Quoted from the Book : The Art of Deception (Kevin Mitnick)

In the late 1990s, a not very ethical employment agency signed a new client, a company looking for electrical engineers with experience in the telephone industry. The honcho on the project was a lady endowed with a throaty voice and sexy manner that she had learned to use to develop initial trust and rapport over the phone.
The lady decided to stage a raid on a cellular phone service provider to see if she could locate some engineers who might be tempted to walk across the street to a competitor. She couldn't exactly call the switch board and say, "Let me talk to anybody with five years of engineering experience." Instead, for reasons that will become clear in a moment, she began the talent assault by seeking a piece of information that appeared to have no sensitivity at all, information that company people give out to almost anybody who asks.

The First Call: The receptionist

The attacker, using the name Didi Sands, placed a call to the corporate offices of the cellular phone service. In part, the conversation went like this:

Receptionist: Good afternoon. This is Marie, how may I help you?
Didi: Can you connect me to the Transportation Department?
R: I'm not sure if we have one, I'll look in my directory. Who's calling?
D: It's Didi.
R: Are you in the building, or... ?
D: No, I'm outside the building.
R: Didi who?
D: Didi Sands. I had the extension for Transportation, but I forgot what it was.
R: One moment.

To allay suspicions, at this point Didi asked a casual, just making conversation question designed to establish that she was on the "inside," familiar with company locations.

D: What building are you in - Lakeview or Main Place?
R: Main Place. (pause) It's 805 555 6469.

To provide herself with a backup in case the call to Transportation didn't provide what she was looking for, Didi said she also wanted to talk to Real Estate. The receptionist gave her that number, as well. When Didi asked to be connected to the Transportation number, the receptionist tried, but the line was busy.
At that point Didi asked for a third phone number, for Accounts Receivable, located at a corporate facility in Austin, Texas. The
receptionist asked her to wait a moment, and went off the line. Reporting to Security that she had a suspicious phone call and thought there was something fishy going on? Not at all, and Didi didn't have the least bit of concern. She was being a bit of a nuisance, but to the receptionist it was all part of a typical workday. After about a minute, the receptionist came back on the line, looked up the Accounts Receivable number, tried it, and put Didi through.

The Second Call: Peggy

The next conversation went like this:
Peggy: Accounts Receivable, Peggy.
Didi: Hi, Peggy. This is Didi, in Thousand Oaks.
P: Hi, Didi.
D: How ya doing?
P: Fine.

Didi then used a familiar term in the corporate world that describes the charge code for assigning expenses against the budget of a specific organization or workgroup:

D: Excellent. I have a question for you. How do I find out the cost center for a particular department?
P: You'd have to get a hold of the budget analyst for the department.
D: Do you know who'd be the budget analyst for Thousand Oaks - headquarters? I'm trying to fill out a form and I don't know the proper cost center.
P: I just know when y'all need a cost center number, you call your budget analyst.
D: Do you have a cost center for your department there in Texas?
P: We have our own cost center but they don't give us a complete list of them.
D: How many digits is the cost center? FOr example, what's your cost center?
P: Well, like, are you with 9WC or with SAT?

Didi had no idea what departments or groups these referred to, but it didn't matter. She answered:

D: 9WC.
P: Then it's usually four digits. Who did you say you were with?
D: Headquarters--Thousand Oaks.
P: Well, here's one for Thousand Oaks. It's 1A5N, that's N like in Nancy.

By just hanging out long enough with somebody willing to be helpful, Didi had the cost center number she needed - one of those pieces of information that no one thinks to protect because it seems like something that couldn't be of any value to an outsider.

The Third Call: A Helpful Wrong Number

Didi's next step would be to parlay the cost center number into something of real value by using it as a poker chip.
She began by calling the Real Estate department, pretending she had reached a wrong number. Starting with a "Sorry to bother you, but .... "
she claimed she was an employee who had lost her company directory,and asked who you were supposed to call to get a new copy. The man said the print copy was out of date because it was available on the company intranet site.
Didi said she preferred using a hard copy, and the man told her to call Publications, and then, without being asked - maybe just to keep the sexy-sounding lady on the phone a little longer - helpfully looked up the number and gave it to her.

The Fourth Call: Bart in Publications

In Publications, she spoke with a man named Bart. Didi said she was from Thousand Oaks, and they had a new consultant who needed a copy of the company directory. She told him a print copy would work better for the consultant, even if it was somewhat out of date. Bart told her she'd have to fill out a requisition form and send the form over to him.
Didi said she was out of forms and it was a rush, and could Bart be a sweetheart and fill out the form for her? He agreed with a little too much enthusiasm, and Didi gave him the details. For the address of the fictional contractor, she drawled the number of what social engineers call a mail drop, in this case a Mail Boxes Etc.-type of commercial business where her company rented boxes for situations just like this.
The earlier spadework now came in handy: There would be a charge for the cost and shipping of the directory. Fine - Didi gave the cost center for Thousand Oaks:

"IA5N, that's N like in Nancy."

A few days later, when the corporate directory arrived, Didi found it was an even bigger payoff than she had expected: It not only listed the names and phone numbers, but also showed who worked for whom - the corporate structure of the whole organization.
The lady of the husky voice was ready to start making her head-hunter, people-raiding phone calls. She had conned the information she needed to launch her raid using the gift of gab honed to a high polish by every skilled social engineer. Now she was ready for the payoff.

Nowadays people start to try Linux as Desktop. One of my friends is in this case. He's not somebody who request a lot from a computer. Like 99% of peoples, he needs to browse the web, send and receive emails, an office suite, chat on MSN, use Skype. Those needs are fulfilled at 100%. He's happy with compiz Desktop effects. His computer is faster, doesn't slow down and safe from virus.

So what about the command line ? He never typed any. The command line on Linux, as powerful as it is, is not a mandatory tool. It's just something available for those who want to become power users. And when you ask for some help on forums, very often the answer will need the use of the command line. This is just because the guy who is answering is a power user and he gives you the quickest way to solve your issue. A gui will just do the same job as the command line, just with a friendly interface. But it will not do it better.

Of course, to understand the Linux command line has its learning curve, but as any intensive work, worth is the reward.

Some signs are pretty clear : Dell, IBM and HP are now selling computers with Linux as default operating system. That's a radical twist. If Linux has been proposed on servers for years, to propose it on Desktops or Laptops is totally new.

The main distributions which are proposed are : Redhat, Suse, Ubuntu, and Redflag in Asia.

That new event shows that Linux (with its community) has finally reached the maturity to be easy to use for the end user. One point is that the brands will make more profit with Linux because what can be seen is that the pricing difference between a computer sold with windows and one sold with Linux is ridiculous. But the end users will save money also because it's not necessary to buy the office suite. That's a huge economy.

I don't see how the major software editor like autodesk or adobe will continue to propose their softwares only for MS platform. At a moment the availability of professional softwares will decide the operating system. Virtualisation can't be a realistic solution for 3D rendering in a virtual machine. Also those who are needing those specific softwares are few. Most of peoples need multimedia functions, Office tools, Mail client and web browser. And those needs are totally satisfied with Linux systems.

-By Richard Stallman -
Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. With a plan they call "trusted computing," large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. Proprietary programs have included malicious features before, but this plan would make it universal.

Proprietary software means, fundamentally, that you don't control what it does; you can't study the source code, or change it. It's not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent "security" upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa's business partner can rent out the use of your computer to their clients. These malicious features are often secret, but even once you know about them it is hard to remove them, since you don't have the source code.

In the past, these were isolated incidents. "Trusted computing" would make it pervasive. "Treacherous computing" is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission.

The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. (Microsoft's version of this is called "palladium.") Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If you don't allow your computer to obtain the new rules periodically from the Internet, some capabilities will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous computing for "DRM" (Digital Restrictions Management), so that downloaded videos and music can be played only on one specified computer. Sharing will be entirely impossible, at least using the authorized files that you would get from those companies. You, the public, ought to have both the freedom and the ability to share these things. (I expect that someone will find a way to produce unencrypted versions, and to upload and share them, so DRM will not entirely succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are plans to use the same facility for email and documents -- resulting in email that disappears in two weeks, or documents that can only be read on the computers in one company.

Imagine if you get an email from your boss telling you to do something that you think is risky; a month later, when it backfires, you can't use the email to show that the decision was not yours. "Getting it in writing" doesn't protect you when the order is written in disappearing ink.

Imagine if you get an email from your boss stating a policy that is illegal or morally outrageous, such as to shred your company's audit documents, or to allow a dangerous threat to your country to move forward unchecked. Today you can send this to a reporter and expose the activity. With treacherous computing, the reporter won't be able to read the document; her computer will refuse to obey her. Treacherous computing becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous computing when they save your documents, to make sure no competing word processors can read them. Today we must figure out the secrets of Word format by laborious experiments in order to make free word processors read Word documents. If Word encrypts documents using treacherous computing when saving them, the free software community won't have a chance of developing software to read them -- and if we could, such programs might even be forbidden by the Digital Millennium Copyright Act.

Programs that use treacherous computing will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If Microsoft, or the U.S. government, does not like what you said in a document you wrote, they could post new instructions telling all computers to refuse to let anyone read that document. Each computer would obey when it downloads the new instructions. Your writing would be subject to 1984-style retroactive erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous computing application does, study how painful they are, and decide whether to accept them. It would be short-sighted and foolish to accept, but the point is that the deal you think you are making won't stand still. Once you come depend on using the program, you are hooked and they know it; then they can change the deal. Some applications will automatically download upgrades that will do something different -- and they won't give you a choice about whether to upgrade.

Today you can avoid being restricted by proprietary software by not using it. If you run GNU/Linux or another free operating system, and if you avoid installing proprietary applications on it, then you are in charge of what your computer does. If a free program has a malicious feature, other developers in the community will take it out, and you can use the corrected version. You can also run free application programs and tools on non-free operating systems; this falls short of fully giving you freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Some versions of treacherous computing would require the operating system to be specifically authorized by a particular company. Free operating systems could not be installed. Some versions of treacherous computing would require every program to be specifically authorized by the operating system developer. You could not run free applications on such a system. If you did figure out how, and told someone, that could be a crime.

There are proposals already for U.S. laws that would require all computers to support treacherous computing, and to prohibit connecting old computers to the Internet. The CBDTPA (we call it the Consume But Don't Try Programming Act) is one of them. But even if they don't legally force you to switch to treacherous computing, the pressure to accept it may be enormous. Today people often use Word format for communication, although this causes several sorts of problems (see http://www.gnu.org/philosophy/no-word-attachments....). If only a treacherous computing machine can read the latest Word documents, many people will switch to it, if they view the situation only in terms of individual action (take it or leave it). To oppose treacherous computing, we must join together and confront the situation as a collective choice.

For further information about treacherous computing, see http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

To block treacherous computing will require large numbers of citizens to organize. We need your help! The Electronic Frontier Foundation (www.eff.org) and Public Knowledge (www.publicknowledge.org) are campaigning against treacherous computing, and so is the FSF-sponsored Digital Speech Project (www.digitalspeech.org). Please visit these Web sites so you can sign up to support their work.

You can also help by writing to the public affairs offices of Intel, IBM, HP/Compaq, or anyone you have bought a computer from, explaining that you don't want to be pressured to buy "trusted" computing systems so you don't want them to produce any. This can bring consumer power to bear. If you do this on your own, please send copies of your letters to the organizations above.

Postscripts:

1. The GNU Project distributes the GNU Privacy Guard, a program that implements public-key encryption and digital signatures, which you can use to send secure and private email. It is useful to explore how GPG differs from treacherous computing, and see what makes one helpful and the other so dangerous.

When someone uses GPG to send you an encrypted document, and you use GPG to decode it, the result is an unencrypted document that you can read, forward, copy, and even re-encrypt to send it securely to someone else. A treacherous computing application would let you read the words on the screen, but would not let you produce an unencrypted document that you could use in other ways. GPG, a free software package, makes security features available to the users; they use it. Treacherous computing is designed to impose restrictions on the users; it uses them.

2. Microsoft presents Palladium as a security measure, and claims that it will protect against viruses, but this claim is evidently false. A presentation by Microsoft Research in October 2002 stated that one of the specifications of Palladium is that existing operating systems and applications will continue to run; therefore, viruses will continue to be able to do all the things that they can do today.

When Microsoft speaks of "security" in connection with Palladium, they do not mean what we normally mean by that word: protecting your machine from things you do not want. They mean protecting your copies of data on your machine from access by you in ways others do not want. A slide in the presentation listed several types of secrets Palladium could be used to keep, including "third party secrets" and "user secrets" -- but it put "user secrets" in quotation marks, recognizing that this is not what Palladium is really designed for.

The presentation made frequent use of other terms that we frequently associate with the context of security, such as "attack," "malicious code," "spoofing," as well as "trusted." None of them means what it normally means. "Attack" doesn't mean someone trying to hurt you, it means you trying to copy music. "Malicious code" means code installed by you to do what someone else doesn't want your machine to do. "Spoofing" doesn't mean someone fooling you, it means you fooling Palladium. And so on.

3. A previous statement by the Palladium developers stated the basic premise that whoever developed or collected information should have total control of how you use it. This would represent a revolutionary overturn of past ideas of ethics and of the legal system, and create an unprecedented system of control. The specific problems of these systems are no accident; they result from the basic goal. It is the goal we must reject.

Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted without royalty in any medium provided this notice is preserved.

Editor's note: This article first appeared in Richard Stallman's new book, "Free Software, Free Society." This is the first time the article has appeared online, and Stallman has added some new material.

Une réponse simple et rapide : Les logiciels Open Source ne répondent pas au même business model que les logiciels propriétaires. Ainsi la manière dont se comportent ces logiciels ne correspond jamais à la satisfaction d'une politique marketing.

Pour vous faire acheter la version suivante d'Office, Microsoft ne fournit pas de mise à jour à la version précédente permettant d'ouvrir les fichiers crées par la nouvelle version. Donc vous achetez, pas contraint, mais presque. C'est une question de point de vue, n'allons pas regarder le sexe des anges. D'ailleurs, là il n'y a pas d'Ange, donc c'est réglé.

Lorsque vous utilisez un logiciel Open Source celui-ci est dans 99% des cas gratuit. Ce qui ne signifie pas qu'aucune démarche économique n'y est associée.

Dans le monde du logiciel propriétaire, le délire va très loin. Ainsi si vous êtes américain, vous ne pouvez utiliser un systême de fichier FAT32 (brevet sur ceci péniblement acquis par Microsoft en 2006) sur un autre systême que Windows que si vous vous restreignez à des noms de fichier ayant au plus 12 caractères. A partir de 13, il faut verser des royalties. Ces gens perdent du temps à déposer des brevets pour des imbécilités pareilles au lieu de le passer à faire des produits de qualité.

En Europe, il n'y a pas de brevets logiciels applicables, mais ça a failli, en Chine, ça les ferait rire. Les chinois, qui sont loin d'être idiots, ne comprennent absolument pas qu'on veuille "acheter" windows pour être en règle. Si vous leur dites cela, ils vous regarderont comme si vous étiez fou. Ils n'ont pas tord, on est déjà sympa d'utiliser windows, Redmond devrait en être flatté, on ne va pas en plus payer pour.

Voici une liste de logiciels open source excellentissimes :

Suite Open Office : http://www.openoffice.org

Les deux logiciels suivant sont extensibles c'est à dire qu'il est possible de télécharger des fonctions supplémentaires.

Navigateur Web Firefox : http://www.mozilla.com
Lecteur de Mail Thunderbird : http://www.mozilla.com

Parmi les extensions remarquables on notera :

Comme la liste est franchement plus longue, je vous renvois à https://addons.mozilla.org où elles se trouvent toutes.Il y en a des centaines.

D'autres choses open sources sont utilisées pas vous-mêmes tous les jours sans que vous le sachiez. Par exemple à chaque fois que vous allez sur Google, un serveur web Apache (http://www.apache.org) vous répond. En ce moment même vous lisez une page que ce même logiciel vous a délivrée, combiné avec php (http://www.php.net) et une base de données MySQL (http://www.mysql.org) et au systême de gestion de contenu Drupal (http://www.drupal.org). Cette page a été écrite au traver du navigateur Firefox cité plus haut tournant sur un systême d'exploitation entièrement Open Source appelé Ubuntu (http://www.ubuntu.com) et regroupant plus de 20000 programmes installables.

Cela fait 10 ans que je me passe de Windows, pourquoi pas vous ? Si vous avez des questions joignez-moi au travers de la page contact (http://www.progression-asia.com/contact) en mettant pour sujet : Info Linux.

English language makes things to be confused about the expression "free software".

A free software is not only a freeware because for most of freewares you can't modify the software.

With free software you have total freedom to use, copy, modify, and redistribute the software. You can share it with your friends, improve it. And the GPL license stipulate that you have to do this at keeping the same licence.

The music player iTunes is already very popular with his friend QuickTime. Now the Safari Web browser will appear for Windows. It's already possible to download the beta version .

That's a good news for web developers. Safari is a good web browser and is respectfull of the W³C consortium standards. Internet Explorer is catastrophic concerning this (all versions) and we can expect that the popularity of iTunes will drive the one of Safari. Moreover Safari looks nice, that's already a reason to use it.

Web developers can dream of a world where IE is not used to browse the web, thus no need to adapt the design to work also with Internet Explorer. If it's easy to abtain the same rendering with Safari, Firefox, and Opera, some aspects can quickly turn to headache with Internet Explorer, forcing to use a lot of javascript or others very tricky tricks.

2004 : In the Chinese government

Request from central government to provinces governments to
replace illegal windows copies → 30% of desktops are Linux in Chinese administrations. (Source ZhongYuan Zheng, vice-president of Red Flag)

2005 : Sun Wah Linux Chosen by Chinese Government for the Largest Linux Desktop Roll-Out in China's History

Source : http://desktoplinux.com/news/NS4254330887.html

The Jiangsu Provincial Department of education has installed a total of 141 624 new desktop computers running Linux. This in elementary and secondary schoools.

This project is the largest procurement project in China's history and the largest-ever Linux deployment in China.

2006

Request to enterprises to stop to use pirated operating systems.

2007 ?