Least Privilege and Longhorn Security

For long in Windows security experts have been advising all of us to have two different accounts. One with Admin privileges that you use rarely when you need to install something or do some system configuration. The other will be a normal user account with minimum privileges. The second type of account is even more important for a developer. This way the developer doesn’t assume admin privilege when he/she codes an application. So applications can run fine with least privileges. This will also prevent all trogans and malicious email attachments to cause chaos having been run as an admin user.

Personally I feel it will do lot of good for Windows World in general, if all developers in Redmond are denied Admin privilege for their own machines. For developers who really need it like System Drivers team it should be rationed out that too only for a given period. This way they get to feel what is the world without admin privilege, because in real world everyone will be fortunate (or unfortunate, depending your viewpoint) to have admin rights.

In this context, I got to read this well written article “Security in Longhorn: Focus on Least Privilege” by Keith Brown of DevelopMentor. I was happy to read that Microsoft is finally doing something serious about this in Longhorn. They are making it easier/default for applications to run with least privileges. Read the article for the exciting details. I hope by the time Longhorn ships MS doesn’t succumb to compatibility pressures and dilute this heavily.

What do you think about LUA in Longhorn, share your experiences in the comments section below.


Paper DVDs that store 25GB

CDs when they came were cool, you could store 600+ MB of data, portable, light-weight, more reliable than floppies and good looking (unlike ugly tapes). Soon we wanted more and got DVDs, which can store 4.7GB on one side and mass produced industry-strength DVD’s can double that capacity by writing on both sides.

The two big concerns I have on CD/DVDs, are that:
1) They are not bio-degradable, the chief raw material that goes into making one of these shinny beauty’s is “black“ oil
2) To destroy a CD/DVD that contains my sensitive data is very difficult and dangerous; you can break a CD/DVD but you have to extremely careful that it doesn’t cut your skin.

Last week I saw a major announcement that solves both these problems. Sony on April 15th, announced a paper-made disc that can store 25GB!. It is based on Blue-Ray and the disc is made of more than 50% paper, so can be recycled. It can be easily cut with scissors to destroy it permanently.

Read more on this from Moore’s Lore (a blog that takes daily look at new implications of Moore’s Law in real time).


My Wife’s PC and Linux

Being Sunday, I had some spare time in the morning and I decided to clean up my Wife’s Desktop. It started with a simple routine – Uninstall old application, Version upgrades of the applications I use, Antirus Updates & Windows Defrag. After breakfast, my engineering instincts took the better of me and I decided to do something adventurous – To try a Linux distro and play with it!. Little did I know that the day is going to reveal to me lot about desktop OSes.

My Wife’s PC is a 2 year old P4 PC with 512MB RAM and a 19” inch monitor. This desktop connects to outside world with Bharti’s TouchTel DSL. It accessories include a PixelView PlayTV Pro TV Tuner Card, Pinnacle Firewire (IEEE 1394) to connect to our Handycam and a HP Scanjet 2200c Scanner. It always has abundant HDD space due to dual 60GB Samsung HDD. Not to forget Windows HP Home edition that powers it.

In the March 2004 issue of PCQuest (a popular Developer/Technology Magazine in India) , they have included a Linux Distro “PCQLinux 2004”. Usually PCQuest Linux was based on Redhat distro, this time it was Fedora. The magazine had carried several interesting articles on how they have customized the distro to give one-touch installation for a Personal Desktop, Developer Install, Multimedia Install, Server Install and more.

Since we had a Sony Handycam DCR-PC110E (a beauty with DV, USB & IEEE 1394), Fuji S5000 – 5 Megapixel Digital Camera and a Scanner; I decided to try the Multimedia Workstation install of PCQLinux. During installation my curiousity was aroused with a package called “DVGrab” which claimed to be able to capture DV Video.

The installation of 3 CDs went flawlessly, everything I needed to get my PC boot was deducted automatically. I did manual partitions since I wanted to preserve my Windows & Data, that too went much better than I anticipated. Overall Linux certainly has come a long way in the ease of installation from the first days I tried nearly a decade ago.

After nearly 2 hours, my PC booted into GRUB, then into PCQLinux. The colors were good, the PCQLinux penguin was looking beautiful. Before I could log-in, it went into Terminal, started compiling Kernel 2.6. I felt, oh my god, I didn’t ask for this, then I said the good guys at PCQ knew what they were doing. So after about 5-10 minutes my PC booted again into GRUB, this time I got 3 options of PCQLinux. I was still with my adventurous hat on, so I booted into the first option Kernel 2.6 (OpenMosaic). I was able to login, into a good looking Gnome desktop. Except it was taking some time (which must have been because my PC’s age) everything looked fine.

There was familiar OpenOffice Suite, Mozilla Browser, Sound players, CD Writer software and more. My Windows NTFS partitions were visible (though out of order), my sound card played the test music fine, the bundled Real Player played one of .RM songs fine. So I thought this time around, I am going to manage a workable Linux Desktop.

I then tried the built-in Video Player, to play a VideoCD file. After several minutes it played, albeit slow with frames skipping. I tried with a DVD file (saved from my local harddisk), same experience. I used the Media Player to play one of MP3 collections, nothing happened. Tried another collection, same thing. I said to myself “Interesting”.

After 10-15 minutes playing in the neighbourhood, I wanted to check my mail. Launched Mozilla, then realized I have to get connected. I saw in the start menu, three similar options – Preferences, System Tools & System Configuration. All the three had inner menu options that looked to me were related. I jump between these three options couple of times then stumpled upon the Internet Connection Wizard. Searched for my TouchTel DSL USB Modem, I didn’t find any. Tried Auto-Detect, the wizard said “No Devices detected”. I tried to manually add it, no luck either. It could be that my DSL Provider could be using a modem from a small timer, so I connected my USB based HP dial-up modem. Repeated the steps, no find. I was stranded with no way to connect to the Internet.

I moved on to the most interesting part (at least I thought it will be) of connecting my Digital Cameras. First I plugged my Sony DCR PC110E Handycam in Memory Stick mode into my USB Port. On connecting, no plug-n-play. So I manually selected “DigiCam”, press Auto-Detect no luck. I saw in the listing Sony DCR PC110, wow!. I selected it and in the ports, there was only Serial Ports, no USB. I tried typing in “USB:”, it didn’t allow me to do it. I was puzzled on who in the world, will have a Digital Camera that worked with Serial Ports (do they even exist now?). I said USB could be tricky, so how about Firewire?. Moved my Sony camera into VCR mode, connected IEEE1394 cable to my camera and PC. Again, no Plug-n-Play. Searched for the“DVGrab” application that was promised to me in the install, no find. Launched a terminal, typed dvgrab and it worked. To my horrors’ it turned out to be a command-line application!. No way, I am going to use my beauty (Sony Camera) from command-line. So left it at this.

I then connected my Fuji S5000, repeated the same exercise as above, no listing of Fuji S5000, so nothing worked.

Finally I said, let me try to run a Windows Application from Linux using Wine. Ran WineSetup, it said, you got to login as a normal user. Logged out as Root, logged in as a normal user. Ran WineSetup. Tried to access my Windows (NTFS) partition, it said you don’t have rights. Logged out, logged as Root, copied Notepad.exe and Sol.exe (Solitaire) and logged out. Logged in as a normal user, tried to run these applications, it said not able to find .wine folder. Tried to run WineSetup again, still the same error.

So after nearly 5 hours, I am with a OS that doesn’t allow me to connect to the Internet, connect to my Digital Camera or to my DV camera. I vowed to myself that I will never again try Linux in my Home PC, until somebody shows me a Linux Distro being better than my Windows in Desktop.

In the evening, when I thought about all this again, I realized how the 3 USP’s of Linux fail when it comes to Desktop. Number 1, reason for using Linux is cost. It is free (as in free lunch). Come on, don’t kid me. Windows XP Home OEM costed me in India less than US $100. For that I get to connect to Internet, download pictures off my Camera, do a video capture with Windows Movie Maker and more. Now cost the 5 hours I spent on my Linux ordeal. Windows certainly turns out to be cheaper.

Number 2, Linux performs better in Older PC. Certainly that was not my experience today. In my PC, my Windows boots up in nearly 50-70% lesser time than Linux Gnome. The GUI in Gnome was also certainly very slow when compared to Zipping Windows in Windows (pun intended) XP.

Number 3, from Linux you can still run your popular Windows Applications. I have pesonally ran in an older distro, Windows applications like “Adobe Photoshop” with Wine, so I am sure this is not a core Wine problem, but more so a distro problem. Still I don’t understand this 3rd USP, made my many linux evangelist. As a user once I am convinced that Linux is good, it has everything to make my life easy; why on earth, will I want to run Windows applications on this. Isn’t this a weak proposition?. If the argument is to run my business critical apps that are based in Windows, then I will choose to stick with Windows, spend $100 and save the day for my family.

Lastly, I am not the only one to have had this experience with Linux on Desktop, read my “Usability and Linux” entry for more.


DasBlog 1.5.3337.0

“Update (23/Nov/05): The latest version of dasBlog can be download from this SourceForge project and support forum is here

As many of you noticed I am using the .NET dasblog engine for
blogging. Though the official page for dasblog is still dasBlog.NET,
they seem to have moved home to Gotdotnet. Anyways, thanks to Rockford Lhotka, I got the new version of DasBlog today.

Download: (669.39 KB)

How to upgrade from older versions of dasBlog?.

Though I don’t know the official upgrade steps, since dasBlog is
an ASP.NET application, I tried the following XCOPY method and it
worked. I ensured that I don’t overwrite the data folders that dasBlog
uses (content, logs and SiteConfig).

  1. Backup your entire web folder (say blogfolder1) where you have your current blog running
  2. Extract the zip file and install the new version into a new web share (say blogfolder2).
  3. Delete all folders except Content, Logs, SiteConfig in the current web folder (blogfolder1)
  4. Copy all folders except Content, Logs, SiteConfig  from
    the new web share (blogfolder2) to the current blog folder
  5. Test your blog
  6. Delete blogfolder2 and remove the webshare

India’s growing dominance in IT Outsourcing & its impact

Recently one of my friends pointed me to an article in Wired about
India’s growing dominance in the IT Outsourcing Arena. It was written
by Daniel H.Pink, the White House Speechwriter to former US Vice-President Al Gore. Pink is also the Author of a bestseller “Free Agent Nation”. Here
Pink writes about his first hand experience from both side of the
world. He captures well the feelings of the disturbed White Collar
Americans as well as the new Indian Middle class. Here is the full
article: “The New Face of the Silicon Age”, you can also hear to Pink’s Interview which went live in CNNfn.

I especially liked the way he closed the article by quoting from
Gita. The Gita opens with two armies facing each other across a field
of battle. One of the warriors is Prince Arjuna, who discovers that his
charioteer is the Hindu god Krishna. The book relates the dialog
between the god and the warrior – about how to survive and, more
important, how to live. One stanza seems apt in this moment of fear and
discontent. “Your very nature will drive you to fight,” Lord Krishna
tells Arjuna. “The only choice is what to fight against”.

Let me write in a different blog, on what I personally feel about Outsourcing.