☆ Pratchett Does Sci-Fi

My attention was drawn to a new direction that fantasy author Terry Pratchett is taking. His Discworld series has been a huge success among a wide circle of people who find the Tolkien-informed, politically-aware stories clothed in a rambling fantasy universe compellingly funny.

He’s now working on a collaboration with serious sci-fi author Stephen Baxter. The first fruits of the collaboration is due out in June – a book entitled The Long Earth, which will apparently combine Pratchett’s insightfully quirky approach with Baxter’s hard-science-driven sci-fi. Wikipedia’s plot summary says:

The ‘Long Earth’ is a (possibly infinite) series of parallel worlds, similar to Earth. The “close” worlds are almost identical to ‘our’ Earth, others differ in greater and greater details, but all share one similarity: on none are there, or have there ever been, human beings. The books will explore the theme of how humanity might develop when freed from resource constraints: one example Pratchett has cited is that wars result from lack of land – what would happen if no shortage of land (or gold or oil or food) existed?

According to the Guardian, this new departure is actually based on ideas Pratchett was considering in 1986 before the Discworld series took off. I’ll certainly be interested – I’ve pre-ordered [links: US | UK].

☆ Is Windows to blame for viruses?

Bug engaged in exploitA historical post, for a change. A comment on a mailing list tonight – that something was “rather like blaming Windows for getting viruses” –  sent me exploring my recollections of CPU security on Intel chips from my days at IBM. I went scurrying to find a half-remembered explanation from the past of why, in addition to the larger user base making the target much more tempting, Windows has suffered from virus attacks much more than anyone else to date. I couldn’t find it straight away so this post is the result.

Before you add a comment, note I am NOT saying that the only explanation for Windows viruses is this technical one; obviously the huge attack surface of the giant user base attracts attackers. I AM saying, however, that leaving the door open for a decade hasn’t helped and is a major reason why the dominant form of malware on Windows is the virus and not the trojan.

Exploitation

All operating systems have bugs, and I suspect (although haven’t found any data tonight to confirm) that they occur at approximately the same frequency in all mature released operating systems. All operating systems that respect Shaw’s Law are also vulnerable to malware. Malware depends on identifying exploits – defects of some sort in system security that can be “exploited” to permit infestation by the malware.

Not all bugs turn into security exploits, though. In particular, in Unix-like operating systems like OS X, Linux and Solaris, it’s unusual for bugs to lead directly to security exploits; instead, most malware depends on user error or social engineering.  For an exploit to exist, there has to be a way to use knowledge of the bug to gain access to a resource that would otherwise be forbidden.  It certainly happens on *ix systems, but the operating system has checks in place to prevent the most common way of turning bugs into exploits.

Unauthorised Pokes

The most common way for this to happen (although there are many others) is for the operating system to fail to differentiate between data and program code. By treating code and data  as the same thing, a path is opened for malware to use a bug to push some data into a memory location (a “buffer over-run” or a “stack overflow” are examples of this) and then tell the computer to execute it. Hey presto – exploit. All an attacker has to do is push code for a virus (or a virus bootstrap) into memory and ask for it to be executed, and your computer is compromised.

Windows could have prevented this sort of thing from happening by exploiting ring protection offered by Intel x86 architecture from the 80186 chip onwards. A feature of Intel’s x86 architecture makes it possible to prohibit execution of data unless the program in question is privileged (“at ring 0”), usually by being part of the operating system. Application code at ring 3 can be forbidden from executing data.

Indeed, Windows did use ring 0/ring 3 differentiation for some jobs (skipping rings 1 and 2 for cross-platform technical reasons). But access to ring 0 – “able to execute anything you want” – was never prohibited. Doing so would have prevented legacy DOS code from running, so as I remember being told, Microsoft chose not to implement ring 0/ring 3 protection in Windows NT until it was completely sure that deprecating DOS legacy support would no longer be a marketing issue. That was in Windows 8…

Credit Where Due

So actually it’s somewhat appropriate to blame Windows versions prior to Windows 8 for being vulnerable to many viruses which exploited bugs in this way. The existence of the vulnerability was a conscious choice and a marketing decision; in OS/2, which had no legacy to accommodate, the ring 0 separation was enforced.

Yes, Windows also offers a larger attack “surface” because of its wide adoption, and yes, there are other exploit mechanisms. But this tolerated technical vulnerability is the root cause of a large number of exploits. So while it’s true that malware authors are directly to blame for malware, there’s also a culpability for Microsoft that can’t be ignored. Thank goodness Windows 8 has addressed this particular issue.

☆ IPEG-SA Announces Tapeworm Licensing

Tapeworm AdvertFollowing news that MPEG-LA have generously offered to sell patent licenses to implementers of the latest 3D-capable video standard, MVC, the world’s tapeworms announced they have formed a new collective inspired by the same principle.

Dubbed IPEG-SA (Intestinal Parasites Exploitation Group – Service Administration), they will offer humans the opportunity to license suitably sanitized tapeworms for a small fee. Charging only 10 cents per meal per worm, a representative said this was “an unparalleled opportunity to be assured that future infestations of the digestive system will be sanitary.”

The representative went on to explain the scheme in greater detail. “While humans may face risks from unlicensed infestations, sanitized tapeworms of the kind administered by IPEG-SA have acknowledged health benefits, especially for the control of obesity”, said the spokesworm. “We have been preparing this initiative ever since MPEG-LA announced they intended to offer licenses to implementers of the open WebM video format. We were impressed that, even though they had no hard evidence of any need for a license, they still went ahead and offered one. What inspiring innovation!”

IPEG-SA admitted they could not offer any assurance against other infestations, but noted that their fees – around $2 per week if snacks are avoided – offer tremendous value and were in no way “a tax on living” as some detractors claim.

☆ A Tax Whose Time Has Come

Dubbed “the world’s most popular new tax”, this proposal has gathered an amazing breadth of support globally, including world political and business leaders. Indeed, France and Germany are both committed to implement it during 2012 (although we need to scrutinise their commitments carefully looking for loopholes). It sounds like one of the things that should be on the political agenda for any elections that might be happening this year, no?

A tiny tax of a fraction of a fraction of a percent on all speculative bank transactions that don’t involve members of the public (read: high-stakes gambling with other people’s money)? That will raise in excess of £100 billion each year? From people whose insensitivity and abuse of society seems to have no bounds? That sounds splendid. I signed up.

[youtube http://youtu.be/qYtNwmXKIvM]

Seems there’s a Canadian page too.

☝ LibreOffice Matures

Now finally and firmly established as an independent entity, The Document Foundation and LibreOffice are a refreshing story of community triumphing over adversity. Read more over at ComputerWorldUK.

⚡ LibreOffice Video

Loved this new video that introduces LibreOffice in an easy and understandable way.

[youtube http://youtu.be/sloEMUt7n5Q]

It would be great to have some more LibreOffice videos like this and I know there are folk reading this who could make them – how about it?

♫ Eric Whitacre’s Grammy

Back in December I mentioned that Eric Whitacre’s wonderful choral album “Light and Gold” [Amazon UK | Amazon US] had been nominated for a Grammy award. Well … he won!

If you’ve not heard his choral music, I suggest you take a look at my posting about his Virtual Choir project from last year.

Congratulations, Eric!

♫ Sarah Jarosz – ‘Run Away’

This performance by 20-year-old Sarah Jarosz is completely magical. She’s supported by Alison Krauss and Jerry Douglas but there’s no missing her star quality. What’s more, the song is her own composition.

Superb stuff again from Transatlantic Sessions, which has become my favourite music TV. This is from Series 5 – I’ve added the DVD to my wish list!

 

☝ Eolas Verdict A Hollow Victory

With news breaking that apparently Eolas decade-plus attempt to tax innovation on the internet is finally over, I look at the context and find myself lacking reassurance in today’s column on ComputerWorldUK.

☆ How To Fight ACTA

Now that the US bills SOPA and PIPA have been put on ice, attention has returned to their parent, an international treaty called ACTA. I’ve written extensively about ACTA before, but in summary it is an international treaty that has been secretly negotiated to ensure as little input as possible from the citizens of any country.

While superficially about stemming the flow of counterfeit physical goods (ACTA stands for “Anti-Counterfeiting Trade Agreement“), the copyright and patent industries (music, movies, software, pharmaceuticals and more) have successfully infested it and the result is a trade agreement that substantially reduces the scope for discretion over new approaches to business on the internet.

While we are told ACTA “will not require changes to Europe’s laws”, it creates an environment where we can expect all the most controlling and invasive parts of every country’s laws to be emphasised and all the most flexible parts – such as fair use, the public commons and cultural expression – to be minimised. It’s a treaty that will be cited every time the USA wants to extradite a British citizen over copyright, for example – even when no law in Europe is being broken. Like DRM, ACTA quantises discretion and reduces all our freedoms.

Despite the fact it is obviously controversial – even the MEP tasked with working on it for the European Parliament quit – the European Commission saw fit to co-ordinate its signing by most European administrations last week. They are now ridiculing opposition to their actions and misrepresenting the impact of ACTA.  A clear gesture of defiance to the popular will expressed against SOPA/PIPA, this is anti-democratic arrogance at its worst and a gift to Britain’s euro-sceptics.

Mobilising MEPs

All is not lost, though. ACTA will come to the European Parliament in June for ratification, and there is every chance that MEPs can be mobilised to reject it. Since the treaty has already been finalised in secret and presented to the world as a fait accomplis, rejecting or accepting it whole are the only available options. But since, according to the European Commission, it changes no laws, presumably its rejection is no big loss.

I’m reminded of the battle by the Internet against the Software Patent Directive back in 2005. That too was an unwise legislative direction that would have seriously impacted European business by allowing giant monopolistic international corporations to stifle competition, even for interoperable software permitted by copyright law. MEPs had been told the Directive was a non-controversial piece of industry law that should just be waved through. The European Council waved it through on that basis.

To their surprise, there was a massive backlash from a large number of previously politically silent citizens across Europe, culminating in a huge protest at the European Parliament. MEPs were faced with a public backlash. While the actual mechanism for its defeat was obscure and complicated to explain, the basic reason the Software Patent Directive was defeated was that MEPs discovered they had been deceived and that the topic was in fact highly controversial and citizen-oriented.

We need to demonstrate the same for ACTA. It’s not a business-as-usual commercial-only matter. It’s a treaty that stifles the soul of the meshed society in the interests of the winners in the technology markets of the twentieth century. In the coming months we all need to speak out.

[First published on ComputerWorldUK]

<span>%d</span> bloggers like this: