tag:theconversation.com,2011:/africa/topics/linux-1798/articlesLinux – The Conversation2018-10-17T10:27:50Ztag:theconversation.com,2011:article/1044732018-10-17T10:27:50Z2018-10-17T10:27:50ZOpen-source hardware could defend against the next generation of hacking<figure><img src="https://images.theconversation.com/files/240672/original/file-20181015-165900-11odtkc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">What if you could make a microchip at home?</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/view-on-production-line-microchips-progress-439506838">Vladimir Nenezic/Shutterstock.com</a></span></figcaption></figure><p>Imagine you had a secret document you had to store away from prying eyes. And you have a choice: You could buy a safe made by a company that kept the workings of its locks secret. Or you could buy a safe whose manufacturer openly published the designs, letting everyone – including thieves – see how they’re made. Which would you choose?</p>
<p>It might seem unexpected, but as an <a href="https://scholar.google.com/citations?user=QZ8lPxwAAAAJ&hl=en">engineering professor</a>, I’d pick the second option. The first one might be safe – but I simply don’t know. I’d have to take the company’s word for it. Maybe it’s a reputable company with a longstanding pedigree of quality, but I’d be betting my information’s security on the company upholding its traditions. By contrast, I can judge the security of the second safe for myself – or ask an expert to evaluate it. I’ll be better informed about how secure my safe is, and therefore more confident that my document is safe inside it. That’s the value of open-source technology. </p>
<p>Computer hardware is, for the most part, like the safe whose security mechanisms are secret. Any weaknesses are hidden, as well as any of their strengths. In the wake of revelations that <a href="https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies">Chinese spies may have been able to install a tiny computer chip</a> inside devices used by as many as 30 companies, like Amazon and Apple, as well as the U.S. military and the CIA, I suggest re-evaluating the hardware people and corporations rely on to protect their secrets.</p>
<p>Hacking hardware is particularly dangerous because it can bypass even the most secure programming safeguards – like taking control of a server without needing a password at all. Hardware customers could benefit from the clear – if surprising – lesson the <a href="https://www.nytimes.com/2017/08/03/opinion/open-source-software-hacker-voting.html">software industry has learned</a> from decades of fighting prolific software hackers: <a href="https://doi.org/10.1145/1188913.1188921">Open-source systems can be more secure</a>.</p>
<h2>Lessons from open-source software</h2>
<p>Software users and developers already embrace computer software whose source code is publicly accessible. <a href="https://www.zdnet.com/article/supercomputers-all-linux-all-the-time/">All supercomputers</a>, 90 percent of cloud servers, 82 percent of smartphones and 62 percent of embedded systems – like those inside consumer electronics – <a href="https://www.serverwatch.com/server-news/linux-foundation-on-track-for-best-year-ever-as-open-source-dominates.html">run on open-source operating systems</a>. More than <a href="https://www.itprotoday.com/iot/survey-shows-linux-top-operating-system-internet-things-devices">70 percent of “internet of things” devices</a> also use open-source software.</p>
<p>Open-source software isn’t <a href="https://doi.org/10.23919/FRUCT.2017.8250205">inherently or automatically more secure</a>. But it creates more possibilities, and <a href="https://www.theatlantic.com/technology/archive/2014/01/on-the-reign-of-benevolent-dictators-for-life-in-software/283139/">market pressure</a>, for <a href="https://www.infoworld.com/article/2985242/linux/why-is-open-source-software-more-secure.html">improving security</a>. Just as when choosing a safe to store a secret document in, customers must decide – should they pick a system whose security is vouched for by the company that makes it, or a system that can be explored, examined and tested?</p>
<p>Open-source software users choose not to trust a program unless they can verify it independently. Many of them don’t have the expertise themselves to be able to evaluate security claims, of course – but they can wait until consumer-protection groups do so independently, hire a verified expert to check things out, or even learn the skills needed to investigate for themselves. They could even decide to <a href="https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux">pay for a version of the software</a> that has been checked out and is supported by experts. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/239523/original/file-20181005-72133-110sy3p.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An open-source electronics board under inspection with ultraviolet light.</span>
<span class="attribution"><span class="source">Shane Oberloier and Joshua Pearce</span>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span>
</figcaption>
</figure>
<h2>Security with open-source hardware</h2>
<p><a href="https://www.oshwa.org/definition/">Open-source hardware</a> offers users the same choice. Many people who buy electronics have no idea what’s inside them. Even technically sophisticated companies like Amazon have to <a href="https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies">hire outside forensic experts</a> to be sure of exactly what is in the hardware their companies rely on.</p>
<p>Open-source hardware would mean each device’s designs and components would be open for public view at any time. People could study the information, follow the directions to build a device, test it and distribute it – or even sell it. All that transparency would give attackers more data about their potential targets, for sure. But it would help customers downstream much more, by giving them the means to verify their own devices’ security themselves. </p>
<p>This does not mean people would be left to build their own hardware. The open-source software movement has found a number of <a href="https://openhardware.metajnl.com/articles/10.5334/joh.4/">opportunities for entrepreneurs and innovators</a> to sell systems and services based on software that itself is free. For instance, <a href="https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux">90 percent of the companies on the Fortune Global 500 list</a> pay for a brand-name version of the open-source Linux operating system from Red Hat, a company that makes <a href="https://www.redhat.com/en/about/press-releases/red-hat-reports-fourth-quarter-and-fiscal-year-2018-results">billions of dollars a year</a> for the service they provide on top of the product that can ostensibly be downloaded for free. The open-source hardware movement is <a href="http://dx.doi.org/10.3390/inventions3030044">not yet as mature as its software counterpart</a>, but it could catch up fairly quickly.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=445&fit=crop&dpr=1 600w, https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=445&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=445&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=559&fit=crop&dpr=1 754w, https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=559&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/239522/original/file-20181005-72110-1fb8i4n.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=559&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An open-source circuit mill built using low-cost components from 3D printers.</span>
<span class="attribution"><span class="source">Shane Oberloier and Joshua Pearce</span>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span>
</figcaption>
</figure>
<h2>The future of distributed manufacturing</h2>
<p>Making open-source hardware systems more available increases regular people’s security by giving them verifiably secure options. If someone is especially concerned, they could even <a href="http://dx.doi.org/10.3390/inventions3030064">manufacture their own electronics</a>. There are a wide range of designs already publicly available on sites like <a href="https://hackaday.io/">Hackaday</a>, <a href="https://www.open-electronics.org/">Open Electronics</a> and the <a href="http://opencircuitinstitute.org/">Open Circuits Institute</a>. There are also many communities based on specific products like <a href="https://www.arduino.cc/">Arduino</a>.</p>
<p>Even <a href="https://www.wired.com/story/using-open-source-designs-to-create-more-specialized-chips/">open-source chips are gaining traction</a>. It’s already possible for people to build electronics that are open-source from the chips all the way up to the physical components. If hardware hacks become more common, that may be a key way for people to protect their cybersecurity. Companies and governments can also be expected to adopt policies that favor open-source hardware and require better testing to ensure their equipment is safe to use.</p><img src="https://counter.theconversation.com/content/104473/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Professor Joshua M. Pearce is the author of the Open Source Lab. He receives funding for various projects involved in open hardware from the Air Force Research Laboratory (AFRL) through America Makes: The National Additive Manufacturing Innovation Institute, which is managed and operated by the National Center for Defense Manufacturing and Machining (NCDMM). He also receives funding from the U.S. Department of Energy (DOE) and the Advanced Research Projects Agency-Energy (ARPA-E), and the National Science Foundation (NSF) for technical projects. In addition, his past and present research is supported by many non-profits and for-profit companies in the open source industry including re:3D, 3D4Edu, Miller, Aleph Objects, CNC Router Parts, Virtual Foundry, Ultimaker and Youmagine, Cheap 3D Filaments, MyMiniFactory, Zeni Kinetic, Matter Hackers, and Ultimachine. He has no direct conflicts of interests.</span></em></p>Cybersecurity efforts could take a lead from open-source software, creating hardware whose designs are open for all to see and examine.Joshua M. Pearce, Professor of Materials Science and Engineering, and Electrical and Computer Engineering, Michigan Technological UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/374942015-02-17T06:14:25Z2015-02-17T06:14:25ZUbuntu’s foray into phones brings a fresh approach, but will consumers take to it?<figure><img src="https://images.theconversation.com/files/72172/original/image-20150216-18500-dhoq1g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Late to the party, but not necessarily with nothing to bring.</span> <span class="attribution"><span class="source">Andrew Cunningham</span></span></figcaption></figure><p>A new arrival into an extremely competitive market, the first Ubuntu-powered phone has finally gone on sale in Europe – two years after a <a href="http://www.theguardian.com/technology/2013/aug/22/smartphone-ubuntu-edge-crowdfunding-fails">failed</a> attempt to generate crowdfunding nevertheless raised US$12m. A sleek, polished rectangle, it appears much like other smartphones, but promises a different experience. </p>
<p><a href="http://www.canonical.com/">Canonical</a>, the company behind <a href="http://www.ubuntu.com/">Ubuntu</a>, one of the most popular distributions of the open-source operating system Linux, has the conviction that platform convergence is the future. Taking an operating system used in desktops, laptops and servers and using it as the foundation for a mobile operating system is therefore a natural step. In a market already filled by Apple, Android, Blackberry and others, Mark Shuttleworth – Canonical’s billionaire founder and tireless Linux champion – obviously feels that what consumers and developers need, they will in time learn to want.</p>
<h2>An(other) open platform</h2>
<p>The phone, officially the <a href="http://www.bq.com/gb/ubuntu.html">Aquaris E4.5 Ubuntu Edition</a> from Spanish firm BQ, like many projects based on open-source ideas (such as Android) keeps the needs of developers in mind. This isn’t a bad idea, considering that Ubuntu is starting from scratch in this market and must build up an ecosystem around its phone. Compared to the number of apps available to Apple and Android phone users, only a fraction are compatible with Ubuntu – at launch <a href="http://www.theverge.com/2015/2/6/7991137/ubuntu-phone-specs-release-date-price">these include only</a> Facebook, Twitter, Amazon, Time Out, Yelp, and the Cut the Rope puzzle game.</p>
<p>Ubuntu plays also to the mindset of open-source developers, suggesting that “your content and services become integral to the core phone experience”. Canonical aims to create a tight ecosystem of consumers and developers that can interact with each through a collaborative platform built <a href="http://sloanreview.mit.edu/article/how-to-manage-outside-innovation/">with both their needs in mind</a>, encouraging them to develop apps and other software for the phone. This type of <a href="http://www.archipel.uqam.ca/593/1/Olleros_2008_-_The_lean_core_in_digital_platforms.pdf">lean core platform model</a> usually encourages a strong community to emerge around a platform and product, fast. Considering convergence at various levels is Canonical’s aim, this makes perfect sense. </p>
<h2>A different approach to information</h2>
<p>Then again, as most phone users are not developers, why would an open-source approach encourage customers to buy the phone? Here Canonical is bringing something rather more radical to the table, what it calls <a href="http://www.ubuntu.com/phone/features">scopes</a>.</p>
<p>Scopes is a technology which aims to please content creators and content consumers. With names such as NearBy, Today, Music and News, they are an interface that draws together content from many sources into a single customisable screen. For example, Today brings together data from weather, calendar and contacts sources. NearBy brings data from services such as Foursquare, Yelp, and Time Out to find recommendations for bars or restaurants. Photos pulls in images taken with the phone and those on Facebook, Flickr, or Instagram.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=479&fit=crop&dpr=1 600w, https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=479&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=479&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=602&fit=crop&dpr=1 754w, https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=602&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/72171/original/image-20150216-18456-1ewmdsu.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=602&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Access to scopes and the phone’s other functions is by swiping the screen edges.</span>
<span class="attribution"><span class="source">Ubuntu</span></span>
</figcaption>
</figure>
<p>For content creators, scopes provides visibility and a dedicated space to display their content to users. In this way scopes actually do away with the need for apps in the sense that they exist on current phone platforms. Built from straightforward HTML5, scopes pages can be easily edited and are cross-platform compatible. This is a neat business model for content providers, although whether customers will find this a more appealing and intuitive method than the phone-plus-apps model they’ve become accustomed to remains to be seen.</p>
<p>The Ubuntu phone is certainly affordable: more devices are promised but the Aquaris E4.5 is available in Europe for €169.90 (around £130). The phone’s hardware specs <a href="http://www.theverge.com/2015/2/6/7991137/ubuntu-phone-specs-release-date-price">are relatively modest</a> – a quad-core ARM Cortex A7 1.3 GHz processor and Mali 400 GPU from MediaTek, 1Gb RAM, 8Gb of internal storage and a 540x960 (qHD) screen. It also comes with an 8-megapixel rear camera and boasts a better-than-average quality 5-megapixel front camera with which it can generate full HD video for improved videocalling, Skype, and selfies. In any case, it is cheaper than many other competing smartphones by hundreds of pounds.</p>
<p>This low price point is important to encourage buyers to experiment with it. Not a bad tactic – if it doesn’t also convey a message of a substandard product to potential customers. We have only to look to <a href="http://books1.scholarsportal.info/viewdoc.html?id=653128">early secondary adoption of open-source software</a> to see how products that cost less can also be misunderstood to be of lesser quality. </p>
<p>It’s too early to tell if Canonical will attract users to the Ubuntu phone – but the phone’s first limited release <a href="http://www.extremetech.com/mobile/198926-the-first-ubuntu-phone-is-finally-going-on-sale-next-week">sold out on its first day on sale</a>. It has innovative new technology, a simple and loosely controlled collaborative platform, a low price and an eager developer base on its side. This is all part of Canonical’s strategy of convergence across platforms of a single operating system and approach.</p>
<p>It is difficult to see iPhone users moving to Ubuntu, but it may take a chunk out of Android’s user base. Will this help or hinder the growth of an open-source approach and products in a market where Apple is the most entrenched player? Do we need yet another platform? Does this lead to fragmentation of platforms at a more abstract level? Shuttleworth has played his hand; now we must see how others react.</p><img src="https://counter.theconversation.com/content/37494/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Maha Shaikh is affiliated with OpenForum Europe.</span></em></p>A new arrival into an extremely competitive market, the first Ubuntu-powered phone has finally gone on sale in Europe – two years after a failed attempt to generate crowdfunding nevertheless raised US$12m…Maha Shaikh, Assistant Professor of Information Systems, Warwick Business School, University of WarwickLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/370672015-02-03T13:12:04Z2015-02-03T13:12:04ZBuffer overflows are the ghosts that will always be among us<figure><img src="https://images.theconversation.com/files/70825/original/image-20150202-27762-19nsr03.png?ixlib=rb-1.1.0&rect=0%2C136%2C798%2C597&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The ghosts of Linux.</span> <span class="attribution"><a class="source" href="https://openclipart.org/detail/178475/ghost-by-bartm-178475">BartM</a></span></figcaption></figure><p>Following the trend of giving catchy names to serious operating system security flaws, the Linux vulnerability <a href="http://www.computerworld.com/article/2877900/ghost-flaw-in-linux-can-be-exploited-through-wordpress-other-php-apps.html">revealed recently</a> by security researchers Qualys has been called Ghost. </p>
<p>Like <a href="https://theconversation.com/dont-panic-about-heartbleed-but-have-a-spring-clean-anyway-25509">Heartbleed</a> and <a href="https://theconversation.com/bigger-than-heartbleed-bug-in-bash-leaves-millions-of-web-servers-vulnerable-32231">Shellshock</a> before it, the name is not plucked out of the air but refers to the functions called “gethostbyname” in which the flaw appears. </p>
<p>These functions translate user-friendly domain addresses such as example.com into numerical network IP addresses, such as 93.184.216.34, and are part of the <a href="http://www.gnu.org/software/libc/index.html">GNU C library</a> which is included in practically every Linux system. This is important, as with most servers on the internet running Linux there are an enormous number of potentially vulnerable systems. Successfully exploited, the flaw could allowing an attacker to gain control of the system.</p>
<p>This is an example of a <a href="http://www.cse.scu.edu/%7Etschwarz/coen152_05/Lectures/BufferOverflow.html">buffer overflow</a>, one of the most persistent types of security problems that appears endlessly in lists of security vulnerabilities. For any computer security researcher it’s a case of déjà vu.</p>
<h2>Ghost hunting</h2>
<p>A function is assigned a certain amount of memory allocation to store the parameters or data it uses. A buffer overflow attack works because the function doesn’t correctly define or check the parameters it is sent. A malicious user can supply parameters larger than the allocated memory space which results in them being written into memory space outside that allocated – and therefore beyond whatever security restrictions had been placed on it. If this data is executable code, the system can be fooled into running it, potentially with greater system privileges.</p>
<p>The amount of memory that can be overwritten in the Ghost vulnerability is really very small (either four or eight bytes, depending on whether the system is 32-bit or 64-bit). But even this tiny amount of memory may be sufficient to allow a complete compromise of the system. The degree of skill needed to exploit this particular bug may be very high but Qualys has offered an <a href="https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability">example of code that exploits the flaw</a> based on something as simple as sending an email to a mail server. </p>
<p>Very few applications are known to be remotely exploitable – and many more recent applications don’t use the gethostname functions at all. However, applications using the PHP coding language are a <a href="http://blog.sucuri.net/2015/01/critical-ghost-vulnerability-released.html">significant source of concern</a> – for example, the popular WordPress blogging software is identified as potentially susceptible, so it’s not just obscure software that’s affected.</p>
<p>Buffer overflows are part of an even larger collection of exploits arising due to lack of proper parameter checking. In many online database access applications, a malicious user (or application) can supply input parameters that have been specially crafted so that they override any built-in checking. The most common of these is known as an <a href="http://www.acunetix.com/websitesecurity/sql-injection/">SQL injection </a> attack. Buffer overflows and SQL injection attacks are similar in that both exploit deliberately malformed data sent to program functions that cannot properly process it, and both exploit the absence of proper checking. </p>
<p>This is largely an avoidable problem. There have been concerted efforts by the software development world to seek out and fix buffer overflows in code. It seems, however, that they will always be with us.</p>
<h2>Write once, check twice</h2>
<p>Qualys have worked with various Linux distributors in advance of announcing the vulnerability so that patches for all major distributions have been available since January 27, 2015. If you are running a variant of Linux such as Debian 7, Red Hat Enterprise Linux 6/7, CentOS 6/7, and Ubuntu 12.04, you would do very well to ensure that your system patches are up to date.</p>
<p>Taking a step back, the reaction of the computing community will be a mixture of “yikes”, “phew”, and “yawn”. The first, because the vulnerability is present in a significant number of systems worldwide. The second, because in a great many cases it’s difficult to exploit and so there’s time to roll out the patches that fix the problem. And the third, because we’ve seen it all before. </p>
<p>This particular flaw was recognised and fixed as far back as 2013 – and may have been <a href="http://www.theregister.co.uk/2015/01/27/glibc_ghost_vulnerability/">present since around 2000</a>. However as the fix was not classified as a security problem many popular distributions of Linux didn’t include it in updates. </p>
<p>And so it comes back to haunt us – and it will certainly not be the last of such vulnerabilities we see. To make buffer overflows a thing of the past will require an enormous amount of due diligence – systematic, thorough code review and testing – as new code is written. But the sheer volume of code that exists, such as the potentially 15-year-old lines that include this flaw, never mind that being written anew, should give some indication of the scale of the task.</p><img src="https://counter.theconversation.com/content/37067/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>John Clark does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Following the trend of giving catchy names to serious operating system security flaws, the Linux vulnerability revealed recently by security researchers Qualys has been called Ghost. Like Heartbleed and…John Clark, Professor of Critical Systems, Deputy Head of Department (Research), University of YorkLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/370682015-02-02T19:13:59Z2015-02-02T19:13:59ZMicrosoft’s embrace of open source is driven by commercial practicality not principle<figure><img src="https://images.theconversation.com/files/70845/original/image-20150202-25825-186234p.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Beware of geeks bearing gifts...</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/johanl/4893436057/">johanl</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>Microsoft’s part in a <a href="http://www.wsj.com/articles/BL-DGB-40241">US$70m investment in CyanogenMod</a> has raised many eyebrows: why is Microsoft investing in a popular version of the Android mobile phone operating system, when it has its own competing <a href="http://www.windowsphone.com/en-gb">Windows Phone</a> product? The firm’s motivations behind investing in the most open version of the Android operating system have justifiably made open-source advocates <a href="http://techrights.org/2015/02/01/cyanogen-microsoft">decidedly nervous</a>. </p>
<p>Android is an open-source project maintained by its creator, Google. Ongoing work goes into the <a href="https://source.android.com/">Android Open Source Project</a> (AOSP), from which Google develops its own <a href="https://www.android.com/history/">“official” releases</a>. Other developers, such as <a href="http://www.cyanogenmod.org/">Cyanogen</a>, are free to take the AOSP codebase and produce their own variations for different devices.</p>
<p>There have been concerns among Android developers that <a href="http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/">Google is taking greater control of Android</a>, closing off more and more of the code. But in voicing the idea of wresting control of the project from Google one would imagine that doing so only to give it to Microsoft was not what they had in mind.</p>
<p>Yet this is exactly what Microsoft’s investment in CyanogenMod gave its CEO the confidence to <a href="http://androidforums.com/threads/cyanogenmod-to-take-google-out-of-android-microsoft-investing.897967">claim</a> – freeing users, he claims, from the requirements of Google’s Play Store or any of the other Google applications that are found by default on most mobile phones and tablets.</p>
<h2>The Cathedral and the Bazaar</h2>
<p>Open-source projects conducting multi-million dollar commercial deals is a far cry from 1999 – the year open-source activist and developer Eric Raymond published his book <a href="http://www.catb.org/esr/writings/cathedral-bazaar/">The Cathedral and The Bazaar</a>, in which he explained how open-source software development could work commercially to a technology industry that understood only a proprietary, closed-source approach. The book provided a workable open-source philosophy for the growing bands of open-source developers – and in the years since, this approach has become more established and found fertile ground in other areas, such as academic publishing and music.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/70848/original/image-20150202-13054-13o1m7v.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/70848/original/image-20150202-13054-13o1m7v.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/70848/original/image-20150202-13054-13o1m7v.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/70848/original/image-20150202-13054-13o1m7v.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/70848/original/image-20150202-13054-13o1m7v.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/70848/original/image-20150202-13054-13o1m7v.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/70848/original/image-20150202-13054-13o1m7v.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Somewhere between a call to arms and a handbook.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/hades2k/7001927337/">hades2k</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>Raymond’s “cathedral” is a thinly veiled reference to Microsoft’s absolute commitment to proprietary software development – a technocratic priesthood that kept the secrets within the temple. In 1999 a closed, proprietary approach was seen as the primary – if not the only way – to profit from software. This software business model followed the lead of computer hardware manufacturers, who would strive to “lock in” buyers to the firm’s ecosystem of products – compatible with each other but more often than not incompatible with those of other manufacturers. </p>
<p>But the industry has moved on: fledgling companies in the late 1990s such as <a href="http://www.redhat.com/en">Red Hat</a>, <a href="https://www.suse.com/">Suse</a>, and Google, and those that have arrived since such as <a href="http://www.canonical.com/">Canonical</a> and <a href="http://thevarguy.com/open-source-application-software-companies/top-50-open-source-companies-where-are-they-now">many others</a> have become enormous open-source success stories. Industry titans such as IBM and Sun also embraced the open-source approach. Much of the suspicion and fear (<a href="http://www.catb.org/jargon/html/F/FUD.html">FUD</a>) has dissipated. And the proof is in the pudding: open-source software underpins a great number of the applications and systems we use each day, and the internet’s infrastructure itself.</p>
<h2>Opening up</h2>
<p>Microsoft has changed too. It is still the <a href="http://mashable.com/2014/04/01/top-software-companies">world’s largest software company</a> – and the overwhelming majority of the world’s computers at work and at home still run Microsoft Windows and Microsoft Office, despite the company <a href="http://www.google.co.uk/trends/explore#q=microsoft%2C%20apple%2C%20android&cmpt=q&tz=">losing the prominence it once had</a> in comparison to Android or Apple. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=323&fit=crop&dpr=1 600w, https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=323&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=323&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=405&fit=crop&dpr=1 754w, https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=405&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/70836/original/image-20150202-8997-1n66x0d.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=405&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The rise and fall of Microsoft, Apple and Android’s popularity.</span>
<span class="attribution"><span class="source">Google Trends</span></span>
</figcaption>
</figure>
<p>But Microsoft’s corporate website <a href="http://www.microsoft.com/en-us/openness/default.aspx">now discusses open source</a>, focusing on interoperability between their own proprietary software and a range of open-source projects. Microsoft already has a number of <a href="http://www.microsoft.com/opensource/directory.aspx">open-source projects</a> within the corporate fold, and its developers <a href="https://msopentech.com/">contribute to many more</a>. <a href="http://blogs.msdn.com/b/dotnet/archive/2014/11/12/net-core-is-open-source.aspx">Recent announcements</a> have even included the open-sourcing of projects developed in-house by the company. Some 15 years later, Microsoft has shifted at least part of its efforts from its cathedral to the open-source bazaar.</p>
<p>The announcement that the <a href="http://www.extremetech.com/extreme/197093-microsoft-open-sources-its-worldwide-telescope-project">Worldwide Telescope project</a> would be open sourced was greeted with bemusement. But creating a version of .NET, a core Microsoft development platform upon which Windows-compatible software is written, is a <a href="http://opensource.com/business/14/11/microsoft-dot-net-empower-open-source-communities">significant statement</a>. </p>
<h2>Practicality not principle</h2>
<p>But this is for sound commercial reasons: open the new .NET Core to a wider set of developers and they will help with its upkeep against competing, flourishing open-source products. New adopters it attracts will be tied to various Microsoft plug-ins, additional services and support. This “<a href="http://www.freemium.org/what-is-freemium-2/">freemium</a>” approach – the product is free but support and services come at a cost – is a viable business model already employed by many. However, the chance of success that this decision will brring in coming so late in the game <a href="http://www.infoworld.com/article/2850050/microsoft-net/microsoft-open-source-net-cant-match-open-source-java.html">is debatable</a>.</p>
<p>In the final analysis, embracing open source has become the only option for Microsoft in the face of so many smaller, dynamic competitors. For sure, this is less Microsoft taking on board the principles of <a href="http://opensource.com/open-source-way">open development, sharing and co-operation</a> and more an attempt to buy its way into what has always been the dynamic world of the bazaar in order to harness the talents of developers outside the cathedral walls.</p>
<p>In this as with so many decisions, Microsoft’s wait-and-see approach has its risks. It was late to acknowledge the internet, web, and email. With each of the products it released – Internet Explorer, Outlook/Exchange, Office, mostly through acquired technology – Microsoft infamously attempted to define de facto standards for HTML support, email, word processor and spreadsheet document formats, and more.</p>
<p>Open-source activists are correct to wonder whether Microsoft has more of the same planned: most of its current open-source manoeuvres such as investing in Cyanogen follow the same approach of previous acquisitions. The key difference is that software developed in the bazaar has developers and users who are passionate about the project. For them open-source software is not just a commodity to be bought and sold; whether there is any place for the cathedral in the bazaar is yet to be seen.</p><img src="https://counter.theconversation.com/content/37068/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Gordon Fletcher does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Microsoft’s part in a US$70m investment in CyanogenMod has raised many eyebrows: why is Microsoft investing in a popular version of the Android mobile phone operating system, when it has its own competing…Gordon Fletcher, Centre for Digital Business, University of SalfordLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/326402014-10-08T05:18:02Z2014-10-08T05:18:02ZiWorm hack shows Macs are vulnerable too<figure><img src="https://images.theconversation.com/files/61060/original/4vhrykms-1412694323.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">That's one sad Mac.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/nickkellet/6839330932/">nickkellet</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p>The computer operating systems and applications we use today have often evolved over many years, decades even, and contain tens or hundreds of millions of lines of code. Flaws in that code – and there will always be some – give rise to security problems that, in an internet-connected world, are an increasing problem. </p>
<p>Many are found in code written in the C++ programming language – in Microsoft Windows, in Java, in applications such as Abode Flash or Reader, the Outlook email client, browsers such as Internet Explorer and Firefox, and increasingly Linux and OS X. Any issues found to affect Linux and other Unix-like operating systems causes problems for Apple because OS X is Unix-like in nature.</p>
<p>Apple’s decision to redevelop a new operating system for the Macintosh based on Unix was a momentous one. A <a href="http://www.computerworld.com/article/2524660/operating-systems/the-unix-family-tree.html">family of related operating systems</a>, Unix has evolved since the early 1970s and continues to be used and developed today. Technically OS X is a “Unix-like” operating system called <a href="http://support.apple.com/kb/ta25634">Darwin</a>; Linux is another Unix-like operating system. This decision meant the company could rely on the stability of Unix and focus on the user experience.</p>
<p>Will this decision return to bite Apple, however? The flaws now being discovered in Unix-like operating systems also affect OS X. Many bugs are being found that have gone unnoticed for years – the Heartbleed flaw in OpenSSL for example relates to C++ code written by Eric Young in 1998.</p>
<h2>Lair of the iWorm</h2>
<p>Last week, Dr. Web (a Russian security firm) detailed a <a href="http://www.techtimes.com/articles/17226/20141006/os-x-malware-mac-backdoor-iworm-piggybacks-reddit-to-infect-over-17000-macs-how-about-yours.htm">newly discovered piece of malware</a> for OS X, called Mac.BackDoor.iWorm. This allows hackers to take control of a computer, using it as part of a botnet (a group of perhaps thousands of compromised, remotely-controlled computers) for illegal activity such as spamming or performing Denial of Service (DDoS) attacks, where a website is overloaded with requests and forced offline.</p>
<p>After Dr. Web detected more than 17,000 computers infected with the worm, Apple <a href="http://www.tuaw.com/2014/10/06/apple-updates-xprotect-malware-definitions-to-shut-down-iworm/">responded quickly</a> by adding the malware’s signature to the <a href="http://www.thesafemac.com/mmg-builtin/">Xprotect</a> malware scanner built into OS X. But this will only protect against the worm if it has been updated to include the latest changes.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/oOn-pu1Qn3k?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Detecting the iWorm.</span></figcaption>
</figure>
<p>Interestingly iWorm’s creators used the popular website Reddit as an attack vector. In a fake Minecraft discussion forum were posted the addresses of the hackers’ command and control servers – iWorm would browse Reddit to find these addresses, connect and wait for instructions. Reddit closed the hacker’s user accounts and the fake forum, cutting off the iWorm’s controllers – for now. The <a href="http://www.tuaw.com/2014/10/06/apple-updates-xprotect-malware-definitions-to-shut-down-iworm/">suggestion</a> is that it spread originally through pirated software infected with malicious code downloaded from torrent sites (making it more of a Trojan than a worm).</p>
<h2>Shell Shock</h2>
<p>Another recent bug, the <a href="https://theconversation.com/bigger-than-heartbleed-bug-in-bash-leaves-millions-of-web-servers-vulnerable-32231">Shellshock vulnerability</a> found in the Bash shell program affects practically all Unix-like operating systems (including Linux and OS X) because it’s such a common program, included by default in most installations. As Linux is found in many embedded systems – network hardware such as routers and switches, microcontrollers that operate traffic lights, industrial production lines and all sorts of other uses – the number of potentially vulnerable devices is huge.</p>
<p>The bug allows an intruder to remotely run arbitrary commands. The efforts of hackers have been to use Shellshock to control web servers through their CGI function, one of the oldest methods through which a program could communicate with a web server. Today CGI has been largely replaced by PHP and other high-level scripting languages, but many millions of servers retain it for compatibility.</p>
<p>Even by using Shellshock to run commands on remote machines, on a properly security-hardened server the potential for damage is limited, as most of the important operations require higher-level privileges – if correctly configured. </p>
<h2>Buffer overflow attack</h2>
<p>Such programming errors show how sloppy software developers have been (and often continue to be), and how long such flaws can hang around – some 23 years for Heartbleed. Many bugs are due to C++ programming errors, causing programs to act incorrectly when the data a program receives is not what it expects. A common way of exploiting this is a <a href="http://www.cse.scu.edu/%7Etschwarz/coen152_05/Lectures/BufferOverflow.html">buffer overflow</a>.</p>
<p>Programs typically allocate a certain amount of memory (buffer) to variables used by programs to store and pass around data. That data is expected to arrive in a certain format and fit within the memory allocation. If it arrives and is larger than it should be it can overwrite code stored in neighbouring memory areas, causing the program to become erratic, crash, or execute code contained in the data sent that overruns the buffer.</p>
<p>Similar but not quite the same, the <a href="http://www.theregister.co.uk/2014/04/09/heartbleed_explained/">Heartbleed flaw</a> lay in a feature of SSL called a “heartbeat”, a challenge-response between two computers designed to keep the connection open. The code required the client computer to send a string of characters, and a number totalling the length of that string of characters. The server reads the number and sends back that many characters. The attack worked because the attacker could, for example, deliberately send only one character but ask for 500; the server responds with a further 499 characters drawn from memory which, on a server running SSL, may well contain sensitive data such as usernames, passwords or even credit card details.</p>
<h2>Moving targets</h2>
<p>So after decades of vulnerabilities appearing on Microsoft Windows, now they are beginning to show up in others such as Linux and OS X. Code will always contain errors and oversights and the apparent security of an operating system is as much to do with the extent to which people are interested in finding flaws. With billions of desktop, laptop and mobile devices running some version of Windows, it’s a magnet for hackers as much as it is for security experts trying to find those vulnerabilities first.</p>
<p>Personal computers running Linux (less than 2% of all PCs) or OS X (less than 7%) are few in comparison. But two-thirds of the internet’s servers are Linux/Unix-based and perhaps this is where those with malicious intent are turning their attention. And if that happens, Mac OS X may well become collateral damage.</p>
<p>While Apple has been fast to release patches, the danger is that users do not install the updates – as is the case with many Windows users, millions of whom run old, out-of-date and vulnerable versions of Windows and other programs. In the future, Apple will need to find its own vulnerabilities, review its own code and not leave it to the security community – which becomes a race between then protectors and the exploiters.</p><img src="https://counter.theconversation.com/content/32640/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bill Buchanan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The computer operating systems and applications we use today have often evolved over many years, decades even, and contain tens or hundreds of millions of lines of code. Flaws in that code – and there…Bill Buchanan, Head, Centre for Distributed Computing, Networks and Security, Edinburgh Napier UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/322312014-09-26T12:47:07Z2014-09-26T12:47:07ZBigger than Heartbleed? Bug in bash leaves millions of web servers vulnerable<figure><img src="https://images.theconversation.com/files/60179/original/5nrvgy67-1411732288.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Better bash that bash bug, big time.</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-124757866/stock-photo-server-data-on-a-monitor.html?src=78d0oghwouoUqqY7Y124Vg-1-7">isak55/Shutterstock</a></span></figcaption></figure><p>A first and quite reasonable thought readers may have will be to wonder: what is bash? </p>
<p>When you use a computer you probably interact with it through a point-and-click, visual interface such as Windows or Mac OS. More advanced users or specific tasks might require a text-only interface, using typed commands. This command line program is known as a shell, and bash is the acronym for Bourne Again SHell (a successor to the Bourne shell, written by Stephen Bourne – that’s geek humour right there), known to everyone as <a href="https://www.gnu.org/software/bash/bash.html">bash</a>.</p>
<p>So what you need to know is that a shell is essential, and that bash as the most common shell in use is installed on pretty much every machine that runs a flavour of Linux or Unix. That includes Mac OS X – which behind its shiny desktop is a Unix-based operating system too. </p>
<p>What has systems administrators hot under the collar right now is the discovery by Red Hat, a firm that produces one of the long-established distributions of Linux favoured by enterprise, of a vulnerability in bash. This bug, which is being called “<a href="https://www.cert.gov.uk/resources/alerts/update-bash-vulnerability-aka-shellshock/">shellshock</a>”, allows <a href="http://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability">under specific conditions</a> a hacker to remotely access and take control of a system running a vulnerable version of bash.</p>
<p>Potentially vulnerable computers running Linux/Unix account for around <a href="https://secure1.securityspace.com/s_survey/data/201211/index.html">two-thirds of web servers on the internet</a>. That will include a huge number of online services you use – shops, banks, social networking sites, government services. The police and military, too. </p>
<h2>Huge scope online</h2>
<p>Now you can see why everyone is panicking and claiming that this is bigger than the <a href="https://theconversation.com/explainer-should-you-change-your-password-after-heartbleed-25506">Heartbleed</a> bug, a problem that only affected one specific technology (secure socket layers) which is not near-universal like bash. It has been classed as a maximum risk factor 10 of 10. </p>
<p>Red Hat has <a href="https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/">released a patch</a> to close the loophole and solve the problem, but it’s not perfect and still allows an attacker other vectors to exploit. Other Linux and Unix vendors will be on the case as a matter of urgency and no doubt there will be an update from Apple for its Mac OS systems very soon. It isn’t the fault of one organisation – while tempting, there is no cause to bash Apple this time.</p>
<p>This vulnerability, dating back to version 1.13 of the program, has existed <a href="http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/">for 22 years</a> and it has taken detailed analysis by security experts to find it. Now it has been made public, vendors and system administrators are scrabbling to close the hole while hackers and cybercriminals are trying to exploit it.</p>
<p>In fact within 24 hours of being announced, exploits are <a href="http://www.theregister.co.uk/2014/09/26/bad_guy_builds_beastly_bash_botnet/">already being reported in the wild</a>. The issue is exacerbated by the problem that shell programs such as bash are designed to be connected to remotely, through programs such as SSH or telnet. It isn’t too difficult to send commands to a remote device or to encourage users to download an application that uses the same commands.</p>
<p>But that assumes the attacker is able to bypass your perimeter protection such as a firewall and other network security policies. As a network engineer, I know that while there is a weakness on my system that must be resolved, there are other defence mechanisms already surrounding that weakness that still provide protection.</p>
<p>However, those running a web server – whose entire function is to respond to those remote calls (in this case, your web browser’s requests for pages on the site you’re browsing) – have much more of a problem. This provides a route into the system that can’t be blocked with a firewall as it would also block legitimate requests for the web server. Systems administrators are probably very busy at the moment trying to ensure that their bash environments cannot be exploited.</p>
<p>Also of concern are the tens of millions of pieces of networking hardware such as router and switches that connect the internet’s computers together. Almost all run stripped-down versions of Linux-like operating systems optimised for networking, but <a href="http://tools.cisco.com/security/center/viewAlert.x?alertId=35816">they also include bash</a> for network engineers to connect and control them. These will need to be patched too.</p>
<h2>Desktop users are safe\®</h2>
<p>The rest of us can probably breathe easier. Attackers are more interested in compromising systems that may return financial advantage, which is unlikely to be our desktop computers.</p>
<p>My advice to Apple Mac users is to check <a href="http://support.apple.com/kb/ht1810">firewall settings</a> and take care when downloading any third-party application not available via the App Store. For Linux users the same applies – Ubuntu has a software centre, for example, where the community have checked all available applications to date. In any case, a patch will be available soon. Windows users are unaffected (and it’s not often you can say that).</p>
<p>Some are suggesting this bug is a larger problem for Apple desktop devices than it really is. Unless your machine has been set up to allow others remote access to it (it wouldn’t do so by default), has also switched off the firewall and is not using a protected network (home broadband routers provide their own protection, for example), then I wouldn’t worry – but install whatever recommended updates appear in the days to come.</p><img src="https://counter.theconversation.com/content/32231/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andrew Smith was historically affiliated with the Linux Professional Institute.</span></em></p>A first and quite reasonable thought readers may have will be to wonder: what is bash? When you use a computer you probably interact with it through a point-and-click, visual interface such as Windows…Andrew Smith, Lecturer in Networking, The Open UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/285332014-06-27T05:10:47Z2014-06-27T05:10:47ZLinux is the quiet revolution that will leave Microsoft eating dust<figure><img src="https://images.theconversation.com/files/52369/original/jbdpfqvn-1403801416.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Linux is already at your party.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/jvetterli/225724064/in/photolist-kWTUd-2j46qU-8gXF1v-x8imx-6J8meg-djYz9-8j41L-u55uy-2PRBg-5LE5Ns-4keApq-du3zeq-a6ZdU-8JwShZ-6LosY-gWfuN-6fF9C-82cZzc-9v6Gu5-4i6B9P-9hfVb-2CvjYq-8Sdmg-e5D3Jv-6LqCRX-6Fhoo-kZ5mU-oBzAK-7otpRx-ag7s9w-6XHkjc-dRqcAk-8fqECR-6RJboy-32dbYA-a1wcQ5-acRNU-5mpKHe-29drws-xaXZ7-3uk5zD-6b6KBB-6kH4U-rrpc5-5WGxVX-k6bAn-54xt9G-6xmfUs-7bwTK-96e7gL">John Vetterli</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span></figcaption></figure><p><a href="https://www.linux.com/learn/new-user-guides/376-linux-is-everywhere-an-overview-of-the-linux-operating-system">Linux</a>, the most widely used open source operating system in the world, has scored a major publicity coup in the revelation that it is used on <a href="http://www.linux.com/news/enterprise/high-performance/147-high-performance/666669-94-percent-of-the-worlds-top-500-supercomputers-run-linux-">94%</a> of the world’s <a href="http://www.top500.org/statistics/list/">top 500 supercomputers</a>.</p>
<p>Every operating system has technical issues and Linux has not been faultless. But some key technological milestones have been passed in recent years that have made it possible for Linux to quietly assert dominance in the fight for popularity and custom.</p>
<p>Apart from the fact that it is free and has been since its creation in 1991 by <a href="http://en.wikipedia.org/wiki/Linus_Torvalds">Linus Torvalds</a>, Linux has many technological advantages that mean other operating systems just can’t beat it.</p>
<p>Millions of people all over the world use Microsoft operating systems but how many describe themselves as enthusiasts? Linux users are often really passionate about the open source cause and this is boosting uptake. They argue that it is more secure than main rivals Apple and Microsoft, with technical features that win hands down. The fact that the most powerful and expensive computers in the world are using it is potentially the best reference you could want.</p>
<h2>Quiet revolution</h2>
<p>It’s easy to see why Linux appeals to the people who operate supercomputers. Linux can support multiple processors and large clusters of computers, unlike IBM, VMware and Microsoft who prefer to charge per processor on many of their products. As long as you are capable of writing the software to solve the problem, Linux will allow you to create your own complex supercomputer or cluster system for free. As organisations who host these types of systems have the financial power to pay for the personnel, the supercomputers themselves become very powerful, efficient systems used to solve many computational problems.</p>
<p>But the fact is, even if you think you are bound to Windows or some other proprietary operating system, you are probably already a Linux user too. When you visit a website, the chances are that it is using an <a href="http://www.apache.org/">Apache2</a> webserver. This is free and designed to integrate with the security and operating system features of Linux. Currently more than <a href="http://w3techs.com/technologies/details/ws-apache/all/all">60%</a> of webservers are known to be hosting via Apache.</p>
<p>Android, developed by Google, is based on a Linux kernel and is now the <a href="http://www.idc.com/getdoc.jsp?containerId=prUS24257413">most dominant</a> smartphone and tablet computer platform. Android is more <a href="https://theconversation.com/explainer-which-phone-is-most-vulnerable-to-malware-25942">vulnerable to malware</a> than Apple’s OS but you are safe as long as you act sensibly.</p>
<p>Of course, it remains to be seen whether Android can hold on to its 80% market share in the face of stiff competition. Amazon and <a href="http://www.bbc.co.uk/news/technology-27992439">Microsoft</a> are getting in on the territory, which could be a threat. But at least Ubuntu, another big rival, is also very much grounded in the open source movement. Used on many desktop systems around the world, this free and easy to use version of Linux has <a href="https://theconversation.com/open-source-gives-new-life-to-old-windows-xp-machines-25317">extended the life</a> of many computers after Windows had folded under pressure.</p>
<p>And at home, embedded devices, like your broadband wireless router and cable television set top box are often using specifically designed versions of Linux. Linux is highly likely to be an integral part of your household – it just doesn’t shout about it like Apple.</p>
<h2>Clinging on</h2>
<p>While I am an enthusiastic Linux user, I also have Microsoft at work and use Apple products too. The fact that Linux is based on the same Unix system from which the Max OSX system is derived means that it should be seen more as a cousin than a radical alternative to Apple offerings. And if the two are comparable, are you more likely to choose one that comes with a shiny laptop or one that is more functional but less chic? Some would continue to opt for the design features of a Mac.</p>
<p>And even though Microsoft’s star often seems to be fading, its dominance of the market in the 1990s and early 2000s means that it is still a tough one to beat. Windows 8 has had many detractors but Microsoft is adept at learning from its mistakes and tends to rally with a better version the next time. </p>
<p>All that said, Linux is free and much more pervasive than the average computer user might think. You can easily install Linux on any home computer, many tablets and even your own private supercomputer, so you should think about switching. And if you think you never could, think about how much of your online life already depends on this quiet contender.</p><img src="https://counter.theconversation.com/content/28533/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andrew Smith via his past teaching at the Open University has been historically affiliated with the Linux Professional Institute.</span></em></p>Linux, the most widely used open source operating system in the world, has scored a major publicity coup in the revelation that it is used on 94% of the world’s top 500 supercomputers. Every operating…Andrew Smith, Lecturer in Networking, The Open UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/253172014-04-07T20:10:00Z2014-04-07T20:10:00ZOpen source gives new life to old Windows XP machines<figure><img src="https://images.theconversation.com/files/45739/original/cmwn35zd-1396846460.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Saving your old Windows XP.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/mbk/1131501685">Flickr/MBK Marjie </a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA</a></span></figcaption></figure><p>As the sun sets on Microsoft’s <a href="http://windows.microsoft.com/en-au/windows/end-support-help">support for Windows XP</a> this may be a great time to think about trying out a <a href="http://www.fsf.org/">Free</a> and <a href="http://opensource.org/">Open Source Software</a> (FOSS) operating system for your <a href="https://theconversation.com/windows-xp-is-still-popular-so-why-is-microsoft-pulling-the-plug-24352">still-working PC</a>.</p>
<p>This is especially the case when older hardware cannot run newer versions of Windows (such as 7, 8 or <a href="http://windows.microsoft.com/en-au/windows-8/upgrade-from-windows-vista-xp-tutorial">8.1</a>). Your only other option then is to either dispose of the old XP machine or keep it running and <a href="https://theconversation.com/the-end-is-nigh-for-windows-xp-are-you-ready-24104">face potential security threats</a>.</p>
<p>But many software developers, both hobbyists and professionals alike, have contributed to a growing body of FOSS programs that now numbers in the tens of thousands. These software programs are licensed for anyone to freely download and use.</p>
<p>To simplify the downloading and installing, collections of these many software components, called “<a href="http://lwn.net/Distributions/">distributions</a>”, are available ready for users to download and start using straight away.</p>
<h2>Go Linux</h2>
<p>Many of these distributions are based on the <a href="http://kernel.org">Linux kernel</a>, which is highly regarded due to its robustness, performance, security, broad support and low cost.</p>
<p>Linux has become the dominant operating system for internet sites, powering Google, Facebook, YouTube and many others. It is also the dominant operating system powering Android phones and tablets, televisions, home routers and many other devices.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=372&fit=crop&dpr=1 600w, https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=372&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=372&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=467&fit=crop&dpr=1 754w, https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=467&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/45740/original/4pt83jq5-1396846702.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=467&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">If your machine can run Windows XP then it can probably run a Linux OS too.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/antonypranata/3233115536">Flickr/Antony Pranata </a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<p>Over the years, Linux-based distributions have become more and more popular and any machine capable of running Windows XP is a good candidate for running a Linux distribution such as:</p>
<ul>
<li><a href="http://www.ubuntu.com">Ubuntu</a></li>
<li><a href="http://fedoraproject.org">Fedora</a></li>
<li><a href="http://www.opensuse.org">OpenSUSE</a></li>
<li><a href="http://www.debian.org">Debian</a></li>
<li><a href="http://linuxmint.com">LinuxMint</a>.</li>
</ul>
<p>That’s just to name a few – there are many more available.</p>
<h2>Anything Windows can do Linux can do … mostly</h2>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=565&fit=crop&dpr=1 600w, https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=565&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=565&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=710&fit=crop&dpr=1 754w, https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=710&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/45742/original/2n8mpz77-1396847260.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=710&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Firefox is one of many alternative browsers to Internet Explorer.</span>
<span class="attribution"><a class="source" href="http://www.mozilla.org/en-US/styleguide/identity/firefox/branding/">Mozilla</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<p>These package together a suite of standard programs which enable you to do the types of things you would do in Windows XP, such as search the web, send and receive emails, edit and print documents.</p>
<p>For the most part the user interface and experience is very similar to what you would have experienced in Windows XP and typical alternatives to Microsoft software include:</p>
<ul>
<li><a href="https://www.mozilla.org/en-US/firefox/new/">Mozilla Firefox</a>, <a href="https://www.google.com/intl/en/chrome/browser/">Google Chrome</a>, <a href="http://www.konqueror.org/">KDE Konqueror</a> and many more instead of Microsoft’s Internet Explorer for browsing the web</li>
<li><a href="http://www.mozilla.org/en-US/thunderbird/">Mozilla Thunderbird</a>, <a href="https://wiki.gnome.org/Apps/Evolution">Evolution</a> and others instead of Microsoft’s Outlook or Outlook Express for email</li>
<li><a href="https://www.libreoffice.org/">LibreOffice</a> instead of Microsoft Office</li>
<li><a href="http://www.videolan.org/vlc/">VLC media player</a> to play your movies and music instead of Windows Media Player</li>
<li><a href="http://www.gimp.org/">GIMP</a> for editing photos and other images instead of Microsoft Photo Editor or Adobe Photoshop.</li>
</ul>
<p>More software options are available too with many included in the <a href="http://directory.fsf.org/wiki/Main_Page">Free Software Directory</a>.</p>
<h2>Easy to install</h2>
<p>In the early days installing and running Linux on a computer required considerable technical abilities but over the years this has become a lot simpler. Users can now install and configure the system desktop by following a few onscreen prompts without the need for any technical command-line interaction.</p>
<p>But before trying out any new operating system software, it is very important to backup your files to external media such as a USB device, and also to test that your backup works.</p>
<p>To install a new operating system you need to create a bootable USB device, CD-ROM, or DVD of the distribution you would like to give a go. Instructions on how to do this are available on the website of each distribution. Once you have this you simply restart the computer and during the first few seconds of the computer turning on you instruct the computer to boot off the media you created.</p>
<p>Try out the “live” Linux system for a while without installing it on your computer. When you are happy with what you see, there is normally an icon on the desktop that you can use to install the operating system onto your hard disk. Click on the icon and follow the instructions.</p>
<p>You then have the option of installing it either alongside your existing operating system, or overwriting the old system with the new.</p>
<figure class="align-left zoomable">
<a href="https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/45746/original/5yqq9brc-1396847919.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Once you get your Linux system up and running it’s just as easy as a Windows XP setup.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/sfllaw/380959080">Flickr/Simon Law</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA</a></span>
</figcaption>
</figure>
<p>Once installed, updates and bug fixes of the operating system and the software you run are easily downloaded and incorporated into your system, much the same as they were with your use of Windows XP.</p>
<p>Linux has long been extensively used for servers and so security has always been a key part of its design. Known security issues would normally be quickly fixed and updates made available and there are far fewer viruses or cyberthreats.</p>
<p>Although there are a large number of FOSS games available you may not be able run your favourite Windows game on Linux. There are some ways around this, such as <a href="http://www.playonlinux.com/en">Play on Linux</a>, which lets you run some Windows games on Linux but the latest blockbuster games will probably not work.</p>
<h2>What about help?</h2>
<p>If you are worried about support then there is a large community of users for Linux in Australia and around the world. Many local user groups exist, such as the <a href="http://clug.org.au/">Canberra Linux User Group</a>, which has monthly meetings held at the ANU.</p>
<p>Linux Australia has a list of other local <a href="http://linux.org.au/foss_in_australia">Linux user groups</a>. They are generally friendly and happy to help out new comers to Linux. There are also numerous online forums which provide help for working through problems.</p>
<p>So when Windows XP support ends rather than throwing out that old box give Linux a go – you may be pleasantly surprised!</p><img src="https://counter.theconversation.com/content/25317/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>As the sun sets on Microsoft’s support for Windows XP this may be a great time to think about trying out a Free and Open Source Software (FOSS) operating system for your still-working PC. This is especially…Robert Edwards, Lecturer and programmer, Australian National UniversityEric C. McCreath, Lecturer, Australian National UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/188132013-10-10T23:21:21Z2013-10-10T23:21:21ZIs the Raspberry Pi an innovation in computer training, or just another toy?<figure><img src="https://images.theconversation.com/files/32837/original/hvhxgsvk-1381442552.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Despite their educational appeal, the majority of Pis sold have been bought by middle-aged hobbyists</span> <span class="attribution"><span class="source">Yan Arief via Flickr</span></span></figcaption></figure><p>This week the Raspberry Pi Foundation <a href="http://www.raspberrypi.org/archives/5016">announced</a> that they had manufactured 1 million Raspberry Pi computers in the UK. In an age when the very thought of manufacturing anything outside of China would be considered foolhardy, the supply of these low cost computing devices from a factory in South Wales showed that it is still possible to manufacture technology in a developed western nation, albeit a fairly basic no-frills device.</p>
<p>The Raspberry Pi Foundation was <a href="http://www.raspberrypi.org/about">established</a> by a group of academics at the University of Cambridge’s Computer Laboratory who were concerned with the general decline in numbers of students applying to computer science. They felt that they could tackle this by providing a means for teachers at primary and secondary school to introduce programming and computing skills training. As such the <a href="http://en.wikipedia.org/wiki/Raspberry_Pi">Raspberry Pi</a> was developed as a very cheap and expandable computing device that could plug into a TV. </p>
<p>The Raspberry Pi is runs a version of the Linux operating system which provides support for developer tools and other software. Children in particular were to interact with a development environment called <a href="http://scratch.mit.edu/">Scratch</a> which was designed by the MIT Media Lab as a creative environment that would allow children in particular to learn basic programming skills. In early 2013, Google got <a href="http://www.raspberrypi.org/archives/3158">behind</a> this idea and funded the supply of 15,000 Pis to schools in the UK.</p>
<p>Despite the educational ideal, the majority of the 1.75 million Pis sold have gone to middle-aged hobbyists who have put the devices to a plethora of uses. These range from <a href="http://wiki.xbmc.org/?title=Raspberry_Pi">media players</a> to a <a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/ted-bull-stratos-raspberry-pi-controlled-teddy-bear-babbage-beats-felix-baumgartners-skydiving-record-8785687.html">re-enactment</a> of Felix Baumgarten’s skydiving world record using a Raspberry Pi equiped teddy bear called Babbage who made a leap from 39,000 meters, transmitting data and video along the way.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/I41ooQQ_RIw?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Babbage makes a leap.</span></figcaption>
</figure>
<p>This is not the first time someone has tried to create a low cost computer to try to improve computing literacy. In the early 1980’s the BBC teamed with the Acorn Computer company to create a personal computer called the <a href="http://en.wikipedia.org/wiki/BBC_Micro">BBC Micro</a>. Although popular with schools in the UK (80% of schools owned one), they were still relatively expensive at the time and their integration into the curriculum was limited by cost and more importantly by lack of skills required to teach using them. Eventually the Acorn computers were eclipsed by PCs running Microsoft’s DOS and Windows but the development gave rise to the ARM processors that power most smartphones today.</p>
<p>Although on the surface, the encouragement of computer science skills in school children may be seen as a laudable goal, one would have to ask whether these efforts are likely to succeed. More importantly, is the declining number of students taking courses in computer science simply an indicator that subject’s time has passed? </p>
<p>This question has been the source of much <a href="http://www.networkworld.com/news/2009/040609-hot-tech-skills.html">debate</a> in the IT industry, with people arguing that skills required for successful developers are not the highly technical and theoretical ones that come from a degree in computer science but those of problem solving, collaboration and communication. </p>
<p>Another problem with any sort of degree is that the technologies used by industry change so rapidly that anything taught at university has a very short shelf-life, making continuous self-training necessary in any case. </p>
<p>Others would argue that programming is a craft which requires little in the way of more formal training. Bill Gates and Mark Zuckerberg were both self-taught programmers who saw little value in completing their degrees.</p>
<p>In any event, it is unlikely that the Raspberry Pi will replace the home PC or tablets that are rapidly becoming their mobile replacement. The Pi will always struggle to match the simplicity and richness of a PC, iPad or Android tablet’s interface and access to millions of apps. Teachers are only now coming to grips with the ubiquity of laptops and tablets in the class and are unlikely to invest even more time on learning a new environment and technology.</p>
<p>While the manufacture of a million Raspberry Pis in the UK is an achievement worth marking, it is unlikely to make the Chinese technology manufacturers feel threatened in any way.</p><img src="https://counter.theconversation.com/content/18813/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>This week the Raspberry Pi Foundation announced that they had manufactured 1 million Raspberry Pi computers in the UK. In an age when the very thought of manufacturing anything outside of China would be…David Glance, Director, Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/41202011-11-02T03:38:26Z2011-11-02T03:38:26ZSteve Jobs, John McCarthy, Dennis Ritchie: three of a kind, and don’t forget it<figure><img src="https://images.theconversation.com/files/5099/original/jobsmccarthyritchie.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Left to right: Steve Jobs, John McCarthy and Dennis Ritchie</span> <span class="attribution"><span class="source">AAP/Yonhap News Agency, pepihasenfuss, hyoga (composite image) </span></span></figcaption></figure><p>Last month saw the passing of three pioneers of the information age – an age we more or less take for granted now. These luminaries were [John McCarthy](http://en.wikipedia.org/wiki/John_McCarthy_(computer_scientist), <a href="http://www.cs.bell-labs.com/who/dmr/index.html">Dennis Ritchie</a> and, of course, <a href="https://theconversation.com/topics/steve-jobs">Steve Jobs</a>. </p>
<p>Of the three in this cluster, only the latter’s demise registered as a zeitgeist moment worthy of the death of JFK or Princess Diana. </p>
<p><a href="http://www.telegraph.co.uk/technology/apple/8842737/Steve-Jobs-Bill-Gates-unimaginative.html">Gossip-laden reminiscences</a> are still percolating through the press in the wake of the Apple co-founder’s demise: What did Jobs think of Bill Gates and vice-versa? </p>
<p>That in itself is a metric of the spirit of our times, an era when the “geek chic” of gadget culture has become a badge of fashion, rather than the subject of derision. </p>
<p>Why has the public mourning for Jobs been so evident and sustained in comparison to the quiet exits of McCarthy, who died last week at the age of 84, and Ritchie, who was 70 when he <a href="http://theconversation.com/dennis-ritchie-father-of-modern-computer-programming-dies-3855">died last month</a>? </p>
<p>I teach elements of computing history in a variety of IT courses at tertiary level and all three are heroic figures in the annals of technology. </p>
<h2>John McCarthy: pioneer of Artificial Intelligence</h2>
<p>Computer scientist John McCarthy <a href="http://online.wsj.com/article/SB10001424052970203911804576653530510986612.html">coined the term</a> “Artificial Intelligence” in the late 1950s and through his work speculated that one day machines would mimic or even surpass feats of human intelligence. </p>
<p>A decade into the 21st century, McCarthy’s visions of intelligent computers are still in the realm of science fiction, so A.I. as an acronym was fast consigned to the curio bin to be replaced by more conservative terms such as “intelligent agents”. </p>
<p>If computers could act today as they do in the movies, such as HAL 9000 from 2001: A Space Odyssey, McCarthy would have been lauded as an intellectual hero in the Einstein mould.</p>
<p>(Amazing fact of the day: in the 1960s John McCarthy advanced the concept of computing time-sharing, which with a few tweaks here and there has been re-imagined in this day and age as the somewhat over-hyped “<a href="https://theconversation.com/topics/cloud-computing">cloud computing</a>”.)</p>
<h2>Dennis Ritchie: father of programming</h2>
<p>Dennis Ritchie was supposed to be solving the problems of the US telephone networks during his long tenure as a research scientist at the late, lamented <a href="http://en.wikipedia.org/wiki/Bell_Labs">Bell Labs</a>, but instead he created the <a href="http://www.howstuffworks.com/c.htm">C programming language</a>, arguably the first dialect written in the future present.</p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/5098/original/freeasinfreedom.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/5098/original/freeasinfreedom.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=902&fit=crop&dpr=1 600w, https://images.theconversation.com/files/5098/original/freeasinfreedom.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=902&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/5098/original/freeasinfreedom.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=902&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/5098/original/freeasinfreedom.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1134&fit=crop&dpr=1 754w, https://images.theconversation.com/files/5098/original/freeasinfreedom.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1134&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/5098/original/freeasinfreedom.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1134&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">freeasinfreedom</span></span>
</figcaption>
</figure>
<p>Along with colleague <a href="http://www.linfo.org/thompson.html">Ken Thompson</a>, Ritchie wrote the <a href="http://www.bell-labs.com/history/unix/tutorial.html">UNIX operating system</a> using his beloved C language, and the rest is history. </p>
<p>In the proverbial sense, a computer without an adequate operating system is about as useful as a rubber razor blade and UNIX proved to be the seed that generated the <a href="http://www.ischool.utexas.edu/%7El38613dw/readings/OpenSourceOverview.html">open source movement</a> in the guise of <a href="https://www.linux.com/learn/resource-center/376-linux-is-everywhere-an-overview-of-the-linux-operating-system">LINUX</a>. </p>
<p>Both C and UNIX are 70s icons that resonate in much of the technology we use today. For these achievements Dennis Ritchie received the <a href="http://www.uspto.gov/about/nmti/recipients/1998.jsp">National Medal of Technology</a> from Bill Clinton, but I suspect his real satisfaction was in being able to work in a corporate environment that allowed him to creatively tinker (and have fun) with ideas that may have been at times counter to core business. </p>
<p>Google’s success in the 21st century is partly due to the fact that it too allows its innovators to function akin to Renaissance thinkers in the spirit of Ritchie and his peers. </p>
<h2>Steve Jobs: da Vinci of our times</h2>
<p>Steve Jobs, too, was a modern, entrepreneurial version of Leonardo da Vinci. He was a latent polymath with idiosyncratic tastes. </p>
<p>Apple’s rise as the world’s dominant “cool” brand of information technology is due in part to its reawakening of the bygone notion that beauty coupled with engineering design can guide a richer user experience, one that’s driven through emotion as well as necessity. </p>
<p>Jobs taught us it was hip to love technology. But McCarthy and Ritchie gave us, in their own ways, technology we could really love.</p><img src="https://counter.theconversation.com/content/4120/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>John Lenarcic does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Last month saw the passing of three pioneers of the information age – an age we more or less take for granted now. These luminaries were [John McCarthy](http://en.wikipedia.org/wiki/John_McCarthy_(computer_scientist…John Lenarcic, Lecturer in Business IT & Logistics, RMIT UniversityLicensed as Creative Commons – attribution, no derivatives.