Some days ago it was reported that Microsoft declared it considers Linux on the desktop no longer a threat for its business. Now I usually wouldn't care that much what Microsoft is saying, but in this case, I think, they're very right – and thererfore I wonder why this hasn't raised any discussions in the free software community (at least I haven't seen one – if it has and I missed it, please provide links in the comments). So I'd like to make a start.

A few years ago, I can remember that I was pretty optimistic about a Linux-based Desktop (and I think many shared my views). It seemed with advantages like being able to provide a large number of high quality applications for free and having proven to be much more resilient against security threats it was just a matter of time. I had the impression that development was often going into the right direction, just to name one example freedesktop.org was just starting to try to unify the different Linux desktop environments and make standards so KDE applications work better under GNOME and vice versa.

Today, my impression is that everything is in a pretty sad state. Don't get me wrong: Free software plays an important role on Desktops – and that's really good. Major web browsers are based on free software, applications like VLC are very successful. But the basis – the operating system – is usually a non-free one.

I recently was looking for netbooks. Some years ago, Asus came out with the Eee PC, a small and cheap laptop which ran Linux by default – one year later they provided a version with Windows as an alternative. Today, you won't find a single Netbook with Linux as the default OS. I read more often than not in recent years that public authorities trying to get along with Linux have failed.

I think I made my point; the Linux Desktop is in a sad state – I'd like to discuss why this is the case and how we (the free software community) can change it. I won't claim that I have the definite answer for the cause. I think it's a mix of things, I'd like to start with some points:

• Some people seem to see Desktop environments more as a playground for creative ideas than something other people want to use on a daily basis in a stable way. This is pretty much true for KDE 4 – the KDE team abandoned a well-working Desktop environment KDE 3.5 for something that isn't stable even today and suffers from a lot of regressions. They permanently invent new things like Akonadi and make them mandatory even for people who don't care about them – I seriously don't have an idea what it does, except throwing strange error messages at me. I switched to GNOME, but what I heard about GNOME 3 doesn't make me feel that it's much better there (I haven't tested it yet and I hope that, unlike the KDE-team, GNOME learns from that and supports 2.x until version 3 is in a state working equally well). I think Ubuntu's playing with the Unity Desktop go in the same direction: We found something cool, we'll use it, we don't care that we'll piss of a bunch of our users. In contrast to that, I have the impression that what I named above – the idea that we can integrate different desktop environments better by standards – isn't seen as important as it used to be. (I know this part may provoke flames, I hope this won't hide the other points I made)
• The driver problem. I still encounter it to be one of the biggest obstacles and it hasn't changed a bit for years. You just can't buy a piece of hardware and use it. It usually is “somehow possible”, but the default is that it requires a lot of extra geeky work that the average user will never manage. I think there's no easy solution to that, as it would require cooperation from hardware vendors (and with diminishing importance of the Linux Desktop this is likely getting harder). But a lot of things are also self-made. In 2006, Eric Raymond wrote an essay how crappy CUPS is – I think it hasn't improved since then. How often have I read Ubuntu bug reports that go like this: “My printer worked in version [last version], but it doesn't work in [current version]” - “Me too.” - “Me too.” - “Me too” - no reply from any developer. One point that this shares with the one above is the caring about regressions, which I think should be a top priority, but obviously, many in the free software community don't seem to think so. (if you don't know the word: something is called a regression if something worked in an older version of a software, but no longer works in the current version)
• The market around us has changed. Back then, we were faced with a “Windows or nothing” situation we wanted to change to a “Windows or Linux” situation. Today, we're faced with “Windows or MacOS X”. Sure, MacOS existed back then, but it only got a relevant market share in recent years (and many current or former free software developers use MacOS X now). Competition makes products better, so Windows today is not Windows back then. Our competitors just got better.
• The desktop is loosing share. This is a point often made, with mobile phones, tablets, gaming consoles and other devices taking over tasks that were done with desktop computers in the past. This is certainly true for some degree, but I think it's also often overestimated. Desktop computers still play an important role and I'm sure they will continue to do so for a long time. The discussion how free software performs on other devices (and how free Android is) is an interesting one, too, but I won't go into it for now, as I want to talk about the Desktop here.

Okay, I've started the discussion, I'd like others to join. Please remember: It's not my goal to flame or to blame anyone – my goal is to discuss how we can make the Linux desktop successful again.

In 2008, a rather interesting new kind of security problem within web applications was found called Clickjacking. The idea is rather simple but genious: A webpage from the attacked web application is loaded into an iframe (a way to display a webpage within another webpage), but so small that the user cannot see it. Via javascript, this iframe is always placed below the mouse cursor and a button is focused in the iframe. When the user clicks anywhere on an attackers page, it clicks the button in his webapp causing some action the user didn't want to do.
What makes this vulnerability especially interesting is that it is a vulnerability within protocols and that it was pretty that there would be no easy fix without any changes to existing technology. A possible attempt to circumvent this would be a javascript frame killer code within every web application, but that's far away from being a nice solution (as it makes it neccessary to have javascript code around even if your webapp does not use any javascript at all).
Now, Microsoft suggested a new http header X-FRAME-OPTIONS that can be set to DENY or SAMEORIGIN. DENY means that the webpage sending that header may not be displayed in a frame or iframe at all. SAMEORIGIN means that it may only be referenced from webpages on the same domain name (sidenote: I tend to not like Microsoft and their behaviour on standards and security very much, but in this case there's no reason for that. Although it's not a standard – yet? - this proposal is completely sane and makes sense).
Just recently, Firefox added support, all major other browser already did that before (Opera, Chrome), so we finally have a solution to protect against clickjacking (konqueror does not support it yet and I found no plans for it, which may be a sign for the sad state of konqueror development regarding security features - they're also the only browser not supporting SNI). It's now up to web application developers to use that header. For most of them – if they're not using frames at all - it's probably quite easy, as they can just set the header to DENY all the time. If an app uses frames, it requires a bit more thoughts where to set DENY and where to use SAMEORIGIN.
It would also be nice to have some "official" IETF or W3C standard for it, but as all major browsers agree on that, it's okay to start using it now.
But the main reason I wrote this long introduction: I've set up a little test page where you can check if your browser supports the new header. If it doesn't, you should look for an update.

Eine Tagung der Deutschen Gesellschaft für Kriminalistik endet mit folgender bahnbrechender Erkenntnis:
»Die Tagungsergebnisse führten zu der erschreckenden Erkenntnis, dass die Internetkriminalität in ihren vielen Facetten inzwischen alle gesellschaftlichen und privaten Bereiche durchdringt.«
Kleiner Tipp von mir: Für diese Erkenntnis hätte ich jetzt keine Tagung gebraucht. Im Übrigen könnte ich dem noch weitere erschreckende Erkenntnisse hinzufügen. Etwa dass auch die Telefonkriminalität (also alle Straftaten, bei denen die Täter irgendwann mal per Telefon kommuniziert haben) alle gesellschaftlichen und privaten Bereiche durchdringt. Ebenso wie die Sprachkriminalität (also alle Straftaten, bei denen die Täter miteinander mit Hilfe von Sprache kommunizieren). Am besten alles verbieten.

Paniq probiert neuartige Geschäftsmodelle, die so aussehen, dass sein kommendes Album erst 250 mal kostenpflichtig heruntergeladen werden soll und danach wie gehabt unter einer Creative Commons-Lizenz verfügbar ist. Ähnelt dem Modell von copycan und ist für mich einer der interessantesten Ansätze für die Frage nach dem Geldverdienen im Zeitalter des Filesharings.

Microsoft'sche Korruptionsversuche legen ISO-Komitee lahm. Hab mich köstlich amüsiert.

Presserat kritisiert Vorratsdatenspeicherung, vergisst aber, sich an der eigenen Nase zu fassen und die Verantwortung der Presse für die aufgeheizte Anti-Terror-Stimmung zu analysieren. Als vor einigen Wochen 15000 gegen die Vorratsdatenspeicherung demonstrierten (für eine Demonstration in Deutschland ist das richtig viel), war dies den meisten Pressevertretern nichtmal eine Erwähnung wert. Klar, »Die Terroristen werfen morgen Atombomben« klingt natürlich spannender als "15000 gegen die Vorratsdatenspeicherung«.

Wolfgang Schäuble versucht sich wohl neuerdings als Komiker. Anders kann ich mir kaum die Meldung erklären, dass sich das Innenministerium bemüht, ein Prüfsiegel für Datenschutz in Unternehmen voranzutreiben.

Ich versuche mir das gerade vorzustellen. Man stelle sich vor, ein derartiges Prüfsiegel, nebst einem Newseintrag »Werte Kunden, aufgrund der neuen Verschärfungen im Bereich der Vorratsdatenspeicherung sind wir leider gezwungen, unsere bisherigen hohen Standards betreffend die Privatsphäre unserer Kunden aufzugeben".

Liest man weiter, erfährt man, dass es in Schleswig-Holstein bereits ein ähnliches Verfahren gibt - welches unter anderem Microsoft für sein Lizenzprüfungsverfahren erhielt. Naja, ich denke das sagt dann auch alles.

Für mein eigenes kleines Unternehmen kann ich versichern, dass wir weiterhin nach Kräften um den Datenschutz und die Sicherheit unserer Kunden bemüht sein werden - wir uns allerdings sehr ernsthafte Sorgen machen, wie lange wir das noch dürfen.

... klingt irgendwie schon ziemlich scheiße.
Hat was von »geteert und gefedert«. Die armen Updates.

Proudly presented by Windows XP Update.