Sourced

I’ve been dealing with a lot of security issues for friends and clients using Windows XP and Vista lately. For many of them, the best solution was for me to backup their important files, reinstall their operating systems, and set them up with tighter security so that the virus that got them in the first place hopefully wouldn’t get them again.

It’s not that my clients did anything wrong. Most swear that the last healthy, operational session on the computer consisted of some simple email checking or an instant messenger conversation. And I believe them, especially since I noticed many victims of this little surge were using Yahoo email accounts.

The plain truth is that Windows isn’t great when it comes to security. A little adage I’ve come up with is: they don’t call it ‘Windows’ because it’s a fortress. Even if you aren’t performing the classic hallmarks of insecure computing such as downloading random and questionable files or surfing illicit websites, just using Windows is itself one of the hallmarks of insecure computing. Because of that, you have to put in some work to tighten the loopholes, but even then there are pitfalls to overcome since many of the popular programs that claim to enhance security don’t actually help that much at all. Spending money on marketing is pretty much all it takes for a large company to buy itself a good reputation, which the “black hats” who write the malicious code and the “white hats” who work against them know only too well.

So what’s the solution? Well, since total security probably only exists in laboratory vacuums, the best option other than using a more secure alternative operating system is to mitigate the risks by using an informed and tested combination of software. To that end, I’ve listed some of the tools that I’ve come to prefer. There are of course other options, but these are the applications I can vouch for.

Anti-Virus and Anti-Spyware

This is the keystone of your computer’s security. Although ClamWin will easily detect most viruses as a manual on-demand scanner (and the portable version is an indispensable part of my repair kit for that reason), and you can schedule full-system scans to occur automatically, it doesn’t include an on-access real-time scanner function. In other words, it doesn’t actually shield you or stay open in the background (but note that there is an add-on for Microsoft Outlook that will have it automatically scan email attachments).

Given that ClamWin is the only real noteworthy anti-virus contribution from the open source community, but that it does not offer this crucial feature, Windows users that want to be actively protected will have to turn to closed source solutions. Right now, the freeware anti-virus I recommend for always-on usage is the free version of AVG Anti-Virus, which has good performance, a well-updated virus library, and a large userbase. Add to this the full-featured, but proprietary anti-spyware tool Spybot: Search and Destroy, which has a root-kit detection component that you can use, and you’ll have all your bases covered. For people that don’t mind paying though, Kaspersky Anti-Virus and NOD32 are anti-virus scanners that have very good detection rates.

Let it be made clear though that if a free and open source project were to step up to the plate and deliver an anti-virus and anti-spyware solution with active, real-time monitoring, I would be first in line to check it out and support it. Developers, where are you?

Firewall

This is the first line of defense for your security. Again, I’m sad to say that my honest opinion is that the open source community hasn’t provided any truly viable solutions for this. There are a couple of disperate utilities for administrators, but they just aren’t even worth mentioning to end users. It pains me to see such an obvious niche remain unfilled by the open source community. So until a substantial OSS project emerges, I’d recommend using ZoneAlarm Free Firewall or Comodo Firewall. They’re both free, actively developed, and well-tested.

System Hardening

Though the above programs hunt malicious code and monitor your system’s network to prevent dubious connections, they do not actually “harden” the Windows operating system itself. To give one example, most Windows machines come with a hidden, passwordless account called “administrator” that anybody can use to login to your machine. While most people think it’s enough just to get “the big two” taken care of (anti-virus and firewall), this part of Windows security almost always seems to be unwittingly overlooked. Xpy (or Vispa if you use Vista instead of XP)is a compact but powerful open source tool that seeks to disable and fix these kinds of openings in the system itself.

It’s easy to use, but make sure you read up on all the settings before applying them. A quick perusal of the site’s FAQ is a good idea. Just as a friendly tip, I find it best to run this after installing all the other security programs, doing all the post-installation Windows updates, and all the restarts. Also, make sure you have already set a password for your system account before you run Xpy.

Encryption

This is where the open source community has done a particularly commendable job. For sensitive files that you want to store safely or use regularly, nothing comes close to TrueCrypt. The sheer variety of encryption types that it offers combined with its wide range of sophistacted features like “hidden volume-within-a-volume,” all topped off with the reassureance of plausible deniability makes this the undisputed leader in folder and partition encryption for people “in the know.” Windows users can even use it to encrypt their entire filesystem, including the boot-up files.

When it comes to sending a couple of files across the Internet easily and securely, the 7-Zip file archiving program allows you to make archives of files and folders and protect them with a password using strong encryption. You can create small Truecrypt containers and just send those of course, but that requires the recipient to download and install Truecrypt as well. 7-Zip on the other hand has the option to create the archive as a self-extracting executable file, for which the recipient need only use Windows to access the content. Of course, if you are sending to somebody that does not use Windows, then just don’t package it that way, obviously.

Secure Deletion and Wiping

Again, the open source community’s offerings here are unrivaled. The concisely named Eraser (often called “Heidi Eraser” by people who feel the name is simple to the point of ambiguity) offers many different levels of strength and a variety of different techniques to allow users to pick the degree of paranoia they’d like to wipe their files with; it also includes the ability to wipe unused space on your hard drive. And when it’s time to completely wipe your Windows installation or any other partition (or the whole hard drive even) in a secure way, perhaps because you’d like to sell your computer for example, Darik’s Boot and Nuke is the way to go.

———————

Top image by B Tal

Once upon a time, there was BeOS. It was a wonderful operating system (OS), built by Be Inc. in 1991. Back then it has all the hallmarks of a revolutionary OS, and while its punch may have weakened over the years, it still has the potential to be a great platform. It was originally optimized for digital media work, it squeezed the juice out of multiprocessor systems, used a nice 64-bit journaling file system by the name of BFS and used an API written in C++ (because of its ease of programming). Although BeOS is not a Unix derivative, it used the bash shell and was POSIX compatible. Unfortunately, BeOS was not viable from a commercial point of view, and the company stopped its development. Be Inc. was acquired by Palm Inc., and now BeOS fans are trying to bring it back to life once more. Projects such as Haiku for example, are trying to build a new BeOS, from scratch. Others, such as PC/OS are using Linux distributions as their basis.

So what is PC/OS all about? It’s a Linux distribution based on Ubuntu (which seems to be the epitome of all ‘user friendly’ distros lately), and it wouldn’t be an exaggeration to say that it mostly derives from Xubuntu given that it uses XFCE as the main desktop environment. PC/OS aims to provide a stable, easy to use, out of the box operating system. To say that it’s fool proof would be exaggerating given the various installation problems I encountered, particularly with sound and video cards, but I’ll leave that aside for now and move onto the mainstay of this review.

Live CD & Installation

First things first: I downloaded and burned the ISO image of the Client edition onto CD. It also serves as a LiveCD, so I was able to check things out before the installation. I can confirm that it works like a charm, and you can get a taste of the full operating system right from the CD. The basic “pack” includes almost everything a casual user might need for everyday use. Of course, you have the apps provided with Xfce, such as Mousepad or Thunar, the file manager etc. But I suspect many readers will probably expect a bit more than that, right? Thankfully, the developer took those extra needs into account and put together a package that everyone from newbies to programmers should be happy with.

After sampling the LiveCD, I decided to do a full install of PC/OS. I set it up and it booted with some icons and symlinks that should not have been there. For example the “Install” shortcut was still in the menu and on the desktop. Another bad guy who still wanted to stick with the distro even after it was on my hard drive, was Remastersys, a tool that lets you “build” your own Linux distribution. It’s no walk in the park, but it lets you create a customized version of Ubuntu – and all its flavors – and backup your entire system on a installable LiveCD/DVD.

Feature Set

What you get with PC/OS (and you might not get with other distributions):

Two categories that are not included in other distributions (at least in those I’ve tested):

- Mobile (containing links to Gmail, Live Mail, Google Maps, Live Maps, Wikipedia and Box.net)

- Extra Applications, with Evince for viewing pdf documents, GdMap (a utility for managing your disks and partitions), Lacie Lightscribe (for printing on CDs if you have a CD/DVD writer that is Lightscribe capable), Zen map (a powerful n map front-end for those of test the security of their systems).

In Accessories you will find a small utility, called ‘catfish’, which works as a local “search engine”, so to speak. DiskSearch is another application for searching, but this time, you can find things only on removable media. Sysinfo displays a lot of useful information about your system.

There’s a Development category containing Gambas2, MonoDevelop, OpenLDev (a nice IDE that resembles Geany, from my point of view), and the Glade Interface Designer. I found Kompozer, a KDE application for building websites, in Network, but it should have been in Development, given that you use it to develop web sites, right?

In Graphics you will find the ever-faithful GIMP, Ristretto – an image viewer, GQView and Pencil, a very simple and very useful tool for creating drawings and graphics.

Multimedia will give you (almost) everything you might want for your multimedia needs. I found it interesting that gtkrecordmydesktop has been included, so you can make screencasts, if you like. Totem, Rhythmbox, and Serpentine will let you watch movies, listen to music and rip audio CDs, respectively.

Firefox, gFTP, QtTube (for saving the Youtube videos you love) and Transmission (one of the most popular BitTorrent clients for Linux) are included in the Network category. Here you will also find Lynx, the text-mode web browser and various other tools. Unfortunately, there’s no feed reader, which is a VIT (Very Important Tool) for news addicts. If you want to stay in touch with your friends and family, you have Pidgin, a very neat and popular instant messenger.

Office is made up of the OpenOffice suite, OSMO – a small personal organizer, HomeBank, a personal accounting utility, Gnumeric Spreadsheet, an application that resembles Microsoft Excel or OpenOffice.org Spreadsheet.

In Others you will find Notepad (the small Windows text editor), which is run through WINE and WINE’s ReadMe and FAQ.

In System you will find all the general system administration tools, just like in all Ubuntu flavors. In the last menu, Wine, there’s an option to browse the virtual C:\ drive, created by Wine and also configure or uninstall Wine.

Desktop Layout

The way applets are added to the upper and lower panels is very interesting. The upper panel is very short and contains only the menu, a clipboard utility, Notes (for note-taking, of course), the clock and calendar and an applet that gives you access to system help. The lower one sports the taskbar, a “show desktop” applet, another applet for the file manager and a few useful ones, to Firefox, System Monitor, Terminal and to Trash.

Overall Impressions

When you need something that doesn’t take up too many resources, but can also let you do advanced tasks like software development for example, then PC/OS is for you. Considering that it comes with a full set of applications, ranging from text editors to fully-fledged IDEs and multimedia applications, it has the potential to attract a wide array of users.

PC/OS is very lightweight, so you can install it even on older computers, maybe even on a PII with 64 MB of RAM given that it’s based on Xubuntu. It’s also very stable, and it seems that most of the development and build tools are included, so you can build applications from source. In case the configure script reports something missing, you can easily install that library or application with ’sudo aptitude install library_name’. PC/OS makes use of the Ubuntu repositories so you can take advantage of the updates provided by the Ubuntu community if you want to.

On the downside, I did encounter problems with my media cards. I wasn’t able to use the restricted drivers for my video card in the usual way. Fortunately I was able to download Envy, a good tool that does all the system configuration for you, and when it’s complete you get better resolutions and desktop effects. Before setting up Envy, I could only use a resolution of 1024×768, this was frustrating when using multiple applications at the same time. My thanks go to Roberto Donhert, the developer from PC/OS, who guided me to Envy. Also, Envy will be included in future versions of PC/OS, so it might fix your video problems too.

The 2.3.1 version of OpenOffice.org that comes by default with PC/OS 7.10 also has a few problems, like poorly rendered menu fonts for example, but this can be fixed by using Roberto’s solution, which consists of downloading OpenOffice.org 2.4 from PC/OS’s site. The installation is very simple and you only have to run the two scripts provided with the package.

All in all using PC/OS has been a positve experience, and it has now become my new OS of choice. It’s also good to see the BeOS family tree growing again. My thanks to Roberto Donhert for his help in putting this review together and all that’s left for me to say is go and explore PC/OS now!

Apricot is the title of an open source game currently being developed by the Amsterdam-based Blender Institute. While Blender is perhaps best known in the open source world for its cross-platform 3D content creation suite of the same name, it is fast developing a presence in the multimedia entertainment industry too. In 2005/06 it launched Elephant’s Dream, “the world’s first open movie”, a short film made entirely from open source software and released with open production files. Riding on the success of this creative enterprise, Blender went on to make Big Buck Bunny, another open source animation film that recently premiered at the Amsterdam Film Academy. The characters from Big Buck Bunny will feature in the Apricot open source game.

The Apricot project was launched in February 2008 with a core team of six members covering all areas of design, artwork, development, scripting and level editing. It is a cross-platform 3D game and like its cinematic cousins, it’s built on open source software. The team use”Blender for modeling and animation, Crystal Space as 3D engine and delivery platform, and Python for some magic scripting to glue things together”. The fundamental aims of the project are to work in connection with the online community to deliever a piece of software that not only offers a compelling 3D game experience, but aims to “improve and validate the open source 3D game creation pipeline, with industry-standard conditions”.

Curious to find out how Apricot was coming along and to hear some of the rationale behind creating an open source game, I put the following questions to the Apricot team and here’s what they said:

OSLiving: Video games are part of a billion dollar global market, dominated by the top four multinational giants (Sony, Sega, Nintendo, Microsoft). Each of these corporations has the ability to pour extensive funds into game research, development, and crucially into global marketing campaigns. Where does a game like Apricot fit into this 21st century corporate market and why did you opt for the Open Source model?

Ton: I think you answer the question yourself…even though the ‘giants’ deliver extremely high quality products, the accessibility of their systems for developers or students is very limited. Not to mention that they don’t allow independent content distribution at all. Our Open Source and Open Content model addresses this problem, to fill a gap that’s maybe commercially not very interesting, but relevant for millions of people; access to quality tools and software to be able to make free distributable 3D gaming content.

OSLiving: What have been the biggest obstacles you’ve had to overcome in the development process so far?

Darek: In the typical development process the worst thing what you can do is to start developing tools and engines. Many teams kill ther own projects doing this, because after two years of developing they put all their energy into building an editor for example, and nothing else is done. But in our case it’s different. Why? Because developing tools is one of the main purposes of this project and that’s very exciting! Imagine how cool it is when every missing feature in Blender [3D content creation suite] or the 3d engine is implemented at your request! Hah So on one side it’s great to work like this but - yes, of course it’s also the biggest obstacle for me as a games designer because everything is always in “pre-alpha-2.5.1.23″ stage, unstable and with missing features. But by the time we’ve finished you’ll be getting the most powerful open-source game developing environment!

OSLiving: Back in December 2007 in the run up to the project launch, the topic of character animation in the Apricot game was met with a degree of criticism in the OSLiving forums. One forum member pointed out that Blender had not appointed an animator as part of its development team. Four months into the project, what is the state of animation and how have you compensated for this absent role?

VenomGFX: In this kind of project where there are only 6 people in the team, and in this case, only 2 artists, you have to multi-task. You can learn how to model, texture, light, and do some compositing too in a fairly short amount of time, but animation is an extremely complex topic that requires years of experience - which I don’t have. I know the basics of animation and have read a couple of books, but what I do know well is when my work is not at its best (or in other words, it sucks).

Animation is a new topic for me, and I’m new to this project, but with the help of the Peach (the movie project) team and some serious criticism from myself and others here, i think we’re getting somewhere, if not then we won’t be devoting this amount of time to making a second unit like our brother project did.

There are a few tests for cycles posted on our blog already, not enough, and I’m not even totally happy with them, but it’s what we need to test the new Crystal Space Animation engine for, as soon as we have something else finished and tested, we will post it, so stay tuned!

OSLiving: Could you talk us through some of the highlights of the Apricot game?

Chris: The premise of the game is based on and is a kind of sequel to Project Peach’s animated short movie Big Buck Bunny. The player explores the world as Frankie, a devious little squirrel out for revenge that gets a kick out of bullying all of the animals that cross his path. The characters in the environment will be highly interactive, and react in different ways to being bullied. Character interaction and fun, fluid animation will play huge roles in this game. For gameplay, they’re our main targets.

OSLiving: What does the future hold in terms of Open Source games?

Ton: I really don’t do this with a long term vision…the short term is crucial: to validate and improve an open source based game creation pipeline. After that a lot of scenarios are possible…who knows, perhaps the ‘giants’ will open up one of their platforms one day. Imagine Sony making PSP open source!

---

If you’d like to find out more about the Apricot game, you can visit the Blender team’s development blog. The game is scheduled for a 6 month development period and we’ll keep you updated as and when a launch date is announced. Many thanks to the Apricot team, including the producer, Margreet Riphagen, who helped get this interview together.

The guys at WineHQ have been serving up a lot of new ‘varietals’ of their application in recent months, particularly after receiving sponsorship from Google. With an average of 2 or 3 new upgraded versions per month, the developers released Wine 0.9.57 and 0.9.58 last month, and just yesterday they brought us Wine 0.9.59.

For those of you still wondering what the Wine application is, let me explain. Wine is an open source project that takes the Windows API and transposes it onto Mac and Unix based systems (OSX, OpenGL, etc). You can use it to run most current Windows programs, although there is still a fair number that don’t work at all. This is partly what the Wine team is trying to address with their frequent updates. Take a look at the OSLiving Archive entry on Wine for more details.

So, what’s new in this latest version? Let’s take a quick look. The WineHQ offical website states that the .NET framework has been given some ’support love’, meaning that Windows apps running on Wine should generally work much better. A separate services.exe process will handle the services more efficient and in case you had some problems with http proxies, you’ll be glad to know that these issues seem to have been fixed (services.exe, or Services Control Manager is responsible for the system services, running/stopping and interacting with them).

In addition to this, the management of application windows has improved and Wine now also supports the ATI fragment shader. A fragment shader, commonly referred to as ‘pixel shader’, is a set of instructions for rendering effects or to calculate the color of an object. Last but not least, in this latest release, you also get a ‘bonus’ with the inclusion of some pre-compiled fonts in the source tree leaving you with a full bodied, ever mature application.

Whilst I have nothing against using Wine - I’ve used it off and on to run certain Windows applications when they were lacking on Linux - but I really would like to urge developers to concentrate their efforts on creating applications that run natively on Linux, rather using applications like Wine as a Windows proxy. No offence to the noble efforts of the Wine crew, but the more applications that are designed specifically for Linux based systems, the more Open Source software will become ubiquitous.

In case you want to find out more about Wine, you can check the official site and the changelog for the 0.9.59 release.

WordPress is a widely used PHP/MYSQL blog platform or to quote directly from the source: “WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability.” See the OSLiving Archive entry for more information.

In Retrospect
WordPress (WP) began in 2003 as a fork of the blog engine known as b2. The project was a joint venture by Matt Mullenweg and Mike Little. 2003 was in many ways a significant year in blog history; not only did it mark the launch of WordPress, but it was also the year in which Pyralab’s 4 year old platform, Blogger, was taken over by Google. And whereas Pyralabs had previously charged for a number of its services, Google stepped in and offered the ‘premium’ elements for free.

The third pillar underpinning the ‘blogopshere’ at that point was Movable Type (MT). It was only last year (June 2007) that the decision was made to release MT software under a GPLv2 license; prior to this it had been a closed source, fee-based platform. Then in 2004 came the release of version 3.0 and with it the famous/infamous decision to adopt tighter restrictions on licensing fees. This decision prompted a significant portion of the MT userbase to shift to the up and coming Open Source platform known as WordPress.

The Open Source Solution
Releasing WP under an Open Source license was perhaps the single most important decision in its short history. Not only did it allow for rapid user growth, but more importantly it led to one of the biggest developer communities on the Internet. [This is particularly true in terms of WP peripeherals such as themes and plugins]. The ability to customise and ‘engineer’ ramifications of the software led to a strong sense of loyalty and ‘ownership’ that guaranteed future growth. The second most important decision was the introduction of WordPress.com, the more commercial browser-based verion of the WordPress platform aimed at casual users or users who don’t require a stand alone setup. WordPress.com cemented the WP brand and brought the platform to an even wider audience; this marked a crucial leap from ‘geek’ to ’street’.

In part then, we owe the rise of the blogosphere to this common shift from propietary to Open Source, or in the Blogger case, from ‘premium’ to ‘free’. Over the past 5 years WordPress has lead the way in terms of innovation, experimenting with a liberal and diverse application of its core functions, ranging from blog networks, forums and microblogging to its most recent sidelines: social networking. The first two notable examples I want to go over here are WordPress MU (multi-user) and BBpress (simple forum software).

WordPress MU
MU is a version of WordPress that allows you to run multiple blogs with a single install of WordPress. It is used by Newspapers and magazines such as Le Monde, Harvard University also users it to power student blogs and it can be used to set up blog networks. However. one of the main problems with MU is that unlike its big brother WP, it suffers from a degree of development neglect and as a more experimental wing of the platform it has a far smaller backing. This is a real shame given that WP has attained superstar status and has enough financial clout to easily pour money into MU and bring it up to date with all the features we’ve come to expect from the main WP software.

BBPress
BBpress is a WP ’sibling’, it’s “plain and simple forum software … easy to use, easy to administrate, fast and clean.” The main point with BBpress is its ‘ease’ of integration with a stand alone WP blog. Yes, it requires its own database and template system but BBPress can communicate with WP to retrieve user meta data, shared cookies for authentication and it is possible for BBPress to access some of the WP functions. BBPress offers a solid yet lightweight alternative to some of the larger Open Source forum software and has been modified to great effect on sites such as 9rules.

Prologue Theme
Delving ever deeper into the WP portfolio and we find some of the more recent additions, most notably the Prologue theme and BuddyPress. The Prologue theme was released in January 2008 by the Automattic team (Automattic is the start-up company that develops WP) as a response to the ‘microblogging’ trend made popular by Twitter (follow us on Twitter) and Pownce. Prologue runs as a typical WordPress theme but it’s real potential lies in the ability to share short messages with friends and colleagues about what you’re doing or what you’re working on. Using it is simple, login to your user account and type straight into the text box on the theme’s front page.

BuddyPress
Last but not least is BuddyPress. This is a project that is currently still in development. BuddyPress is essentially a set of plugins that transform an installation of WordPress MU into a social network platform:

“BuddyPress removes the main focus of WordPress MU away from blogs, moving it more towards the actual member themselves. However, members can still blog and use all the blogging features they would normally expect from WordPress. When someone uses BuddyPress, they will be going there to build or enhance their profile first, and write something on their blog second. The blog is basically turned into another component of BuddyPress.” (Source).

BuddyPress brings onboard groups, friends, private messaging, media share and more. It is a reponse to the huge social networking trend that has developed over the last few years, spearheaded by the likes of Facebook, Youtube and Flickr. I can’t help but feel that BuddyPress like the Prologue theme arrive somewhat too late on the scene to be called ‘innovations’, but what they demonstrate is the adaptability and intelligence of the WP platform.

Summation
In looking back over the WP portfolio, it occured to me that there may be an argument for the centralisation of WP and its various branches. The ability fo switch ‘face’ at the click of a button through a central dashboard seems like a logical step. Right now each component requires a separate install, the technology is not always 100% compatible and the huge differences in terms of demand and popularity dictate the outcome of each piece of software, but as technology develops, so will WP. Perhaps one day we may get to see a complete Automattic Open Source tool kit with a single 5 minute install, where the user is free to activate or deactivate core features … wouldn’t that be nice!