John McLear – Page 34

Open source software is completely insecure and unsafe to use

Posted on February 21, 2012February 22, 2012 by John McLear

Over the last few weeks I’ve heard a few people assert that open source is less secure than proprietary software. I try to arm my readers with as much intellectual firepower as possible and I wouldn’t be advocating open-source in Education unless it was fit for purpose.. So here you have it.. 3 Common misconceptions educators have about open-source debunked…

DEBUNKED – Everyone can see the code therefor it’s easier to exploit it.

All software has security holes. Open-source is more secure because people spot security holes early on and patch them. You can actually see what authentications are used and how badly/poorly they are written. Passwords in open source software have even more security because the methods used to access them are completely open so they are often encrypted/hashed which is more than can be said for Sony and some big Edu tech companies who’s name I won’t mention..

DEBUNKED – Anyone can add to the project therefor it’s easier to add exploits.

Projects have maintainers and many contributors, pull requests (requests to put code into the software) are publicly view-able and have to be merged by a maintainer IE a person of considerable experience/authority. Most pull requests on large projects are often checked by multiple people and tested using unit, integration and full stack tests PRIOR to merge into a final release. Open source projects also publish their patched exploits as security advisories, this gives sysadmins the ability to quickly respond to potential threats. Propriety software has no incentive to accept they had a security hole so tend to quietly patch security fixes in major updates.

DEBUNKED – Surely by default a house with an open door is less secure than a house with a door?

Open source projects have doors and windows just like any propriety software but the doors and locks are specifically designed to be secure by default. Open source projects tend to encourage active security testing and try to engage with the security community to co-operate on security vulnerabilities instead of shutting them out. This means the open source community is not as frequently targeted with malicious hacks, most of the successful hacks are reported to the site admin by the hacker themselves.

If you believed any of these misconceptions ask yourself why and who has lied to you?

C’mon people, OAuth is open source and we all use that every single day (Google, Twitter, Facebook etc.). The common miss-conception that open-source is less secure than proprietry software is just bonkers, we know better and it’s our job to spread the message!

Running Etherpad on PHP on Apache

Posted on February 20, 2012March 26, 2012 by John McLear

Etherpad does not use PHP or Apache.

Etherpad uses Javascript in NodeJS. You should ask your web host if they support NodeJS and if they have a guide for you to get started deploying NodeJS apps to their hosting.

Here are some services that can provide web/Node hosting for you to test/play with:

Node as an Instance

http://nodester.com/
https://no.de/
http://prgmr.com
http://Slicehost.com
http://Linode.com
http://www.nodesocket.com/

Full hosting

http://CloudFoundry.com
http://DreamHost.com
http://aws.amazon.com/ec2/

Setting your own Title name in Etherpad Lite

Posted on February 18, 2012 by John McLear

Replacing the title in Etherpad Lite with Your own title is just a little command.

Open up custom/pad.js

Edit customStart to read..

customStart(){
  document.title= "Your Title Here"
}

To change the title for the start page just do the same in index.js

Vizualization of significant data (Calendaring/Distance)

Posted on February 4, 2012February 4, 2012 by John McLear

Putting this here because it’s relevant to the work I’m doing on US holiday dates

Is it illegally anticompetitive for Google to give schools Google Apps for free?

Posted on February 2, 2012 by John McLear

Today a French court ruled that Google has broken the law by providing the Google Maps API for free. While this may seem like an extreme ruling it is based on the fact that Google used to offer the service for free then began charging once all of their competition had been beaten into submission. I wonder if Google are trying to do the same with schools and Google Apps?

Microsoft and Google have been caught out doing predatory pricing on quite a few occasions in the past. Essentially predatory pricing is where you provide a service for free then after a period of time (Usually once all of your competitors have been destroyed) you start charging for this service. Companies accomplish this “scam” by providing propriety software, propriety software is basically software that can only be provided by one company. I am constantly warning the schools of the risks of investing in propriety standards and I’m sure that nearly all of my readers are tired of me beating on this drum… In this case I think the court actually got it wrong.

Google Docs doesn’t thwart our ability to develop PrimaryPad, PrimaryBlogger or SchoolEmail further, it’s obviously that Google Docs does affect our bottom line but we develop PrimaryPad because we believe in our products and in we know that our contributions towards Etherpad and an open standard for collaborative writing on the web will ultimately be the winner of the war. Remember folks.. Good customer service and open standards always win.