Download PDF version of this article PDF

Open Source Gets Mac Attack

McAfee just published the inaugural issue of Sage, its semi-annual report on security threats. This first issue focuses on how malware developers use open source tools and methodologies. In one article, the authors describe how botnet developers share code to produce “production-grade malware.” The authors are careful not to indict the open source movement as a whole, but do state that open source is “a critical enabler for malware.”

Some might respond that all malware is enabled by the tools and methodologies used to produce it (e.g., were not the numerous widespread VB worms enabled by closed source tools and methodologies?). But reading on, we arrive at what might be McAfee’s true point of concern. The report states that “perhaps the time has come to reevaluate beliefs about full disclosure and absolute adherence to the open source creed.” Opponents of full disclosure feel that the practice of publicizing vulnerabilities upon their discovery opens a window for malware authors to develop and deploy exploits, while proponents claim that making vulnerabilities public ensures their prompt attention. Consider the debate reinvigorated.


Oh No, Not Another Consortium!

While some groups are pressing on the brakes of the open source movement, others are pressing on the gas. The OMC (Open Management Consortium) has just sprung up to promote open source technologies within the broad domain of systems management. The field has long been dominated by huge companies such as IBM and HP. As such, systems management products typically have been expensive, heavyweight solutions geared toward equally large enterprises with longstanding vendor relationships.

The OMC seeks to change this, pointing out that there is a whole segment of the industry, particularly those relying on inexpensive commodity hardware, that could benefit from an open source systems management approach.

While its software offerings might be a bit more modest, the OMC’s ambition is not. To accomplish its goals, the OMC seeks to redefine the systems management lexicon. In a blog entry on the OMC site, an author from configuration management software vendor Emu Systems claims that trying to find an appropriate product while sifting through all of the software categorized as systems management is ”about as useful as if I were to challenge you to name the living creature I’m thinking of and only give you the clue that it is a member of the kingdom animalia.” This blogger feels that more precision in terminology will help customers navigate the systems management jungle while allowing vendors to better position their products. No argument there, but wrestling the language away from the marketeers might present an even greater challenge than that presented by the OMC’s entrenched business rivals.


Get That Chip out of My Drink

As RFID technology matures, more and more industries are discovering new ways to benefit from it. The latest: a Miami company, Beverage Metrics, is banking on new software that uses RFID tags to track liquor inventory. Each bottle is tagged with an RFID-enabled switch that detects when a bottle is empty and then enters that bottle into the bar’s inventory system. Drinking establishments save money on inventory costs and bartenders are freed from the tedium of daily inventory.

But don’t get too excited, mixmasters, as the switch also communicates with a bar’s POS system. Each pour from a bottle is registered and then reconciled with the appropriate ring-up. No ring-up? Then that drink that is “on the house” is really “on you.” The sensor on the bottle also records duration of each pour. This means no more stiff drinks for that curmudgeon at the end of the bar (and perhaps, no more weak drinks for the rest of us).

WANT MORE?,1895,1986925,00.asp?kc=EWEWEMNL071006EPW1A


Originally published in Queue vol. 4, no. 7
see this item in the ACM Digital Library


© ACM, Inc. All Rights Reserved.