Turner also added that Microsoft is by no means declaring peace. “And we’re really getting the message out about the fraudulent perception of free in the marketplace as it relates to open source. IT pros and decision-makers are starting to get it, that it’s not free, that there’s a lot of TCO that goes along with that, and there’s also substantial security risks that go along with it. And so we’re really making some traction in this area, and we’re going to continue to hit the gas and go more and more aggressive as it relates to winning share,” he stated.

So, let’s try to figure this out.
Initial Cost of Ownership:

Linux is free. You don’t PAY anything for it, whatsoever, at least you SHOULDN’T. If you do, you’re foolish enough to buy into a system you can get for free. Even RHEL can be obtained as CentOS, for nothing at all.

Windows is NOT free, and must be purchased individually. If you have multiple pc’s, you can’t run the same version or copy of Windows. Pricing as follows:

XP : (good luck finding it any more): $89-180
Vista : $100-300
Server Edition: 500-3000

Already, Windows is losing this battle, and on server editions, it’s GROSSLY losing the battle. That’s ok, though, let’s continue the comparison.

Hardware:
Linux will run on virtually anything, as the Asus Eee has repeatedly proven. You can’t GET Windows to boot with 512 M Ram any more.

Windows, on the other hand has very specific requirements for the setup. With Vista, you’re looking at (minimum) 30 gig drive and 1 gig ram, and optimum 4 gig ram.

Once again, advantage Linux, for providing cheap(er) solutions.

Administration:
Linux doesn’t require a TON of experience, but you’re better off by hiring a Linux admin to look after your servers. This can run you (if you do it right) from $65-300/month per server. Not a lot, but not a small chunk of change either

Windows doesn’t require a TON of experience either, however windows admins start off a LOT more expensive than Linux, from 50+ / hr, and good luck getting one to work on a monthly rate as quoted above.

Software:

It’s my experience that Windows, every once in a while, needs a ‘refresh’, or an OS reload to keep things running smoothly. This should be done every few months to clear up registry issues, fix slow PC’s (and servers), etc. At an hour or two per reload, this can get costly, because those of us in any sort of ’service’ business know that time is money.

Linux? I’ve kept Linux servers running on the same old OS for years. Of course, that’s not recommended, as hardware needs change, things update, all that, but still. The idea is that less time is required to maintain the Linux side of things.

Day to Day maintainance:
Here, we’re almost tied. In most cases, this is going to be hardware related, not OS, and, it’s not that hard to compare the two, because they’re comparable.

So, someone, please, tell me what I’m missing here? In the end, Microsoft LOSES every point in this battle except the last, because THEY cost more. The F.U.D. they’re spreading about ‘we cost less’ is just that, it’s F.U.D. Overall, the Microsoft OS (Windows) costs MORE to run and operate on a day to day basis!

Hacking, in the true and pure form is simply modification. It’s not even always ‘unwanted’ modification, it’s just modification. For example, for many of my clients, I “hack” VBulletin to get what they want done. Now, is that a ‘bad’ thing? Not at all.

Usually, I’d turn to the dictionary for a reference on what ‘hacking’ is, but in this case it’d be worthless, because Websters, and online dictionaries don’t have a clue what it is (or if they do they’re hiding it;)) .

There are a few forms of hacking, many evidenced by some sort of ‘credit’ being given to the hacker.

1. Code Injection
   Code injection is simply inserting X code in X application, in order to get it to do something you don’t want it to do (or something it wasn’t designed to do). This is typically done by some sort of a ’script’. A great example of this is phpbb, which is known for it’s “code injection” hacks over the years. Typically these are run by teenagers who just want to get famous at someone else’s expense (if they’re even teenagers), hence the term ’script kiddies’ was adopted.

   The best way to avoid this kind of attack is to use your own code, or keep your code up to date. Developers frequently release updates, and no mattter HOW modified your code is, you should always get it updated, ALWAYS!

2. SQL Injection
   SQL injection involves the attacker gaining access to your web page, and ‘injecting’ certain code into the database itself. This is a very messy hack, and very complicated to remove in many cases. In many cases, the website is often restored to a much earlier backup state, or the website is started ‘from scratch’.

   How to avoid ’sql injection’? Two things come to mind here:
   Firstly, keep your website code up to date. This is a critical issue and without keeping your website up to date, you’re going to go through this quite constantly.
   Secondly, make sure that you are using proper code. SQL injections are focused on certain codebases because they’re easier to exploit. PHPBB and the nuke products (phpnuke, cpgnuke, etc) come to mind, as they’re easily manipulatable, and have very minimal security.

3. Website Manipulation
   Website manipulation relies on individuals being able to actually get things into the website. For example, let’s say your server is running a ‘file upload’  service, and that service doesn’t secure the directories properly. Well, of course, you’re going to run into issues with manipulation there, and of course, that’s going to be exploited.

   Ways to avoid “website manipulation”? Never, EVER give anyone write permission to your website’s subdirectories. There ARE secure alternatives to this (storing things OUTSIDE of the webroot is a perfect example of that) that don’t actually require full insecure permissions. The idea is to keep things random, and to keep things stored PROPERLY, not in a 777 (a+xrw) directory just inside of your webroot named downloads, attachments, or some other hysterical garbage!

4. System Manipulation
   This is the most complicated of them all, and usually by this point you’re screwed, quite literally.
   If a hacker has gotten into your system, you’re going to need to be reloaded, from the ground up. Forget anything you had on the system, it’s all lost, it’s all gone. Oh, sure, you MIGHT (note:might) be able to recover the system, but it will NEVER be trustworthy again!

Now, there are a lot of schools on ‘hacking’, and a lot of things that can come from it.  Some consider hacking ‘ethical’, some don’t . Personally, I say it’s all about choice. The only thing that all humans should live by is one very simple statement (and it applies here as well)

Do No Harm

An even MORE appropriate statement? Something we ALL should have been taught growing up

If it’s not yours, don’t touch it

I don’t care if you’re testing something on something, as long as it belongs to you and you’re fully aware of what CAN happen. The second you tread on someone else’s territory and website is the SECOND you violate that rule, and the SECOND you deserve any and all reprocussions you’re going to get, legal, and non.

Next week? The benefits of PROPER, ETHICAL hacking. Until then, keep checking back, as I might just post something sooner!

Tom

During the two week “cyber war” against Estonia, hackers shut down the websites of banks, governments and political parties using “denial-of-service” (DoS) attacks, which knock websites offline by swamping servers with page requests.

Seriously, folks, a ddos is NOT a ‘hack’ . This is just ridiculous nonsense put out by media that is clueless, absolutely clueless as to what a real hack is, or a real hacker DOES.

So, I thought I’d take a while, explain what ‘hacking’ is, what the different types of ‘hacking’ are, how to be safe from them (you can’t ever be completely safe, mind you), and the general ‘ethics’ of hacking. This is going to be something that will be discussed over what will probably take a good month or two, weekly articles as I find the time. I’ve been looking for something creative to write about, and this just seems to fit the bill.

For starters:
I have been the victim of true hacking in the past, and let me tell you it’s not fun, or funny. It is what started me down the path of administration and security actually, and it was something that the hacker and I laugh about every year when we see each other.

You see, in the pre-2000 Linux distribution era, security was a concern, but there just wasn’t as much of it. I ran howlin (Oh those were the days) and managed to piss off the wrong person (or group of people), so they took control of the server (which a friend was generous enough to provide, no root access mind you) through my shell (the coder had the password), gained root privs through a sudo (IIRC) exploit, and poof, he was root.

Of course, again, it should be pointed out that I had no root access to the server, this was a friend’s “network pc” that it was being hosted on, and, well, what could I have done, right? Lesson learned? Coders can be a pain in the ass to work with . I got a copy of my code back, but I was never allowed back on that server again, as the ‘admin’ was a bit paranoid about the person who’d hacked him in the first place.

I share that only to share a perfect example of what ‘being hacked’ is, or what a ‘hacker’ does. Now, I’m not saying a DDOS (or dos) is bad, but, kids, it’s NOT a hack! Seriously. The reporter from the BBC that quoted this as ‘hacking’ should literally be fired for incompetence. When you WRITE stuff, you’d damn well bettter know what it is.

Anyways, I digress. Next week, the topic of ‘hacking’, what is it? What really is involved in a true ‘hack’, what KINDS of hacking are there, and, what kinds of ethics are behind those who truly think they’re hacking ‘ethically’. Till then, keep coming back for more!

Tom

Sorry about the downtime, folks, in the process of moving things around to a more efficient database server, I ended up (accidentally) deleting the blog database. Thankfully, I follow my own advice and had backups a plenty ready, but, OOPS!

Yes, it took me a few days to realize, with all the craziness of life, and again, I apologize. I’ll try not to do it again, though I’m hardly perfect!