I put this article from Law.com's Legal Technology page, "Commentary: The Penguin Doesn't Fly, Avoid Linux" in News Picks because I found it hilarious, in the Rob Enderle kind of way. But then I thought I'd look up the author on Google, and lo and behold, I find he said something that appears to be not exactly true. I'm not talking about the FUD stuff. I'm talking about his assertion that he couldn't get any answers to a request for help from Mandriva Forum:
And, Linux proponents claim that if there is any kind of problem, or a viral threat or other OS disaster, there is an army of Linux programmers standing by to remedy the situation.
But these claims do not reflect my experience. I tried to install Puppy Linux without success -- and my e-mails to the developers were ignored. Ark Linux developers could not explain why my computer’s Wi-Fi card didn’t work. The Ubuntu forum could not explain why a DVD player would not eject. The Mandriva support site did not respond to queries at all. And it took a tech support person from Wine, a program supposed to allow Windows applications to run on Linux computers, 6 days to finally respond to my requests for help; which he was unable to resolve.
I know. I love that touch about a viral threat in Linux. Hilarious. But look what I just found: two pages of responses to a request for help from someone with his name. If it's the same individual, it's not so funny now.
The concern in the post was about a hidden folder he found, which he viewed as a security threat. He had deleted some pictures, and later he found the hidden folder of thumbnails where the deleted pictures still remained as thumbnails. Here's his concern:
Posted: Fri Jul 04, 2008 7:59 pm
Post subject: Breadcrumbs for the boss or the Goverment
Reply with quote
I dabble with Mandriva, not a Linux fan at all, and am not a computer expert.
Yet I found what looks like a major, major security gap not in programming but in basic functionality that may apply to other distros. It is especially problematic for newbies or people who are just casual users, not really interested in much administration or programming.
Please advise, here are the facts. If there is a way to turn this off, I'd like to hear about it, and it should be front and center with every Linux housekeeping tool menu and without the need to have administrative powers.
I had many pix saved on my desktop from time to time, and trashed them as warranted, and from time to time purged the trash.
Somewhere along the line, while browsing with Konquerer for something else, and well down into my pathfiles, I find a folder named ".thumbnails" and subfolders inside there labeled "Large" and "Small" and find my trashed pics, or at least thumbnails of them. Because the folder name starts with a dot "." it has not appeared on the left pane of Konquerer and I didn't know it was there until I found it by accident in a manual search (one level at a time).
Having looked thru the Large and Small folders, I trash the pics I find in there, thinking copies were placed there because they were on the desktop.
Sometime after that, it is time to empty the trash again, and I pick thru it to see what is there, and the pics are there; I see them as thumbnails in display mode, which I am using instead of details mode to readily identify what is there. I then purged the trash, assuming all that was in Large and Small is now gone for good, and annoyed that it has taken 4 steps to delete the pix -- the originals moved to trash, trash purge, Large and Small thumbnails moved to trash, trash purge again.
Then get the bad news:
Picking thru trash in display mode to make sure everything going is supposed to be going causes the thumbnail pix seen in the trash to jump back to .thumbnails folders with no warning or option to decline that happening.
As I don't know this is happening, I don't find out about for months until I browsed my paths again looking for something else. I also find out that putting pix on the desktop isn't the only thing that copies them also in .thumbnails -- anytime that a thumbnail pic appears in Konquerer in any display mode dialog, such as picking thru trash or doing routine file reorganizing or picking one to open within a program, a copy of the thumbnail pic gets saved in .thumbnails. It happens every time the pic is viewed as a thumbnail. I found perhaps 20 or 30 copies of thumbnails of any given pic there, having been copied there over and over, as I figured out where they came from and how they got there.
Complicating matters, these all had a *.png extension, which I never heard of before, and different filenames than the originals, so they (i) would not be convenient to find by bulk searching later and (ii) didn't overwrite and just multiplied over and over as separate copies of the same thing with different names in that folder.
The upshot is that Unless users know about the .thumbnail folders and that the the pics inside too have to be purged, there are the breadcrumbs for a boss or the gov't to find out about in two seconds, without them ever knowing the computer leaves them to tell the authorities what the computer user has been up to. And it fills up plenty of storage room to boot with copies of each pic shown for each time it was encountered.
So my issue is (i) that it is extra hard to trash pix; they have to be trashed from where they are and the trash purged; trashed again from .thumbnails in multiple copies after hunting the folder down without the benefit of a search term, and then purged from trash without picking thru the trash first to make sure you have not thrown something away that you really need, and, necessarily, in that order; (ii) no newbie or casual Linux user, like a clerical employee or college premed is going to know this; and (iii) the underlying process it loads a user up with junk that doesn't go away.
And it also leaves open the question whether other material, ie downloaded music and video and so on remains concealed somewhere too, and findable by someone who knows about breadcrumbs.
My situation was a little more complex: my install gave me two partitions instead of one, and the pix showed up in .thumbnails on each one, so I had to do the .thumbnail purge twice. Of course, each time I picked thru Large or Small to see what happened, that caused the contents to be cloned to the .thumbnails folder on the other partition. Eventually I just had to purge everything blindly and hope for the best, and that took more time than I had allotted to it.
In this era where we are so bothered by hacks and viruses and unreformatting programs that allows malicious data mining and recovery, and the possiblity that Google can tell the government what searches a specific person has made, the multiple step Mandriva dance needed to trash stuff and make sure it stays trash is a humongous flaw in the design at least with respect to the Linux promises of privacy and Internet security, and IMHO, even more so if this is common to other Linux distros and desktops, because it just invites the government to seize computers and see what the user has been up to.
The risk of lost privacy is really very intolerable and I'm not even talking about stuff requiring a real and proper government wipe, but to keep the stuff away from readily prying eyes who barely know more computing than the next guy. Leaving breadcrumbs is way too easy for anyone who wants to be Big Brother. A better system has to be devised if this is it.
Joined: 18 Feb 2008
Note the date. He joined in February of 2008, and it's now July 4th when he posts this, at 7:59 PM. It's his 50th post. His first response arrives the same day at 8:41. "You can always just turn off thumbnails in Konqueror," someone suggests, providing detailed instructions.
He wants thumbnails, but he doesn't want "breadcrumbs" left behind. That's a valid interest.
Of course, it's not a security threat in the normal computer sense of the word, so some just told him that. But he was thinking in terms of an RIAA kind of security threat, a subpoena. He's correct that anything on your computer that is visible is reachable that way, but what he may not know is that deleting on a Windows computer doesn't erase the material at all. It just renames the file so the space can be reused. I hope no one tells him about metadata in Microsoft Word, described on this page like this:
What is Document Metadata? I'm afraid he'll have a stroke if he finds out about metadata risk. He'll probably write an article all about it for Legal Technology once he learns about the danger he's in using Windows. You think? That metadata site recommends a product to clean up metadata, one they offer, and there are some case studies and articles on the site's news page. I see Keker & Van Nest uses their product, and they're an excellent firm, so it's likely a good product if you are stuck in Windows. I don't see pricing, although they say it's priced on a per seat basis, so it's certainly not free. They tell you more about metadata on that page too, and explain why it's a real concern for law firms. When I used to use Microsoft products, I just followed their instructions on how to "minimize" metadata, but I eventually got so concerned about it, I stopped using their software. SCO's firm, Boies Schiller, is by no means the first or the last to get caught with its metadata showing.
Microsoft Office is perhaps the most powerful
production software on the market today. With this power comes the responsibility of understanding and managing document metadata risks. Metadata risks are managable provided your document stays within the firm’s electronic “walls.” Documents sent outside the firm walls require different levels of metadata management based on the intended recipient.
For example, Microsoft Word documents contain hidden data and information peripheral to the content, such as deleted text, revision authors, and file system information. When these files are shared outside of the firm, there is a high risk of unintentional disclosure of private information (metadata risk).
Of course, if you are really worried about privacy, you shouldn't use computers at all. He may not know about computer forensics, but I'm guessing the RIAA does. If he has some incriminating pics, or plans to get some, I'd suggest he use a Knoppix live CD, view them without saving them or save them on a thumb drive he can later smash with a hammer and toss in a couple of nearby lakes. Or he could do what I do: I don't download anything I would need to worry about the RIAA finding. That's a foolproof system. And I highly recommend it.
Anyway, some on Mandriva Forum acknowledge his concern and they tell him how to purge files in Linux, how to turn off thumbnails, and one person writes a script for him to make it easy, after he complains he doesn't know how to write a script.
Does that sound like you can't get help on Mandriva Forum? Incidentally, that is the free forum, where no one has to answer at all. If you buy Mandriva it comes with 90 days of support, so you can ask a question and you are certain to get an answer.
A lot of the problem is that he's new, as he acknowledged, but what he doesn't see is that he leaps to negative conclusions that are not warranted.
His rather odd claims about getting two partitions instead of one, which worries him, is the default for Mandriva. You get a root partition and a /home partition, which is, by the way a security plus. If something goes wrong in root, you can reinstall your system, while retaining your /home partition, and if /home is contaminated in some way, it doesn't generally impact anything but that partition, so you can create a new user, move your stuff over, like documents, and then delete that old user and that home space. I can't make sense of his claim that he viewed the hidden thumbnails folder in both partitions. It sort of doesn't make any sense to me. There are two partitions, but you don't access them in the way he describes. And folders that start with a dot are hidden folders, which you can make visible.
Finally, I downloaded a picture, Tux, in Mandriva. Then I deleted it. Then I emptied trash, then I looked for it in the Trash with view hidden files activated. Nothing. Totally gone. So evidently he not only got his question answered directly, with directions to help him as an individual, the matter was apparently solved for everyone, after his concern was expressed. Try getting service like that from Microsoft.
So when you read the article, I suggest you extrapolate. And while we are at it, if you see other mistakes in the article, do point it out in the comments. Please be respectful, factual, logical, and accurate. He's a lawyer, after all, and he may not have a geek sense of humor.
[ Update: PS For the author, who complained that there is no grammar checker for OpenOffice.org, here it is. Enjoy!]
Update 2: The plot thickens. He has issues with the GPL, answered for him in the Mandriva Forum thread by the editor, Adam Williamson, and he has issues with FOSS in general. He imagines that if the military uses FOSS, they'll have to give a copy of the software to "the enemy". Actually, the GPL is quite clear. If you don't redistribute, anything you write modifying GPL software is yours to keep private, which is why the Department of Defense loves FOSS and can use it without fear. He's had some issues with the FCC recently also. It seems a local radio station didn't return his phones calls regarding questions he had about an ad and some other issues he had that the FCC declined to act upon in the way he hoped.
Groklaw member Tufty found some other comments a Rod Kovel posted to Mandriva Forum, and you can see for yourself the helpful answers he got:
Kmail -- Is it me or the installation [He gets help, and he wrote: "That did it! It begs the question about how a page can run a couple of inches off screen with no ability to slide, but it worked like a charm.
- Is there software to utilize monitor's pivoting ability? (2 pages of replies)
- Bash??? Ash?? ["
What is Bash, or Ash, and why and how does somebody use it?" He is immediately directed to Wikipedia, but he doesn't understand it, and asks if bash is a calculator program. He is told no, it's like DOS in Windows, but better, to which he replies, "What are you guys talking about? What power? What speed? When I back up, I do "copy" and "paste." It takes seconds, and I don't have to know [redacted].
What am I doing with ash or bash or Korn that I can't do with Windows Explorer with no training or instructions whatever, and usually just holding down my left mouse button?" He is provided with more information, a link to more, and they explain to him that if his system needs rescuing, bash can come in handy. He says, "Thanks for the help..."]
- Linux can't find the ethernet card on my old Dell Pentium 2 [He is told that in fact the driver is available in Mandriva 2008, which he has, and he's asked to provide info to figure out why it wasn't automatically detected, but he never replied with the information. He has already mentioned that YouTube doesn't work well in XP on that old computer.]
- What is a cooker? What is X server [He gets both questions answered.]
- Mixed purpose disks, and CD ripping [He gets his question responded to.]
- Software Management is gone [2 pages of replies, but the very first two replies answered his issue, and he wrote, "Thanks to both of you, your help was excellent."]
If indeed this is the same individual that wrote the Law.com commentary, it's hard for me to put the two together without dissonance.