Slashdot Mirror

> I don't remember the last time I had a virus take down more than a couple of machines

Do you mean the last one you caught was a year ago, or that your metrics date back a year and show remediation and assesment has been effective?

A lot of the windows exploits have moved* beyond the brain-dead slammer worm that let you know something was hosed. From my experience, many IT shops haven't got the resources, software or experience to stay ahead of the technical level of the malware that is coming down the pike. It seems to me that the malware authors have been going to school while the IT industry has been playing hookey. I'm not picking on Windows even though it makes a great target; Linux, Mac and the other alternatives need to be thinking about how userland can be exploited by the same means - otherwise, we've merely traded one sinking ship for another.

[*]
http://www.eweek.com/article2/0,1759,2205606,00.asp
http://www.zdnet.com.au/news/security/soa/Eighty-percent-of-new-malware-defeats-antivirus/0,130061744,139263949,00.htm

And yet, Vista is Microsoft's fastest product launch ever, and easily has exceeded XP's sales at the same point:

http://findarticles.com/p/articles/mi_qn4158/is_20070517/ai_n19115496

And MS reported a 27% surge in revenue on strong Vista sales:

http://www.eweek.com/article2/0,1759,2207551,00.asp?kc=EWRSS03129TX1K0000610

It's really only on Slashdot that it's a failure.

Can it be customized to do what this does? http://www.altec-inc.com/

How about a Linux accounting package for the SMB market that does the equivalent of what this does? http://www.sagesoftware.com/pfw/

While you're at it, got any waste management software for Linux? Waste Management went with AS/400. http://www.eweek.com/article2/0,1895,1773666,00.asp

So where does Linux losing market share to Windows fit into that formula?

And how about this cloud? http://www.eweek.com/article2/0,1759,2208888,00.asp

"VOLTA just blows AJAX out of the water" and strands anyone non MS on an island I suppose....

hologram storage

Just not exactly mainstream.

Capacity 300GB to 1.6TB (2010), media from $180 list price, drive at 18,000$.

And it is used.

CC.

This is old news. I wrote about it last July for eWEEK.

It definitely happens but it's in small enough quantity that I think it's being done with targeted compromises of servers involved with domain lookups at hosting services and the like. Either that or someone is selling the lookup data.

There is not one recorded/public example of someone breaking out of the isolation of a virtual environment! I dare someone to demonstrate otherwise, and I will eat my words.

How do those words taste?.

From the link: "It could allow a malicious hacker to sidestep the virtual machine and exploit the underlying operating system.".

Anyway I think that you do make a point. Exploiting the underlying OS isn't as much as exploiting the guest OS in the virtual instance. Interesting stuff like Blue Pill (which is hotly debated in security circles ATM), poses unique risks to virtual environments.

Still, I would say Theo is dead on. Virtualization makes a lot of sense, but that doesn't mean you should assume you gain anything from a security perspective. Think of it this way. Every layer of complexity in your environment adds another attack vector... Virtualizing an operating system provides an additional complexity over running the same operating system native. Makes sense to me that there would be additional security concerns. Even Intel VT itself has been proposed as a source of potential security concern.

The Ubuntu community had to yank five of the eight Ubuntu-hosted community servers sponsored by Canonical offline Aug. 6 after discovering that the servers had been hijacked and were attacking other machines.

ADVERTISEMENT It was suggested during an IRC (Internet relay chat) meeting of the Ubuntu colocation team Aug. 14 that the source of the troubles might have been a Chinese IP address trying to log onto the servers by brute force "for a long time now it seems," said a participant.

On Aug. 14, the community began to bring the machines back up in a safe state so that they could recover data from them. Unfortunately, according to Ubuntu Community Manager Jono Bacon, the servers were all found to be out of date, stuffed with Web software, and missing security patches--at least in the instances where it was easy to determine what version they're running.

"An attacker could have gotten a shell through almost any of these sites," Bono wrote in a posting, regarding a change to location server policy that resulted from the incident.

A new battle's shaping up. Citrix, known for remote management software, has acquired XenSource. Symantec has a management utility. So does Microsoft/Novell. Should be a good fight.

I'm looking forward to a return to big iron or something like it. The quality of hardware, and the amount of thought that went into the operating system, software and configuration, was much higher. Big Iron is like the aristocracy of computing.

An interesting article from last year on this topic

http://www.eweek.com/article2/0,1759,2004075,00.asp

yeah, but weren't we promised the same by UWB a few years back, until the FCC defanged it over fears of interference, and the two "standard" forms beat each other to death? I'm still waiting for my UWB stereo to get audio from my UWB enabled PC, while sending a print job over UWB to my UWB-networked printer, while watching a DVD being streamed over UWB from the player to my UWB-enabled TV.

Well, if it's been demonstrated time and again that Google has hacked and user data has been stolen, you shouldn't have any trouble citing examples. Since I'm sure such events would have made the press, please post from reputable sources.

Might I also add that Google's text ads are quite a bit less annoying (and less bandwidth heavy) than the now-common Flash, video, audio, and animated GIFs. Are a dozen 20-word ads really slowing down your internet connection and taking up a large portion of your bandwidth?

I don't think anything's going to curb the problem, short of a full-scale military invasion of russia and china.

The main issue with IBM's cell blades is relative price - The one mentioned at http://www.eweek.com/article2/0,1759,2177357,00.asp/ starts at $9,995, which is far more than all 8 PS3s and a ton of extra networked memory are going to cost you.

From TFA - quoting Steve Jobs:

Some claim that viruses and malware are not a problem on mobile phones--this is simply not true.

The risk of damage would be a lot less damage if every app on the iPhone didnt run as root.

Here's the printer friendly version, with (somewhat) fewer advertisements.
http://www.eweek.com/print_article2/0,1217,a=217199,00.asp
(posted as anon to avoid Karma whoring)

No, they thought "the year of wide open Lunix servers" was more appropriate.

Another Lunix victory over Windoz3!

Once Ubuntu starts fixing all their security flaws, then maybe Slashdot can start talking about security issues again.

Printable http://www.eweek.com/print_article2/0,1217,a=216900,00.asp

HTH

Ubuntu? I'll take a pass. Especially having seen recent demonstrations of Ubuntu's security model.

Lunix may be free... but they can't PAY me enough to use that stuff.

Probably not necessary, since I doubt they are interested in using the Ubuntu security model.

Some eBay watchers attribute eBay's recent crackdown on cross-border sales to the recent spike in hijacked accounts. The spike in traffic might not be wholly attributable to Vladuz's work, but he or she is being credited for most of it. The multitalented hacker is leaving a calling card behind with his or her name, spelled backwards, attached to malicious code injected in live auctions. He's taunting eBay by posting to its forums as a customer service rep. His name is associated with a company name that is in turn associated with eBay hacking tools being found for sale online. Hijacked accounts occur after phishers weasel log-in names and passwords out of legitimate eBay account holders and then use them to run auctions that look like they're taking place in a country with a reputation for legitimate sales, such as the United States or Canada. http://www.eweek.com/article2/0,1895,2100808,00.asp open this link if you want to know what's Bugging eBay..

Incidentally, to save a moment of google: http://www.eweek.com/article2/0,1759,1437244,00.asp

I think that figure would be far, far higher if we were to include the 100% of OSX and Lunix users who mistakenly believe they have virus protection... or protection of any kind... but obviously do not.

The question is how bad will be their fall? Will it be like IBM and Apple, who emerged with new life and remade themselves? Or will it be like SGI or Commodore?

Unlike Commodore which died SGI has changed their focus. SGI now builds High Performance and supercomputers. Here's an article on CNN Money about SGI, Marking First 25 Years, SGI Highlights How Its Customers Have Changed the World.

Ever since MS started hardening their OS, hackers have been going after easier targets. All the other OS's deluded themselves into thinking they were all secure, and you even had Apple build advertising campaigns on it. But as has been proven time and time again (MOAB, anyone?), their security was exclusively a product of obscurity.

Fast-forward to a world where Vista, on OS with REAL security, keeps gaining market share, and you have hackers fleeing to softer, squishier targets. Like Teh Lunix, which doesn't even make overtures toward security: no virus scanners, no spyware scanners, no rootkit detectors, and no real security. Find yourself a favorite exploit, and you easily tear through teh Lunix community like wet tissue. Not only don't they protect themselves, but they don't even bother to look if they are being attacked.

It's like beating up a 4 year old who covers his eyes and hopes you just go away and leave him alone. For years hackers just ignored the kid, maybe out of pity, maybe because there was no challenge... but now that Windows XP and Vista are too difficult of targets, hackers need any soft target they can get. With the time it takes to break one Windows 2003 server, you could have r00ted about 20 Lunix servers.

It seems like Lunix should be using the "do more with less" tagline. Botnetters, spammers, and virus writers are all finding a true love and appreciation for the Open Source community. No more guesswork is involved: just get a few tools, find a 'sploit, and throw it out there.

Another hidden cost of "free software" you never hear "the community" talk about.

BTW, if you think things are scary now, wait until SteveJob makes the iPhone a success. Hackers 3 Apple.

Let's leave the MS-apologist spin out of the summary. Video has nothing to do with it:

It's the WMV format that conducts the viruses.

After using their Business OS for 2+ years I can't be happier. It authenticates to the AD faster than my Windows did,accesses all the resources without a complaint,Crossover lets me run IE6 for the Intranet sites that won't play nice with Firefox,and since 4.0 it even works with my Broadcom 4318 on my laptop out of the box without tweaking or Ndis.Hell,it even runs faster on my laptop with all the 3d effects on than XP did with everything off and the classic GUI. Very nice

Maybe not tomorrow; maybe they'll wait 4 years until that deal is over, then MS can start sueing all Novell customers for "stealing their 235 patents". (Statute of limitations for patents was 6 years ISTR). Also by that time they probably hope the US DOJ has forgotten about the oversight on the anti-trust case, or maybe that Thomas O. Barnett guy will be the next US attorney-general.

Is this finally the version that will catch Linus's fancy?

That joke got me wondering which actually is bigger, the number of Christians or the number of Windows users. A couple of google searches found me these pages:

• http://www.adherents.com/Religions_By_Adherents.html
• http://www.eweek.com/article2/0,1759,2163005,00.asp

Thus, every time someone uses advertisement-blocking software to avoid the graphical ads embedded within a Web site, they are denying the Web site operator revenue that would otherwise have gone to pay for the bandwidth that is consumed during that browsing session. While it could be said that TiVo users are freeloading from the broadcast networks, users of Web advertising skipping technology are far closer to theft than they are to freeloading. This is not a clearly defined issue, but there are a significant number of moral issues at play.....

In the end, a few things are clear: Users of advertisement-skipping technology are essentially engaged in theft of resources.

Having a bunch of tags with no definition as to what they do is not an ingredient of a good standard. If you wanted to define a bunch of custom tags, it could just as easily be done as an extension to ODF, which, if it was well-defined, ISO and the open source community would surely have no problem with

Sun won't let that happen. According to Gary Edwards of the OpenDocument Foundation, Sun limits ODF to those features implemented in OpenOffice.

Remember Amit Yoran? He was "cyber-security czar" at the US Department of Homeland Security. He started talking about the vulnerabilities implicit in Microsoft's software. His position was downgraded and he resigned in 2004.

Yoran's successor, Gregory Garcia, was a professional lobbyist, not a security expert.

The suggested retail price for Windows 3.1 in 1992 was $149.95

Microsoft Announces Worldwide Availability of Windows 3.1

Vista Home Basic Full Version is $183 at Amazon.com and $139 at Royal Discount Technologies

Windows is approaching one billion users on the desktop - one Windows PC for every 6.5 people on the planet. Microsoft Antitrust Settlement Is a Success!

There are enormous economies of scale in building and marketing for the Windows platform.

The $800 Dell Inspiron Vista Premium Laptop will feature a dual core CPU, 2 GB RAM, a 120 GB HDD, and a DVD burner -- tech that simply isn't imaginable at mass market pricing in 1992.

Yes, it's a joke but it goes on too long to be funny.

Part of it is [M$ Office's inability to work with itself] that they simply can't. Hell even if there's a difference in the installed fonts or a different sized screen, documents have to be reformatted by hand to look good.

They could use ODF without charge any time they want. The same thing goes for every other file format they have a special, inferior version of. I can easily share my work across gnu/linux distributions, Solaris and Mac. M$ is always the problem child.

Eweek has an interesting view of what all of this has done to Windoze itself.

Very good points, as is the death of non free competition on Windoze, satirically reported as Microsoft Antitrust Settlement Is a Success! Everywhere you look, you find yet more evidence of coercion and wrong doing.

Seriously, after years of Struts and stuff like Wicket, I don't see any real advantage over "Model 2+" (Servlet/JSP pairs) that I started with in 2001. There is a benefit to simplicity and writing HTML in HTML and writing Javascript in Javascript that over-engineers who are, frankly, a little OO-obsessed just don't get.

Sorry to hear it doesn't work for you. A little OO-obsessed though? Because the framework takes a stance to actually try to provide a real OO programming model where other frameworks simply don't?

I agree that there is a lot to say for simplicity. Especially if your problem is simple. However, my experience is that model 2 just doesn't cut it. I shudder to think back to the horrible instances I've seen of code duplication you get when you can't properly reuse widgets and the tons of hacks I've seen to get around the statelessness of web applications. And then scripting in templates, making them hard to sync with changed designs/ hire a designer to work on them and simply hard to track where logic is put in the first place. I don't know about you, but I never had much fun refactoring JSP and Velocity templates.

Wicket focusses on OO as that facilitates reuse and lets you better cope with complexity. Wicket enforces clean templates so that you won't get yourself into maintenance hell. But it may or may not work for you. It does for me and many others, but so many people, so many tastes. In the end it is a trade off that can be annoying in the short term, but should save you trouble in the long run.

Maybe years of Perl CGI has bent my brain but The HTTP Request/Response paradigm just doesn't seem so awful that it needs to be (leaky) abstracted away.

If what you are trying to do fits the request/ response paradigm, that's fine. I for one, prefer to reason about screens that have panels, forms, fields, tabs and buttons on them, and I don't want to rewrite half of my pages just because I decide to put a wizard in a tab, or move a pageable list to another page or whatever.

If you can use Ajax all the way, a simpler approach like using HTML + JS and maybe DWR should work fine, though a library like GWT should help you avoid all those nasty browser issues etc, AND let you write strongly typed (maintainable) code.

An unbiased review from one of the best in the business.

Googles Ad supported Video phone After reading about Google : 1) Controlling large amounts of the worlds dark-fiber. http://news.com.com/Google+wants+dark+fiber/2100-1 034_3-5537392.html 2) Google said that it's willing to participate in the Federal Communications Commission's upcoming wireless spectrum 700MHz band auction and pay the minimum reserve of $4.6 billion. http://news.com.com/8301-10784_3-9747716-7.html http://digg.com/tech_news/Google_s_battle_for_wire less_spectrum 3) Google hires Andy Rubin, founder of Danger and the " Sidekick" http://googlewatch.eweek.com/content/google_produc ts/for_google_phone_rumors_press_1_for_more_google _phone_rumors_press_2.html 4) Google & Sprint collaborate on WiMax mobile Internet services. http://www2.sprint.com/mr/news_dtl.do?id=17560 This all came together in a epiphany I had this weekend. I predict that Google will soon launch a Free Ad supported Video phone some time next year.

OK, getting really tired of seeing these iBleedingPhone articles now [1]. Since the overpriced hunk o' junk came out, it's been iPhone this and iPhone that ad nauseum. It's expensive, locks you into a single provider, proprietary, expensive to maintain clunky and only superficially superior (ooooh, shiny!). In short, all the things that /.ers usually rally against. Am I missing some point, or is Apple just darling du jour?

Odd disparity of interest there, Slashdot. I'm trying to understand, I really am, but I really can't see any moral or technical advantages of owning one of these things.

[1] Yes, I can ignore them. Nobody has a gun to my head. I wonder if AdBlock Plus can filter on "shiny gimmick for tossers with more money than sense" or will I then be branded a "thief" for not reading them? It's akin to The Goog being everyone's darling even though they have more information on folks than the NSA. The world's gone mad, I tell you!

There have been so many, but here a few of my favorites:

Enderle: "SCO Should Win"
http://www.eweek.com/article2/0%2C1895%2C1545173%2 C00.a...
http://www.eweek.com/article2/0,1759,1563242,00.as p

Lyons: "What SCO Wants, SCO Gets"
http://www.forbes.com/2003/06/18/cz_dl_0618linux.h tml

BTW: Dan Lyons is also the guy who screamed and cried about anonymous boggers, and message board posters, then he turned out to be the fake Steve Jobs.

Didio: "SCO Group Gains Psychological Edge, Registers UNIX System V Copyrights"

"The fact that SCO registered its UNIX System V copyright lays to rest an earlier, erroneous contention by Novell president, Jack Messman, claiming that SCO did not own the copyrights."

http://www.techupdate.com/techupdate/stories/main/ 0,14179,2914388,00.html

Groklaw: "Maureen O'Gara reportage on a court hearing she didn't attend, yet magically was able to report on both the contents of a sealed SCO filing *and* what was shown by SCO's lawyers on a projection screen only Magistrate Judge Brooke Wells and the lawyers were supposed to see."

Here is the O'Gara article:
http://web.archive.org/web/20041025040145/http://w ww.linuxworld.com/story/46800.htm

I think O'Gara was also the very first to report on the death of Val Noorda Kreidel. Maybe even before the coroner's report was out.

There have been so many, but here a few of my favorites:

Enderle: "SCO Should Win"
http://www.eweek.com/article2/0%2C1895%2C1545173%2 C00.a...
http://www.eweek.com/article2/0,1759,1563242,00.as p

Lyons: "What SCO Wants, SCO Gets"
http://www.forbes.com/2003/06/18/cz_dl_0618linux.h tml

BTW: Dan Lyons is also the guy who screamed and cried about anonymous boggers, and message board posters, then he turned out to be the fake Steve Jobs.

Didio: "SCO Group Gains Psychological Edge, Registers UNIX System V Copyrights"

"The fact that SCO registered its UNIX System V copyright lays to rest an earlier, erroneous contention by Novell president, Jack Messman, claiming that SCO did not own the copyrights."

http://www.techupdate.com/techupdate/stories/main/ 0,14179,2914388,00.html

Groklaw: "Maureen O'Gara reportage on a court hearing she didn't attend, yet magically was able to report on both the contents of a sealed SCO filing *and* what was shown by SCO's lawyers on a projection screen only Magistrate Judge Brooke Wells and the lawyers were supposed to see."

Here is the O'Gara article:
http://web.archive.org/web/20041025040145/http://w ww.linuxworld.com/story/46800.htm

I think O'Gara was also the very first to report on the death of Val Noorda Kreidel. Maybe even before the coroner's report was out.

The fact that everyone acknowledges here is that Office is the defacto standard for document markup.

The ISO process does not require standards to be open.

Meanwhile Sun's proposal is just as proprietary as Microsoft's, neither is the process of an open design process, they are merely a schema dump from an existing program.

And Sun has a vastly worse history as far as open standards go, suing companies for not implementing Java in their prefered maner.

http://www.eweek.com/article2/0,1895,2000867,00.as p

Also reduces a major cost and greenness problem: all those little redundant ac/dc power supplies in those rackmount machines. Further, it allosw you to take the heat generated by the power conversion to another nearby location, reducing the CFM reqs for your cooling system.

How would you respond to this article then?

"From what I have read, the U.S. systems are primitive compared [with those of] Australia," said Tom Worthington, a visiting fellow at the department of computer science at Australian National University, in Canberra, Australia, and an expert on e-voting technology, in an e-mail exchange with eWEEK.

http://www.eweek.com/article2/0,1759,1751567,00.as p
http://www.engadget.com/2005/03/01/class-action-la wsuit-against-verizon-over-bluetooth-on-the/
http://www.kirtlandpackard.com/v710/

Want objectivity? Okay, since you asked. Please refer to the many links in this post.

Also, if anything is a "troll" it's the original article. Drawing Conclusions about OS sales based on browser stats is idiotic - if not dishonest. And the methodology used is even more idiotic - or more dishonest.

Please note: this IDC data is for product shipments, the article is about browser stats. Which would you trust more?

The charts for the IDC data can be found here:
http://www.macdailynews.com/index.php/weblog/comme nts/idc_apple_mac_grabbed_56_of_us_market_share_in _q2_07/

More links for the IDC report.
http://macdailynews.com/index.php/weblog/comments/ 14313/
http://www.eweek.com/article2/0,1895,2160333,00.as p

Or since you have $4500 in spare change, go buy the real thing: http://www.idc.com/getdoc.jsp?containerId=207308

Or maybe this article is a well timed bit of smoke screen, designed to try to hide: "Microsoft Xbox 360 Sales Plunge 60% As Problems Mount"

http://www.informationweek.com/news/showArticle.jh tml?articleID=201200157

GPLv3 is an attempt to rectify certain "loopholes" in GPLv2 that allow individuals and organisations to use GPLed code in ways that contradict the ideology of the FSF. The license restricts the use of software with DRM technology, as well as preventing IP indemnification deals (with ramifications affecting the MS-Novell deal). Anyway, I don't really know too much on the subject, but here's some reading: http://www.eweek.com/article2/0,1895,2108409,00.as p