☆ Pratchett Does Sci-Fi

My attention was drawn to a new direction that fantasy author Terry Pratchett is taking. His Discworld series has been a huge success among a wide circle of people who find the Tolkien-informed, politically-aware stories clothed in a rambling fantasy universe compellingly funny.

He’s now working on a collaboration with serious sci-fi author Stephen Baxter. The first fruits of the collaboration is due out in June – a book entitled The Long Earth, which will apparently combine Pratchett’s insightfully quirky approach with Baxter’s hard-science-driven sci-fi. Wikipedia’s plot summary says:

The ‘Long Earth’ is a (possibly infinite) series of parallel worlds, similar to Earth. The “close” worlds are almost identical to ‘our’ Earth, others differ in greater and greater details, but all share one similarity: on none are there, or have there ever been, human beings. The books will explore the theme of how humanity might develop when freed from resource constraints: one example Pratchett has cited is that wars result from lack of land – what would happen if no shortage of land (or gold or oil or food) existed?

According to the Guardian, this new departure is actually based on ideas Pratchett was considering in 1986 before the Discworld series took off. I’ll certainly be interested – I’ve pre-ordered [links: US | UK].

☆ Is Windows to blame for viruses?

Bug engaged in exploitA historical post, for a change. A comment on a mailing list tonight – that something was “rather like blaming Windows for getting viruses” –  sent me exploring my recollections of CPU security on Intel chips from my days at IBM. I went scurrying to find a half-remembered explanation from the past of why, in addition to the larger user base making the target much more tempting, Windows has suffered from virus attacks much more than anyone else to date. I couldn’t find it straight away so this post is the result.

Before you add a comment, note I am NOT saying that the only explanation for Windows viruses is this technical one; obviously the huge attack surface of the giant user base attracts attackers. I AM saying, however, that leaving the door open for a decade hasn’t helped and is a major reason why the dominant form of malware on Windows is the virus and not the trojan.

Exploitation

All operating systems have bugs, and I suspect (although haven’t found any data tonight to confirm) that they occur at approximately the same frequency in all mature released operating systems. All operating systems that respect Shaw’s Law are also vulnerable to malware. Malware depends on identifying exploits – defects of some sort in system security that can be “exploited” to permit infestation by the malware.

Not all bugs turn into security exploits, though. In particular, in Unix-like operating systems like OS X, Linux and Solaris, it’s unusual for bugs to lead directly to security exploits; instead, most malware depends on user error or social engineering.  For an exploit to exist, there has to be a way to use knowledge of the bug to gain access to a resource that would otherwise be forbidden.  It certainly happens on *ix systems, but the operating system has checks in place to prevent the most common way of turning bugs into exploits.

Unauthorised Pokes

The most common way for this to happen (although there are many others) is for the operating system to fail to differentiate between data and program code. By treating code and data  as the same thing, a path is opened for malware to use a bug to push some data into a memory location (a “buffer over-run” or a “stack overflow” are examples of this) and then tell the computer to execute it. Hey presto – exploit. All an attacker has to do is push code for a virus (or a virus bootstrap) into memory and ask for it to be executed, and your computer is compromised.

Windows could have prevented this sort of thing from happening by exploiting ring protection offered by Intel x86 architecture from the 80186 chip onwards. A feature of Intel’s x86 architecture makes it possible to prohibit execution of data unless the program in question is privileged (“at ring 0”), usually by being part of the operating system. Application code at ring 3 can be forbidden from executing data.

Indeed, Windows did use ring 0/ring 3 differentiation for some jobs (skipping rings 1 and 2 for cross-platform technical reasons). But access to ring 0 – “able to execute anything you want” – was never prohibited. Doing so would have prevented legacy DOS code from running, so as I remember being told, Microsoft chose not to implement ring 0/ring 3 protection in Windows NT until it was completely sure that deprecating DOS legacy support would no longer be a marketing issue. That was in Windows 8…

Credit Where Due

So actually it’s somewhat appropriate to blame Windows versions prior to Windows 8 for being vulnerable to many viruses which exploited bugs in this way. The existence of the vulnerability was a conscious choice and a marketing decision; in OS/2, which had no legacy to accommodate, the ring 0 separation was enforced.

Yes, Windows also offers a larger attack “surface” because of its wide adoption, and yes, there are other exploit mechanisms. But this tolerated technical vulnerability is the root cause of a large number of exploits. So while it’s true that malware authors are directly to blame for malware, there’s also a culpability for Microsoft that can’t be ignored. Thank goodness Windows 8 has addressed this particular issue.

☆ IPEG-SA Announces Tapeworm Licensing

Tapeworm AdvertFollowing news that MPEG-LA have generously offered to sell patent licenses to implementers of the latest 3D-capable video standard, MVC, the world’s tapeworms announced they have formed a new collective inspired by the same principle.

Dubbed IPEG-SA (Intestinal Parasites Exploitation Group – Service Administration), they will offer humans the opportunity to license suitably sanitized tapeworms for a small fee. Charging only 10 cents per meal per worm, a representative said this was “an unparalleled opportunity to be assured that future infestations of the digestive system will be sanitary.”

The representative went on to explain the scheme in greater detail. “While humans may face risks from unlicensed infestations, sanitized tapeworms of the kind administered by IPEG-SA have acknowledged health benefits, especially for the control of obesity”, said the spokesworm. “We have been preparing this initiative ever since MPEG-LA announced they intended to offer licenses to implementers of the open WebM video format. We were impressed that, even though they had no hard evidence of any need for a license, they still went ahead and offered one. What inspiring innovation!”

IPEG-SA admitted they could not offer any assurance against other infestations, but noted that their fees – around $2 per week if snacks are avoided – offer tremendous value and were in no way “a tax on living” as some detractors claim.

☆ A Tax Whose Time Has Come

Dubbed “the world’s most popular new tax”, this proposal has gathered an amazing breadth of support globally, including world political and business leaders. Indeed, France and Germany are both committed to implement it during 2012 (although we need to scrutinise their commitments carefully looking for loopholes). It sounds like one of the things that should be on the political agenda for any elections that might be happening this year, no?

A tiny tax of a fraction of a fraction of a percent on all speculative bank transactions that don’t involve members of the public (read: high-stakes gambling with other people’s money)? That will raise in excess of £100 billion each year? From people whose insensitivity and abuse of society seems to have no bounds? That sounds splendid. I signed up.

[youtube http://youtu.be/qYtNwmXKIvM]

Seems there’s a Canadian page too.

☝ LibreOffice Matures

Now finally and firmly established as an independent entity, The Document Foundation and LibreOffice are a refreshing story of community triumphing over adversity. Read more over at ComputerWorldUK.

⚡ LibreOffice Video

Loved this new video that introduces LibreOffice in an easy and understandable way.

[youtube http://youtu.be/sloEMUt7n5Q]

It would be great to have some more LibreOffice videos like this and I know there are folk reading this who could make them – how about it?

♫ Eric Whitacre’s Grammy

Back in December I mentioned that Eric Whitacre’s wonderful choral album “Light and Gold” [Amazon UK | Amazon US] had been nominated for a Grammy award. Well … he won!

If you’ve not heard his choral music, I suggest you take a look at my posting about his Virtual Choir project from last year.

Congratulations, Eric!

%d bloggers like this: