odd_parity

Daklem! Izašla je Joomla 1.5, a sa njom vjerojatno i moje rješenje UTF-8 pitanja. Istina, ponajprije je u pitanju moj lijeni odnos prema blogu, ali hajde. Radi nekako. Ono što me više zabrinjava je blog sidebar modul koji, čini se, više nije u aktivnom održavanju i pitanje je hoće li itko napraviti verziju za novu Joomlu. Možda ću morati mijenjati modul za neki drugi. Šteta, ovaj mi je baš hercig, iako dosta stvari zapravo - ne radi.

A naši krasni političari... konačno sam čuo prvi hrvatski autentični politički komentar na temu globalnog zatopljenja. Izrekao ga je glavom i bradom naš vrli Premijer. I dok bi mi bilo vrlo drago čuti neku pametnu o našoj strategiji borbe protiv nastupajuće pošasti, možda čak i nekakvu hrvatsku strategiju prilagodbe klimatskim promjenama - sve što sam od Premijera Doktora Doktora Ive čuo je - da je, između ostaloga, globalno zatopljenje jedan od sukrivaca za nedavni val poskupljenja i inflaciju koja se počela otimati kontroli!

Naivan sam, priznajem. Našim će političarima problem globalnog zatopljenja biti zgodna priča za malu djecu, a da je riječ o surovoj stvarnosti shvatit će otprilike one godine u kojoj će razvijene zemlje završiti svoj proces prilagodbe novonastaloj situaciji. Dotle ćemo se sprdati sa glupim strancima koji se ukopavaju pod zemlju, umjesto da uživaju u dobrobiti sve duljeg ljeta...

In April 2007. Office for e-Croatia (governmental body responsible for all things e-related) proposed introduction of ODF format as a national standard. It is in power of e-Croatia office to govern over IT strategy in Croatia public sector, but the standards are the responsibility of CSI Croatia (www.hzn.hr), which is an ISO member and responsible for national standards.

The TO Z1 panel (responsible for information technology) accepted the proposal and started a procedure, which takes about two months in which members can discuss the proposal. If there are no objections given, the proposals are accepted.

However, in this particular case, Microsoft announced objections shortly before the deadline, thus delaying the resolution of the proposal, and maybe even forcing rejection of the proposal. Due to the secrecy that shrouds the work of CSI, I can't tell what the objections are, nor whether Microsoft has majority of its business partners as members of the panel (although it is very likely so), but the last minute objections are confirmed.

Why would Microsoft do that in such an insignificant country like mine? I would say that the local office is just playing along the line of the headquarters, fighting for OOXML and against ODF wherever they can, so even the small battlefields are important. Croatia is not a part of European union, but we're likely to get there in a few years, and we are bordering the EU and participating in a way. Microsoft is surely trying to get some ground in EU, and emerging EU member is not a bad target.

Microsoft might as well be buying time in Croatia. If the ODF proposal is accepted, this would open the door for Office for e-Croatia to introduce compulsory use of ODF format in governmental bodies, which could lead to dramatic decrease of MS Office sales in Croatia. (e-Croatia never announced such a thing, but FLOSS is no stranger to them, either)

Therefore, it would be wise to use the power within the CSI panel (where, I have a strong feeling, Microsoft and its business partners make up for majority of votes) to at least delay acceptance of ODF format, then hope that OOXML is going to be accepted by ISO in a months time, giving e-Croatia no time for any action that Microsoft might not like.

And, if the OOXML is accepted and gets the status of ISO standard, Microsoft could muscle CSI panel to quickly reject ODF and accept OOXML, since hey – it's ISO!

Even if things don't turn out that way, there's the possibility that Microsoft might force OOXML acceptance by sheer voting power within the panel, although I believe that in the case of OOXML failing ISO approval, Microsoft would not dare to display such power over entire nation, at least not while in the limelight.

So, Croatia seem to be in a stalemate at the moment. Microsoft having a huge influence in local standardization body and enough power to stall acceptance of an ISO standard, yet without its own standard that they could replace ODF with, their strategy seem to be slowing down the process as much as they can, hoping that Ballot Resolution Meeting at the end of February might resolve well for OOXML, in which case they would have a strong argument to remove ODF from the scene for good, at least in Croatia. This would mean another few years of MS Office monopoly in our government.

A lot of money is to be made, and Microsoft isn't going to let it go. The fact that the country is overdebted and that we're not doing quite well economically doesn't matter.

What does, however, is the fact that Microsoft and business partners are clearly abusing CSI panel for their own selfish interests, where they as members should think only of the benefit for the people of Croatia.

Prague by night – is magic. The old city is captivating, and just a little spell of snow on the rooftops makes it incredibly romantic. After the holidays not so many a tourist roam the streets, so I really can feel for the architecture and immerse myself in the city as it used to be centuries ago.

Oh, and the beer is superb; not to mention local place with good and inexpensive food. But, wait – my intention was to write about OLPC, not the (structural) architecture.

New Scientist published an article about increasing computing power in third world nations, and the concern that this will cause spread of malware and creation of malware hotspot in Africa. While the concern is genuine, what I found so uncool in that article is the fact that the OLPC project was taken as a bad example to support the concerns. The article states that increasing computer power in Africa is leading to more malware spreading in that area, which is true; the concern about non-adequate or nonexistent cybercrime law in those countries is genuine as well, if not a little bit unjustified – as if people in Africa don't know how to make a cybercrime law. Ok, there is the point that corrupt government of impoverished nation might not care at all about any law that doesn't fit it's pockets, but this is political issue, far out of reach of technology.

What I believe is wrong in that article are two things: raising alarm about potential cybercrime haven in Africa, and depicting OLPC as a tool that will be used to launch cyber attacks on computers.

The first issue is wrong, because it seem to imply that the people in Africa are irresponsible, lazy bunch of ignorant users that won't take care of computer security, thus creating a pool of computers readily available for black hats to exploit. Before we say such things, we should be aware that the most of irresponsible, lazy ignorant users are living in developed nations. That's the fact – many “ordinary” computer users don't care much about security of their computers, and this is the malware pool of today. Africa will surely join that pool in some time, but it would be just an extension of it, not a New World. If we are irresponsible users, how could we talk about Africa becoming a malware haven and not looking back at our own pool of mud? And, how do we know that African countries might not take advantage of wast amount of security knowledge and practice that has been accumulated in developed world over the decades, and couple their advancement with sufficient security measures? We don't, but let's just prejudice that they are going to be lazy and ignorant just as we were...

On to the second issue...

The article has a nice, big picture of black children with their OLPC computers, with a sentence “A laptop each, but new worries too” underneath it. Another picture is on the table of contents page, with a line “Unwitting hosts to malware?”. The article is talking about two projects – Classmate and OLPC as possible paths to increase usage of computers in developing nations. While the article is fairly treating both platforms as equally troublesome if black hats discover flaws in their security models and use them as botnet agents of vectors for malware, OLPC is in the limelight, probably not because the author wanted it to be, but because editors in the magazine decided to couple the article with a picture of children using OLPC.

This is another example of media treating OLPC with negative attributes. It seems that most of the media doesn't really understand that OLPC is not just a green little laptop for poor children, but a educational platform. They keep looking at OLPC as if it's cheap bastard of modern technology, something that should be thrown at poor people just because they can't afford to get a decent laptop running Windows. They don't see the big picture, and so they make mistakes. I believe, if I were to think about OLPC the same way, I'd agree with them that this silly little green laptop is a mere toy, underpowered and with an OS that is so strange and nonconforming to modern standards, it's a waste of time, or at most, a thingie for little kids to get used to computers, so they won't run away at the sight of the real computer.

New Scientist could, instead of the picture of little black children with OLPC put a picture of little white children with Classmate, but that's not as good as having some black children there, to underline the point that the threat of future malware bonanza is coming from poor African countries. Well, not that, of course, I believe editors thought that picture of black children represent Africa better than a picture of white children.

Whatever the reason is, the fact is that OLPC is pushed in front of Classmate as potential troublemaker. Given the fact that OLPC is a Linux computer with quite unique set of features (and security model yet to be cracked), and the Classmate is (less) powered-down “real” PC with Windows, I'd rather say that Classmate presents better target for black hats.

This just isn't right – OLPC is being viewed by media as just another wannabe PC with Windows-for-poor, and because of that it gets bashed by the same media for things that they think OLPC should deliver, not what it is designed for. Now, even New Scientist (unwittingly?) joined the ranks of clueless media. I would expect them to be better at unconventional things connected with science, but everybody slips sometimes.

In defense of OLPC (and to remind them that the malware writers target badly maintained computers regardless of region or wealth of user), I've sent them this letter:

Malware isn't a poor man's illness

In your magazine issue from 15. December 2007. there's an article about the danger of spreading malware threats trough advancement in computer use in developing nations, written by Michael Reilly.

While the article does raise an issue of proliferating malware on ever more increasing number of personal computers, I certainly do not agree that increased use in third world nations is going to explode the criminal market of botnets and corresponding attacks, or at least become biggest contributor.

The main problem of malware isn't the number of personal computers, but what I call “computer hygiene” - a process of (actually) understanding the threats, knowing that everyone is vulnerable, and having a habit of “healthy” computing: having antivirus and antispam software installed on your computer, and not clicking on tempting e-mail messages or web sites that promise wealth, free porn or unfair advantage over other men, and having up-to-date OS. On a corporate scale, this would equal to having up-to-date software, and a good security policy.

This hygiene is something that unfortunately most computer users and some companies too are lacking, and that bad habit is not confined to poor uneducated people in third world countries, but everywhere, including most developed nations.

The article seem to imply that giving third world people computers is going to make matters worse, and that is rather awkward, maybe even racial. The fact is that the spread of malware today is attributed almost exclusively to bad hygiene of people in developed parts of the world. Is there a reason, beyond the fact that the huge percentage of installed computers are in the richer countries?

Computing and data transfer in third world nations is really expensive, as is correctly stated in the article. There are few computers with few and very expensive links. There's certain incentive for the people using such expensive computing power to try to keep it as clean as possible, because every malware proliferation or attack is costing them noticeable amount of money.

On the other side of the globe, our developed user has cheap flat-rate Internet, and has a habit to reinstall the computer every while, mostly because of poor “computer hygiene” - installing loads of unnecessary software, trying out many different things, and clicking on that “enlarge parts of your body” messages, or staring at nude pictures – because that's so cheap and barely can have a monetary impact on our developed surfer.

Every malware action, be it sending spam to other people's computers, or launching a Denial of Service attack – is expensive action in third world. People do check their bills and they do notice that they have spent more money than they usually do. Even more, they have a habit of turning off their computers after they're done, reducing the electricity bill as well.

As for more developed countries, I've heard some of people tell me that they know they're infected, but they don't care, because “it doesn't do anything bad to their computer”. This level of selfish ignorance is typical for someone who's got cheap Internet access and doesn't have to worry about the phone bill, so the bad user behavior certainly is much, much more evident on the richer side of the world.

The issue of bandwidth is one more thing to consider. Developed nations have the most bandwidth, and the fastest point to point connections. That is to say, developed surfer has much (sometimes hundreds of times) thicker bandwidth pipe for his personal use than his counterpart in third world.

And, malware isn't patient. There's no point of turning third world PC into a spam agent, if he can send just a handful of spam messages per day. And you can't really launch a DoS attack using computers on modem lines these days, mostly because your targets probably have bandwidth of the entire third world nation on their behalf.

On the other hand, developed world PC stand a good chance to be turned on 24 hours a day, sitting on a nice, fat pipe. Such computer could send tens of thousands of spam messages every day. Therefore, a third world computer, the one that's on for just a few hours a day, on a slow modem line, isn't a desirable target for malware writers. Of course, even the third world nations are going to get faster Internet access over time, but so will developed nations too, and the bandwidth divide isn't going to be smaller; we will have even faster computers on even faster pipes, and again the third world isn't going to be the preferred target for e-criminals, as long as there are so many fat sitting ducks in the developed world.

Is there a threat of developing nations becoming a hive of malicious activity? Surely, there's a potential. However, this isn't going to happen in such a catastrophic way, and we must keep in mind that third world countries might catch up on computer security as their computing power increase; and, since the cost of computing in such countries is higher than in developed world, people will have better incentive to check the health of their computers, thus making the country harder to penetrate and more costly for malware writers and users. Instead, they might just as well keep up with increasing number of developed world users that don't care about their “computer hygiene”.

What is probably the worst point in the article is linking OLPC initiative with the fears of increasing cyber-threat from third world nations. What was the point of including the picture of African children using OLPC laptops? The article is talking about two “possible ways” to increase percentage of computer users in Africa (and therefore increase cyber-crime on that continent). The one is OLPC, the other is Classmate. Being an essentially commercial venture of Intel and Microsoft, I will leave Classmate laptop advocates to defend their position. (as a side note to the editor: why didn't you include the picture of white children with Classmate PC's istead of the selected picture?)

OLPC on the other hand is an educational, not commercial project, and as such is not targeted at penetrating commercial products (Intel hardware and MS Windows, as is the case with the Classmate) to new markets. Instead, this laptop is about learning how to use a computer in a new and creative way. If you could spend some minutes with an OLPC laptop, you would knew that it's quite a different experience from what one usually does with a computer. This, of course, doesn't make it immune from malware. After all, it's just a computer like any other, and there's no computer that can't be compromised in some way.

However, it is important to notice two things: OLPC is running Linux, an OS that has proven as much more resistant to malware than Intel/Windows based computers, and it's internal structure makes the OLPC less likely target for malware: it's got slow CPU, it doesn't have many nifty new features and well known API-s that can be targeted; most of the time it might not be connected to any network; and, it's got a very bad kind of user – a curious little child.

We are underestimating the brain power of those kids that get the OLPC, and brand them as typical computer users from the developed world. There, I believe, we make a big mistake. While our children usually indulge in various computing platforms and plethora of software, a child that's got just that cranky green laptop is probably going to stick to it and try to understand as much of it as it could.

That makes an excellent pool of wiz kids who know a lot about their laptops. So, not only you'd have to write a malware that could attack an OLPC computer (and probably won't work on anything else), you'll be stacked against unknown number of smart kids that might be able not just to detect your malware, but perhaps even remove it and take action to prevent you from using the same trick again.

All in all, the article does raise a valid question about spreading malware to third world countries; this is certainly going to happen, but as long as there are so many ignorant users (and companies), developed countries are going to be more attractive targets. We shouldn't blame third world countries for our own lack of hygiene!

I am sure that you will agree with me that using OLPC to depict such a threat is just not right. Turning educational device into a malware factory just because it is being distributed to third world school children is very rude, implying that they are not going to be able to responsibly use the technology. I'd take a chance to remind you about an article in one issue of New Victorian Scientist, where the author mentioned the dangers of giving away the new and shiny steam engines to people in colonies: “As we all know, steam engines revolutionized the world, but they produce thick and unhealthy soot - that is clearly visible on our streets and houses. If we're going to give steam engines to the natives in our colonies, they might use them heavily for their own purposes. This is all fine, but there's certain risk of all that smoke being wind driven to the London.”

(Update: dobro obavješteni izvori kazuju mi kako je Vip ove godine imao veći broj SMS čestitki nego prošle! Drugim riječima, moji frendovi i ja vrlo smo nereprezentativan uzorak za bilo kakvu smislenu analizu! :-)

Daklem, ovako mi još nitko nije poželio dobar početak godine...

Putujemo, tako, cura i ja, njen bratić i njegova cura u Samobor, u nadi da će biti kakvog vatrometa... kad, spazimo četiri cure koje u majicama stoje sa druge strane ograde. I kako smo mi naišli vozilom, tako su one - zadigle majice!

Dakle, tako što mi se u životu još nije dogodilo. Ok, cure su ispod majica imale grudnjake, ali bitna je dobra volja. :-)

Doček na trgu bio je nikakav, tj. nitko ga nije organizirao. Spontano se okupilo nešto ljudi, a neki dripci su bacali podebele petarde od kojih se treslo po cijelom trgu, a meni je čak i nešto snijega palo na glavu. :-) No, oraspoložen gore navedenim lijepim željama za 2008. godinu, nije mi smetalo. ;-)

Hmda.. evo i jednog osvrta - domaći mobitel-provideri ove godine nisu izašli u javnost sa obavjesti koliko SMS poruka su građani poslali za blagdane, sa izgovorom da podaci više ne bi bili točni jer resurse dijeli više providera. To je načelno istina, no istina je i da unatoč tome jest moguće izračunati koliko je koji davatelj usluga preko sebe prebacio SMS poruka. To svakako nije tako jednostavna operacija kao puko izračunavanje ukupnog broja SMS poruka, ali je uz ne tako pretjeran trud itekako izvodivo - uostalom, da nije tako, to bi značilo da billing sustav ne radi kako treba - a to, budimo sigurni, nije slučaj.

Vjerojatniji razlog je što ta operacija traži malo više rada, a rad košta, pa je upitna isplativost (davatelju usluga) dodatnog truda. No, možda je tu i nešto više: dok sam prijašnjih godina dobivao (i slao) čitave divizije SMS poruka za blagdane, ove godine sam za Božić primio šest ili sedam, a za Novu - točno šest SMS poruka. U mom slučaju riječ je o četverostrukom ili peterostrukom padu prometa; pretpostavimo li da je slučaj sličan i među drugim korisnicima usluga (a dosta mojih frendova je potvrdilo taj trend), možda je pravi razlog neobjavljivanja podataka činjenica da je masovno slanje SMS čestitki prestalo biti u modi, pa je promet lagano opao. Čak i ako je promet samo upola manji nego prošle godine (a ako je suditi po mom slučaju, promet je četiri puta manji), to svakako nije vijest s kojom bi davatelji usluge rado izašli u javnost.