Slashdot Mirror

An anonymous reader writes "A major security hole in the City of Johannesburg's online billing system has meant that customer invoices have been visible on the open web with a bit of simple parameter phishing. Change a digit in the URL for your bill, and someone else's appears. Including major corporations like the roads agency, SANRAL (which is R55 000 in arrears, apparently). Neighboring Ekhuruleni had a similar problem too. Both problems were discovered by regular visitors at a local IT forum, and it's interesting to compare the two cities reactions. Ekhuruleni quietly and quickly fixed the problem, while Joburg has threatened legal action against the user — who tried to raise the issue with the city IT team several times before going public. Legal experts say there's a potential case for a class action."

First time accepted submitter fezzzz writes "Anonymous performed a data dump of hundreds of whistle blowers' private details in an attempt to show their unhappiness with the SAPS (South African Police Service) for the Marikana shooting. In so doing, the identities of nearly 16,000 South Africans who lodged a complaint with police on their website, provided tip-offs, or reported crimes are now publicly available." Reader krunster also submitted a slightly more in depth article on the breach.

prostoalex writes "Research firm Gartner draws attention to the fact that less than a third of people who put Java on their resume actually know their stuff. The knowledge gap between someone who can successfully write a System.out.println() and someone capable of designing and implementing a complex Java system brings to companies being back-logged with pending projects."

bahamat writes "This article explains how Microsoft was forced to yank a magazine ad by the Advertising Standards Authority. In the ad MS claims that they'll make the hacker extinct. The tagline reads "Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out. Which means that your data couldn't really be safer, even if you kept it in a safe. Which is great news for the survival of your company. But tragic news for hackers." Does MS really think that people are too stupid to remember what happened less than 2 months ago? My favorite quote from the article is "Clarke described Microsoft's claim as "laughable". "

GothicManSlut writes "South Africa's ITWeb(http://www.itweb.co.za) has released this article (http://www.itweb.co.za/sections/internet/2002/020 8011154.asp?O=FPT) in regards to the controversial ECT Bill being passed now as law. This is sure to provoke the industry in South Africa as it expects the public to hand over all cryptography keys the SA public has just to name a few of the problems with it. I wonder who will actually obide to these laws."

GothicManSlut writes "South Africa's ITWeb(http://www.itweb.co.za) has released this article (http://www.itweb.co.za/sections/internet/2002/020 8011154.asp?O=FPT) in regards to the controversial ECT Bill being passed now as law. This is sure to provoke the industry in South Africa as it expects the public to hand over all cryptography keys the SA public has just to name a few of the problems with it. I wonder who will actually obide to these laws."

Nick writes "An American businessman will have to go to the UN to defend his right to the URL southafrica.com, as the South African government says it has a right to the domain. Story here. The owner says it is a free speech issue and that he won't be censored."

The one and only Eric S. Raymond has submitted his response to the Mind Craft report that we've talked about a bit here lately. This is a good wrap-up type piece which nicely summarizes the flaws with the testing (which range "yeah maybe" to "you gotta be kidding!"). Anyone who thought the tests had any validity should read this. The followingw as written by Slashdot reader, Jargon File Maintainer, Fetchmail Author, Open Source Evangelist, Eric S. Raymond The Mindcraft fiasco

Microsoft's latest FUD (Fear, Uncertainty and Doubt) tactic may be backfiring.

A 21 April ITWeb story reported results by a benchmarking shop called Mindcraft that supposedly showed NT to be faster than Linux at SMB and Web service. The story also claimed that technical support for tuning the Linux system had been impossible to find.

Previous independent benchmarks (such as "Microsoft Windows NT Server 4.0 versus UNIX") have found Linux and other Unixes to be dramatically faster and more efficient than NT, and independent observers (beginning with a celebrated InfoWorld article in 1998) have lauded the Linux community's responsiveness to support problems. Linux fans smelled a rat somewhere (uttering responses typfied by "Mindcraft Reality Check"), and amidst the ensuing storm of protest some interesting facts came to light.

1. The benchmark had been paid for by Microsoft. The Mindcraft press release failed to mention this fact.
2. Mindcraft did in fact get a useful answer to its request for help tuning the Linux system. But they did not answer the request for more information, neither did they follow the tuning suggestions given Also, they forged the reply email address to conceal themselves -- the connection was made after the fact by a Usenetter who noticed that the unusual machine configuration described in the request exactly matched that of the test system in the Mindcraft results.
3. Red Hat, the Linux distributor Mindcraft says it asked for help, reports that it got one phone call from them on the installation-help line, which isn't supposed to answer post-installation questions about things like advanced server tuning. Evidently Mindcraft's efforts to get help tuning the system were feeble -- at best incompetent, at worst cynical gestures.
4. An entertainingly-written article by the head of the development team for Samba (one of the key pieces of Linux software involved in the benchmark) described how Mindcraft could have done a better job of tuning. The article revealed that one of Mindcraft's Samba tweaks had the effect of slowing their Linux down quite drastically.
5. Another Usenet article independently pointed out that Mindcraft had deliberately chosen a logging format that imposed a lot of overhead on Apache (the web sever used for the Linux tests).

So far, so sordid -- a fairly standard tale of Microsoft paying to get exactly the FUD it wants from a nominally independent third party. But the story took a strange turn today (22 Mar) when Microsoft spokesperson Ian Hatton effectively admitted [8] that the test had been rigged! "A very highly-tuned NT server" Mr. Hatton said "was pitted against a very poorly tuned Linux server".

He then attempted to spin the whole episode around by complaining that Microsoft and its PR company had received "malicious and obscene" email from Linux fans and slamming this supposed "unprofessionalism". One wonders if Hatton believes it would be "unprofessional" to address strong language to a burglar caught in the act of nipping the family silver.

In any case, Microsoft's underhanded tactics seem (as with its clumsy "astroturf" campaign against the DOJ lawsuit) likely to come back to haunt it. The trade press had largely greeted the Mindcraft results with yawns and skepticism even before Hatton's admission. And it's hard to see how Microsoft will be able to credibly quote anti-Linux benchmarks in the future after this fiasco.

The one and only Eric S. Raymond has submitted his response to the Mind Craft report that we've talked about a bit here lately. This is a good wrap-up type piece which nicely summarizes the flaws with the testing (which range "yeah maybe" to "you gotta be kidding!"). Anyone who thought the tests had any validity should read this. The followingw as written by Slashdot reader, Jargon File Maintainer, Fetchmail Author, Open Source Evangelist, Eric S. Raymond The Mindcraft fiasco

Microsoft's latest FUD (Fear, Uncertainty and Doubt) tactic may be backfiring.

A 21 April ITWeb story reported results by a benchmarking shop called Mindcraft that supposedly showed NT to be faster than Linux at SMB and Web service. The story also claimed that technical support for tuning the Linux system had been impossible to find.

Previous independent benchmarks (such as "Microsoft Windows NT Server 4.0 versus UNIX") have found Linux and other Unixes to be dramatically faster and more efficient than NT, and independent observers (beginning with a celebrated InfoWorld article in 1998) have lauded the Linux community's responsiveness to support problems. Linux fans smelled a rat somewhere (uttering responses typfied by "Mindcraft Reality Check"), and amidst the ensuing storm of protest some interesting facts came to light.

1. The benchmark had been paid for by Microsoft. The Mindcraft press release failed to mention this fact.
2. Mindcraft did in fact get a useful answer to its request for help tuning the Linux system. But they did not answer the request for more information, neither did they follow the tuning suggestions given Also, they forged the reply email address to conceal themselves -- the connection was made after the fact by a Usenetter who noticed that the unusual machine configuration described in the request exactly matched that of the test system in the Mindcraft results.
3. Red Hat, the Linux distributor Mindcraft says it asked for help, reports that it got one phone call from them on the installation-help line, which isn't supposed to answer post-installation questions about things like advanced server tuning. Evidently Mindcraft's efforts to get help tuning the system were feeble -- at best incompetent, at worst cynical gestures.
4. An entertainingly-written article by the head of the development team for Samba (one of the key pieces of Linux software involved in the benchmark) described how Mindcraft could have done a better job of tuning. The article revealed that one of Mindcraft's Samba tweaks had the effect of slowing their Linux down quite drastically.
5. Another Usenet article independently pointed out that Mindcraft had deliberately chosen a logging format that imposed a lot of overhead on Apache (the web sever used for the Linux tests).

So far, so sordid -- a fairly standard tale of Microsoft paying to get exactly the FUD it wants from a nominally independent third party. But the story took a strange turn today (22 Mar) when Microsoft spokesperson Ian Hatton effectively admitted [8] that the test had been rigged! "A very highly-tuned NT server" Mr. Hatton said "was pitted against a very poorly tuned Linux server".

He then attempted to spin the whole episode around by complaining that Microsoft and its PR company had received "malicious and obscene" email from Linux fans and slamming this supposed "unprofessionalism". One wonders if Hatton believes it would be "unprofessional" to address strong language to a burglar caught in the act of nipping the family silver.

In any case, Microsoft's underhanded tactics seem (as with its clumsy "astroturf" campaign against the DOJ lawsuit) likely to come back to haunt it. The trade press had largely greeted the Mindcraft results with yawns and skepticism even before Hatton's admission. And it's hard to see how Microsoft will be able to credibly quote anti-Linux benchmarks in the future after this fiasco.

Time once again to clean up the submissions bin: First up, Georg C. F. Greve wrote in to tell us that the April issue of Brave GNU Word is up. As always, we have Linux websites popping up left and right: Michael wrote in to point us to LinuxPlanet for newbies, 23D sent us linuxartist.org for the non technical folks, and Popeye wrote in to show us The Linux Lounge for people who I guess want to sit. President John F. Kennedy wrote in to tell us that Propaganda for E is out if you need awesome (and gigantic) tilable background images. Frater 219 wrote in to say that ESR has updated the Jargon File to 4.1.1. Next up, some Slashdot ink: Shag hooked us up with a story about the Slashdot Effect taking down another site, Tomalak brought this Article about Slashdot in InternetWorld (thankfully there is no picture) and cgray wrote in with a link to an article about Jimmy Guterman experiencing the Slashdot Effect- except this one is mostly about the flame. Newton sent us www.ihatestarwars.com for those of you who are sick of the hype. jeth gave us a link to special agent Kimble a Flash Movie. The Wanderer submitted the Dysfunctional Faily Circus in response to last weeks quickie about the Circus reviews in Amazon. An anonyous reader sent us Goumet Ting's page. It looks exactly like my diet.

TurboDog sennt us a link to an article that suggests that SGI will change its name on wed. I'm waiting for word from my SGI contacts, but so far this is just a rumor. Update: 04/12 05:44 by CT : chrisd noted that their signs are covered up on shoreline... Update: 04/12 08:29 by CT : a few folks have wrote in to say that Silicon Graphic's new name will be.... SGI. Bummer.