Red Hat Acquires JBoss

April 15, 2006

Don Dodge had an interesting take on the recent acquisition of open-source based company JBoss by Red Hat. He compared the acquisition to the incident in "Tom Sawyer" when Tom suckers a bunch of kids to paint a fence.

Here's what I wrote in response.

I tend to think OSS contributers as amateur sports-men and women. People who play sports on an amateur level are play because they love the game. They know that they'll never have the same recognition like the people who play sports professionally. Just participating is good enough for us.I think OSS developers feel the same way. I think what drives them is the hunch that may be, just may be they can write that great algorithm, or routine, or application that's better than the one developed in a traditional development environment.

Rules for Unix Programming

March 20, 2006

It had been a long time since I had posted anything on my blog, so I thought I’d post this.
This is an extract from the online book  called “The Art of Unix Programming” by Eric S. Raymond, and summarizes the programming style, and state of mind when writing programs for Unix. I think these rules are applicable in other OSes too.

  1. Rule of Modularity: Write simple parts connected by clean interfaces.
  2. Rule of Clarity: Clarity is better than cleverness.
  3. Rule of Composition: Design programs to be connected to other programs.
  4. Rule of Separation: Separate policy from mechanism; separate interfaces from engines.
  5. Rule of Simplicity: Design for simplicity; add complexity only where you must.
  6. Rule of Parsimony: Write a big program only when it is clear by demonstration that nothing else will do.
  7. Rule of Transparency: Design for visibility to make inspection and debugging easier.
  8. Rule of Robustness: Robustness is the child of transparency and simplicity.
  9. Rule of Representation: Fold knowledge into data so program logic can be stupid and robust.
  10. Rule of Least Surprise: In interface design, always do the least surprising thing.
  11. Rule of Silence: When a program has nothing surprising to say, it should say nothing.
  12. Rule of Repair: When you must fail, fail noisily and as soon as possible.
  13. Rule of Economy: Programmer time is expensive; conserve it in preference to machine time.
  14. Rule of Generation: Avoid hand-hacking; write programs to write programs when you can.
  15. Rule of Optimization: Prototype before polishing. Get it working before you optimize it.
  16. Rule of Diversity: Distrust all claims for “one true way”.
  17. Rule of Extensibility: Design for the future, because it will be here sooner than you think.

Or if you want the lesson in one “affectionate” word,

Also read the the section on applying the Unix Philosophy.

VM Rootkits: The Next Threat

March 12, 2006

I found this a reference to this article on slashdot(link). It describes how researchers at Microsoft Research have combined virtualization technology and rootkits to run spyware and malware on a target computer. The idea is is still in a proof-of-concept, but with open-source virtual machines like Xen and how-to guides for making rootkits, I dont think that hackers will be far behind in figuring how to exploit this.According to the article.

The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation.Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK.

Today, anti-rootkit clean-up tools compare registry and file system API discrepancies to check for the presence of user-mode or kernel-mode rootkits, but this tactic is useless if the rootkit stores malware in a place that cannot be scanned.

“We used our proof-of concept [rootkits] to subvert Windows XP and Linux target systems and implemented four example malicious services,” the researchers wrote in a technical paper describing the attack scenario.

“[We] assume the perspective of the attacker, who is trying to run malicious software and avoid detection. By assuming this perspective, we hope to help defenders understand and defend against the threat posed by a new class of rootkits,” said the paper, which is co-written by researchers from the University of Michigan.

…Read the article to find out more.