handyfloss

They are not my favourite, they are not the best of the best… But, what the hell!, their personal info (quoted below) caught my eye. You can find the music of this group from Madrid at Jamendo. They release their music (at least this album) under the Creative Commons.

Feel free to try, download, burn and share their songs, below. You can find more Creative Commons music I like at my site.

Dowload me!
MP3 192k Ogg 260k MP3 192k Ogg 260k
# Nombre

Desde la salvaje y peligrosa selva madrileña, cual canario entre leones, como un elefante entre roedores, como una abeja entre las flores,surgen TONTO… el grupo que todavia no sabias que estabas esperando. Tras 5 años mirandonos el ombligo hace pocos meses que TONTO empezó su andadura grabando sus temas en los prestigiosos estudios ZZ bajo la tutela sonora del afamado productor de la provincia el Dr Gustafsson que tambien se hace cargo de las labores bajísticas. A las 6 cuerdas el inefable y peligroso Jimi “Yimi” rodriguez , en la bateria Missis Marta acariciando bombos, platos y cajas y a la voz cantante el atractivo y afeminado hooligan Kaiser José!

Many newcomers to Linux are appalled by the apparent need of using the feared CLI (Command Line Interface) in this OS.

This is partly FUD, because most everything can be done in modern Linux desktops that come with major distros (e.g. Xfce under Debian), through a GUI (Graphical User Interface).

However, this post does not try to deny the need of the CLI, but rather stress that an experienced user (if I may call myself so) finds himself doing 99% of his tasks from the command line, just because it is more comfortable and efficient in the long run.

As an example, the data that prompted me to write this: my computer (called Bart) has been up for 63 days so far. I also work on four other computers, called Casandra, Amphiaraus, Orpheus and Arina (through OpenSSH, of course). Part of these 63 days, I have had terminals open in all of the other machines (except Arina, the connection to which is automatically closed after 48h of inactivity, a.k.a. weekends).

All right, so the number of command lines typed in by me during the “lifetime” of these terminals (less than 63 days) are as follows:

Bart: 5047+934+782 (3 simultaneous terminals)
Casandra: 159
Amphiaraus: 114
Orpheus: 6289+4067
Arina: 313+242 (last 3 days only).

This data is not taking into account other terminal windows I have opened and closed in the meantime, and the fact that Amphiaraus has been up only 3 days, and Casandra just 18 (Orpheus 136 days, Arina 194).

Counting only 45 of the 63 days as laborable (5/7), it means I type 400 lines of commands per day, on average! It also means that my computer is keeping track of the last 18000 commands I introduced (not really, because I have set each window to “remember” just the last 1000 commands entered).

A screenshot of an Orpheus terminal below.

There is a (Spanish) initiative to gather info from Windows users who are trying to migrate to Linux (e.g. Debian Linux), and are speciencing dificulties.

Their objective is to make a ranking of “most annoying” or difficult subjects, so that Linux developers can work on ironing them out.

You can read more about it, and contribute yourself, at their blog (Spanish).

It’s getting old already. Not Firefox, mind you. What upsets, bores, or downright outrages me, are those “impartial” vulnerability reports that newspapers, blogs and web sites publish, regarding both IE and Firefox bugs and exploits.

The last one, so far, I found at menéame. Their source of info is an article at Hispasec. In the name of “political correctness”, they reveal a bug in IE, and another one in Firefox. The reader gets the impression, not only that no browser is perfect (which is true), but that both have comparable vulnerabilities, which is a screaming lie.

The IE vulnerability they report is that a web page with specially crafted OBJECT tags can stop IE from working, and leave it in a state where arbitrary code could be injected into it and then executed. Pretty scary news, if the second part is true.

The Firefox vulnerability, on the other hand, consists on a JavaScript code piece than can crash Firefox. The code snippet can be found here, or directly tested visiting this page. Beware that the latter will cause your Firefox to crash.

Now, they are comparing apples to oranges again. The IE vulnerability can render it in a potentially dangerous state, whereas the Firefox bug merely crashes it. Yes, it is grave. Yes, it is annoying. But it is not risky for your computer. Secondly, I visited the link above, and… hey! nothing happens here! What is this bug they talk about? Well, as it happens, I have the NoScript extension installed, so the rogue page could not execute its malicious JavaScript code and make my browser crash. I had to manually accept the site in the list of sites that my Firefox accepts JavaScript to be executed from, in order to have it crash my browser.

Which bug would you prefear to bear with, even not taking into account that the Firefox bug will be fixed much faster?

Suposedly it is an old story, but I found out about it today (pages one visits when staying too late at work).

The “content makers”, like film studios, singers, writers and so on, are day and night stressing how important it is to respect the copyright holders and not to pirate, in order to have the authors get their fair pay for their hard work…

Now, how freaking hypocritical is this, coming from a company who made this! What the link shows is that the Disney company blatantly copied the story, characters and scenario of a previous (old) Japanese movie called Kimba The White Lion.

The story goes like this: Disney “thinks” they own the rights, and start saying they are going to make a remake. Later on, they find out they don’t own such rights, so they start saying their movie is completely original, and denying that any of them knew anything about that Japanese Kimba thing. Truly outrageous.

I have read in menéame and Barrapunto (both in Spanish) that some folks have developed some tricks to solve Sudokus. Feel free to find more about it here.

According to ITWire, (I read it in Linux Weekly News), the use of Linux in China is relentlessly growing. I can not interpret the data, and don’t know how “promising” or “good” this is, but it certainly is significant, because pirated copies of Windows are even more commonplace than in Europe, so the low cost of Linux is not such a big incentive. However, Linux is still gaining market share.

Yesterday I went to the cinema and watched Spike Lee’s Inside man (Plan oculto is the Spanish title). I have to say that I wholeheartedly recommend this movie. It’s very well directed (although I don’t like Lee’s other movies all that much), and the photography is superb.

The plot is very nicely written and tied up together. There are, as always are, some weak points and things more or less difficult to believe. However, many real situations that actually happen every day are more difficult to believe, so…

For me that movie is what a movie should be. It tells a story the way the cinema should tell it. A book is a book. A song is a song. A picture is a picture. And a movie should be a movie. Each one has its tools and procedures, and this movie puts the ones of the cinema to good use, IMHO.

Writing the previous post lead me to read this Wikipedia article about the Sony DRM rootkit fiasco last year. Read it, because it is very interesting.

Among other things, I’ll quote the following (boldface emphasis mine):

Sony BMG released a software utility to remove the rootkit component of Extended Copy Protection from affected Microsoft Windows computers, but this removal utility was soon analyzed by Russinovich again in his blog article “More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home”, and revealed as only exacerbating the privacy and security concerns. In fact, the Sony BMG program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. In addition, this program was reported to install additional software that cannot be uninstalled.

So, the “solution” Sony gave to its screaming customers was worse than the problem they had previously caused!

Now, read what the Wikipedia article recomends to eliminate the risk of abuse from Sony (and others):

The XCP software can be prevented from installing in several ways. First of all, a user can refuse to purchase such copy-protected CDs, perhaps downloading the music from a digital music distributor. Second, it is possible to disable autorun so that the software will not run automatically (this can be done, temporarily, by holding the SHIFT key while inserting the CD). Putting a piece of tape on the outside of the CD will also prevent the DRM from running. An alternative is to use an operating system which the software does not automatically install itself on, such as Linux or Mac OS X, or running Windows under a restricted account instead of an administrator account, in which case the installation program will not have the sufficient rights to install the rootkit.

Quite remarkable is, also, the fact that the DRM scheme Sony wanted to force-feed into its customers, with the alleged objective of preventing copyright infringements, did actually breach a previous copyright, more precisely, a LGPL license (that of LAME MP3 encoding library). That is, they were stepping on the toes of some Open Source material: THEY, the defenders of artist and creator rights, were attacking US, the thugs that want a free-for-all right-smashing steal-fest of all kinds of materials!

Amazing the human boldness is. Truly amazing.

The McAfee anti-virus company Senior Vice President of Global Threats at McAfee, Stuart McClure (the more impressive a title, the less impressive the job) poured a bit of poison through his mouth, and ascribed the increase of rootkit attacks (into Windows systems, I suppose. But remember there are Linux rootkits. Linux is immune to virus, not to other attacks, including rootkits, intrusion via weak passwords, DoS attacks, annoying pop-ups and java scripts in web pages, etc.) to the Open Software movement (article at NetworkWorld.com here).

Now, this comes from a company that failed to properly handle the Sony rootkit threat, even though they had many customers calling for help. Mmmm, I see, rootkits are only a menace if they don’t come from huge corporations eager to squeeze our money out of us.

The link this cretin uses to blame the FLOSS movement is twofold: the first one is a post hoc, ergo propter hoc (sorry, I’m a pedant bastard). He implies that both FLOSS and rootkits are rising, and thus the latter is caused by the former. In related news, he also [could have] said that the global warming is caused by the decrease in the number of pirates, because there is a definite correlation between the two over the last 200 years (see it here).

His second link from rootkits to FLOSS is the web page rootkit.com. This web page is allegedly malicious, and helps people (crackers) create baneful (sorry, I woke up with a Merriam-Webster mood today) malware (as the page name, ehem, implies).

Now, I have a couple of objections to that reasoning. The first, and most obvious one, is that one can not blame the whole FLOSS community for some rogue members. The second is that… are those guys at rootkit.com rogue at all?

I did visit the web page, and the first article one stumbles upon right now is:

Ad-Aware is a poorly written anti-spyware program from Lavasoft. Running it gives you a false sense of safeness. There can be done numerous attacks against this software. I’ll show some of the problems and attacks in this write-up. Here’s just a summary of the most visible problems I’ve run into.
[…]

So, on one hand, it seems to be (and is) giving info to exploit holes in that program, but, most importantly it is pointing out those holes, PUBLICLY. If those dummies at Lavasoft cared about their clients and the quality of their product, they’d only need to read rootkit.com to find out what errors it has, and presumably hints on how to fix them.

One can only wonder how a publicly announced exploit can be of malicious use at all. Indeed, if the rootkit the cracker creates is Open Source, it becomes trivial to eradicate it. The rootkits that actually scare me are the ones that don’t get announced!

Remember that security through obscurity is a Bad Thing(TM). The security problem of the example above (Ad-Aware) is to be found in its bugs, not in the airing of them. The publification is a way to solution.

As Linus Torvalds says: “many eyes make all bugs shallow”.