A Fedora 33 Virus?

Several weeks ago Google started popping up their “we’ve noticed suspicious activity” screen and making me respond to a Captcha any time I used them to search something. I try to use Google as little as possible because nobody should be allowed to collect that much information about anyone. Sometimes, when all my other search engines fail I have to go there.

This finally became too annoying. The Google screen also said it through one or more machines on my network were infected. I ran full Norton scans on the Windows machines. Not just a quick scan, full disk scans. I ran whatever flavor of ClamAV each distro had in their repos on all of the Linux machines.

Found on Fedora 33

KlamAV was unable to quarantine. Most likely because I ran as a mere mortal. I opened a terminal, changed to the directory and nuked those two files then rebooted. Google has stopped complaining.

The Weird Part of Fedora Machine Virus

BOINC rack

What’s weird is that machine has been sitting over in the BOINC rack for quite a while. I will use it to look up a part if we are working on something for the shop. I did use it to create the RPM package for my fork of Diamond. That’s kind of it though. I even did most of the editing for the scripts and stuff on my main computer and just walked over to this one to test after pulling from Git again.

Why? Because I have to either stand or sit on a bar stool the entire time. I’m not twenty-something anymore so that bothers my back after a while. When I was jumping through the hoops to write this and most of my other Fedora posts they were mostly stand-up tasks.

My Fedora box was the only machine Clam squawked about. After I deleted those files from the command line and rebooted, Google stopped bitching.

Update: 2021-02-28

It’s now been more than two days. I went from every machine on the network getting a captcha request from Google for every Google search no matter what OS, browser, and adblocker they were using to every machine able to do a Google search.

The Fedora community has been both unfriendly and unhelpful. The mere mention of their beloved OS possibly having a virus has them racing to flag all posts as “unacceptable.” Even went so far as to mark the problem solved while making jokes about wearing masks and washing hands. The problem isn’t “solved.”

I’ve worked with some real assholes in my life. The joking about computer viruses and wearing masks was the last straw. The entire Fedora community sounds just like Donald Trump. Deny, deny, deny, deny.

See no Evil, hear no evil, speak no evil

Linux is not immune to viruses. It is less prone. Yes, I lump most forms of malware, including “bots” into “virus” when speaking. Code you didn’t want or knowingly install doing evil things on/with your computer. Bots get used for all sorts of activities, the most publicly known of which is probably DDoS attacks. Thousands or millions of infected machines all hitting the same Web site or IP address repeatedly at the same time.

These attitudes are really shocking. The Unix/Linux world has a looooong history of being penetrated. For decades I heard/read hackers chanting the mantra “If it has a Guest account I’m God!” The Unix/Linux community went into Donald Trump mode.

Fedora Community Response to Viruses

Guess what? The world was finally told one of the ways they did it. Shellshock was a Bash shell bug they were exploiting for over 25 years.

Assholes Joking About Masks and Washing Hands

A good friend and former co-worker has buried two brothers, two sisters, and an aunt. They were all grown adults living in their own places, most in different states. I buried my own father in October after being locked out of the nursing home due to justifiable pandemic restrictions for most of the last year of his life.

You’re just a (&)(*&()*ing asshole when you won’t wear a mask or wash your hands.

The English language doesn’t have a word to describe joking about it in a support forum.

Given the Fedora Community Response

Given the Fedora community response, I will never trust a RedHat based distro. I will also never professionally recommend a RedHat based distro. Linux is not immune, it does get targeted.

https://www.imperva.com/learn/ddos/botnet-ddos/

BillGates malware

Y’all need to be installing and running antivirus.

March 10, 2021 update

Since nuking those files I’ve re-installed Mozilla Firefox on all machines, set privacy/security to highest settings, and installed a different adblocker on Firefox. A great many were trying to point the finger at Firefox blocking all tracking information as to the reason Google was spitting up those screens.

I’m still writing, still looking things up, and still not getting those Google “suspicious activity” screens. Yes, Firefox is my default browser again.

I wiped that machine and installed MX Linux on it. If I need to build more RPMs with Fedora it will be from a VM that lives only long enough to create the package then gets deleted. Simply can’t trust the distro given the community response.

This Labor Day We Can Thank United Steelworkers

Congress has been too busy taking bribes to do anything about the H-1B loop hole or the mass replacement of U.S. IT workers with much lower paid H-1B visa workers. Worse yet how this oppression helps turn otherwise good people into people with terrorist sympathies. They work each day making $60K or less right beside people who are making $160K or more doing the same job. The visa workers who are salaried also end up having to work quite a bit of overtime.

Featured image by Tapan Newpane from Pixabay

Technical Professional Unions

Well the United Steelworkers have actually begun doing something about it. They created the PATP (Pittsburgh Association of Technical Professionals) which will hopefully have a Florida branch soon so they can go after Disney. Hopefully you clicked on the link and read the short article. The workers, with help of PATP, petitioned the National Labor Board to unionize. With luck the vote will be scheduled before the end of the year.

H-1B Replace American Workers

Big name companies like Disney have been using the H-1B loop hole for years to mass replace U.S. citizens with foreign labor paid dramatically below market wages.

hcl h1b wage image 1

hcl h1b wages 2

It doesn’t take a rocket scientist to see that there must be many more workers near the min salary than the max salary to pull the average salary down so low. Back in 2016 I wrote a post here linking to a Yahoo story about how IT graduates are starting out north of $100K at many of these same companies. Here’s the 2019 salary article. Since Google is the company being targeted by this particular unionizing effort let’s take a look at what the article says about them.

google starting salary

Great American Oppressors

This information is available on the Internet so you know the H-1B worker has access to it. Just how warm and happy towards America do you think a worker pulling down a smidge over $58K doing the same job right next to the U.S. worker feels? Nah, it won’t grate on them at all. It won’t start them thinking the terrorists are right. Hearing their coworkers talk about how much the company stock they are paid is now worth won’t further grind away at them or plant the “Great American Oppressors” thought in their minds. It won’t encourage any of them to send part of their meager earnings back to actively fund/support terrorist activities. No, not at all. I’m sure the United Nations Counter-Terrorism Committee would never have published anything about Alternative Remittance Systems (ARS) being used to fund terrorism.

Movies to Understand How Bad Things Were

I believe it is fitting that unions are attempting to right this wrongful abuse. After all, many of the workers being exploited during early union days in America were immigrants. Kids today do not have an understanding of just how bad things were or just how bad today’s workers are still exploited. Here are some movies for your rental list.

On the Waterfront

Hoffa

Harlan County U.S.A.

The Molly Maguires

Salt of the Earth

The Triangle Factory Fire Scandal

American Dream

This one is not about unions directly but speaks to the severe oppression immigrants faced in New York’s “Five Points.”

Gangs of New York

H-1B Oppressive Living

This brings me to one final point many/most of you choose to ignore each and every day. Do the tech H-1B visa workers at your company all stay in one or more extended stay hotels? Have some form of company provided “shuttle” to bring them back and forth? It has been my experience this is generally the case in the most oppressive shops. They will be four or more deep in one extended stay hotel room. Why? Because they aren’t paid enough to afford their own place. Yeah, you might be able to tell yourself “they are only doing that until they can find a place they like” but that only works for the first three months. What do you tell yourself when they’ve been living like that for a year?

Happy Labor Day Weekend!

Old is New Again

Zinc BookIf you live long enough in IT, everything happens at least twice. The first book I ever wrote, “Zinc It! Interfacing Third Party Libraries with Cross Platform GUI’S” has become somewhat current again.

Some number of years ago I was contacted by a gentleman asking about this book. He was embarking on a journey to port a now OpenSource version of ZAF (Zinc Application Framework) to a current C++ compiler. We exchanged a few emails since then, but, I must admit I have lost is name and contact information. Against all odds, he did complete his journey. I took a quick skim of the site and am seriously impressed that he managed to get the original reference documentation.

While I bitched at the people in charge of Zinc, mostly because they didn’t care about bugs, choosing to focus on adding new features which introduced even more bugs, the approach Zinc took was unique. For the DOS functionality it had to provide everything, but, on all of the other platforms it was a wrapper class to native OS API calls and that makes it relevant today.

How so you ask?

We stand on shifting sand. Google is abandoning Android for Fuchsia. Windows will just be a GUI on top of Ubuntu in a few years, just like MAC is on top of BSD today. Cross platform tool kits writing their own low level code for things like Styles, etc. have a maintenance nightmare in front of them. Layering on top of OS level APIs protects you just a bit. If an API changes slightly from say 10.0 to 11.0, you can either conditionally compile or morph at run-time based on the current OS version.

Of course, life will always suck when they completely throw out the rule book with the API, but, as a cross platform framework tries to add support for more and more frameworks keeping support for more and more versions, the wrapper makes it a bit more doable than roll your own.

Zinc was an interesting product. Even if none of you purchase one of the limited copies I still have from the first print run, you should take some time out from your binge watching to pull down what he has done and take a good look.

I suspect this OpenSource version will gain a bit of traction at some point. Unlike most OpenSource projects with sucky documentation, this appears to have the last rev of the commercial documentation which existed at the fork so it is slick to look at. The home page claims there is already a Linux port which should make it easier to most to experiment with. (Just how many of us still have a DOS machine laying around?)

Pay them a visit. You may just want to look at doing the Android port and enabling touch support.

The Current eBay Scam

On 4-15-2018 I received the following email:

email image

This was for a Guest order placed on 4-05-2018.

I don’t run a virus known as Windows, but, being the only member of the family to ever go to college for computers, I get drafted by family members who “just bought what was pre-packaged and on-sale.” Of course DELL doesn’t ship installation media with their pre-packaged shit and when you order it, years later from customer service, you get whatever the last bundle was, not what was actually on the pre-packaged bundle-o-shit you bought.

Naturally, when I re-installed my Aunt’s computer from the “just like the day you bought it” installation media DELL sold her (because even if you only use it for Solitaire, Windows becomes corrupted) it didn’t have all of the bundled software she originally had.

This lead me to making a Guest purchase on eBay because I won’t allow eBay to sell my personal information and Amazon is a malignant tumor which will one day end the human race.

eBay is desperate to invade your privacy. They want to sell your information just like Google and Facebook. At least they do until they watch both Google and Facebook go down later this year. Our Congress and media outlets can be easily purchased, just look at what the Clinton’s have done with their criminal enterprise, the E.U., not so much. They are the only ones to make any significant effort to reign in the criminal enterprises of Microsoft and Google. That whole Janet Reno thing was a crime against the human race.

You may notice that the “Leave feedback” link looks like it has been clicked. Well, it has. Ten days to ship an order is completely inexcusable. Guess what? The only thing you can do as a Guest is make a purchase. You cannot leave feedback, contact a seller, or return an item. Unless you let eBay completely invade your privacy, you are an unperson.

Which programming language offers the best job market?

I got sucked into a discussion on Reddit with this very question. No, I don’t hang out on Reddit. I wouldn’t even go there but a couple of technical writing crawlers periodically drop an email with links to things there. So, let’s get a few things out of the way up front:

  1. There is no “best language to learn” when the question is asked in a vacuum.
  2. There are many different job markets and industries which use the same programming languages, but they don’t advertise on Indeed or Dice or the general mainstream job boards.
  3. Most advertised = lowest wage.

Before you think about learning a language and beginning a career as a programmer you really need to take a course on programming logic. Many schools either don’t offer it or they completely ruin their students by teaching PASCAL in the class. The students end up learning PASCAL instead of programming logic. I understand. Kids today don’t want to flowchart and pseudo code but that is where you have to start if you are going to be any good. I wrote a book on logic years ago. Once you spend a full semester or year solving larger and larger real world problems by just drawing out the logic, you can pick up any 3GL in a few days. Honestly. You already know how to solve the problem and only need to figure out the syntax of the current language. You can jump from COBOL to BASIC to FORTRAN to C to DIBOL with relative ease because the logic and stepwise refinement are the same no matter the syntax.

Yes, logic books are thin, but you cannot skim them. You really need to sit with a small group of people drawing and writing the solutions for the exercises because a small group of people will generate different viewpoints and should ultimately provide a better solution.

“A programming job” is also a bad phrase people toss about without putting much thought into it. Ask instead “What type of life do I want?”

Do you want programming to provide you with most evenings and weekends off?

Well, you aren’t going to have that at a startup or most Web companies. That will only come from a major corporation which happens to use programs to do their real work. From there poke around to find major corporations claiming to offer that type of life for their developers. If they have Intern programs (most of the big ones do) you can inquire from the Intern contact what types of languages and skills they look for in programmers and proceed accordingly. Best if you find at least 3 which have some overlapping skill requirements. While they may have some trendy Web skills needs, most of it will be COBOL and C++ because they will have large ERP and WMS packages from vendors like Oracle and SAP. You won’t be “programming in a language” as much as “learning a package written in a language.”

Be warned that most of these companies will try to start you off somewhere between $30-60K. They have been bringing in tons of H1-B workers and paying them nothing. They will also try to place an arbitrary earnings cap on you well south of $100K unless you get a worthless MBA. Time off for friends and family has to be purchased with earnings potential.

Do you want to work 7 days per week 14-20 hours per day for years on end in some vain hope at becoming rich?

You are looking for a startup. There are several Web sites out there which focus on listing jobs exclusively with startups. I forget their names as I avoid them. Initial pay will be low because they will dangle free soda, lunches and stock options in front of you. Keep in mind the stock is worthless if the company does not go public and most startups fail. You won’t find the skills they want searching Indeed or Dice or any of the major job boards. You have to do a Web search for “startup jobs” and wind your way through a few sites. When you are 20-something startups can be cool. There is always the dream of being the next “it” thing. When you hit 30-something it’s time to take a serious look around. If you are still driving the same car you had in college or cannot afford a reliable car and insurance, you need to move into the real world. You no longer have any youth left to misspend.

Are you a closet hardware geek who really loves playing with your Raspberry Pi or Beagle Board?

Those products are great cheap learning devices for people wishing to write device drivers and assemble BSPs (Board Support Packages). For them you will be learning C, Bash shell scripting and a touch of Python. Some firmware is still written in Assembly language but not drivers. This field has too major forks, bare metal coders and driver coders. Bare metal coders have no OS. They are writing things like UBOOT and what we used to call BIOS but now is called UEFI. If you are not working with assembly you will be working with an incredibly stripped down version of C.

Do you think it would be cool to be part of a team which develops medical devices? I wrote roughly half of the user interface code for this device. That code was C++ and Qt and we ran on a highly customized Embedded Linux. You will also need to read up and learn about remote debugging. Most major Linux distros have a version of the Qt development tools in their repos. You can start by learning C++ and Qt on your desktop/laptop then learn about cross compiling for a Raspberry Pi or Beagle Board.

Despite all of the Web programming Google is famous for, they have a lot of low level OS coders. They are currently abandoning Andriod and working on Fuchsia.

Cannonical is also in the process of abandoning Linux for their own flavor of Fuschia. Don’t worry. What was Ubuntu will be rebranded Windows and shipped by Microsoft. It’s already started. When you open up a bash shell on Windows 10 it is running a flavor of Ubuntu.

Most universities can only teach you the fundamentals of software development and some of the languages needed by the largest corporations. A good many don’t even teach COBOL anymore yet it is still the language with the largest production code base on the planet and will be, pretty much forever. The Silicon Valley crowd create and discard a new “language” every few weeks. You cannot go to school to learn what they want to hire now and you cannot take more than 2 days to learn it because it will be an obsolete skill in 3 weeks.

Know this. When you search on Indeed or Dice or some other general IT job site, the languages you see the most are also the lowest paying. There has been a tidal wave of H1-B workers arriving in America. Most are Java or .Net. Despite the much talked about $60,000 threshold during the election, the bulk are paid around 1/3 of that. Yes, you can “always be employed” but, you will start off around $30K/year and 10 years later when your salary approaches $80K that will be as much as you ever earn. If you are okay with never being able to own a home in a nice neighborhood, then go for it.

Yes, you have all seen the salary surveys showing Google and others hiring programmers for around $150K right out of school, but you cannot live on that out there. Google has had to start providing housing. Other Silicon Valley firms are also buying/building living quarters for employees because you cannot get your own place anywhere near the campus for what they pay.

Speaking as someone who has written multiple books on Java, I can honestly say Java is a dying language. It never lived up to its promise and architecturally it can never be made secure. In a world where identity theft and massive data breaches pepper the daily/weekly news, that’s a big issue. No, I’m not going into a lengthy discussion about it with people who cannot yet program. You can go searching for how Java was praised in the early days because of the way it uses URLs to locate classes a program needs anywhere on the Internet. Then sit and think about that phrase.

Yes, some companies are trapped with Java and refuse to bite the bullet. They will continue using Java until they go out of business. This trapped number isn’t anywhere near the size you wish to believe. This trend started in 2010.

Now we have to talk about the definition of “best.”

If your definition of “best” is there will always be a job and you don’t care much about money, IBM Mainframe COBOL with CICS and JCL. Yes, most of the gigs will only pay $40/hr but payroll and accounting systems running COBOL will continue to run long after humans cease to exist. You can also learn Java and make even less competing with $15/day off-shore labor.

If your definition of “best” is the highest billing rate ever, then you are looking for niche tools and markets. C++ Qt on Embedded Linux or Drupal. Boring and difficult device driver coding in C for various embedded targets. BSP (Board Support Package) work. Whatever tool some startup with massive venture capital is pushing into the market this week.

Whatever is hot as a Web programming language today will be forgotten next week. That’s the way the Web is. Scripted languages come and go. Two years ago Ruby on Rails consultants were billing out at over $200/hr and most are unemployable now. Scripted languages have no staying power in the market because there is no commitment to them. You don’t develop a high volume core business system in a scripted language because the processor cost of the interpretation is simply too high.

Think about it. ADP is one of the biggest payroll processors in America. Do you really think they could chew through that many payroll records each month using Java or some other scripted language? Keep in mind all of the precision problems with floating point types. Packed Decimal and BCD (Binary Coded Decimal) aren’t just legacy data types to save storage space. They also existed to solve precision problems which crop up with payroll, mortgage and other financial calculations. When you use IEEE floating point types:

1.0 - 1.0 != 0.0

Most of the time. You can search the Internet for all kinds of war stories when trying to do integer math with floating point data types. This is a problem made worse by JavaScript and other newer scripting languages which have a single numeric data type, double precision floating point. You will find more than one young programmer posting pleas for help because 3 – 2 did not equal 1.