Saturday, April 11, 2009

The Free Software Foundation and Open Source Initiative

Histories have come and gone by, we never stay to remember them, 'cause there's lot more to do, than to remember the chronology of our descend. But what we do remember is our drawbacks, own mistakes... whether it be 10minutes back or 10 decades old! I don't wish to impose any school of thought through this post, what I do intend, is to put up a comprehensive view of what the software movement has been in the for out IT industry what it is was and what promises it holds. Who all are the think tanks and what do they offer. I wish you to keep an open mind through this detour.....

It was back 4-5 decades down the line, when a MIT researcher was fed up with the proprietary licences that he had to manage in order to develop a new concept. The problem he had to face is that, most of his time he was concerned of the budget overruns rather than coding standards ;).

His name, as many of you would have guessed, was Richard Stallman, the father of Free Software and family head of Free Software Foundation! He had the novel idea of sharing....

"You are not humane if you cheat with your neighbours.....",

were his common words.

He started the much needed Free Software Foundation, which was NOT an organization or license but a movement, simply a mass movement.





FREE SOFTWARE FOUNDATION

Thought the flow of events are too long to discuss I wish to tell you how Operating Systems evolved and eloped:

1. I dont remember the first seeds of operating systems but, System V, developed by Kerningham and Ritchie was one the first and full fledged OS developed. They developed it on a very meek m/c.

2. Following System V, BSD( Berkeley Software Distribution ) also started knitting their own Operating System. Finally there was UNIX which was a development version of System V.

3. The UNIX operating system was becoming pretty famous, but the problem being, the source was not open to people.

This is what led to Stallman's thinking of equality, freedom to code and the Free Software Foundation. Influenced by the efficiency of UNIX he sat down to write the whole Operating System( he left the Kernel for the end ) on his own. This can be considered the very root of Open Source Community. Not surprisingly people joined him on his detour towards a new world where there was no owner but contributors galore.

Stallman remarks that he was amazed to see the pace at which patches were included into the system and he was delighted that this methodology worked. He named this Operating System as GNU - GNU Not Unix. But why such a name?? As GNU was much more like UNIX but it had a different philosophy all together, he wanted people to know that there's something different from UNIX, and "that" something is the sole reason GNU is being developed. Hence the Recursive Acronym.

When Stallman had finished the GNU set of utilities, he sat down to write the kernel that would make the system complete( right now GNU utils were made on UNIX ). Interesting development took place at this step, a Finland Phd student was writing a kernel on the very same lines and amazingly he had completed it before Stallman could do it! He was none other than Linus Torvalds.

Linus himself thought on the lines of freedom to source and mild licensing. The GNU took Linus's kernel and attached their patch of utilities. By the while, Linus maned his kernel Linux as it meant Linus+Unix=Linux. The duo of Gnu and Linux is till date famous as GNU/LINUX. Here's a pic of the same.



The Linux Tux flying under the Gnu Bull, Gnu/Linux duo :D

The Open Source Initiative



OSI Trademark Logo

The open source initiative to me was more of a "Commercial Move" aimed at popularising the "Openness of softwares". The benifit? Well, by the name of Free Software Foundation it seemed like they were talking of the "Free Beer" more than "Free Speech"! There were not much of industry involvement or support to the FSF, simply because they didnt see any profitable marketing strategy and the FSF philosophy was more of a NGO... heh.

Open Source Foundation took the task of commercialising the very basics of FSF, though obviously, with some changes. I would not jump to the theoretical aspects, rather would take an example to illustrate the same.

UBUNTU

Known as the household face of "Linux". Here are some facts that'll spill the can of beans, right in front of you.... hmmm. So the first question is, what is Ubuntu, Open Source or Free Software, well it's an Open Source product. Free Software would not have allowed to have any proprietary software support, but Ubuntu has repositories which openly support binary only softwares. Take for example the RealPlayer for Linux, Flashplayer Plugins and lots more! If Stallman was to endorse Ubuntu, he simply would have stripped all those binary only softs.


But dear frnzz, if Open Source would not have been there... Ubuntu wouldnt have been whats it's today... the commercial benifits it claims as having openess to all... whether Proprietary of Free software, is what fills up it's cashbanks. But on the same hand, whatever activity or project it takes up are per Free Software standards.

Undoubtedly.... Open Source has had a practical approach to survive in the market! Some people have called Free Software Foundation as being communal( Communal -- Forcing Some Act ), I personally feel.... having a rigid and unbending view has been their problem.... that is why they never became a reality, remained a mere movement! Open Source has taken the steps in the right direction... and you might find Stallman screaming around.... telling peopple that they are DIFFERENT from OSI. For the facts GNU Operating System is perhaps one of the few "Free Software Project" under the Operating Sys catagory, you might google others, I dont really care.

Open Source or FSF... why should I do it ??

Many of my friends and a new budding programmer asked me recently. Whats the initiative to work in Open Source after all.

I dont want to convince anybody, I work in open source because I love to code, and Open Source projects is where I have no restrictions to learn, read, code and contribute. I love to help my neighbours and if that needs some initiative, you better start preparing for a English Vocab paper as Microsoft have changed strategies for new employees :)

Conclusion

The talk is highly shortened, partly because I've my exams up sleeves and because the History is never easy to interpret. But my feeling about the whole OSI and FSF thingy lies on the commoness of ideas and NOT on the differences. Where FSF is an ideology, Open Source is it's realization and in real time dynamics you need to have optimization( i sound an Engineer here ;) ).

Whats important for me is, if the source is made open... i can use it for modifying... I can code because I love it... I have access to the most intricately written media players, chat clients and his highness.... Kernel! I dont care a damn of what people make out of differences b/w FSF and OSI. I am with the concurrunt views.

May the Source be With you!

Thursday, April 9, 2009

ORKUT HACKED.... JOTIKA LINKS, PORTUGUESE LINKS...

Well it has been a fascinating overnite having tryst with the UGLY security of Orkut and the way it manages Cookies. If you are having your About me changed to Junk/Vulgar links of Jotika Sex Chat or Portugese Sex Chats... then this the place you are looking for to secure. I'll tell you how they are hacking the account so that you may understand the solution with affirmation....

HACK

Cookies are basically stored on your computer when you log onto Orkut. But why? Suppose you are navigating from one page to another, orkut has no way to tell if that navigation is secure until and unless you give it the password. But giving a password everytime will be cumbersome. So to avoid that Orkut saves a certificate on your computer, in the form of a cookie telling that if a request has the cookie information attached( as it is a local information only the owner has it right now ) then the navigation is secure.

Are cookies permanent? NO

Cookies have a lifetime which is defaulted to Session, i.e. as soon as you logout your cookie is destroyed. Orkut specifically has Session Lifetime.

So when you log in again a new cookie is assigned... have a screenshot of the cookie information...



How are they hacking it... if you click a malicious link and you have the cookie stored at that time... you are done!

The cookies is sent over the net to the hacker, he edits his own cookie with your information... as long as you dont logout the cookie holds goooood and you will be raped all angles :P.The links they are keeping on hacked profiles are malicious so if u click them u'll compromise badly.

SAFE BROWSING

Those who didnt get hacked, dont click any malicious link or hacked profile links! A higher precaution can be to logout after each use and not keep the account idle for exploits...

Those who got hacked.... do the following

1. Change the pic, aboutme, your sex, orientation and wat not :P
2. Remove the malicious communities from the account... see for malicious friends!
3. Logout immidiately..... actually as u'll goto the commmunity to remove it... they'll get your cookie! It takes time to process it... 5-10 min atleast.... make your changes and logout... the cookie will be destroyed.
4. Obviously the "Non hacked users" rules apply :P

Happy Orkutting, Chirkutting ;)

Saturday, April 4, 2009

Pen Drive Security System

Recently I with my team-mates made a solution to a problem statement released for an Intra Collegiate Event. The problem( in brief ) goes as follows:

1. You have to design a Pen Drive security system that resides on a Pen Drive, does no installation of software on a Operating Client and provides on the go run facility, as in plug and shoot.

2. The security should be two leveled where the Files are encrypted with a Key and a suitable algorithm( the key will generally be random ). The key has to be stored in a way so that it is secured via the main password that the user shall hold or the private key.

3. The software should preferably have a nice looking GUI, extra points for Native look.

Our Approach:

1. As the system has to be supported fully on a Operating System we definitely cannot assume packages like Java to be installed which can easily be the best choice for a platform-independent choice. Packing a whole JVM was a waste of effort as it'll take huge amount of space.

2. We used GTK+-2.0 for the same reason. Being a small and a protable library and having a cross platform support in Windows/Linux we'll have enough to say in terms of portability. Also the look and feel of GTK is far-far-far better than say Java-MOTIF or else!

3. The software installed will have two layers of security

(a) The master password which will be held by the master user.( there will be user accounts just
as in unix etc )

(b) A random key will be used to encrypt a file sored under the device. The random key will be encrypted via the master password and stored as the first bytes of the file. The Encryption algorithm used shall be of highest quality, namely, AES!

Have a look at the snapshots and u'll have a good feel of the software :)