This page is offered as a service of Bristle Software, Inc. New tips are sent to an associated mailing list when they are posted here. Please send comments, corrections, any tips you'd like to contribute, or requests to be added to the mailing list, to tips@bristle.com.
Original Version: 10/14/1991
Last Updated: 3/11/2021
My friend Jeff asked me today about "Pi currency". Said he hadn't put any money into it. Just installed an app on his phone and it mines Pi by itself. Another friend pointed him to it. Over the past few weeks, he's accumulated about 50 units of Pi currency at no cost. Pi doesn't actually have any dollar value yet, but he's hopeful that it will someday.
Sounds great, right? MAYBE NOT... Here's what I told him.
I don't know anything about "Pi currency" specifically, but I NEVER install any software like that on my computer, laptop, phone, or anywhere else.
Remember, whenever you get a "free" service, you're not the customer, you're the PRODUCT. The fact that you've installed the software on your phone is paying off for someone. Your friend got a bonus of some additional free Pi currency for recruiting you (the product) for them (the buyer). And the folks paying him are certainly getting something out of it.
Once you install software, it can do ANYTHING IT WANTS to or with the device you installed it on:
And for most of these, you'll never even know it's happening.
Bummer, eh? That's why I NEVER install such things. Unless they're Open Source.
Remember, if you're not paying, you're not the customer, you're the PRODUCT. If you don't see any obvious source of revenue for them, like lots of ads popping up in your face that someone is paying them to show you, you have to wonder what they're getting out of it.
The Pi currency mining app may or may not be malicious in any of these ways. I have no idea. Maybe it's just using your CPU to mine Pi currency, giving some to you and keeping the rest for itself. But it's sure to be making a profit somehow.
I did a quick Google search for "pi currency malware", just to see what people are saying:
I found LOTS of posts on various social media sites, assuring you that it's harmless, and encouraging you to use their special code so they get the bonus when you install. Can you guess what their motivation is?
I also found LOTS of posts warning about various other forms of "cryptomining" and "cryptojacking" malware, that may have snuck on to your phone, tablet or computer without you even realizing it. See:
Same deal. They're all using your CPU to mine cryptocurrency, and making a profit by doing so. At least the app my friend installed is sharing some of the profit wth him.
The one exception to my "beware free software" warning is FOSS (Free and Open Source Software) which IS safe.
--Fred
Original Version: 10/14/1991
Last Updated: 3/11/2021
If you've already been hacked, you may not even have noticed. Your computer, tablet, or phone may have been part of a "bot net" for years. Since it's not really affecting you, you don't have to care, right?
It's just using spare CPU cycles that you didn't need anyhow, right? Yeah, you're being taken advantage of, and someone is perhaps making a profit off of you, but what's the real harm? It's not doing any real-world damage, to you or to anyone else, right?
NO. There's more to it than that.
Steal your identity later
When you someday find that your identity has been stolen, you'll
probably have no idea that it was the hacker's software that stole it.
Break other software
When some "unrelated" app stops working or some other
problem occurs on your device, you'll have no idea that it was
caused by the hacker software.
Could happen immediately, or months or years after you got
hacked.
Contact or infect your friends
When a friend someday tells you that they've been hacked, had
their identity stolen, and all of their retirement savings stolen,
you'll have no idea that the hacker got to them through you.
Manipulate the stock market
When your 401(k) drops in value, or goes up less than it should
have, you'll have no idea that your phone was used to manipulate
the stock market and skim off profits that your investments would
have made.
Tens of thousands of dollars stolen out of your own pocket, and
you'd have no idea.
Same for the hundreds of millions of other 401(k) holders, and anyone else who owns stock or mutual funds. If your phone, along with all the others in the bot net, is used to manipulate the stock market, each of those people could lose tens of thousands of dollars. And no one would have any idea. I'm sure it happens all the time.
Join a bot net
You may hear on the news that a bot net attacked some
hospital and demanded a ransom to get their data back, or to
regain control of their medical equipment, lights, power, etc.
And meanwhile some people died.
Or that a bot net attacked a major company, ruining its sales, to
the benefit of its competition.
Or attacked a utility company or government agency.
Or brought down the US anti-missile defenses while some
country was launching missiles at us.
You'll probably have no idea that your phone, and those of many of the friends in your address book, were foot soldiers in the attack.
How much value did you get from installing that "free" app? Is it worth taking all those risks? I'd say no.
Bummer, eh? That's why I NEVER install such things. Unless they're Open Source.
--Fred
Original Version: 5/3/2010
Last Updated: 3/11/2021
FOSS (Free and Open Source) software is safe and secure.
FOSS is software that's not only "free", but also "open source", which means that anyone can read the source code of the software, and see exactly what it's doing. So, the supplier of the software can't hide malicious or self-serving stuff in it. And anyone can spot accidental security holes that the original author might not even have been aware of.
In fact, the word "free" doesn't just mean "free of cost" though it usually is that also. More importantly, it means "free to modify". Anyone in the world is free to make improvements to the software, and funnel them back to the original author, or just distribute them to others directly. The only restriction is that the source code of the improvements must also be "open source" so that everyone in the world can keep an eye on it.
The alternative to "open source" software is "proprietary" software. That's software owned by one person or company. They may license it to you to use, but they don't allow you to see the source code. So you have to trust them to not be doing anything sneaky. And to be competent enough to not have left any security holes.
The combination of "free" and NOT "open source" is particularly bad. What's the motivation of the supplier to hide the source code, but not charge any money? They're probably making their profit somewhere.
[3/11/2021 update]
My friend Geoff Wilson asked why I believe that people take the
time to review FOSS source code.
What motivates them?
Why assume that bugs and security holes are being looked for?
Good question!
Thanks, Geoff!
I wondered about that for a long time too. But it turns out that there really are lots of people in the world who review FOSS software. Many are paid to do it, as their full-time job. See the tips below.
--Fred
Original Version: 5/3/2010
Last Updated: 3/11/2021
Much of FOSS is written by employees of large corps on fully authorized company time. The company finds it cheaper to donate a few employees than to maintain a larger team to write and support it themselves. Often they wrote it in the first place, to fill a need of their own, and to have an advantage over the competition.
But it's hard to turn down the free work by others in the world, to add more and better features. And to support the existing product with documentation, tuturials, videos, etc. Even if the competition does get to use it.
If you don't open source your own internal tools, someone else will do so with theirs. And their software will grow in functionality and in market share while yours withers. So, you'll be able to hire new people who already know their software, but not people who already know yours. And those you hire, and even your own current employees, won't want to use your less full-featured and less well-documented software. So, you end up switching to theirs.
But theirs will do things a little differently, since you weren't on the team that developed it. So, it's less useful for your own internal business processes than it could be. So, you end up donating some people to join the open source team anyhow, to maximize its value to you. And abandoning your own in-house version. Better to just open source your own first. IBM, Intel, Oracle, SAP and others figured this out 10-20 years ago, and recently even Microsoft is learning the lesson.
--Fred
Original Version: 5/3/2010
Last Updated: 3/11/2021
Most FOSS projects these days are hosted at Bitbucket, GitLab, GitHub or some other Git repository. They use "pull requests" as the mechanism for people to make additions or changes. The team appoints one or more people who know the software well to process all pull requests.
If you've never done a "pull request", here's how it works. If you want to make an addition or change to a FOSS project, you:
They don't agree lightly to do the pull. They're very protective of their existing code base. Why risk letting you break it? They do a careful review for:
They also run your code against all the tests in the existing automated suite, including your new test(s).
Most pull requests are rejected, at least at first. They tell you to make changes based on the review, and to issue a new pull request.
--Fred
Original Version: 5/3/2010
Last Updated: 3/11/2021
If someone did manage to accidentally or intentionally cause a problem, it would eventually be discovered. At that time, Git would clearly identify who made the change, and who performed the pull. Both of those people would be blamed, and would lose privileges on the project in the future. Also lose standing in the worldwide developer community. And maybe go to jail.
Git has lots of tools to support this. For example, if you already know which line of code causes the problem, the Git "blame" command tells you who last modified that line and when. The Git "log" command shows you the history of changes over time.
If you don't know which line caused the problem, the Git "bisect" command can tell you. Give it a starting commit before the problem was added, and an ending commit after the problem was noticed. It does a binary search to find which intervening commit caused the problem.
It can automatically run your regression test suite at each search point. Or allow you to manually say whether that point looks good or bad. Once you know which commit is to blame, you can see who created the commit and who pulled it. As Ricky Ricardo used to say, both of those people have "got some 'splainin' to do!"
--Fred
Original Version: 5/3/2010
Last Updated: 3/11/2021
FOSS projects range in size from tiny (100 lines of code or less) to HUGE (Linux operating system, Java language, Apache web server, etc.)
The Linux operating system is probably the biggest FOSS project in the world. It was originally written in 1991 by Linus Torvalds. But now, it's:
Other FOSS projects have produced large-scale, complex, enterprise-level software tools, including:
These were all originally in-house projects at some large corporation, but were open sourced and came to dominate the world.
The Git version control tool is also FOSS. It was written by Linus Torvalds himself, to coordinate the efforts of the thousands of people working on his Linux project. It's now used by most of the FOSS projects listed above.
--Fred
Original Version: 10/14/1991
Last Updated: 3/13/2021
Each time you install software on a phone, tablet or computer, you're taking a risk. Especially on a Windows PC.
When you run an install program, you give it complete access. The rights to do anything to the computer that you can do yourself.
You expect it to create and update files, change system settings, etc. But you can't prevent it from also doing anything else it wants to do.
And with a Windows install program, you can't even read through it first to see what it's going to do. Have to take it on blind faith that it was written well, so it makes no mistakes. And written honorably, so it doesn't do anything malicious or self-serving. Those are big assumptions!
I got burned by that once. Here's my tale of woe...
Why run such install programs, when they're entirely unnecessary? Just say NO!
--Fred
Original Version: 11/30/1997
Last Updated: 3/13/2021
On Nov 30, 1997, I made the mistake of installing some "free" Microsoft software. Never again! See details below.
--Fred
Original Version: 11/30/1997
Last Updated: 3/13/2021
It was the height of the "browser wars". See:
The Internet had existed for over 2 decades.
It allowed people to send email between computers, transfer files, login remotely, etc. But it was used mostly by universities, government agencies, and large companies. By highly trained computer programmers, academics, and scientists.
There were a few commercial services for average users. CompuServe, America Online (AOL), and various bulletin board systems (BBS) used the Internet behind the scenes. They allowed subscribers to send email, post public messages, view content, etc. But they were all private "walled gardens". Did not give access to the Internet as a whole. Just to their own private content. And only to paying customers.
The World Wide Web changed all that.
It made the entire Internet accessible to anyone with a Web browser. They no longer needed to know the names of all the servers. Or the syntax of commands for FTP, Gopher, Telnet, and Unix. Anyone could just point and click with a mouse. Could navigate from site to site by clicking links. Could see text and images, hear sounds, play videos, etc. Even fill out forms, submit data, and interact with web apps.
But Microsoft didn't notice. It really missed the boat.
Bill Gates thought the Web was a passing fad. Had no interest in Web browsers. He was focused on "set top boxes" that would sit on top of a TV set and allow you to interact with FTP, Gopher and other Internet servers, download music and movies, etc. Things that are all done today using Web browsers, Web formats, and Web protocols.
He wanted people to do it all through Microsoft proprietary formats and protocols. And most importantly, with licensed Microsoft products. Didn't realize the world was already doing it for free, with open standards and tools.
The Web was growing by leaps and bounds. Thousands of new sites appearing every day. Directories and links pages to categorize them. Search engines to help find things: Excite, Yahoo!, WebCrawler, Lycos, Infoseek, AltaVista, etc.
Netscape was the dominant web browser, with 90% or more of a rapidly growing market. Mosiac, Opera, Lynx and others shared the rest. See:
Someone or something smacked Bill Gates upside the head. Woke him from his coma. He issued a 9-page memo to his executive staff and all of his direct reports entitled "The Internet Tidal Wave".
He said he now realized that the Internet was critical to the future of the company. "The most important single development to come along since the IBM PC." The one thing for all departments to focus on. He wanted "every product plan to try and go overboard on Internet features". Listed various Microsoft products that were doomed if they didn't. "[Microsoft] Word could lose out to focused Internet tools." See:
He named companies that they had to catch up with at all costs, specifically Sun, Adobe, Apple, Netscape, and others. Those companies had products far better than Microsoft's. And were members of worldwide standards committees, deciding the format and protocols that would run the Internet for decades to come. Microsoft needed to hurt those companies any way it could.
And needed to block those standards. Join and manipulate the standards committees. Impose Microsoft standards instead. Give away code for free if necessary, to ram Windows-specific protocols and formats down their throats. The strategy was "Embrace, extend, and extinguish".
Shortly thereafter, Microsoft bought a web browser from a company called Spyglass, Inc., and released it as "Microsoft Internet Explorer", but it wasn't getting any traction.
Netscape was making Windows irrelevant.
Microsoft was desperate to catch up because Netscape was making them irrelevant. More and more was being done on the Internet with a simple Web browser, and that same Web browser ran on any operating system (Windows, Mac, Linux, etc.).
The trend we see today was beginning. You can get all the same functionality on any other operating system that you get on Windows. So the operating system becomes irrelevant.
In the previous 10 years, it had become true that no one really cared whether they had a PC from IBM, Gateway, HP, NEC, Compaq, Dell or any other manufacturer. Windows ran equally well on all of them. So, there'd been a massive price war, and PC hardware had gotten much cheaper. Lots of companies eventually gave up on making a profit, and stopped selling PCs. A few went out of business entirely, or got bought cheap by competitors. When's he last time you heard of a PC from IBM, Gateway, NEC, or Compaq? They're all HP, Dell, and Lenovo.
Now the same thing was starting to happen with operating systems. It was starting to be true that no one really cared whether they used Windows, Mac, Linux, or any other operating system. Web browsers, document processors, email programs, file managers, PDF viewers, and other apps all ran equally well on all of them.
So people could stop shopping for Windows-only functionality. There wasn't any. And could even stop shopping for the familiar Windows user interface. Mac and Linux desktops looked pretty much the same as Windows, with the same use of icons, windows, folders, mouse, etc. Those concepts were all based on work done at Xerox PARC (Palo Alto Research Center) in the 1970's. Mac, Linux and Microsoft had all copied the ideas. So Microsoft couldn't patent any of them.
Instead, people would start shopping for price, reliability, speed, capacity, etc. But Microsoft couldn't compete on any of those fronts. Linux was free. And both Mac and Linux were far better in terms of reliability, speed, capacity, etc.
Microsoft gives away Internet Explorer for "free".
This had to be stopped. Microsoft started giving away their Internet Explorer browser for free. They could afford such a "loss leader" since it only ran on Windows, which was one of their cash cows. And they couldn't afford NOT to, since the Netscape browser was competing with Microsoft Word, their other cash cow.
Netscape was a much smaller company, with only the browser (which included an email client), a web server product, and its netscape.com web site. But it had no choice. Most people wouldn't pay for a web browser when there was a "free" alternative. It started giving its browser away for free too.
Microsoft pressures vendors.
Microsoft also started forcing PC makers to install its Internet Explorer browser on all new computers. Or they were not allowed to install Windows at all.
Some people started uninstalling the browser after they bought their computer. So Microsoft built it into the Windows operating system so it couldn't be uninstalled.
This put more pressure on Netscape. Most people wouldn't bother to install a 2nd web browser when there was one already installed.
But somehow Netscape hung on. Microsoft was desperate. They were willing to do ANYTHING to remain relevant. To maintain their desktop monopoly and their profits.
If only I'd realized...
--Fred
Original Version: 11/30/1997
Last Updated: 3/13/2021
Meanwhile...
I wanted a way to right-click on a folder in Windows Explorer and open a command line in that folder. Microsoft offered "DOS Here". Great! Looked like exactly what I wanted. So far, so good...
But...
I couldn't get "DOS Here" by itself. It was a feature of "TweakUI". Doh!
And I couldn't get "TweakUI" by itself. It was bundled in the "Power Toys". Double Doh!!
I had no choice but to download and install the entire "Power Toys". It was "free" and I hadn't yet developed such a healthy distrust of Microsoft, so I installed it.
I started using "DOS Here" and it worked fine. Again, so far, so good...
But...
--Fred
Original Version: 11/30/1997
Last Updated: 3/13/2021
But...
Netscape immediately stopped working!
Coincidence? No. Definitely not.
I was in the habit of using Netscape Navigator (the Web browser) and Netscape Messenger (the email client) all day every day. So I'm sure they both worked fine immediately before I installed Power Toys, and both stopped working immediately after. In fact, the last thing I did before installing was to browse the Web to find and download Power Toys. And the first thing I tried to do afterwards was to check my email.
I tried to uninstall Power Toys, but there was no uninstall program. Triple Doh!!!
I found out later that the install had updated some of the shared Windows system DLLs with intentionally defective copies. But there was no way to know that beforehand. And no easy way to fix it afterwards. Grrr!!!!!
--Fred
Original Version: 11/30/1997
Last Updated: 3/13/2021
For most users, when something like this happened to them, they perceived it as "Netscape stopped working. Must be a bug in Netscape." So, they switched to Microsoft's Internet Explorer. Which was conveniently already installed on their PC.
Microsoft tactics eventually worked. They did aggressive marketing, gave the browser away for free, forced PC makers to preinstall it on all new computers, made it impossible to uninstall, and sabotaged Netscape on computers like mine.
Microsoft's market share skyrocketed. 2 years later, in 1999, it had risen from 10% to 99%. No one was using Netscape any more.
Finally, Netscape went broke. Complete financial collapse. It open sourced its browser and email client, creating the Mozilla Foundation (an extraordinarily effective, but not profitable solution). The rest of the company was sold off in scraps to AOL (Netscape.com web site), Sun ("Netscape Enterprise Server" web server), etc.
Much of what Microsoft did was not only unethical, but actually illegal. The US Departmant of Justice (DOJ) went after them with an anti-trust lawsuit. But Microsoft's lawyers fought them off for many years.
Long after Netscape was gone, the anti-trust suit was settled quietly. Microsoft pleaded guilty to doing all of the above on purpose and paid a big fine. But the fine was much less than the money they'd made by sabotaging Netscape. See:
A few years later, the browser re-emerged as Mozilla Firefox, and the email client as Mozilla Thunderbird. But it was a long hard fight for Firefox to eventually re-establish dominance over the entrenched Microsoft Internet Explorer.
And Thunderbird never took off the way it should have, because people were starting to use Microsoft Outlook. Outlook would never have been able to compete with the much more powerful Thunderbird. But Microsoft had bundled it into "Microsoft Office" with its popular Word, Excel, and PowerPoint products, offering a lower price if you bought the entire suite.
As usual, it's hard to get people to install a 2nd email client when there's already a "free" one on their PC. And since most people were relatively new to email, they had no idea what they were missing.
Since then, Outlook has become of the most widely used email clients in the world, despite its limited functionality. And despite its failure to follow basic Internet email conventions. And despite all of its security holes. I claim that Outlook is the biggest security hole ever installed on any computer.
--Fred
Original Version: 11/30/1997
Last Updated: 3/13/2021
I couldn't afford to switch to Microsoft's Internet Explorer. I was heavily dependent on Netscape at the time. I used Netscape Navigator as a Web browser, with lots of features that Internet Explorer didn't yet have. More importantly, I used Netscape Messenger as a very powerful email client and news reader. Much more powerful than Microsoft Outlook.
Also, I had 15 years worth of email archives (yes I was using email in 1982) that I used with Netscape. Sorting, filtering, replying, forwarding, filing email messages in dozens of email folders. (10 years later, I moved to Mozilla Thunderbird, the successor to Netscape, and I still use it today to manage my 30+ years of email messages.)
I REALLY needed to get Netscape working again. But there was no way to find out what Microsoft had done to sabotage it.
Finally, I wiped the entire disk, reinstalled Windows and all my apps, including Netscape (but NOT Power Toys), and re-applied all my customizations and security settings. It took a few days, but I had no choice. Fortunately, I had good backups and was able to restore all my files.
Still wanting "DOS Here", I searched the Web and found that adding something to the right click menu of all folders is a simple registry entry. A single line of code. I wrote a tip on how to do what I called "CMD Here".
It turned out that ALL of the TweakUI features were simple registry edits. One line of code per feature. Microsoft could have sent me a simple REG file, to apply the changes to the registry. In plain old regular ASCII text format. No need for a binary-formatted "install" program. Except to hide their true intentions.
Here's what I later said (in addition to the above) to someone who pointed me to a Microsoft blog post about TweakUI, and asked what I thought of it:
You already have all of the Windows tools you need, delivered as part of Windows, which you paid Microsoft for. Do you really want a "free" download from Microsoft running on your computer? Think about why Microsoft "gave" it to you for "free". What's their motivation? I'd suggest always searching the Web for the quick registry change you need, and making it yourself. You can undo it if you don't like the result, and you know it isn't causing any malicious side effects.
Yeah, the blog post is a funny read, but that's because it's intended to be funny, and to create the impression that TweakUI is a good thing by implying that a bunch of other Microsoft folks are jealous of its "success". Very effective form of propaganda. Don't be fooled. Read the "use at your own risk" disclaimers in the article. Basically, they say "we gave it to you for free and are in no way responsible".
--Fred
Original Version: 10/14/1991
Last Updated: 3/11/2021
What if you've installed something on your phone, tablet or computer that you later regret? No problem, right? Just uninstall it.
NO. It may be more complicated than that. It may have already done some damage. Even if it hasn't, it may refuse to uninstall.
A software "uninstall" is often just a suggestion. The software is asked to uninstall itself, and may simply refuse. Or may pretend to uninstall itself, but just get rid of the parts you can see, and keep the small self-serving part that was the whole point all along. How would you know? So, uninstalling it right now might be a good idea. Or might be pointless. It may be too late.
Bummer, eh? That's why I NEVER install such things. Unless they're Open Source.
--Fred
Original Version: 10/14/1991
Last Updated: 3/11/2021
Binary executable install programs are dangerous and NOT necessary.
Microsoft Windows was the first operating system I ever used that forced me to run such programs. All other operating systems and environments allow you to "install" things by simply copying files into place. Then you can "uninstall" them by simply deleting the files.
Here's how installs are done on various operating systems and environments.
--Fred
Original Version: 7/30/1997
Last Updated: 3/11/2021
To install the Java Runtime Environment (JRE) also known as the Java Virtual Machine (JVM), or to install the Java Development Kit (JDK) which includes the JRE/JVM:
Notes:
--Fred
Original Version: 9/14/2012
Last Updated: 3/11/2021
To install the Python interpreter:
Notes:
--Fred
Original Version: 7/20/1987
Last Updated: 3/11/2021
To install an app on Unix:
Notes:
--Fred
Original Version: 9/1/2001
Last Updated: 3/11/2021
To install an app on Linux:
Notes:
--Fred
Original Version: 3/8/2009
Last Updated: 3/11/2021
To install an app on Mac:
Notes:
--Fred
Original Version: 10/14/1991
Last Updated: 3/11/2021
To install an app on DOS:
Notes:
--Fred
Original Version: 10/14/1991
Last Updated: 3/11/2021
To install an app on Windows:
Notes:
--Fred
Original Version: 2/1/1983
Last Updated: 3/11/2021
To install an app on VAX/VMS:
Notes:
--Fred
Original Version: 3/4/2010
Last Updated: 3/11/2021
To install an app on a phone and tablet:
Notes:
--Fred
© Copyright 2020-2021, Bristle Software, Inc. All rights reserved