Slashdot Mirror

Microsoft Apologist Apologizes for Microsoft
Rob Enderle Announces Death of Bluetooth
and
Enderle's Ferrari Laptop
have appeared on Slashdot in the past.

This "technology analyst" is also the author of In Defense Of the Microsoft Monoculture and ranted and raved in an "informative" Eweek article about his Windows Ferrari theme and gushed happily about how his colleagues were impressed by it's cool shutdown and startup sounds.

There one good thing about the idea to have the FCC regulate VoIP communications, it would be a federal offense for Comcast to reduce the quality of their service or to restrict access. I am sure that Anti-Trust legislation would apply as well.

Actually, that's pretty close to the number of copies of Red Hat Google actually paid for in 200.

The price was right; Google doesn't pay any significant amount of money to Red Hat. Google downloads the software for free and gets support in-house and from the Linux community. Google actually paid for only about 50 copies of Red Hat, and those purchases were more of a goodwill gesture. "I feel like I should be nice, so when I go to Fry's I pick up a copy," Brin said.

Excellent point you made: We need to look at the big picture of these companies using patents to stifle P2P progress.

The Public Patent Foundation and the EFF (Patent) are starting campaigns (Story here) to invalidate bogus patents like the one here, #5,978,791 , you mentioned. Time to donate your money to these organizations (or your time with letters, and email to inform the public if you cannot afford it) to curb corporate threats to technological innovation.

See here and here.

- Space Rogue

You are right in your suspicions that these sort of "studies" are commissioned by Microsoft as part of their marketing strategy (just part of the business--Oracle, Sun, IBM etc parade studies flatter their products as well after all). However, I don't dwell at all on these sorts of studies and I certainly wouldn't give them any meaningful weight when making a decision on deploying Linux (or not).

Even given the positive spin towards Microsoft, however, Forrester's comments on the study are a barely lukewarm endorsement of Microsoft, and don't seem to be too critical of Linux. Check out some of the comments by Forrester analyst Laura Koetzle:

Surprisingly, Microsoft did the best job at patching vulnerabilities fast, even though it ranked at the top with the largest percentage of its security holes rated as high

So they DID acknowledge that Microsoft's platform had the most HIGH RISK vulnerabilities, althought this fact is glossed over in the article. Koetzle also acknowledges that the study did NOT look at how WELL the patches addressed the problem (MS often needs to issue more than one patch to get it right, and sometimes they fix one bug and introduce another).

"The fact that the Linux distributors fixed such a high percentage of their vulnerabilities is a remarkable achievement," she said. "Even Debian, in last place, was pretty darn thorough."

Sure doesn't sound like something you'd expect an MS-paid cheerleader to day about the competition...

This is very much a case of your mileage may vary

Translation: even if patches are made fast they can still leak...

The bottom line? Any of these platforms can be operated securely

Quite the ringing endorsement for MS ain't it? Nice to see their people so solidly back their studies...

see for example, this link at intel for the faq or this link where intel started defending it or this link, last updated 4/28/2000 talking about the fact that psn's (pentium serial numbers) will not be in the next generation of pentiums that last link has many bits about why the PSN was a headache.

Plus, even when MS is informed about a security hole, their arrogance prevents them from allowing that the hole is worse than the want to believe. Here's an example from 2004-03-09 where they say the hole is not critical.

But then MS admits that the hole actually is critcal.

Of course, they attempt to spin it:
"This change is based on information concerning a new attack scenario discovered after the bulletin's original release on 9 March," said the company in a statement.

Another link.

Initially, Microsoft said the flaw could only be exploited if the Outlook Today folder is being used as the homepage. Few people do that; generally, the Outlook Today folder is the default homepage only if no e-mail accounts exist. When an e-mail account is set up, the homepage changes to the inbox. But, as it turns out, the vulnerability can be exploited even if Outlook Today isn't the homepage. To exploit the flaw, an attacker would need to send two specially crafted mailto URLs. The first would start Outlook and open the Outlook Today page, and the second would inject the exploit code. The exploit code needs to be injected into vulnerable systems either by a malicious Web site set up by the attacker or via an HTML e-mail.

So, was MS warned or not?

From this article, it could be that they didn't listen in the first place to those whom discovered the hole:

But the bloke who discovered the vulnerability, Finnish security researcher Jouko Pynnonen, got back in touch and told them hackers could attack vulnerable Outlook installations even if Outlook Today isn't the default home page.

What does concern me is how MS is running after those who are obtaining the leaked code. Is an FBI group standing over every P2P system, and then providing user information to MS? Please! Or is the media running multiple reports on behalf of MS, about those receiving warnings, while in fact this entire affair is a media stunt?

Recall that Rob Enderle=Microsoft Apologist
by GillBates0 (664202) on Wednesday December 17, @01:30PM (#7746866)
(http://slashdot.org/~GillBates0 | Last Journal: Saturday February 07, @08:37AM)
Note that Rob Enderle is the author of In Defense Of the Microsoft Monoculture [internetwk.com], which was highly debated [slashdot.org] on /. a couple months back. It surprises me that he should point out the consistency and flexibility of Linux, since his earlier writeup made him look as if he was paid my M$ to mouth major anti-Linux FUD.

Check out this article.

Warning- reading the linked article may make your blood boil!

cheers- raga

Depends I suppose if that's 30 days or 30 business days. If it's business days, they'd have until 22 January. InternetWeek has it listed as "the end of the week" though.

Bunk and flaimbait! Why do you think that IBM Global Services, in cooperation with Dell and HP, just announced a major push to promote Linux on the desktop worldwide. See, among others, http://www.internetwk.com/breakingNews/showArticle .jhtml?articleID=16100352 or http://www.linuxworld.com/story/37858.htm. I get really tired of hearing people carp about how "Linux on the desktop is dead". This has been going on for years! IDC has estimated that deployment of Linux on the desktop will grow from about 1.5% today to c.a. 7% by 2006. That's just two years away, folks!

Don't forget when you complain about how hard Linux is to install, Windows comes pre-installed on most consumer level machines. This is courtesy of Microsoft's OEM licenses which severly discourage computer makers from offering choices, whatever the Justice Dept. decided about the practice. Just try to install Win2K sometime from scratch and get all the driver stuff to work with all your hardware.

Linux may not support the latest/greatest hardware on the market, but just about everything you need to do in a real-world situation can be done easily on a Linux desktop. I run gnome-2.4 under Gentoo Linux on my primary desktop and it works like a champ. It's easy, very configurable, and supports all the bells and whistles such as flash, streaming audio, java applets, etc. not to mention most standard office stuff I need to do. It's stable, as are the apps I run, and I'd recommend it to my 92 year non-techie old mom without hesitation. The BSOD is a thing of the past for me!

IE was barely usable last time I tried it. It was constantly throwing up unrequested pop-ups.

It [the dept. of homeland security] got an F.

It's not like there wasn't a warning ... for the last 10 years.

I found this about 20 minutes ago on news.google.com. My favorite Darl quote: "First it's not our customers. I would say we're suing end users. There are only two industries who use the term 'users,' computers and drugs. Not sure if there's a connection there". So now we're all communist junkies.

This is oddly appropriate.

"U.S. and international copyright law asserts you cannot inadvertently and accidently assign your copyright to someone else," Sontag said

It would seem that Darl shares. He obviously passes around his crack pipe at executive meetings. He probably even brings the good crack just to impress his peers. Nice guy.

I always think it's great when another hardware manufacturer sees the light of open source software. But when it's coming to sun the right hand doesn't know what the left hand is saying.

Here we have Scott McNealy telling people ""Don't touch open-source software unless you have a team of intellectual-property lawyers prepared to scour every single piece" of open-source code. " yet they're also releasing an open sourced distribution of Linux.

What's the deal with Sun? One minute their CEO is in a penguin suit extolling the world starts with open source, then it's Solaris will save the world, then it's Linux is doomed because of the SCO thing, etc.

I wouldn't want to support someone so wishy washy

Novell Denies It's Killing Off NetWare

Network software and service vendor Novell, meanwhile, upped the ante of its bet on Linux by announcing that it was porting its GroupWise groupware and collaboration software to the open-source OS.

Novell, which has been rushing to shift to Linux, announced Tuesday that its GroupWise collaboration platform will run entirely on Linux in the first half of 2004, when both client and server software is finalized. The Linux version of the GroupWise client is currently in beta, while the server software will enter beta in September.

GroupWise, which is part of Novell's Nterprise suite, does e-mail, calendaring, instant messaging, document management, and workflow management. Currently it runs on Windows and Novell's own NetWare operating systems. The Linux edition will also integrate with Ximian's Evolution collaboration client, promised Novell. The Provo, Ut.-based Novell acquired Ximian earlier this week.

Novell's pitch is just the latest in a round of moves by companies to port their collaboration and workgroup software to Linux. Last week, IBM Lotus said that it would include Linux support in the next version of its Domino Server, which is scheduled to debut as part of Notes 6.5 this fall.

"Enterprises are looking at Linux and open standard platforms for their messaging and collaboration applications," said Maurene Caplan Grey, a research director at Gartner.

Novell also announced that it's added support for Red Hat Enterprise Linux AS and SuSE Linux Enterprise Server 8 to its eDirectory directory service software.

eDirectory 8.7.1, which will be available August 8, will add support for these two Linux distributions to the already-available support for Windows, Solaris, NetWare, and AIX. Additional authentication features, including support for biometrics, smart cards, and tokens, will also be part of the upcoming edition. eDirectory will be priced at $2 per user, said Novell, with volume discounts available.

Also at LinuxWorld, reports surfaced that Novell was taking an even bigger step towards Linux by discontinuing development for its flagship NetWare network operating system.

That talk is all wrong, said Novell's president and CEO, Jack Messman on Wednesday.

"Novell is not dropping NetWare, we're adding Linux," said Messman.

Novell's shipping NetWare 6.5, the most recent version of its OS, next week, added Messman, and when it debuts NetWare 7.0 -- which is still in development -- the operating system will support both the NetWare and the Linux kernels.

"NetWare is not going away. Period," said Messman.

http://www.internetwk.com/breakingNews/showArticle .jhtml?articleID=10818216
"McBride, who is fluent in Japanese, will visit with several founding members to show them code samples in which the Linux open-source operating system allegedly violates SCO's Unix patents, said an SCO spokesman"

http://www.wired.com/news/business/0,1367,59551,00 .html also has a SCO spokesman refering to patents

Two things

1. According to http://www.slweekly.com/editorial/2003/city_2003-0 7-03.cfm, Caldera bought DR-DOS $400K, but got from law suit $155,000,000.

As far as I know (I guess somebody could check) they didn't purchase the UNIX source, or value it in their SEC reports, for anything like $1bn, or $3bn, let alone $50bn... so how can they claim billions of damages, if they bought it for a few millions, and valued it of the same order?


2. I keep seeing patents in lots of news articles about the case. My understanding is the case is about alleged contractual violations, alleged trade secret issues and alleged unfair competition etc.,

http://www.internetwk.com/breakingNews/showArticle .jhtml?articleID=10818216
"McBride, who is fluent in Japanese, will visit with several founding members to show them code samples in which the Linux open-source operating system allegedly violates SCO's Unix patents, said an SCO spokesman"

http://www.wired.com/news/business/0,1367,59551,00 .html also has a SCO spokesman refering to patents

So the obvious questions are:
- Is the press getting it wrong?
- If the press is indeed getting it wrong, why are they (and not just one news source) getting it wrong?

Oops, here's the correct link . Be sure to view it with images disabled so that the site doesn't benefit from this moron's ravings.

Oh, your browser won't let you disable images? Try Mozilla

"As an analyst I have to be able to argue both sides of a position because often we are asked to step in and help justify decisions that have already been made"

You're quoting Rob Enderle, who said of himself in this article (which also ashed Linux and it's supporters):

"As an analyst I have to be able to argue both sides of a position because often we are asked to step in and help justify decisions that have already been made"

I wish all of the enemies of Linux were stupid enough to say up front that their opinions belong to whoever paid them most recently.

Also, Enderle says:

"I saw what appeared to be a word-for-word copy of about every third line of code in the central module of the Linux kernel," .

The ranting of a few delusional leaders in the FSF does not represent the opinion of the many professionals who use, develop, or promote Linux.

One would think so, but this delusion is has spread much further than just the FSF.

I haven't even heard RMS weigh in on the SCO lawsuit, so why drag his distinctively weird opinions into this?

Because you brought up Communism and how you are disgusted by the label. Unfortunately, SCO's protest signs had a ring of truth to them... That ring of truth is all you need to coerce public perception.

Yes. What's your point?

The Linux "Community" should be more concerned about the bad public image they are creating for themselves.

Windows NT and 2000 are more expensive than Linux, and they aren't stable enough to run Google.com, said Brin, who added that he doesn't trust the quality of Microsoft tech support. "In the Windows case, it's not how many dollars it would cost--it's how much heartburn," he said.

Clustering is nice and all, but it's really just a linux gimmick. When you factor in power and staffage, it's much easier and cheaper just to get one really beastly computer than 20 old ones clustered.

I'm sure Brin and Page would love to hear more about your unique insights into the cost-effectiveness of Linux clusters.

http://www.internetwk.com/lead/lead060100.htm
http://www.redhat.com/about/presscenter/2000/press _google.html
[each link opens in new window]

So how does one counter bullshit like this then? It is clear there is a significant undercurrant of people who are afraid of Linux and Open Source software. They are afraid, perhaps, for their jobs or for losing the influence they have over those who are using their closed source software. I personally feel this lawsuit and the growing chorus of "Stop using Linux or your IP will be lost" is a pseudo-co-ordinated last ditch effort to end the widespread corporate use of Linux in the USA. Saying that we should wait till the court case is settled may not work, since SCO and their crony's in the press are leveraging this as a scare tactic to get people to stop using Linux now.

Forgot this one with the nice quote from a Sun exec:

Why do we think enthusiasm for Linux exists in the first place? The enthusiasm isn't about Linux, it's about access to Intel and the ability to run Unix on what seems to be a cheaper platform.

Yep. I did. So did this guy a couple weeks later.

I believe one of the things Sun tried to get at was to make Java development easier. It's something they're working on across the board, as this article notes.

Without seeing (in the Java source code) how the templates are implemented I can't say that I agree or disagree with your statement that they will be inefficient, though I'm inclined to disagree based on your example. Templates or not, objects are going to be stored the same way. The difference is how those objects are retrieved. Right now you have to cast everything coming out of an ArrayList (unless the Object reference is sufficient)...not only is that being moved to the language but you also gain compile-time type checking. That will only serve to reduce errors and make the software more reliable. Templates are optional anyway - you don't have to use them. I'm looking forward to them.

I don't think you're ever going to see VM sharing. If applications can share VMs then one rogue app could bring down other apps by trashing the VM (never supposed to happen) or by poor thread management.

Either way you look at it, it's a good year to finally be going to JavaOne...

At the tower Puff appealed
For the wisdom of the One
Denied, his mind did reel
Puff was getting tired of Sun

Broke down the guard
Cause math is hard
Found McNealy on his throne
All alone and only bones

Come the Sun King blade ablur
Hammer down eclipse the Sun
And Puff, the land secured
The new King Barbarian!

We already know that Hammer will wipe Sun off the map, oh wait, I forgot that Sun's messaging software will save the day. heh Probably just like their Linux distro showed the world how hip they could be to open source.

If there's a coding job anywhere, I'm down. I'm a CS major at RIT, and in order to graduate I have to complete 4 co-ops. That means I have to work in the industry for 40 weeks, and get paid for it, before I get a degree. Do you have any idea how hard it is to get a coding job when you don't have the magic piece of paper on your wall? If there are jobs in Billings I just might go.

If anyone wants to hire me check my resume in multiple formats at

http://www.internetwk.com/breakingNews/showArticle .jhtml?articleID=7900141

I don't know what this guy is saying, but if the industry was in good shape, I wouldn't have to pimp myself on slashdot.

Sure, both are security bugs, but of a totally different order of magnitude.

The IIS hole was a remote exploit including privilege escalation open to abuse by anybody on the Internet, and the kernel one was a local privilege escalation open to abuse by system users with shell access or other capability to run&abuse ptrace(). If you have untrusted local users, you should run them in a UML or vservers/ctx anyway so thay if they escalate privileges, they still can't harm the system.

Plus, the IIS bug was found after US ARMY web sites were getting hacked, and the kernel bug was found by a developer that was auditing/working on part of the code and patch available before any bad guy got to it.

According to this article, IBM is providing iNotes web access this quarter, with client technology "next quarter".

Turning my notes for the day into something vaguely coherent, here are some hightlights from the proceedings. There are a couple of speakers that I didn't write anything down for, but from mid-morning on this should be pretty comprehensive. Apologies in advance if my notes lead me to attribute certain comments to the wrong speaker -- if anyone notices any mistakes please feel free to add corrections:

• Bill Yerazunis - CRM114 & MailFilter

  Because Perl "freaks him out", Yerazunis came up with the CRM114 minilanguage (points for anyone that gets the joke in the name without googling for it :), then wrote MailFilter in CRM114 as an implementation of a filter that can be used with Procmail or SpamAssassin or what have you. The basic idea is to decompose a message into a set of "features" composed of various permutations of single words, consecutive words, words appearing within a certain distance of one another, etc, such that the set of features N is very much bigger than the set of words X. You then analyze the features in various ways and if you get above a certain arbitrary threshold, you flag the message as spam & handle it accordingly.

  He claimed that with this software he could get better than 99.9% accuracy in nailing spam, and a similar percentage in avoiding "ham" (the term everyone was using for false positives -- legit mail that was falsely identified as spam). One of Yerazunis' observations is that the best way to defeat the spam problem is to disrupt the economics: if a 99.9% or better filter rate were to become the norm, then the cost of delivering spam can be pushed higher than the cost of traditional mail and the problem will naturally go away without requiring legislation (which would be nice anyway, but we can't count on it).

  The drawback of CRM114/MailFilter is that it can only handle about 20k of text per second, so it's not appropriate for large scale use yet. Still an interesting project to watch though: crm114.sourceforge.net

• John Graham-Cumming - POPfile

  Most of his very entertaining talk was about the ingenious tricks that spammers resort to to obfuscate spam against filters, including most diabolically one example that placed each column of monospace text in the message into an HTML column, so that the average HTML-capable mail client would render the message properly, but it would be absolute gibberish to most mail filters. The ultimate lesson was that any good filter has to focus not on "ascii-space" (the literal bytes as transmitted) but the "eye space" (the rendered text as seen by the user), which by extension may mean that any full scale spam parser/filter could also have to include a full-scale HTML & Javascript engine. Yikes!

  As for Graham-Cumming's software, it's a Perl application, available for all platforms (Windows, Mac, & of course Linux) that allows users to filter POP3 mail. Interesting stuff if you're a POP user: popfile.sourceforge.net

• John Draper - ShopIP

  Most of Draper's work seemed to be focused on profiling spammers, as opposed to profiling spam itself, by throwing out a series of honeypot addresses & using data collected to hunt down spammers. spambayes.sourceforge.net

• Paul Judge, CipherTrust

  Judge's big argument, which no one really disagrees with, is that spam has become not just a nuisance, but an actual information security issue. To that end, he is advocating much more collaborative effort to address the problem than we have seen to date: conferences like this, mailing list discussions, better tools, and public data repositories of known spam [and ham]. To that last point, one of his observations (which others made as well) was that there are no universally agreed on standards for what qualifies as spam, so repositories for spam will not be accurate for all users (spam for your programmers will be the bread & butter of your marketing department, etc). Plus, there are obvious privacy issues in publishing your spam & ham for public scrutiny. And to add another wrinkle, one danger of public spam/ham databases is that spammers can poison them with false data, screwing things up for everyone. That said, he encouraged users to help out with building spamarchive.org.

• Paul Graham

  The man who organized the conference and kicked everything this week off with his landmark paper from last fall, A Plan for Spam. Graham's spam filtering technique famously makes use of Bayesian statistics, a technique popular with nearly all of the speakers. The nice thing about a statistical approach, as opposed to heuristics, simple phrase matching, RBLs, etc, is that they can be very robust & accurate; the down sides are that they have to be trained against a sufficiently large "corpus" of spam (most techniques have this property though) and they have to be continually retrained over time (again, this is common). Graham was too modest to produce numbers, but subjectively his results seemed to be even better than what Yerazunis gets with MailFilter, by an order of magnitude or more.

  Like other speakers, he predicted that spammers are going to make their messages appear more & more like "normal" mail, so we're always going to have to be persistent about this -- as one example, he showed us an email he received IN ALL CAPS from a non-English speaker asking for programming help, and although it was legit, the filters insisted otherwise. "That message is the one that keeps me up at night."

  Everyone interested in the spam issue should go read Graham's paper immediately.

• Robert Rothe, eXpurgate

  Rothe works for Eleven, an ASP company from Berlin selling a spam management service/application called eXpurgate. His talk was short on details about how the tool worked (mainly that it searches for bulk mail), focusing instead on the high level functionality it provides to users -- basically, they classify mail as safe, questionable, or dangerous, and let the users handle them accordingly. Another speaker that sees spam as a network security issue, so they built their system accordingly, with privacy of the client's mail content in mind etc.

  Like many speakers, he warned about the dangers of an anti-spam "monoculture": that Bayesian techniques might be great, but if that's all anyone uses then spammers will catch on and adjust their messages to look more like normal mail, to the point that Bayesian filters won't work anymore. As a result, we're going to need to attack the problem from several angles, using different techniques, to keep the spammers off balance as much as possible.

• Matt Sergeant, SpamAssassin

  SA is a well known Perl application for heuristically profiling messages as spam, adding headers to the message saying for example "I am 72% sure this is spam because it has X Y Z", and passing off the message to procmail or whatever to be handled accordingly. SpamAssassin can handle a message throughput great enough that it can be deployed at the network level (whereas some of the others, which might have somewhat better hit rates, are still too inefficient at this point). Deployed this way, the differences in effectiveness for single vs. multiple users becomes very apparent, as 99% effective rates fall down into the 95-80% range. This happens because, again, different users define different things as spam, so mapping one fingerprint to all users can never work quite right. For an example of a tool that your company can deploy right now & get fast, decent results, SA looks like a good choice; but for the long run it looks like a Bayesian technique is going to get better performance, and SA is adding a statistical component to its toolkit. Good talk.

• Barry Warsaw, Python Labs

  This was another example of the "monocultures are dangerous" philosophy, as Warsaw explained how he is helping to use a variety of anti-spam techniques -- from clever Exim MTA configuration to good use of Spam Assassin & Procmail to fine tuning of the MailMan mailing list engine -- to work together to manage the spam problem for all things Python (Python.org, Zope, many mailing lists, a few employees, etc).

  He pointed out that some very simple filters can be surprisingly effective: run a sanity check on the message's date; look for obviously forged headers; make sure the recipients are legit; scan for missing Message-Id headers; etc. In response to the person that originally posted the article, yes, he did mention blocking outgoing SMTP as an effective element of a many tiered spam management approach.

  Among other tricks for getting the different filtering tiers to play nice together, they make heavy use of the X-Warning header so that if an alarm goes off in one tier of their mail architecture, other components can respond appropriately. Cited projects included ElSpy and SpamBayes.

• Barry Shein, founder & CEO of The World -- or as he laughingly put it, "President of the World". Har har har

  This talk was mostly a let down for me -- Shein has made his views very well known, and his ranting, rambling talk didn't really introduce any new ideas for anyone that had read that interview (some good jokes & quotes though).

  His core argument is that spam is "the rise of organized crime on the internet", that filters are nice but that the mail architecture itself is fundamentally flawed, and that ISPs like his -- in 1989, The World was the world's first dialup ISP -- are being killed by the problem. Shein was very annoyed that all these talented people are having to clean up a mess like this when we should be out working on more interesting stuff, and not having to worry about this issue. His big hope seemed to be that legislation will someday come to the rescue, but he sounded very pessimisstic. (Others in the room seemed to feel that this was a very interesting machine learning problem, and weren't really fazed by his pessimism -- but then most of the people in the room don't run ISPs.)

  He also suggested that we need to find a way to make spammers pay for the bandwidth they are consuming (rather than having users & ISPs shoulder the burden) but didn't seem to know how we might go about implementing this. At all.

  Fun rant to cheer along to, but for me it wasn't very constructive in the end.

• Jean-David Ruvini, eLabs SmartLook

  This was an interesting product. Ruvini's company is developing an extension to Outlook 2000 & XP that will watch the way users categorize messages into folders, come up with a profile for what kinds of messages end up in which folders, and then try to offer similar categorization on an automatic basis. Think of it as Procmail for Outlook, without having to mess with (or even be aware of!) all the nasty recipies.

  Obviously if you have a spam folder, then spam will be one of the categories it looks for, but more broadly it will try to categorize all your mail as you would ordinarily categorize it. This makes SmartLook a broader tool than "just" a spam manager.

  SmartLook is another statistical filter, though it uses non-Bayesian algorithms to get results. eLabs' tests suggest that the product is able to properly categorize messages about 96% of the time, with no false positives, and (for their tests, mind you) that it performed better than Bayes filters over three months of usage.

  One nice property of this tool was that it works well with different [human] languages -- some strategies fall apart &/or need retraining when you switch from English to some other language. For certain markets (eLabs seems to be a European company, perhaps French?) this is a crucial feature, and having a tool that works with one of the biggest mail clients out there (most people don't use Mutt or Pine, sadly enough) can be very valuable. Very clever -- watch for the inevitable embrace & extend three years from now.

• Eric Raymond

  He didn't say anything about guns, but he did try to correct one of the other speakers for misusing the term "hacker."

  Like Graham, ESR is a Lisp fan, but he knows that the vast majority of people aren't, and he also knows that the vast majority of people need to be using something like Graham's spam software. So on a lark, he came up with a clean version in C, named it BogoFilter, and put it on Sourceforge, where a community sprung up to, well, embrace & extend it.

  As good as Graham's Bayesian algorithm is, ESR felt -- as did many of the other speakers -- that the nature of your spam/ham corpus is much more significant than the relative difference among any handful of reasonably good algorithms. (Back to the often repeated point about how corpus effectiveness falls apart when used for a group of users, as opposed to individuals.) To that end, he strongly feels that the best way to deal with the spam problem is to get good tools into the hands of as many people as possible, and to make them as easy to use as possible (ahh, the old "open source UIs always suck" argument :). As an example, one of the first things he did was to patch the Mutt mail agent so that it had two delete keys: one for general deletion, one for "get rid of this because it's spam." That second key, and interface touches like it, seem like the way to get average people to start using filters on a regular basis.

• Joshua Goodman, Microsoft Research

  Unlike ESR, Goodman felt that algorithm selection does make a big difference, but this being Microsoft he refused to disclose what algorithms his team is working with -- except to say that, when delivered, they will be more accessible for average users than SpamAssassin, Procmail recipies, or Mutt :)

  Microsoft has been working on the spam problem since 1997, but because of how big they are they've had unique problems in bringing solutions to market. As a case in point, they tried to introduce spam filters to a 1999 Outlook Express release, but were immediately sued by email greeting card company Blue Mountain because their messages were being inaccurately categorized as spam. With that in mind, they have been very reluctant to bring new anti-spam software out since then because they would like to see legislation protecting "good faith spam prevention efforts."

  As a very large player, Microsoft faced certain difficulties in developing useful filters -- it may make sense for you as an individual to filter all mail from Korea, but this doesn't work so well if you are trying to attract customers *from* Korea :). This has forced them to put a lot of work into thoroughly testing different strategies before offering them to the public.

  In spite of what millions of webmail users may have expected, Hotmail & MSN are currently being filtered by Brightmail's service, and plans are underway to reintroduce spam management features to client side software again. (Just imagine how bad it would be if they weren't paying someone to filter for them! Unfortunately, no hecklers piped up to ask if they are really selling Hotmail's user database to spammers, and if that is a source of annoyance for his team.)

  An interesting barrier his group has had to grapple with was what he called the "Chinese menu" or "madlibs" spam generation strategy: that it's easy to come up with a template for spam -- "[a very special offer] [to make your penis bigger] [and please your special lady friend all night!" vs. "[an exclusive deal] [for genital enlargement] [that will boost your sex life!]" etc -- and have a small handful of options for each 'bucket' multiplying into a huge variety of individual messages that are easy for a human to group together but almost impossible for software to identify.

• Michael Salib, extremely funny MIT student

  Unlike nearly all other filter writers of the day, Salib's approach was heuristic: find a handful of reasonable spam discriminators, throw them all against his mail, and see how much he can identify that way. "It's sketchy, but this is a class project. I don't have to be realistic. [...] These results may be completely wrong."

  Much to his surprise, he's trapping a lot of spam. He pulls in a little bit of RBL data ("the first two or three links from Google, whatever"), looks for some patterns and so on, and then churns it through LMMSE, an electrical engineering technique that as far as he can tell doesn't seem to be known in other fields. Basically this involves running the messages through a series of scary-but-fast-to-calculate linear equations). It turns out that he can process this much faster than a Bayes filter, to the point that customizing his approach for each user in a network would actually be feasible.

  For a small spam corpus, he got results better than SpamAssassin did, though for a large corpus his results were worse; he couldn't really account for why this would be the case, or predict how things would scale as the corpus continued to grow.

  When questioned about the RBL tactic by a member of the audience [who was apparently familiar to Salib -- I don't know who it was] about whether authenticating remote users might be the answer, Salib's response was "yes, I agree, but then you *do* work for Verisign, who is in the verification business, so you would say that."

  Right on, Salib -- his talk was easily the funniest & breezy of the day :)

• David Lewis, general researcher

  The core of Lewis' argument, as ESR said earlier in the day, is that for any machine learning technique the quality of the learning corpus is much more important than the algorithm used. Bayes is one such algorithm, but there are many other good ones in the literature. In a dig at Goodman's refusal to disclose algorithms, Lewis pointed out that all of this has been publicly discussed since the first machine learning paper was published in 1961.

  Observations: "lots of task inspecific stuff works badly, but task specific stuff helps a lot." It is important to use different corpuses [corpi?] for training and for general use, so that you don't train your machine to focus too much on certain types of input (this is a point that Microsoft's Goodman made as well).

  As Graham did, Davis emphasized that spam is going to slowly start looking more like natural text, and we're going to have to deal with this as time goes on. www.daviddlewis.com/events/

• Jon Praed, Internet Law Group

  To a burst of tremendous applause, this talk began with the sentence "my name is Jon Praed, and I sue spammers."

  He brought a legal take on the "not everything is spam to everybody" angle, emphasizing that we need a precise definition of what qualifies as Unsolicited Commercial Email (UCE). In particular, it has been difficult trying to pin down if the mail was really unsolicited, as this is where the spammers have the most wiggle room. However, if you can track down the spammer, they have to date rarely been able to verify that the user asked for mail, and so Praed has been able to successfully prosecute several spammers on this angle. He doesn't expect this to work forever though.

  According to Praed, "laws against spam exist in every state, and more are pending", but he doubts that a legal solution will ever be completely effective as long as spam is lucrative. By analogy, he pointed out that people still rob banks and that has never been legal.

  Praed informed the audience that there are several ways to get back at spammers, including injunctions, bankruptcy, and contempt, and all of these can be very effective. He pointed out that, to be blunt, a lot of these people are desperate low-lifes, and spam has been their biggest success in life. After these legal responses, their lives all get much worse. It hadn't occured to me to see spammers as pitiful before, but I can now. Most importantly, Praed stressed that these legal remedies can be very effective, and he strongly warned against taking vigilante action. This is almost always worse than the spam itself, and it only serves to get you in even deeper trouble than the spammer.

  Identifying the sources of spam, most comes from offshore spam houses, abuse of free mail accounts (Hotmail & Yahoo, free signups at ISPs, etc) and bulk software (which may apparently soon become illegal in certain areas, provided that a law can be found to ban spam software while allowing things like MailMan or MajorDomo). Interestingly, he questioned the idea that header spoofing is a big problem, and claimed that in every case he has dealt with he has been able to track down the messages to a legit source sooner or later.

  Suggestion: if you get a spam citing a trademarked product [e.g. Viagra], forward it to the trademark holder and they will almost always follow up on it. Suggestion: be fast in trying to track down spammers, as some of them have gotten in the habit of leaving sites up long enough for mail recipients to visit, but taking them down before investigators get a chance to take a look. Legal observation: spam is almost always fraud, and can be prosecuted accordingly.

  Praed wrapped up his talk by citing the encouraging precedent that the famous Verizon Online vs. Ralsky case set: [a] that the court is interested in where the harm occurs, not where the person doing harm was when causing it (so if you send spam to someone in Alaska and spam is a capital offence in Alaska, you can be tried as a citizen of that state even if you caused the harm from somewhere else), and [b] it is assumed that you have to be familiar with a remote ISPs acceptable usage policies, and ignorance is no defence (just as you can't say "I didn't know it was illegal to shoot someone", Ralsky couldn't say that he didn't know Verizon prohibits spam -- (he had to have known that the AUP wouldn't allow what he was doing, so he deliberately didn't read it)). That precedent makes future prosecution of spammers much more encouraging. While, again, legal solutions may never eliminate the spam problem, a precendent like this can be an important supplement to filtering efforts (the stick to the filter's carrot, or something -- my lousy analogy, not Praed's).

• David Berlind, ZDNet executive editor

  His talk was primarily about how he receives a huge quantity of email from ZDNet readers, and he can't afford to use any spam filtering solution strategy that would allow *any* false positives. As one of the speakers said -- sorry, I forget who (Microsoft's Goodman?) -- getting a 0% false positive rate is easy: just classify nothing as spam. Getting a 100% hit rate is also easy: just classify everything as spam. Any solution besides those two is always going to have some degree of error either way, and determing how much of what kind of error you want to accept is up to you. Most users will tolerate a moderate false negative rate (some spam gets through) if it means that the false positive rate (legit mail is deleted) is very low. In Berlind's case, the false positive rate has to be vanishingly small, because reading all customer mail is a critical sign of respect for him.

  Further, his business is also a legitimate mass emailer, sending out millions of free newsletters to users every day, and if Shein's proposal to bill bulk mailers were to catch on then even a very low rate would quickly put his company in the red. One obvious solution, which wasn't mentioned: start charging a subscription for these mailings, and make them profitable. I don't want to see this happen but if it did then the economics would tilt back toward making things feasible again.

  Berlind is appreciative of the anti-spam work that is being done, but at the same time is skeptical of how pragmatic most of what is being proposed can really be. He feels we need a massive effort to rework the way mail is handled [Y2K anyone? It could get IT people back to work...], and to that end hopes ZDNet can help promote such a cooperative effort between the parties working on this. They don't want to be involved -- they are journalists & publishers, not standards developers -- but they are eager to get things going & want to cover the story as it progresses.

  Like Shein said, he feels it's a waste for all these talented people to be working on combating penis enlargement offers, and hopes that we can find a way to get past this and work on real problems, "like world peace." This comment got a chuckle from the audience, but he seemed like the kind of guy that really meant that, and more importantly, he was right. A smart guy like Paul Graham or Bill Yerazunis shouldn't have to waste time tinkering with how many Viagra offers he can automagically delete when there are more fun things to be doing.

• Ken Schneider, Brightmail

  As mentioned earlier, Brightmail provides an ASP service for real time filtering of both incoming & outgoing mail. As would perhaps be expected, bigger ISPs and networks attract larger amounts of spam: 50% of mail coming into big ISPs and 40% coming into big companies is now spam. Brightmail offers the Probe Network, a <slashdot-killfile-term>patented</slashdot-killfil e-term> system of decoy honeypot addresses that gather data for analysis at their logistics center, which in turn distributes spam filtering rules to their clients where a plugin for $MTA (using the open source or proprietary MTA of the client's choice) can act on the database.

  An interesting property of their system is that they have a mechanism for both aging out dormant rules as well as for reactivating retired ones, so that the currently active ruleset can be kept as lean & effient as possible. A big source of difficulty for them is legitimate commercial opt-in lists, because things have gotten more shady & blurry over time and it's now hard to tell this mail from much of the spam out there. Whitelists help here, but the problem is still difficult.

After each speaker had his turn, there was a panel discussion, but not much really happened there, and the moderator cut things short after only a couple of minutes. The original plan was for everyone to go out for Chinese food afterwards and continue the discussions over dinner, but when 580 people signed up that plan obviously fell apart. :) And so, here ends the notes...

While slashdot talks about games on obsolete gamess consoles which no body gives a FLYING DOG SHIT ABOUT! Here are some REAL NEWS! From better news sources like google news and fark(!).

yet another linux migration story
More security holes in open sores software!

Nasa to look at snow flakes!

DRM to be used on water supplies

Jackasses are dumbasses

I am 371673R than j00!

From the article, I read a report recently showing that in the heyday of Napster, if record companies had agreed to charge just a nickel a download, they would have been splitting $500,000 a day, 24 hours a day, 52 weeks a year.

Which comes to $183 million/year. Does that sound like a lot of money to you? Sounds like a lot of money to me. Truth is, it's a drop in the bucket to these guys.

Annual revenue for recorded music in the United States is $14 billion; worldwide it's $38 billion.

The $183 mil/year, if accurate, would have amounted to about 0.5% of annual revenue for these guys. No wonder they turned down that deal. No wonder that as greedy companies they're looking for a higher price / different business model. These companies are not going to do what's right. They are not going to do what's reasonable. They are going to do what makes the most money.

That leaves us only two choices. Force the record companies to charge a lower price (by legislation or whatever) or buy from some one else (e.g. direct from artists).

Ok, I'll try and be a little more accurate. this article states that google buys servers from rackable systems and king star computer. It looks like a 250W power supply is pretty standard on these small rack servers (king star ones anyway). But from what I understand, a 250W power supply doesn't draw 250 watts continuously all the time, that more of a max rating. So lets grab another number out of the air. Say 150 watts.

150 WATTS * 10,000 = 1,500,000 * 3600 / 1000 = 5.4 million killowatts * 24 * .00346 =

$448,416

They don't directly inccur power costs though, their respective colo facilities do. I know google probably has at least one cage in Equinix from the (rather old article) above. And if you're a colo facility, I'd be willing to bet you might be able to get a better price on power than your average home user.

here's another google article for those interested.

Contrary to popular belief, the primary reason to declare bankruptcy is not to enable you to screw your creditors, loot the company treasury, and head off to someplace warm that has no extradition treaty with the U.S. It's to keep creditors off your back until you get your ducks in a row.

This is what Covad did, re-emerging from bankruptcy protection in mid-December.

I got DSL from SpeakEasy/Covad in January 2002, to rid myself of Comcast's crappy cable modem service. If they end up getting the plug pulled on them by the bastards at Verizon, I'll be pretty pissed off, because I want to be able to run servers in my house without worrying about jackbooted AUP Police kicking down my door.

~Philly

Yeah, it's apparent that the Bells are doing wonderful!

Verizon cuts

SBC cuts

BellSouth cuts

The guys at Inova have a KVM switch not reviewed in this article. In addition, they claim that it doesn't just switch the KeyboardVideoMouse, but all your silly devices. There's a small, pleased review of it here.

With the deprecation or removal of an API, they can put people out of business, or send companies into bankruptcy.

MSFT has already done that sort of thing already, at least with 3D rendering APIs, and of course, to Netscape.

Industry analysts acknowledge this sort of thing. Go here, and look for the Dan Kuznetsky quote:

But Microsoft's support of Mono is simply the same old same old for the software giant, IDC analyst Dan Kusnetzky said. Microsoft has historically achieved market dominance by controlling APIs, and forcing competitors to write software to its APIs, only to turn around and change those same APIs. "Instead of satisfying their own customers' demand, competitors are busy catching up with Microsoft," Kusnetzky said. "It looks like they've gotten someone in the open source community to play the game of following Microsoft around and trying to do what they do."

The old Software Publishers Association knew about it. They issued a white paper on the topic. Read pages 12 to 15 of that document for an older view of the problem.

The "secret APIs" are not a rumor. Notice the dates on these references, the secret APIs have been in NT all along.

• Using the NT API for file I/O
  
• Inside the Native API
  
• Do you need source? - go down the page about a third of the way: The conclusion was that Vogels's group used source code only as documentation (there is no other documentation for NT), examples, and to understand the behavior of NT. It turned out to be useful for debugging, and it led to the discovery of interesting APIs that are not documented or available in Win32.
  
• Inside Windows NT Disk Defragmenting - MSFT gave one company access to the defragmenting APIs, and never bothered to document them to anyone else.
  

MSFT hasn't hesitated to use the secret APIs either. From the July 10 InternetWeek: Microsoft has historically achieved market dominance by controlling APIs and forcing competitors to write software to Microsoft's APIs, then changing the APIs. "Instead of satisfying their own customers' demand, competitors are busy catching up with Microsoft," said IDC analyst Dan Kusnetzky.

From the October 8, 1998 NY Times: And Microsoft, the people added, did what it has always denied it does -- used access to its technology as a powerful lever in business negotiations, by offering Netscape preferential access to the Windows "application program interfaces," or A.P.I.'s, the links that enable other companies' programs to run smoothly on the Windows operating system. By turning down the deal, Netscape, they say, would not have that preferred access to Microsoft technology -- a threat that Microsoft fiercely denies making.

Think about it - can you, using only Win32, write all of the stuff that MSFT provides with NT/W2k? No. Clearly, MSFT keeps APIs to themselves. MSFT wants to allow itself the latitude to write faster, more functional programs than the ordinary developers can write. MSFT has proven time and time again that it will use secret APIs to its own advantage, or to the advantage of selected partners (Executive Software, for example). This practice is certainly bad for the consumer. Secret APIs raise the cost of entry into the NT system software market, which will keep out competitors, raise prices, and reduce choice.

This is better at tracking you than a database based on reverse IP lookups because what exactly? (Keeping in mind that with IPv6 there's going to be *much* more data about you in each of those packets....)

Fact is that not a single ISP uses S/390 systems for serving web content. If the IO of these machines would be so excellent, why don't they use them?

Bzzt. Wrong answer.

Granted, S/390 is not the most popular hardware for ISP's, plenty use S/390. Here's an article about one.

Here's an article where ebay discsses the possibility of moving to the S/390 platform.

This article discusses how some government agencies are web-enabling their mainframes.

I'll grant that traditionally IBM mainframes can be a bear from the usability perspective. However, things are changing quite quickly, especially with the advent of Linux on the S/390.

have a day,

-l

... I will.

Dig this article about some other rockers (albeit some sucky rockers) who are doing pretty much the same thing.

The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk

No, Slashdot paranoids, they ain't doing it so that they can trojan a telescreen into your house. They're doing it because they want their partners to be able to sell you stuff through their exclusive portals.