LinLog

Let's continue my "bad argument" theme from yesterday with a news item from Slashdot. This one is regarding a ZDNet report that Microsoft representative Alan Yates claimed the MS Office XML format is preferable to the Open Document Format (ODF) for performance reasons. For support he cites this ZDNet blog by George Ou, which compares MS Office to OpenOffice.

Now, it may or may not be true that the Office XML format can be implemented more efficiently, in terms of space and manipulation speed, than ODF. I really don't know enough about the issue to say one way or the other. However, I do know that the ZDNet blog entry Mr. Yates cited doesn't say much of anything about it either. In other words, the argument is bad because the cited evidence doesn't really support the conclusion.

So what does the blog entry say about Office XML and ODF? Well, it gives an example of two 16 sheet spreadsheet files with the same data, one in Office XML format and one in ODF format. The author found that OpenOffice Calc used around three times as much memory and 100 times the CPU time as Excel.

Does this mean that Office XML is faster than ODF? No. It just means that Excel 2003 is faster than OpenOffice Calc 2.0. Given that OpenOffice has a history of being slow and bloated (version 2 is better, but still not great), this should come as a surprise to no one. I'm sure that if you compared the two programs using the same file format, Excel would still be faster.

So as far as the file formats go, this entry is comparing apples to oranges. And why shouldn't it? After all, Mr. Ou's original point was to compare the speed of OpenOffice to MS Office, which is exactly what he did. He's just had his words taken out of context by a Microsoft spokesman to support an argument he never tried to make.

You know what pisses me off? Bad arguments. As a philosophy major, I read lots fo bad arguments. As a "philosophy hobbyist," I still do. And nothing makes me madder than those arguments that are so hideously wrong you don't even know where to begin explaining the problem.

I ran into one of those at work today.  Because of HIPAA and other such laws, we're looking into encryption products (laptop drives, database, e-mail, etc.), and I was stupid enough to volunteer for the assignment. Of course, it proably doesn't matter, because the whole effort is doomed from the start. There is absolutely zero buy-in from our IT staff on the idea of deploying encryption products. The only person who is even remotely pleased with the idea is the boss, and I'm the only one of the staff who isn't dead-set against it. The network administrator is particularly against the idea, and without his support, it just isn't going to happen.

Anyway, the particular comment that pissed me off was concerning anti-virus filtering in our mail system. Basically, one of our network people was concerned that we might get encrypted viruses, and because they're encrypted, the anti-virus filters wouldn't be able to catch them. As support, this person cited a virus report from earlier this week about a "new" virus that works by enclosing the executable in a password-protected ZIP archive with the password in the message body. This "encryption" stops the virus filter from catching it, but if we just blocked all encrypted files, we wouldn't have to worry about it.

Now, to me, this entire argument sounds like complete bull. Of course, I'm not an expert on e-mail, network security, or encryption, so I could be wrong. If that's the case, somebody please correct me.  But the more I think about it, the more I feel like this is one of those arguments that's just barely true enough that you can make it with a straight face, and yet still have it be completely misleading.

First, I certainly never suggested that we allow any old encrypted file through the mail filters. Just because a file is encrypted doesn't automatically make it trustworthy. An attacker could certainly find a freeware symetric encryption utility from FooBaz Questionable Software, LLC, use it to encrypt a virus, and send it to everyone in the world along with the decryption key and instructions on how to get the naked pictures of Pamela Anderson out of the encrypted file. That would just be a variation on the password-protected ZIP file trick.

My choice would be to use a standard public-key system, like PGP or GnuPG. If you stick to allowing just encrypted messages in that format, then the "virus problem" goes away.  After all, the whole point of public-key cryptosystems is that the recipient of the encrypted file already has the decryption key before the file is even encrypted. Hell, the recipient is the one who generates both of the keys. To send public-key encrypted mass-mail, you'd have to encrypt the malicious attachment separately for each recipient. And since many recipients won't have a key pair, or the attacker won't the recipient's public key, the target audience is dramatically cut at the outset.

Plus you can have accountability in public-key cryptosystems.  After all, that's what digital signatures are for - so you can know who sent a message. If you're really paranoid, you could only accept encrypted attachments from messages signed by someone you trust.

Of course, nothing about public-key cryptography can prevent a someone with your public key from intentionally sending you a virus. And that's where the "just true enough" part comes in. Yes, an encrypted virus sent by a malicious attacker trusted by user won't be detected by the mail filters. Is this a problem? Well, if you have to do business with people you can't trust, then I guess so. But if you don't publish your public keys and don't do business with 13 year old script-kiddies, I don't see it as a big concern.  Besides, this is negated by the other anti-encryption argument this person has been pushing: that the data we're dealing with isn't really important enough to bother with.

So let me get this straight: we can't do e-mail encryption because we're swapping unimportant data with untrustworthy people. My question is: then why are we even bothering? We ought to just lock the doors and start browsing the want ads!

Sigh.... I'm done blowing off steam now. Time to start working on my CV.

So today I took the new laptop (dubbed Epyon, in keeping with my Gundam Wing naming scheme) with me to Barnes & Noble to test out how it works out in the wild. The results so far are mixed, but I can't complain too much.

By way of exposition, I now have almost all the basics set up on the laptop. KDE 3.5 is installed, along with my basic "productivity" applications and multimedia. I've got basics like Opera, JEdit, and KDissert, the akode-mpeg stuff for MP3s, and the Xine engine for Kaffeine. I've cloned the configuration files I really care about along with my ~/bin directory. I'm currently copying the data files I want to work with to the laptop hard drive before I leave. There's probably a better way to do that (maybe something with rsync), but I haven't worked that out yet.

The good news is that taking Epyon on the road turned out to be pretty easy. Suspending to disk - which I'd never even seen before - worked perfectly. The only real problem is that when changing to the DHCP network settings profile I created in KControl (because I use static IPs in my LAN), it didn't automatically request a new IP address. Easily fixed, but annoying.

There's bad news too, though. Although the good news about the bad news (if that makes any sense), is that you can't blame any of it on Linux. The first downer is that the battery only has about 2 hours worth of life in it. And since I left it unplugged last night, apparently I didn't quite start at full charge. But that's Dell's fault. The other bad news is that Barnes & Noble uses AT&T for their WiFi service, meaning it's not free. They give you several options to pay, but I wasn't crazy about any of them. The first was a monthly fee of $19.95 for (presumably) unlimited access to their WiFi network. Not too bad, but I don't plan to use it that much. The second option was pre-paid cards, with the cheapest being $25 for three connections (presumably with no time limit), which seems a bit steep to me. Last, which is probably what I'd go for, was a one-time fee of $3.95 plus tax for a two-hour block. Given that I don't plan to be using the laptop on their network for long periods of time, this didn't seem too horrifying. Still not great, though.

The last thing that I need to comment on is the inherent suckiness of laptop keyboards. These things are obviously not built for heavy typing. I've seen worse (like Panasonic ToughBooks where the keys are rubber and you literally have to use the two-finger method), but it's still not optimal. Plus I find myself routinely screwing up my typing by brushing my thumb on the touch pad. This is really annoying. Of course, I supposed the touch pad is better than a track point, but I would have preferred a trackball. Then again, for $500, I guess I can't be too picky.

I hit a small annoyance while setting up my KDE desktop on the new laptop. When opening a folder on my desktop, it opened in a new tab in an existing Konqueror window. However, I like the desktop folders to open in new windows.

You'd think this would be easy to set up. And it is - it's just a checkbox. The problem is finding it. It literally took me longer to find this setting than it did to configure my WiFi card. And WiFi is a pain on Linux and I don't know much about it, so that's saying something.

For the record, the setting is called "open as tabs in existing Konqueror when URL is called externally" and you can find it in the control center under Internet & Network -> Web Browser -> Web Behavior -> Advanced Options. Of course, this is a really stupid place to put the option because it is in no way restricted to web behavior. Heck, it affected me, and I don't even use Konqueror as my web browser. They really ought to move that to a more appropriate place.

Well, that was easy. The new laptop is up and running with Kubuntu Breezy. What's more, I worked on it for less than two hours and everything I've tried is working perfectly.

So here's the deal. On Saturday morning, my neighbor brought over the box with my new Dell Inspiron B120 in it. It was actually delivered $500 worth of laptop sitting on the front steps, so my neighbors picked up for safe keeping. (Thanks guys!) I was out of town until Sunday night, so I didn't get a chance to play with the new system until this afternoon.

By the way, while I was away, I went shopping for a case and USB mouse. I found a nice, padded case with lots of pockets in Staples for $30 and a Logitech optical mouse for $15. This beats the $44 that Dell wanted for a laptop case.

The install was pretty painless, as usual. It took a little longer than expected, because the battery died half way through the installation. (Apparently they don't come pre-charged.) I could have tried to rescue it, but I figured it would just be faster to plug it into the wall and start again, so that's what I did. After the initial install, everything worked except WiFi. Even the integrated sound works. Of course, I haven't tried suspending it yet, but that's not a huge concern for me at the moment.

Getting the integrated Broadcom WiFi card to work was actually surprisingly easy. I pretty much just had to follow the instruction in the Ubuntu NDISwrapper how-to, and it worked. No compiling necessary! Based on the lspci, the integrated WiFi card was the first Broadcom card on the supported cards list. Basically all I had to do was download the two linked files and follow the directions in the how-to and everything worked. In fact, the process was so easy, the Ubuntu team could probably automate the process. Wouldn't that be sweet?

So, I am glad to report that my quest to put Kubuntu on my laptop was cut short when everything unexpectedly worked. I guess it turns out I didn't need to order those Windows CDs after all. In fact, I wish I hadn't, because not only did I not need the driver disk, the CDs are those OEM restore disks, not real Windows, so they're basically useless for anything except restoring the system you bought them for.

Today's Daily Grind had a link to Tim Haines's thoughts on why he doesn't use Live.com as his home page. I've only looked briefly at Live.com, but I have to say I tend to agree with Tim. However, my real question is, do people actually still use home pages?

I haven't really used home pages in quite a while. My homepage on my home PC is still set to Yahoo! mail, despite the fact that I bought a domain two years ago and now only check it once every couple of weeks. At work, I never even bothered to set a home page. You know why? Because I'm an Opera user, and I configured by browser to always restore my last session. So, in other words, I never actually see my home page. I just open up my browser and immediately pick up where I left off last time.

Apparently, from Tim's informal poll, there are a fair percentage of people who have their browser start on a search page, like Google. I don't know why, though. Opera and Firefox both support configurable inline searches in the address bar, after all. When I want to search Google, I just open a new tab and type "g search term" to run my search. I also set up "define word" and "wiki search term" to search Dictionary.com and Wikipedia in the same way. It's so convenient I honestly don't know how anyone can go back to actually visiting the main search page after discovering this.  

Well, I finally did it.  I bit the bullet and bought a laptop.  I just finished ordering an Inspiron B120 from Dell.  It's basically the cheapest laptop they sell, but they were offering $150 "instant savings" plus discounted shipping and no-charge upgrades to half a gigabyte of RAM and an integrated wireless card, so I figured I'd go for it.  

Eventually, I'll be putting Kubuntu on this machine, but I did shell out the extra $10 for the Windows CDs anyway.  If nothing else, they may come in handy for use in VMware.  I'm also not sure how Linux-friendly the WiFi card is, so having Windows around might be useful.  From the research I've done, I'm lead to believe the card is a Broadcom chipset that can be made to work with ndiswrapper (yuck), but I'm not entirely confident in my ability to get that working in a timely fashion.  It doesn't help that the laptop doesn't have any PCMCIA slots, so it's not like I can just get a card to stick in it.  I guess I'll see how it goes.

I have to say that, during the checkout process, I saw a few things that made me uneasy.  First, there was an option on the payment page for paying with two credit cards.  And, when I paid with a single card, there was an option for the daily charge limit.  Now, maybe I'm just cynical (which I am), but does it sound to anyone else like Dell's business model is to sell over-priced computers to people who can't really afford them?  It kind of seems that way to me.

And just to be fair, it's not that Dell's systems are over-priced.  They're actually really cheap.  The base systems are cheap, that is.  It's just the "upgrades" and add-ons that are over-priced.  Then again, it's not like any of the other vendors are any better in that regard.