Slashdot Mirror

Here is another article on the same subject.

So is there a rush of vehicle thefts during periods of high sunspot activity and coronal mass ejections like now?

...this little gem.

And neither was the many-eyed OS borg communist collective community commune. Wow, nine years of being vulnerable. Truly sad.

it really should, in this day and age come with a good stateful firewall

By not having the firewall in their server product and user product until Windows XP, Microsoft has allowed a cottage industry of independent software vendors to appear that sell such software.

Bundling something complex and of high quality with the product will basically kill off those guys, and give them good reasons for antitrust investigation.

From a different perspective, Microsoft did buy that Romanian security vendor, although an antivirus company, not network security company, but who knows what projects are currently being set up for the team.

Doctors take an oath swearing to not use their medical knowledge to do harm. This is a philosophy the security community should follow.

There is no need to publish the full details of security flaw, including working exploit code, until after the vendor has fixed it and some time has gone by to give people time to apply the fix.

Some people believe they should immediately publish full details and exploit code without bothering with the vendor or without giving them time to fix the problem. That is irresponsible no matter how you look at it. Some people believe they should publish full details and exploit code the instant the vendor publishes the patch. This is also irresponsible as no one has had time to fix the problem.

My web site was hacked one night because some moron posted to a mailing list with exploit code for a flaw in the message board software I used at the time. The vendor of that software was not notified. The mailing list post was made in the middle of the night, so even if a patch were available at that instant, it would have done no good to anyone in North or South America. All the crackers on that list were provided with full instructions on how to exploit the problem conveniently mailed to their inbox. Someone tell me how that served any useful security purpose.

Remember the Blaster worm? It was based on exploit code posted to a mailing list. One group of hackers released the original exploit, but it wasn't destructive enough to fit one person's taste, so he "fixed it" to make it worse, then released it to the world. Blaster and Nachia came out shortly afterward. http://news.com.com/2100-1002_3-5055759.html

My own belief is that people should restrain themselves from providing detailed instructions about how to exploit a flaw until the vendor has fixed it and people have had enough time to apply the fix. Your privelege to tinker with the exploit yourself or to collect geek points for discovering the flaw is outweighed by the need to give people time to install the patch. After 30 days or so, it's their own fault if they're not patched.

If the vendor is doing nothing about the problem, disclosure should be a threat to get them moving. However, that is an empty threat if disclosure is going to be made anyway the instant they make a patch.

Or, how about Mike Langberg at the San Jose Mercury News?

Are they unbiased enough for you?

I'm curious which products you think are s__t? (That was a rather disgusting metaphor, by the way!)

The originally proposed quick fix is to simply redesign the the Sun servers to accept the SPARC64-V. An even better proposal, now leaked by the press, is to simply discontinue the Sun-designed servers and to sell re-branded Fujitsu designed servers. The latter proposal is a much faster path to solving the server-performance problem at Sun but leads to lower profit margins. Clearly, the situation at Sun is dire, so you can be assured that one of these proposals will be adopted. (Please read "Sun posts deeper loss for quarter". Having lower profit margins is better than having no profit margins. Right now, the second proposal appears to be winning.

Sun Microsystems will most likely fire more than 50% of its processor development team. The single biggest cause of Sun losing marketshare so rapidly is the UltraSPARC III. It has horrible performance. Check "SPEC" and "TPC".

How does this deal help Fujitsu? It can now sell more servers and get more cash. Fujitsu has the upperhand and should force Sun to accept the second proposal: Sun exits the highend server market and sells rebranded Fujitsu-designed servers. To avoid being dependent on Sun, Fujitsu should move rapidly to jettisoning the Solaris OS in favor Linux. Fujitsu is rapidly being shaped into a company like IBM: high-performance servers and computing services are the mainstays of the business.

As a side note, Fujitsu rejects hiring foreign workers (the equivalent of H-1Bs). Their SPARC64-V and SPARC64-VI were designed and built almost exclusively by native talent. When Fujitsu hires workers, Fujitsu most values the quality of "willingness to work", not "best match of skills"; Fujitsu will take the time to train its employee. Fujitsu is a traditional Japanese company that emulates most of the values that once characterized traditional American companies. Sun, by contrast, encourages the employment of H-1Bs; the UltraSPARC III and the UltraSPARC IV were built substantially by former or current H-1B workers. Sun seeks only "best match of skills" and, along with Intel, claims that they absolutely need H-1B worker even during a period of 8% unemployment among native Americans in Silicon Valley.

... from the desk of the reporter

It also trashes a moderate number of computers on install

An updated version (4.1.1) became available for windows yesterday and it addresses the known issues from the initial release last week. read about it here

I work as tech support at a university. It is my experience that most people actually read spam messages and then actively consider the promotion. I guess they are still naive to the ways of the internet and believe they are actually seeing a good deal sent to them. People always ask me about the "send your bank account info to nigeria" scam because they don't ever think that *they* could be the target of a scam. I'm afraid to think of what kinds of scams these people fall for in the real world if they believe everything they read on their computer screen.

Remember this:

"A group of American companies is attempting this week to persuade the European Union to relax its rules governing data protection, claiming they are bad for business.
[...]
The EU passed the Data Protection Directive in 1998, and this has subsequently been implemented into national law by all but two--Ireland and Luxemburg--of the EU's member states.

As well as regulating the buying and selling of personal data about European citizens and forcing Web sites to tell users when data about them is collected and allow users to refuse disclosure, the Data Protection Directive also restricts the flow of information about Europeans to companies based in countries with--in the view of the EU--more lax privacy standards.

The Global Privacy Alliance says that this directive makes it hard for companies to engage in the kind of data flow that they claim is vital for modern e-enabled businesses."

That would be the kind of data flow where they take your medical data, and farm it out to a country with no effective privacy laws, then?

Its interesting that the EU law would not only have prevented your medical data going to Pakistan, it would have prevented it going to the US - because far from having "strict standards to protect patients' medical data", the US laws allow moving private data to countries with lower privacy standards!

"At the same time Red Hat created the Enterprise Linux line, which changes slowly so hardware and software companies have time to adjust to changes and certify their products, it has given more free reign to its other version, now called Fedora, which is available for free. Because Red Hat doesn't have to worry about Fedora certification, support or retail sales, the company can rapidly move new technology into it so new features will mature faster. The only hitch is that some customers had grown accustomed to a free version that was better adapted for serious use rather than just experimentation. "

It is my opinion that Gator is spyware. Suing people to prevent them from calling a spade a spade is only going to further harm the image of the Gator spyware company. For more information, there is an article detailing what I'm talking about. My recommendation to everyone is to go to this site and download Spybot Search & Destroy to aid in the removal of this spyware program from your system completely. If someone from the Gator spyware company sees this, I will gladly post your cease and desist letter here so others can have a good chuckle at the fact that you cannot stop me from voicing my opinion that Gator is spyware.

Gator can just fuck off.

Actually this study doesnt say anything about Gator collecting information
other than the websites surfed. The study was motivated by companies
wanting to know what ads are pushed when Gator users surfs their website.

What I want is a detailed information of other ways in which Gator is a spyware.
For eaxmple this
site
talks about how Gator blocks the ads on the pages that the user is visiting with their
competitors ads, and also how it is bundled with other inncouous software
like password helpers etc.

According to this CNET article, X10 has filed for chapter 11 as a result of this ruling.

I kid you not.

"Anyone who was around the Open Source movement in the mid-Nineties could see this all the time. If you cared about Linux on the desktop, there was a big list of jobs to do. But you could always instead get a conversation going about Microsoft and Bill Gates. And people would start bleeding from their ears, they would get so mad. "

The Story is also here at News.com.com

I misspoke in using the word "salary," but his total pay is nothing to sneeze at! And a $90e6 personal jet ain't a bad perk either.

The quick answer is that content has to be kept somewhere, i.e. storage, and EMC is always interested in things that help sell storage.

The long answer is that so-called fixed content is an growing slice of the storage pie. EMC has a nifty way to store fixed content (see this article), but that's only the bottom layer of the stack. Documentum provides higher layers that already integrate well with the Centera. EMC is wanting to get more into software, so buying one of the industry leaders make a lot of sense.

I think Harlan Ellison did it first. Harlan sued AOL over posts of his copyrighted material to Usenet.

Despite the ranting and raving by Scott McNealy, Sun Microsystems is also bunding software into a single package. According to "Sun eyes application server market", Sun is bundling server application software into its Solaris OS. Sun is deliberately trying to destroy BEA Systems.

Remember. If we attack Microsoft for bundling stuff into its OS, then we should attack Sun for doing likewise.

... from the desk of the reporter

"...They introduced the Zip 250, Zip 750 with a new feature, ZIP Click which brought a whole new meaning to the term removable media ..."

"I also have about 50 Zip disks but I can't even remember the last time I spun one of them up."

Personally mate if I was you I really wouldn't spin those disks up.... instead get them to a media recovery company quickly whilst you still can... unless of course you wouldn't miss the contents from your collection which well judging from your knowledge of storage media must be pretty impressive.... *wink* *wink*

They're toast.
I joked exactly the same thing when when I first saw my first ZIP drive... little did I know at the time that the newer drives would actually come with the toaster part enabled.

I also have about 50 Zip disks
On second thoughts, perhaps you should have just written had....

I don't think that there needs to be a way to query the recipient. Probably this will entail some sort of public key encryption system ala PGP, but unlocked by that ever secure .NET Passport instead of something that you control. Included in the encrypted message will be rules that state what the client program may or may not do with the message, including reading, replying, and forwarding. Apparently, the message may also contain a 'self-destruct' order that instructs the client to destroy it's copy if it meets certain requirements. Who knows if it's only the requirements set by the creator of the content.

Now, this only works if the client plays by the rules. To ensure this, only Microsoft created clients will be able to read the messages. Well, that's the idea at any rate. I leave it to you to ponder whether or not Microsoft's new system can be broken.

Now, having gotten the method out of the way, this brings up some serious issues for we in the OSS movement and for society at large.

Microsoft has stated that there will be a free viewer available that can read these messages. Note that's a viewer, not a true email client. Users of this viewer will not be able to send messages in the same fashion. It is very possible that they will not be able to do anything with the message other than view it, regardless of whether copyright controls contained therein allow for forwarding. Obviously, if you want to be able to use the messages sent to you by someone else, you must use a Microsoft product. That means that you must run Microsoft Windows. Given that Microsoft only makes software for Windows and Macintosh, and will be dropping support for the Mac, I must conclude that this is simply yet another way for Microsoft to control the market, and stifle competition.

Finally, to satisfy the requirements of my moniker, I should point out that Microsoft will be able to read these messages via it's Passport system. Therefore, by extension, the U.S. government will also be able to read those messages. Don't believe the crap that Microsoft is trying to sell you. This is not about you being able to control what happens to your content (as implied in the article by that bleeding heart story about the woman who sent embarassing material to her irresponsible boyfriend). No, this is about Microsoft controlling what you do on your computer with software that you own. It is also about the government being able to monitor your communication.

Federal and state regulators have voiced concern that a feature in Windows XP that involves online music purchasing may violate terms of Microsoft's antitrust settlement.

The issue surfaced in a court-mandated briefing filed jointly by Microsoft and federal and state regulators. The compliance update says there are ongoing discussions over the "Shop for Music Online" feature in the operating system.

"Plaintiffs are concerned that the feature invokes Microsoft's Internet Explorer, rather than the user's chosen default browser, in a manner that may be inconsistent" with the settlement, according to the filing.

They also claim to have had 1 million downloads of the windows version. So, at best, each new Windows user has bought 1 song and the existing Apple users didnt buy any songs at all in that period. At worst most people who downloaded it didnt bother buying *any music at all*. Probably since they couldnt get it to work. or found that it crashed their PC

Reading between the lines it looks like the launch of iTunes for Windows has actually been a bit of a flop.

Now go over in the corner and hang out with David Coursey of Anchordesk. Go on. You earned it.

(wow, talk about FUD... Coursey had 3 of those 5 points...)

Well, considering that

"The iPod makes money. The iTunes Music Store doesn't," Apple Senior Vice President Phil Schiller told CNET News.com in an interview Thursday after the launch of the Windows version of the store,

I can't for the life of me fathom why they would want their music service to be easiest to use with their own hardware.... hmmmm....

Also, how do you know they're not making a profit from iTunes?

Magic.

Not even that much... Between 400,000 to 500,000 to Windows users.

From cnet news.com:

The Cupertino, Calif.-based company also said it has sold more than 1 million songs in that same time, a significant increase from the typical rate of 500,000 or 600,000 songs the company had been selling in recent weeks.

Still, Apple's iPod, which is available for the Mac and Windows operating systems, is rapidly emerging as the preferred music player among digital media aficionados. During the fourth quarter, Apple's dollar market share reached 27 percent compared with about 10 percent for second-ranked Rio, according to NPDTechworld. In terms of unit sales, Apple captured 11.2 percent market share, following closely behind Rio at 11.3 percent and top-ranked RCA at 13 percent.

It is unlikely that Sun will do anything to optimize Solaris for x86 here in the USA. There may be some optimization work at Sun's R&D center in India, but basically in the USA, Sun is conceding to Linux. Linux is backed by IBM, and IBM and Linus are cooperating to make Linux a rock-solid product that meets 6-sigma reliability. Right now, Linus is concentrating on making Linux as stable as possible instead of adding more widgets and gadgets.

The penguin shall rule the world!

... from the desk of the reporter

Was Sun really serious about Solaris on x86?

On and off, evidently back on again. I've heard that back in the mid 90's a decent amount of customers used Solaris x86 on Compaq's. After a while they dropped support and over the next few years. Anyone confirm or deny (I know the second part is true)?

Here is a recent press release about Solaris x86. Disregard the marketing garbage, there's a lot of it.

They name a decent amount of customers, a biomedical place is one of them. Perhaps a transition from SPARC to x86 for sheer speed would be cheaping going from Solaris to Solaris instead of Solaris to Linux, that is assuming Solaris on x86 meets their needs.

Also, according to this article they have Solaris x86 for Opteron. Perhaps this would help convince big graphics apps such as Photoshop make a port to Opteron since Linux and the BSD's are already there.

They also have a POWER4+'esqe chip coming out in the first half of the new year. Two UltraSPARC III cores with 8 megs of cache and each running at 1.2 GHz each.

Sun has good things going for them but they need to expand into new areas and take another look at the current situation.

Was Sun really serious about Solaris on x86?

On and off, evidently back on again. I've heard that back in the mid 90's a decent amount of customers used Solaris x86 on Compaq's. After a while they dropped support and over the next few years. Anyone confirm or deny (I know the second part is true)?

Here is a recent press release about Solaris x86. Disregard the marketing garbage, there's a lot of it.

They name a decent amount of customers, a biomedical place is one of them. Perhaps a transition from SPARC to x86 for sheer speed would be cheaping going from Solaris to Solaris instead of Solaris to Linux, that is assuming Solaris on x86 meets their needs.

Also, according to this article they have Solaris x86 for Opteron. Perhaps this would help convince big graphics apps such as Photoshop make a port to Opteron since Linux and the BSD's are already there.

They also have a POWER4+'esqe chip coming out in the first half of the new year. Two UltraSPARC III cores with 8 megs of cache and each running at 1.2 GHz each.

Sun has good things going for them but they need to expand into new areas and take another look at the current situation.

Agreed, I have a Kyocera SmartPhone 6035 that runs the Palm OS and it's very handy not to carry around two devices. While the newer smart phones are getting better, nothing beats the simplicity of the Palm OS interface. Mine's about 2 1/2 years old now and has held up very well. A few design quirks that I'd like to see changed (switching to a clamshell design), but still a good solid design.

Plus, the smart phones based on the PalmOS are more compatible with multiple O/Ss (I'll take Palm's proprietary interface over a smart phone's proprietary software interface because there are lots of Palm devices out there). That means that I don't have to worry about switching O/S's or e-mail clients as much. If I had gone the proprietary route of a smartphone back when I bought the Kyocera, I might have been stuck running WinNT with MSOutlook97 unless the phone manufacturer updated their software.

When this one finally wears out, I might upgrade to the Samsung SPH-i500 which has the clamshell design to protect the screen. A lot like the form factor of the old Motorola StarTacs.

Apple makes money selling music on the iTunes music store. Probably not much money yet, but certainly they will make considerably more money if they don't restrict users to the Mac platform.

Actually, according to Apple's Senior Vice President Phil Schiller:

"The iPod makes money. The iTunes Music Store doesn't,"

In fact, Apple doesn't even see iTMS as ever being very profitable. They really just want to sell more iPods and I think they've come up with a compelling way to accomplish that.

its apparently been witnessed by quite a few people, as reported on news.com, that installing it can cause windows not to boot on a handful of systems. this probably has something to do with the drivers and such it installs for ripping and burning. I thought the interface looked nice and was pretty simple, but way to fucking sluggish on this Athlon. Maybe apple only optimized against Athlons ;) overall it was ok but as a music player i prefer the new winamp and its music library. fast and simple, even with thousdands of mps3s.

I think the article was well thought out and honest.
I think that Apple believes that the iTunes music store for Windows will be extremely successful because Windows has more market share and it just seems logical that: more users = more purchases.
There was a market research study by Nielsen/NetRatings, that stated Apple users are more likely to buy stuff off the web or buy into webservices-- which really just stems from macs being pricier machines and hence most of the people buying them can afford to waste some cash. I think that we will see the implications of that study with the Windows iTMS.
Combined with some of the points in the article, and the fact Mac users are willing to throw their cash at almost anything Apple asks them to.... Ultimately, WiTMS music sales will less than stellar. I for one will not be surprised to hear that they sell more music to Mac heads.

Hear hear...

I bought a Gateway 450X, it came with XP Pro on it, which works well enough. But I want to install Linux on it! And Intel won't let me.

You know, the thing about it that pisses me off the most is that INTEL PROMISED LINUX SUPPORT when they released it...

with iTune Music Store? Because "The iPod makes money. The iTunes Music Store doesn't". Deal with it.

The cultural divide and the Internet's future |CNET.com

Below are comments I have on an interview with the CEO of Verislime. The greater issue here is that of people poisoning standards for their own short term gain. This guy is either a cynical liar or incompetent to be in charge of the root DNS for .com. I am almost certain that it is the former.


After a couple of weeks on the hot seat, VeriSign CEO Stratton Sclavos is turning up the fire on his company's severest critics.

The Site Finder controversy
You temporarily suspended Site Finder in reaction to widespread criticism. What's the next step?
The reason Site Finder became such a lightening rod is that it goes to the question of are we going to be in a position to do innovation on this infrastructure or are we going to be locked into obsolete thinking that the DNS was never intended to do anything other than what it was originally supposed to do?

Still, a lot of people in the Internet community were quite surprised by Site Finder--and then you had complaints surfacing that it was not complying to approved standards.
Let's break the argument down: The claim that Site Finder was nonstandard and that we should have informed the community we were doing something nonstandard--excuse me: Site Finder is completely standards-compliant to standards that have been out and published by the IETF (Internet Engineering Task Force) for years. That's just a misnomer. The IAB (Internet Architecture Board) in its review of Site Finder said the very same thing--that VeriSign was adhering to standards.

What we're seeing are predetermined opinions masquerading as processes where the outcome is predetermined.
The second claim, that we brought it out without testing--Site Finder had been operational since March or April and we had been testing it with individual companies and with the DNS traffic at large. Ninety-nine percent of the traffic is pure HTTP, and so it handles it the way it should. Just so you know, our customer service lines went from 800 or 900 calls on the first day to almost zero right now. Every customer who had a Site Finder issue, the remediation took less than 12 hours.

His definition of "standards-compliant" is a cynical and deceptive one. Sure, the SiteFinder is complying with the standard, in that it is returning well formatted packets. However the content of those packets are lies. They are lying by saying that domains exist when they do not, in order to fool web browsers into loading the commercial content that Verisign wants to get to web surfers.

It is analogous to saying that if I put a detour sign in the middle of the freeway to direct traffic to my shopping mall, that I am obeying the traffic sign protocols.

The comment about "ninety-nine percent of the traffic is pure HTTP" is a shorthand way to sum up why it is not possible to communicate with Verisign's executives, and why they must be stopped and soon. Within that short phrase there is a huge and perhaps insurmountable issue as to how Verisign thinks the Internet protocols should work.

Because it wouldn't matter if one hundred percent of the traffic on the internet were HTTP, it still is not a reason to break DNS in order to insert advertising. The "service" they claim to be providing should be provided by the browsers, giving everyone a chance to implement their own solution to the problem of mistyped domain names. Then many possible solutions to this issue can be innovated. By breaking DNS to lie about the existence of domain names, they actually prevent anybody else from providing any solution. This is the exact opposite of innovation. And they are smart people at Verisign, they clearly and obviously know all this, and yet they are lying to every one about it. Mr Sclavos is spinning

The same article is also posted at CNET, which doesn't require registration. They also have it in a nice single-page format for those that don't like to keep hitting "next".

The resemblance with Muglia is strong (but Farley doesn't look like he is looking for a fight):

Muglia's mugshot

Chris Farley

With Longhorn and WinFS, Microsoft is tackling a nagging problem the company has long sought to address. For nearly a decade, the company has touted the vision of a single storage system that would break down barriers between applications and serve up stored information quickly and accurately.

The where handed an ungodly amount of positive publicity/hype when Java came out, and then they just seemed to p*ss it away.

i don't think they're so much pissing it away. i think that it just took a little time for businesses to realize that java wasn't living up to the hype.

but let's not let that blind ourselves to the fact that Sun's strategy with regards to making a profit off it with StarOffice isn't actually very good.

what part of their strategy is failing? they are certainly doing more development with it, and a new version (StarOffice 7) just recently was announced.
i think that StarOffice is a terrific idea for all the businesses that 'want to get someone on the phone' should the product fail or not work correctly.

1.28 GHz

Their next generation CPU that's due out in the first half of 2004 is running at 2 GHz in the lab

Some people think that Sun does have a future as a hardware manufacturer, but I think I will have to agree with the article, they can't win the fight against being squeezed out of the market by cheap Intel/AMD servers running Linux (or Windows..).

They really have to decide where they are going, and find a new way to earn money. I think Java is their best bet. I HOPE they will do something like IBM, and jump on the Linux bandwagon as the main platform for Java. Still, finding a steady and large revenue stream from that could be difficult. I suspect they get some from Websphere and the other one (forget what its called), and maybe some from selling courses in Java, but that can't be enough. If they started charging money for using Java I think they would discover that their customer loyalty would evaporate pretty quickly.

I suspect some people here on Slashdot will crow about the problems Sun is going through, but consider that Sun has actually been good for the Open Source world. If it wasn't for the fact that it is a cheap Java platform, Linux would not be as widespread as it is in the business world. Also, they gave us Open Office, and participates and even sponsors a number of Open Source projects. Ant, GNOME, Tomcat, GNUlpr, Open Office... Sure, most projects are Java related, but that is understandable and it is still more than most of the big companies have given us.

Well, if they die, it will be interesting to see what happens with Java. Perhaps they will Open Source it completely, if not out of the goodness of their hearts, then at least as a poison pill against Microsoft...

A more informative article here [news.com.com.com.com.com]

Your problem is that you did not follow Microsoft's best practices. If you had, you would have done as Ballmer has been preaching, and Secured the Perimeter! Which really is just PHB speak for never putting a windows box on the internet without a Linux firewall to protect it. Why do you think microsoft has started using Linux as a proxy service for their website???

To think that there are so many flaws in windows, and so many critical updates that they have to release them in batches because system admins are over worked constantly patching MS boxes..

This cnet article makes entertaining reading

Microsoft released its first monthly security update on Wednesday, following a new schedule that attempts to ease the load on overburdened system administrators.
"All of the five critical (vulnerabilities) are, of course, critical, so that means they are wormable," said Jeff Jones, senior director of Microsoft's security business unit.

The POINT is that Apple never marketed the G5 as the fastest workstation. All Apple marketed the G5 as was the a) first 64-bit desktop and b) the fastest desktop around at the time.

And does anyone else see the possible conflict of interest with PC World running these benchmarks?