time that a GUI program prompts for a GPG pass-phrase I think that there is the potential for it to be stored in swap or to remain indefinitely in RAM. Therefore stealing a machine that does not have it’s swap-space encrypted with a random key (which is the most practical way of encrypting swap) or stealing a running machine (as mentioned in a previous post [1]) can potentially grant a hostile party access to the pass-phrase.
So it seems to me that out of all the possible ways of getting access to a GPG private key, the only ones where a pass-phrase ones is going to really do some good are categories 3 and 5. While it’s good to protect against those situations, it seems to me that the greatest risk to a GPG key is from category 1, with category 2 following close behind.
I previously wrote about the slow progress towards using SE Linux and GPG code changes to make it more difficult to steal the secret key [2] – something that I’ve been occasionally working on over the last 6 years.
Now it seems to me that the same benefits can and should be made available to people who don’t use SE Linux. If a system directory such as /var/spool/gpg was mode 1770 then gpg could be setgid to group “gpg” so that it could create and access secret keys for users under /var/spool/gpg while the users in question could not directly access them. Then the sys-admin would be responsible for backing up GPG keys. Of course it would probably be ideal to have an option as to whether a new secret key would be created in the system spool or in the user home directory, and migrating the key from the user home directory to the system spool would be supported (but not migrating it back).
This would mean that an attacker who compromised a local user account (maybe through a vulnerability in a web browser or MUA) would not be able to get the GPG secret key. They could probably get the pass-phrase by ptracing the MUA (or some other GUI process that calls GPG) but without the secret key itself that would not do as much good – of course once they had the pass-phrase and local access they could use the machine so sign and decrypt data which would still be a bad thing. But it would not have the same scope as stealing the secret key and the pass-phrase.
I look forward to reading comments on this post.
Someone asked on a mailing list about the issues related to whether to use a label, UUID, or device name for /etc/fstab.
The first thing to consider is where the names come from. The UUID is assigned automatically by mkfs or mkswap, so you have to discover it after the filesystem or swap space has been made (or note it during the mkfs/mkswap process). For the ext2/3 filesystems the command “tune2fs -l DEVICE” will display the UUID and label (strangely mke2fs uses the term “label” while the output of tune2fs uses the term “volume name“). For a swap space I don’t know of any tool that can extract the UUID and name. On Debian (Etch and Unstable) the file command does not display the UUID for swap spaces or ext2/3 filesystems and does not display the label for ext2/3 filesystems. After I complete this blog post I will file a bug report.
If you are using a version of Debian earlier than Lenny (or a version of Unstable with this bug fixed) then you will be able to easily determine the label and UUID of a filesystem or swap space. Other than that the inconvenience of determining the UUID and label will be a reason for not using them in /etc/fstab (keep in mind that sys-admin work sometimes needs to be done at 3AM).
One problem with mounting by UUID or label is that it doesn’t work well with snapshots and block device backups. If you have a live filesystem on /dev/sdc and an image from a backup on /dev/sdd then there is a lot of potential for excitement when mounting by UUID or label. Snapshots can be made by a volume manager (such as LVM), a SAN, or an iSCSI server.
Another problem is that if a file-based backup is made (IE tar or cpio) then you lose the UUID and label. tune2fs allows setting the UUID, but that seems like a potential recipe for disaster. So this means that if mounting by UUID then you would potentially need to change /etc/fstab after doing a full filesystem restore from a file-based backup, this is not impossible but might not be what you desire. Setting the label is not difficult, but it may be inconvenient.
When using old-style IDE disks the device names were of the form /dev/hda for the first disk on the first controller (cable) and /dev/hdd for the second disk on the second controller. This was quite unambiguous, adding an extra disk was never going to change the naming.
With SCSI disks the naming issue has always been more complex, and which device gets the name /dev/sda was determined by the order in which the SCSI HAs were discovered. So if a SCSI HA which had no disks attached suddenly had a disk installed then the naming of all the other disks would change on the next boot! To make things more exciting Fedora 9 is using the same naming scheme for IDE devices as for SCSI devices, I expect that other distributions will follow soon and then even with IDE disks permanent names will not be available.
In this situation the use of UUIDs or LABELS is required for the use of partitions. However a common trend is towards using LVM for all storage, in this case LVM manages labels and UUIDs internally (with some excitement if you do a block device backup of an LVM PV). So LV names such as /dev/vg0/root then become persistent and there is no need for mounting via UUID or label.
The most difficult problem then becomes the situation where a FC SAN has the ability to create snapshots and make them visible to the same machine. UUID or label based mounting won’t work unless you can change them when creating the snapshot (which is not impossible but is rather difficult when you use a Windows GUI to create snapshots on a FC SAN for use by Linux systems). I have had some interesting challenges with this in the past when using a FC based SAN with Linux blade servers, and I never devised a good solution.
When using iSCSI I expect that it would be possible to force an association between SCSI disk naming and names on the server, but I’ve never had time to test it out.
Update: I have submitted Debian bug #489865 with a suggested change to the magic database.
Below are /etc/magic entries for displaying the UUID and label on swap spaces and ext2/3 filesystems:
Continue reading Label vs UUID vs Device
I have just been running some ZCAV tests on some new supposedly 1TB disks (10^40 bytes is about 931*2^30 so is about 931G according to almost everyone in the computer industry who doesn’t work for a hard disk vendor).
I’ve added a new graph to my ZCAV results page [1] with the results.
One interesting thing that I discovered is that the faster disks can deliver contiguous data at a speed of more than 110MB/s, previously the best I’d seen from a single disk was about 90MB/s. When I first wrote ZCAV the best disks I had to test with all had a maximum speed of about 10MB/s so KB/s was a reasonable unit. Now I plan to change the units to MB/s to make it easier to read the graphs. Of course it’s not that difficult to munge the data before graphing it, but I think that it will give a better result for most users if I just change the units.
The next interesting thing I discovered is that by default GNUplot defaults to using exponential notation at the value of 1,000,000 (or 1e+06). I’m sure that I could override that but it would still make it difficult to read for the users. So I guess it’s time to change the units to GB.
I idly considered using the hard drive manufacturer’s definition of GB so that a 1TB disk would actually display as having 1000GB (the Wikipedia page for Gibibyte has the different definitions [2]). But of course having decimal and binary prefixes used in the X and Y axis of a graph would be a horror. Also the block and chunk sizes used have to be multiples of a reasonably large power of two (at least 2^14) to get reasonable performance from the OS.
The next implication of this is that it’s a bad idea to have a default block size that is not a power of two. The previous block sizes were 100M and 200M (for 1.0x and 1.9x branches respectively). Expressing these as 0.0976G and 0.1953G respectively would not be user-friendly. So I’m currently planning on 0.25G as the block size for both branches.
While changing the format it makes sense to change as many things as possible at once to reduce the number of incompatable file formats that are out there. The next thing I’m considering is the precision. In the past the speed in K/s was an integer. Obviously an integer for the speed in M/s is not going to work well for some of the slower devices that are still in use (EG a 4* CD-ROM drive maxes out at 600KB/s). Of course the accuracy of this is determined by the accuracy of the system clock. The gettimeofday() system call returns the time in micro-seconds. I expect that most systems don’t approach miro-second accuracy. I expect that it’s not worth reporting with a precision that is greater than the accuracy. Then there’s no point in making the precision of the speed any greater than the precision of the time.
Things were easier with the Bonnie++ program when I just reduced the precision as needed to fit in an 80 column display. ;)
Finally I ran my tests on my new Dell T105 system. While I didn’t get time to do as many tests as I desired before putting the machine in production I did get to do a quick test of two disks running at full speed. Previously when testing desktop systems I had not found a system which when run with two disks of the same age as the machine could extract full performance from both disks simultaneously. While the Dell T105 is a server-class system, it is a rather low-end server and I had anticipated that it would lack performance in this regard. I was pleased to note that I could run both 1TB disks at full speed at the same time. I didn’t get a chance to test three or four disks though (maybe for scheduled down-time in the future).
Below is a strange Google advert that appeared on my blog. It appeared when I did a search on my blog, it also appears on my post about perpetual motion. It seems quite strange that they are advertising their product as a scam. It’s accurate, but I can’t imagine it helping sales.
I have just observed demonstration units of the V-Smile system [1]. They have “educational games” aimed at ages 3-5, 4-7, and some similar ranges. The first thing I noticed was that children who were able to correctly play the games were a lot older than the designated ages. For example 10yo children were playing the Scooby-Doo addition game (supposedly teaching children to add single-digit numbers) and apparently finding the non-addition part of the game challenging (I tried it myself and found catching flying hamburgers while dodging birds to be challenging enough that it was difficult to find numbers). For children who were in the suggested age-range (and a suitable age for learning the basic lessons contained in the games) the only ones who actually managed to achieve the goals were the ones who were heavily directed by their father. So my observation is that the games will either be used by children who are too old for the basic lessons or be entirely directed by parents (I didn’t observe any mother giving the amount of assistance necessary for a 5yo to complete the games but assume that it happens sometimes).
I doubt that there are many children who have the coordination needed for a platform game who have not yet learned to recognise printed letters (as supposedly taught in the Winnie the Pooh game). The Thomas the Tank Engine spelling game had a UI that was strange to say the least (using a joystick not to indicate which direction to go but instead to move a cursor between possible tracks) and I doubt that it does any good at teaching letter recognition. There was also a game that involved using a stylus for tracing the outline of a letter, as I had great difficulty in doing this (due to the poor interface and the low resolution of the touch-pad) it seems very unlikely that a young child who is just learning to write letters would gain anything from it. Strangely there was a game that involved using the touch-pad to indicate matching colors. Recognising matching colors is even easier than recognising letters and I don’t think that a child who can’t recognise the colors would be able to manage the touch-pad.
The V-Smile system seems to primarily consist of a console designed for connection to a TV but also has hand-held units that take the same cartridges. The same company produces “laptops” which sell for $50 and have a very low resolution screen and only the most basic functionality (and presumably other useless games).
Sometimes the old-fashioned methods are best. It seems that crayons are among the best tools for teaching letter recognition and writing.
But if there is a desire to use a computer for teaching, then a regular PC or laptop should do. Letter recognition can be taught by reading the text menus needed to launch games. The variety of computer poker games can be used for recognising matching colors and numbers as can the Mahjong series of games. Counting can be taught through the patience games, and the GIMP can be used for teaching computer graphics and general control of the mouse and the GUI. NB I’m not advocating that all education be done on a computer, merely noting the fact that it can be done better with free software on an open platform than on the proprietary systems which are supposedly designed for education.
Finally with a PC children can take it apart! I believe that an important part of learning comes from disassembling and re-building toys. While it’s obvious that a PC is not going to compare with a Lego set, I think it’s good for children (and adults) to know that a computer is not a magic box, it’s a machine that they can understand (to a limited extent) and which is comprised of a number of parts that they could also understand if they wanted to learn the details. This idea is advocated by Gever Tulley advocates such disassembly of household items in his TED talk “5 dangerous things you should let your kids do” [2]. Gever runs The Tinkering School [3] which teaches young children how to make and break things.
Finally I just checked some auction sites and noticed that I can get reasonably new second-hand laptops for less than $300. A laptop for $250 running Linux should not be much more expensive than a proprietary laptop that starts at $50 once you include the price of all the extra games. For an older laptop (P3) the price is as low as $100 on an auction with an hour to go. Then of course for really cheap laptops you would buy from a company that is getting new machines for their staff. It’s not uncommon for companies to sell old laptops to employees for $50 each. At a recent LUG meeting I gave away a Thinkpad with a 233MHz Pentium-MMX CPU, 96M of RAM, and a 800*600 color display – by most objective criteria such a machine would be much more capable than one of those kids computers (either V-Smile or a competitor).
Of course the OLPC [4] is the ideal solution to such problems. It’s a pity that they are not generally available. I have previously written about the planned design for future OLPC machines [5] which makes it a desirable machine for my own personal use.
My Dell PowerEdge T105 server (as referenced in my previous post [1]) is now working. It has new memory (why replace just the broken DIMM when you can replace both) and a new BIOS (Dell released an “Urgent” update yesterday that fixes a problem with memory timing and Opteron CPUs). The BIOS update can be installed from a DOS executable (traditionally done from a floppy disk) or an i386 Linux executable. As I didn’t have a floppy drive in my new server I had to use Linux (not that I object to using Linux, but I’d rather have had the technician do it all for me). I used rescue mode from a Fedora 9 CD that was convenient, mounted a USB stick that I had used to store the BIOS update, and then ran it.
The Dell service was quite good, on-site service and the problem was fixed approximately 27 hours after I called them. Replacing a couple of DIMMs is hardly a test of skill for the repair-man (unlike the time in Amsterdam when a Dell repair-man swapped a motherboard in a server with only 20 minutes of down-time). So I haven’t seen evidence of them doing anything really great, but getting someone on-site close to 24 hours after the report is quite decent, especially considering that I paid for the cheapest support that they offer.
When I got it working I was a little surprised by the memory speed, I had hoped that a new 2GHz Opteron would perform similarly to an Intel E2160 and better than an old Pentium-D (see the results here [2]). Also the memtest86+ run took ages on the step of writing random numbers (I don’t recall ever seeing that step on previous runs, let alone having a system spend half an hour doing it). It seems that the CPU (Opteron 1212) doesn’t perform well for random number generation.
In terms of actual operation all I’ve done so far is to install Debian. The process of installing Debian packages was quite fast (even with a RAID-1 reconstruction occurring at the same time) and the boot time is also very quick.
The hard drive “rails” seemed a little flimsy. The way they attach to the drive is that they have screws that end in pins, so you screw them into plastic and the pins just sit in the holes in the drive where screws normally attach. I think that it would make more sense to have them not screw onto the plastic and instead screw onto the disk. Then if the plastic part that connects the two sides was to break it would still be usable. In fact they could just make the “rails” be separate rails as most other manufacturers do.
One thing that surprised me was the lack of PS/2 keyboard and mouse ports. I had expected that such ports would last longer than serial ports and floppy drives. However my Dell has a power connector for a floppy drive and has a built-in serial port (with some BIOS support for management via a serial port – I have not investigated this because I always plan to use a keyboard and monitor). Of course I expect that most other machines will start shipping without PS/2 ports now and I will have to dispose of my stockpile of PS/2 keyboards and mouses. I generally like to keep a few on hand so that I can give friends and relatives a chance to try a selection and discover which type suits them the best. But I probably don’t need a dozen of them for that purpose.
While a comment on my previous post noted that the floppy drive bay can be used for another disk, it seems that a disk is not going to fit in there easily. It looks like I might be able to install a disk there from the front if I unscrew the face-plate – but that’s more effort than I’m prepared to exert for testing the system (for production I will only have two disks).
In terms of noise, the Dell seems considerably better than a NEC machine which was designed for desktop use. Of course it’s difficult to be certain as part of the noise is from hard disks and one of the disks I’ve installed in the Dell is a WD “Green” disk and the other may have newer technology to minimise noise. Also the mounting brackets for disks in a server may be better at damping vibrations than screwing a disk to the chassis of a desktop machine. Finally the NEC machine does seem to make more noise now than it used to, so maybe it would be best to compare after a few months use to allow for minor wear on the moving parts.
I was initially going to run Debian/Etch on the machine. But as Debian didn’t recognise the built-in Ethernet card and the Xen kernel crashed when doing intensive disk IO I was forced to use CentOS. CentOS 5.1 didn’t start my DomU’s for some reason (which I never diagnosed) but CentOS 5.2 worked perfectly.
Finally I was shocked when I realised that the Dell has no sound hardware! When the CentOS post-install program said that it couldn’t find a sound device I thought that meant that it didn’t support the hardware (it’s the sort of thing that sometimes happens when you get a new machine). But it actually has no sound support! It seems really strange that Dell design a desk-side server (which is quiet) and don’t include sound support. If nothing else then using something like randomsound to take input from the microphone line as a source of entropy is going to be useful on servers.
While the seven USB ports initially seemed like a lot, being forced to use them for keyboard, mouse, and sound (if I end up using it on a desktop) means that there would only be four left.
One interesting aspect of the TED conference [1] is the fact that they only run one stream. There is one lecture hall with one presentation and everyone sees the same thing. This is considerably different to what seems to be the standard practice for Linux conferences (as implemented by LCA, OLS, and Linux Kongress) where there are three or more lecture halls with talks in progress at any time. At a Linux conference you might meet someone for lunch and start a conversation by asking “did you attend the lecture on X“, as there are more than two lecture halls the answer is most likely to be “no“, which then means that you have to describe the talk in question before talking about what you might really want to discuss (such as how a point made in the lecture in question might impact the work of the people you are talking two). In the not uncommon situation where there is an interesting implication of combining the work described in two lectures it might be necessary to summarise both lectures before describing the implication of combining the work.
Now there are very good reasons for running multiple lecture rooms at Linux conferences. The range of topics is quite large and probably very few delegates will be interested in the majority of the talks. Usually the conference organisers attempt to schedule things to minimise the incidence of people missing talks that interest them, one common way of doing so is to have conference “streams”. Of course when you have for example a “networking” stream, a “security” stream, and a “virtualisation” stream then you will have problems when people are interested in the intersection of some of those areas (virtual servers do change things when you are working on network security).
There seem some obvious comparisons between Planet installations (as aggregates of RSS feeds) and conferences (as aggregates of lectures). On Planet Debian [2] there has traditionally been a strong shared context with many blog posts referring to the same topics – where one person’s post has inspired others to write about similar topics. After some discussion (on blogs and by email) it was determined that there would be no policy for Planet Debian and that anyone who doesn’t want to read some of the content should filter the feed. Of course this means that the number of people who read (or at least skim) the entire feed will drop and therefore we lose the shared context.
Planet Linux Australia [3] currently has a discussion about the issue of what types of content to aggregate. Michael Davies has just blogged a survey about what types of content to include [4]. I think it’s unfortunate that he decided to name the post after one blogger who’s feed is aggregated on that Planet as that will encourage votes on the specific posts written by that person rather than the general issue. But I think it’s much better to tailor a Planet to the interests of the people who read it than to include everything and encourage readers to read a sub-set.
When similar issues were in discussion about Planet Debian I wrote about my ideas on the topic [5]. In summary I think that the Gentoo idea of having two Planet installations (one for the content which is most relevant and one for everything that is written by members) is a really good one. It’s also a good thing to have a semi-formal document about the type of content that is expected – this would be useful both for using a limited feed for people who go significantly off-topic and as a guideline for people who want to write posts that will be appreciated by the majority of the readers. Planet Ubuntu has a guideline, but it was not very formal last time I checked.
Finally in regard to short posts, they generally don’t interest me much. If I want to get a list of hot URLs then I could go to any social media site to find some. I write a list post at most once a month, and I generally don’t include a URL in the list unless I have a comment to make about it. I always try to describe each page that I link to in enough detail that if the reader can’t view it then they at least have some idea of what it is about (no “this is cool” or “this sucks” links).
At the last two meetings of LUV [1] I’ve given away old hardware. This month I gave away a bunch of old PCI and AGP video cards, a heap of PC power cables, and some magnets (which I received for free because they were in defective toys that could seriously injure or kill children). One new member was particularly happy that at the first meeting he attended he received some free hardware (I hope it works – most of that stuff hasn’t been tested for over a year and I expect that some would fail). Also there was another guy giving away hardware, so I might have started a trend of giving away unused hardware at meetings (he was giving away some new stuff in the original boxes, mostly USB and firewire cables).
For a long time (many years) at LUV meetings there have been free text books given away. One member reviews books and then gives them away after he has read them.
At the meeting Ralph Becket gave a presentation on the Mercury functional language. It was interesting to note that Mercury can give performance that is close to C (within 80%) on LZW compression (which is apparently used as a benchmark for comparing languages). Given the number of reasonably popular languages which don’t give nearly that level of performance I think that this is quite a good result.
After the meeting Richard Keech demonstrated his electric car. It’s a Hyundai Getz which has had the engine replaced by an electric motor but which still uses the manual gearbox. Richard did a bit of driving around with various LUV members as passengers to demonstrate what the car can do. Unfortunately I didn’t get a chance to be involved in that, so I’ll have to do so next time I meet him. One thing to note is that Richard’s car was not built that way by Hyundai, it was a custom conversion job. The down-side to this of course is that it would have cost significantly more than a vehicle with the same technology that was manufactured. One design trade-off is that Richard had batteries installed in the place for a spare tire. Last year the RACV magazine published a letter I wrote suggesting that small cars should be designed without a spare tire and that owners of such cars should rely on the RACV to support them if they get a flat tire [2], my option has not changed in the last year, I still think that cars which are driven in urban areas don’t really need spare tires so I don’t think that Richard is losing anything in this regard.
The motor driving Richard’s car runs on three-phase AC and a solid-state inverter is used to convert 185V DC to about the same voltage at three phase AC (I didn’t write notes so I’m running from memory). Apparently on long drives the inverter gets cooler rather than hotter – I had expected that there would be enough inefficiency in the process of converting DC to AC that it would get hot.
In a previous conversation Richard told me that he can drive his car 75Km on one charge and that it takes him 8 hours to charge when using an Australian mains (240V) plug rated at 10A. When designing such a vehicle it would be trivial to make it use a 20A plug for a 4 hour charge or even a two-phase plug for even shorter charging (I’m sure that Richard could have requested these options if he wanted them). But an 8 hour charge allows the vehicle to be completely charged during a working day and the use of the most common type of plug (the type used in every home and office) means that it can be charged almost anywhere (the standard mains circuit used in Australia is rated at 15A so special wiring is needed for a 20A socket). There is such a power point mounted on the outside of my house not too far from where a visitor could park their car. I anticipate that in a few years time it will not be uncommon for people who visit me to charge their car during their visit. Richard’s ratio of an hour of charge to almost 10Km of driving means that someone who visits for dinner could get enough charge into their car to allow for 30Km of driving before they leave. 30Km is about the driving distance to go from my house to a location on the other side of the city that is just outside the main urban area, so probably at least half of Melbourne’s population lives within a 30Km driving distance from my house. Not that I expect friends to arrive at my house with their car battery almost flat, but it does make it easier to plan a journey if you know that at point A you will be able to get enough charge to get you to point B.
I think it’s a good thing to have members of LUGs give things away to other people and to demonstrate technology that is of wide interest. I hope to see more of it.
Jeff Bailey writes about the last 26 years of Microsoft [1]. He gives Microsoft credit for “saving us from the TRS 80”, however CP/M-86 was also an option for the OS on the IBM PC [2]. If MS hadn’t produced MS-DOS for a lower price then CP/M would have been used (in those days CP/M and MS-DOS had the same features and essentially the same design). He notes the use of the Terminate and Stay Resident (TSR) [3] programs. As far as I recall the TSR operation was undocumented and was discovered by disassembling DOS (something that the modern MS EULAs forbid).
Intel designed the 8086 and 80286 CPUs to permit code written for an 8086 to run unchanged in “protected mode” on an 80286 (as noted in the Wikipedia page about the 80286 [4]). Basically all that you needed to do to write a DOS program with the potential of being run directly in protected mode (or easily ported) was to allocate memory by requesting it from the OS (not just assuming that every address above your heap was available to write on) and by addressing memory only by the segment register returned from the OS when allocating memory (IE not assuming that incrementing a segment register is equivalent to adding 16 to the offset). There were some programs written in such a manner which could run on both DOS and text-mode OS/2 (both 1.x and 2.x), I believe that such programs were linked differently. The term Fat Binary [5] is often used to refer to an executable which has binary code for multiple CPUs (EG PPC and M68K CPUs on the Macintosh), I believe that a similar concept was used for DOS / OS/2 programs but the main code of the application was shared. Also compilers which produce object code which doesn’t do nasty things could have their object code linked to run in protected mode. Some people produced a set of libraries that allowed linking Borland Turbo Pascal code to run as OS/2 16bit text-mode applications.
The fact that OS/2 (the protected-mode preemptively multi-tasking DOS) didn’t succeed in the market was largely due to MS. I never used Windows/386 (a version of Windows 2.x) but used Windows 3.0 a lot. Windows 3.0 ran in three modes, “Real Mode” (8086), “Standard Mode” (80286), and “Enhanced Mode” (80386). Real Mode was used for 8086 and 8088 CPUs, for 80286 systems if you needed to run one DOS program (there was no memory for running more than one), and for creating or adjusting the swap-file size for an 80386 system (if your 80386 system didn’t have enough swap you had to shut everything down, start Real Mode, adjust the swap file, and then start it again in Enhanced Mode). Standard Mode was the best mode for running Windows programs (apart from the badly written ones which only ran on Real Mode), but due to the bad practices implemented by almost everyone who wrote DOS programs MS didn’t even try to run DOS programs in 286 protected mode and thus Standard Mode didn’t support DOS programs. Enhanced Mode allowed multitasking DOS programs but as hardly anyone had an 80386 class system at that time it didn’t get much use.
It was just before the release of Windows 3.1 that I decided to never again use Windows unless I was paid to do so. I was at a MS presentation about Windows 3.1 and after the marketing stuff they had a technical Q/A session. The questions were generally about how to work around bugs in MS software (mainly Windows 3.0) and the MS people had a very detailed list of work-arounds. Someone asked “why don’t you just fix those bugs” and we were told “it’s easier to teach you how to work around them than to fix them“. I left the presentation before it finished, went straight home and deleted Windows from my computer. I am not going to use software written by people with such a poor attitude if given a choice.
After that I ran the DOS multi-tasker DesqView [6] until OS/2 2.0 was released. Desqview allowed multitasking well written DOS programs in real mode, Quarterdeck was the first company to discover that almost 64K of address space could be used above the 1MB boundary from real-mode on a 80286 (a significant benefit when you were limited to 640K of RAM), as well as multitasking less well behaved DOS programs with more memory use on an 80386 or better CPU.
OS/2 [7] 2.x was described as “A Better DOS than DOS, a Better Windows than Windows”. That claim seemed accurate to me. I could run DOS VM86 sessions under OS/2 which could do things that even Desqview couldn’t manage (such as having a non-graphical DOS session with 716K of base memory in one window and a graphical DOS session in another). I could also run combinations of Windows programs that could not run under MS Windows (such as badly written windows programs that needed Real Mode as well as programs that needed the amount of memory that only Standard or Enhanced mode could provide).
Back to Bill Gates, I recently read a blog post Eight Years of Wrongness [5] which described how Steve Ballmer has failed MS stockholders by his poor management. It seems that he paid more attention to fighting Linux, implementing Digital Restrictions Management (DRM), and generally trying to avoid compatibility with other software than to actually making money. While this could be seen as a tribute to Bill Gates (Steve Ballmer couldn’t do the job as well), I think that Bill would have made the same mistakes for the same reasons. MS has always had a history of treating it’s customers as the enemy.
Jeff suggests that we should learn from MS that the freedom to tinker is important as is access to our data. These are good points but another important point is that we need to develop software that does what users want and acts primarily in the best interests of the users. Overall I think that free software is quite well written in regard to acting on behalf of the users. The issue we have is in determining who the “user” is, whether it’s a developer, sys-admin, or someone who wants to just play games and do some word-processing.
The Age has an interesting article about proposed DNS changes [1].
Apparently ICANN is going to sell top level DNS names and a prediction has been made that they will cost more than $100,000 each. A suggestion for a potential use of this would be to have cities as top level names (a .paris TLD was given as an example). The problem with this is that they are not unique. Countries that were colonised in recent times (such as the US and Australia) have many names copied from Europe. It will be interesting to see how they plan to determine which of the cities registers names, for the .paris example I’m sure that the council of Paris Illinois [2] would love to register it. Does the oldest city win an international trademark dispute over a TLD?
The current situation is that French law unambiguously determines who gets to register paris.fr and someone who sees the URL will have no confusion as to what it means (providing that they know that fr is the ISO country code for France).
As well as city names there are region names which are used for products. Australian vineyards produce a lot of sparkling wine that they like to call Champagne and a lot of fortified wine that they like to call Port. There are ongoing battles about how these names can be used and it seems likely to me that the Australian wine industry will change to other terms. But in the mean-time it would be interesting if .champagne and .port were registered by Australian companies. The fuss that would surely cause would probably give enough free publicity to the Australian wine industry to justify an investment of $200,000 on TLDs.
The concern that is cited by business people (including the client who forwarded me the URL and requested my comments) is that of the expense of protecting a brand. Currently if you have a company named “Example” you can register example.com, example.net, and example.org if you are feeling enthusiastic. Then if you have a significant presence in any country you could register your name in the DNS hierarchy for that country (large companies try to register their name in every country – for a multinational registering ~200 domains is not really difficult or expensive). But if anyone can create a new TLD (and therefore if new ones are liable to be created at any time) it becomes much more difficult. For example if a new TLD was created every day then a multi-national corporation would need to assign an employee to work full-time on investigating the new TLDs and deciding which ones to use. A small company that has an international presence (IE an Internet company) would just lose a significant amount of control over their name.
I don’t believe that this is as much of a concern as some people (such as my client) do. Currently I could register a phone line with a listed name indicating that it belongs to the Melbourne branch of a multi-national corporation. I don’t expect that Telstra would stop me, but the benefit from doing this would be minimal (probably someone who attempted fraud using such means would not gain much and would get shut down quickly). I don’t think that a DNS name registered under a .melbourne TLD would cause much more harm than a phone number listed in the Melbourne phone book. Incidentally for readers from the US, I’m thinking of Melbourne in Australia not a city of the same name in the US – yet another example of a name conflict.
Now I believe that it would be better if small companies didn’t use .com domains. The use of country specific names relevant to where they work are more appropriate and technically easier to implement. I don’t regret registering coker.com.au instead of some name in another country or in the .com hierarchy. Things would probably be working better right now if a .com domain name had always cost $100,000 and there were only a few dozen companies that had registered them. But we have to go with the flow sometimes, so I have registered RussellCoker.com.
Now when considering the merit of an idea we should consider who benefits and who (if anyone) loses. Ideally we would choose options that provide benefits for many people and losses for few (or none). In this case it seems that the suggested changes would be a loss for corporations that want to protect their brand, a loss for end-users who just want to find something without confusion, and provide more benefits for domain-squatters than anyone else.
Maybe I should register icann.port and icann.champagne if those TLDs are registered in Australia and impersonate ICANN. ;)
|
|
