This, naturally, compromises other machines on the same network. If another machine on the same network is controlled by hackers, one thing they can do is run a packet sniffer and grab unencrypted passwords. Or read your email (unless you use Gmail and have things set up to always use SSL). Or try to control your computer; it's a lot easier to attack a computer when you're behind the firewall.

The good news is this: Since the computer is a company computer, there's a lot more we can do to find and remove the virus from the computer in question. Such as taking the computer off of the network, making a backup of all data files, and doing a complete reinstall of the OS and all company-approved applications. With or without the computer owner's consent. A corporate IT department has a lot more control over their computers than, say, Comcast.

So the question is this: What are good ways for a corporate IT network to know whether a given computer is a zombie? Analysis of the packets a given computer makes is one way.

While I disagree with the idea that open-source DNS servers are insecure (having written one myself), I can see why he wants to say bad things about Open-source DNS servers.

The bottom line is this: There is no money to be made with DNS. While DNS is something that is essential for the Internet, it's something that is completely free. Bert Hubert tried making money with DNS a few years ago with PowerDNS, but sales were so bad he threw in the towel and GPLd the code around 2002. BIND 9 was, as it turns out, funded with a combination of contributions from UNIX corporations and military funding (for DNSSEC) who wanted to update DNS, but the funding has dried up and the code is BSD-licensed. NSD and Unbound's development were funded with government grants.

DjbDNS was done as an independent project by Bernstein; he stopped working on it in 2001 and the code is really out of date (three unpatched security holes, outdated root servers list, etc). My own MaraDNS is still being actively developed, but at a glacial pace; between my girlfriend, my job, and my other interests, I often have to put it on the back burner.

So, yes, DNS is essential, but it's free and it's really hard to make money with it. Heck, it's hard to get enough goodwill and net-reputation from making a DNS server for me to get a well-paying job in the US working with computers again in today's depression-level tech economy (if you want to hire someone with the expertise to write a DNS server, my resume is online).

So, yeah, I can see why this person resorts to FUD and BS to try and get people to pay more money for DNS. But, the truth is that there are a lot of really good free and open-source DNS servers out there an no need to buy a commercial DNS server.

perl: because it is available everywhere

Depends on your definition of "everywhere". MSYS doesn't have Perl, nor does Busybox, but both have AWK.

Also, a few years ago I had some issues with Perl not being consistent between versions on how to handle UTF-8 strings in scripts. Then again a couple of years ago there were issues where some versions of AWK (Gawk, *cough*, *cough*) will sometimes include lower case letters in a regular expression like /[A-Z]/; this isn't as big of an issue today because Ubuntu's default AWK finally has support for /[[:upper:]]/, which it didn't in late 2006.

The problem is that Ubuntu used an ancient version of AWK called MAWK, which, while being small and fast, stopped being updated in the 1990s. I actually submitted a patch to added POSIX support; Ubuntu finally fixed it by making the default AWK Gawk.

A few years ago I put up a web page going over all of the AWK implementations out there and compatibility issues between them; the info is a little dated but interesting.

Indeed. You can write very complicated data processing programs using only sh and awk; awk can do everything sed can do, and a whole lot more.

Another useful tool is du, which I love to use every time I'm about to burn a DVD (to get as close to the 4.7 gigs as I can) or need to free up space on my hard disk.

Both awk and du, as well as a POSIX-compliant sh, are part of the Busybox suit

Once I get MaraDNS finished up, one possible geek project is to port a subset of Busybox to Windows so I can have an improved Msys when I need to do UNIXy things while working in Windows (MSYS is nice, but doesn't have du).

netbooks rarely use all of the processing power they have right now

Not in my experience. When I used a netbook this summer to do video calls on Skype, the Netbook's cpu could barely keep a 2-way video conversation going, and only when I closed all other applications. Trying to open up a browser window while having a 2-way video call on Skype would grind things to a halt (the browser window would never open and the video call would pause).

Netbooks need about 20-50% more horsepower than they do right now before they can comfortably do two-way video on Skype.

Since my cell phone (a fairly inexpensive Nokia 5310) has a basic (and I mean very basic) HTML reader, I have written some scripts that take open-format ebooks (such as what Baen offers) and convert them in to a form that I can read on my phone.

Very useful for long bus trips or being stuck on an airplane without Internet for a few hours.

I also have scripts that do screen-scraping of PDF documents to make them a form I can read, but the quality of conversion is not as good; the books are readable but there are formatting issues.

that effectively limits the market for open source to people who see the transaction from the developer's point of view [...] By defining people who use open source as, more or less, participants, open source circumscribes its acceptance.

Yep. This is one of the big reasons Linux doesn't have, at best, more than a 2% share of the desktop market. I've given up on the idea we will have the year of the Linux desktop; people who think Linux will become an end-users system are very naive about end-users expectations and desires.

Then again, Linux works in niche markets. In works in the embedded space, where the end-product is paid for and supported by the company selling the product. It works in the server space, where the user is knowledgeable enough about computing to handle Linux's user interface quirks, and understands the developer-user relationship is different than the one commercial software has.

most people see themselves as customers, not members of a community who take on an obligation to contribute something

Some people have seen themselves as customers, until I reset their expectations (or, better yet, have gotten money from them). Indeed, one of the big lessons I have learned is how to handle people who expect to be treated like paying customers, but who are unwilling to pay me.

Other users have contributed code or meaningful bug reports. For example, the IPv6 code was a third-party contribution, as well as improvements to the Windows Service code the next version of MaraDNS will use. I have free hosting for my open-source project and my personal webpage as a token of gratitude for my open-source contributions.

Do I want Linux to take over the world? Not any more. One thing a lot of open source advocates don't take in to account is what it's really like to have end-users, and why it is end-users prefer Windows (or MacOS) over Linux.

Anyway, it's been good talking to you. If you want to continue this discussion, I think we should take it to private email at this point. I would like to know a little more about you, what your relation to computers and open source is, and who you are as a person.

I think open source would do well to treat every user as a customer, rather than as a user

There would be a lot of benefit to end-users if I treated everyone as a customer, whether or not they paid me, but there would be a negative benefit to me (less time to be with my girlfriend, less time to update my skills to get a good job in the tech industry again, etc.). In a business transaction, both parties benefit: The customer benefits because they get the good or service they want, and the seller benefits because they get money.

In open source software, the transaction changes. What benefit does the Open Source Software (OSS) developer get if people download their software for free? Some OSS projects get a benefit because the user files bug reports, which make the software more stable. Other get a benefit when users start adding features of a program; my ObHack random map generator for Doom is an example of me taking another open source project on the Internet and adding features to it, as well as fixing bugs.

These are things that benefit the project but things end-customers don't want to contribute to. This is why a lot of OSS projects treat users who expect to be treated like customers as "leachers"; I welcome such users myself, but only as long as I get paid.

There is also the idea of using Open Source Software (OSS) as a way of me marketing my skills as a computer programmer, but I have never been hired as a full-time programmer because of my open source projects; that really only happens with certain high-profile OSS projects. To be fair, yes, I did get an interview at Google because of my project, and right now I am in discussions with a company about possibly getting work from them, again because of my project, but bottom line: I have not (yet, I'm keeping my fingers crossed) been actually hired as a result of the goodwill my project has generated.

How about charging for service and support? Sure, I get paid a little for that, but nowhere near enough to pay my bills. And, yes, if people are willing to pay me, I am willing to treat them like customers.

Open Office is the only serious free competition to MS Office

Not open-source, but SoftMaker Office 2006 is a nice, free (beer) lightweight alternative to Microsoft Office (their business model is that, if you want updates, you can pay them for it). Only the Windows version is free; there's also a Linux version, but you have to pay for it.

Customers want help getting something to work. More often than not, their problem is not caused by a bug. Asking "Can I/How do I do 'X' with this?" is not a bug report.

Let me contribute my two cents as someone who has been at the other end of that support request for a piece of open source software countless time: A user of a given piece of open source software is not a customer. They don't become a customer until money exchanges hands.

This is why you see a lot of a "our users are beta testers" mindset with open-source software. Since money is not given to the developers when someone downloads their program (either directly, with the customer paying the developer, or indirectly, with the customer, say, seeing ads while using the program), open source developers see their users in a completely different light than a commercial software house does. They often times expect more active commitment from their users to improve the program in question.

In terms people asking for support, I used to get a lot of private emails asking me for support or demanding I add features to my open-source project over the years. I finally game to grips that, while I enjoy writing quality software, and I enjoy (or at least tolerate) writing quality documentation for said software, I don't really enjoy being at the beck and call of random users of my software. So, about two years ago, I cut off all unpaid private email support.

What I do today is provide free support on the mailing list for my program; if someone asks a question and another user doesn't answer the question, I will sometimes answer the question myself. Sometimes, the answer will be a RTFM. If the user in question points out they have an issue with the documentation or what-not, I will sometimes make an improvement to the documentation, such as adding a Google search box to my documentation after this discussion.

If people want more extensive support than that, they can become a customer by paying me for support.

It took me a long time to figure out how to set up the web page so people wouldn't try to get unpaid private email support from me. I used to have a "contact" web page with an extensive disclaimer I didn't provide unpaid private email support. People would ignore the disclaimer and email me anyways. I finally set up some automatic form replies requesting money from people who did that, and then removed the contact page altogether, replacing it with a products page where I tell people I would love to get money from them.

The issue I see is that a lot of users, who do not pay for software, still have the same expectations of support or what not that they get from software they paid for. I have gone to a lot of effort to reset those expectations; other open source developers handle it differently, such as no longer supporting their software and just ignoring end-users altogether.

Rather than accept my comments at face value in a "the customer is always right" frame of mind, you choose to challenge me instead. It's really rather difficult to persuade someone to use your product when you keep telling him he's the problem.

A lot of open-source advocates unfortunately act this way. This behavior is the behavior of someone with a lot of insecurity about the software they use; denial is a perfectly normal human response, but not one that results in advocates having a professional attitude.

Personally, for printed documents, I like using my own version of a font called Charis SIL, which is an updated version of Matthew Carter's (Verdana, Georgia, among many others) 1980s Bitstream Charter font (which was made open-source in the early 1990s) with good Unicode support. The font doesn't have really good hinting, so it may not look as nice on the screen as a fully hinted font like Verdana (but that's changing because today's autohinting technology is a lot better than in the 1990s when Verdana came out), but it looks really nice when printed.

There are a few other nice open source fonts out there. Gentium, also hosted by SIL, is another very attractive font.

If you like Verdana, Tahoma, Georgia, and would like Comic Sans (and a couple others, such as Microsoft's take on Times Roman and Microsoft's Helvetica clone Arial), you can easily install them in Linux, since the fonts are a free download.

One word: Chess

Other good consoles that also were under-appreciated were the Atari Lynx and the Atari Jaguar. The Atari Lynx was truly ahead of its time, a full color portable console in the day and age when the Nintendo Game Boy had all of four shades of gray for its games. The games were excellent, including the fully three dimensional Stun Runner and a 3D fighter shooting video game; no other portable console could come close.

The Jaguar was also ahead of its time, with textured 3D graphics in an era when the SNES needed a special RISC chip in a video game to deliver untextured 3D (Star Fox).

Both consoles had the same problem: They were released by Arari. Retailers remembered being burned by Atari in the 1983 video game crash, when Atari would not accept returns for Atari 2600s that were not selling in the end of 1983, forcing retailers to sell the consoles and games at a loss, at great financial cost. So, Atari's errors in the early 1980s resulted in them being unable to release a successful console in the early 1990s.

There are two ways an advisory can obtain one's password:

• They can have a machine on the same LAN sniff their password
• The advisory can use dictionary attacks, based on the person's personal information, to obtain the password.

The first attack can be countered by using Gmail with things set up to always use https for connections (near the bottom of the "settings" page).

The second attack can be countered by using a secure password that is easy to remember but hard to guess. For example, "MaraDNS.org" would not be a very good password for this account, however "otif10md" ("One time I fell 10 meters down") would be a good password. Or, in my case, I use a secure hashing algorithm where a common secret is concatenated with the name of the website I visit to get a secure password, akin to using the Md5 sum of "This is secret;slashdot.org" to get a password.

With GSM phones and SIM cards, there is nothing forcing you to buy a phone that is locked or crippled by your phone carrier.

You can, for example, buy an unlocked Nokia cell phone from any of several places, and then put in, if you are in the US, a T-Mobile or AT&T SIM card. If you're outside of the US, use your local carrier--CDMA cell phones seem to only exist in the US.

And, of course, if you do end up with a locked phone, there are services on the internet that can unlock the cell phone for you, and reflash the OS on the phone to one that doesn't have whatever features your carrier decided to disable.

I think the only people who will have a problem are people who are in an area of the US without GSM towers and have to use Verizon.