Slashdot Mirror

Kuro5hin was mentioned here on May 29th of this year on Slashdot. And it didn't take a lot to find this either...[hint/nudge].

My .02
Quux26

You're talking about kuro5hin.
---

On K5, you choose the stories.

At K5 you don't see noise like this. The signal/noise ratio is almost perfect...

From a code standpoint, it is much more stable than slashcode IMHO, and it has been open from the beginning. People are activly developing it.

-Davidu

At K5 you don't see noise like this. The signal/noise ratio is almost perfect...

From a code standpoint, it is much more stable than slashcode IMHO, and it has been open from the beginning. People are activly developing it.

-Davidu

There is a place for regional shows of Linux, technology, firms, and benefits. These should be geared to the level of local interest, however. We don't need every town of 100,000 with a LUG trying to sponsor LinuxWorld Expo. Good shows are a lot of work for all involved, including the organizers, vendors, keynotes, hands-on instructors, and attendees.

One model which seems appropriate to me is something akin to an installfest on steroids, aimed at low- and mid-tier local companies, showing what Linux is, what it does, how it can be installed, and how it can solve business needs. There have been several of these, aimed at gathering a few hundred local businesses plus local Linux talent. The forum is to showcase local Linux firms and consultants. There's also the option to bring in a few national firms for a low-key presence - a small demo but not a full-booth setup, with plenty of opportunities to interact with local businesses directly.

Linux is about fitting to the tool to the task -- let's think appropriate technology, or forums, here.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

This has been in moderation at Kuro5hin all morning...funny how things tend to repeat themselves...

-Davidu

If you want more control over what's posted, use kuro5hin instead.

NOTICE SPECIFIC TO DOCUMENTS AVAILABLE ON THIS WEBSITE. Permission to use Documents (such as white papers, press releases, datasheets and FAQs) from this server ("Server") is granted, provided that (1) the below copyright notice appears in all copies and that both the copyright notice and this permission notice appear, (2) use of such Documents from this Server is for informational and non-commercial or personal use only and will not be copied or posted on any network computer or broadcast in any media, and (3) no modifications of any Documents are made. Educational institutions ( specifically K-12, universities and state community colleges) may download and reproduce the Documents for distribution in the classroom. Distribution outside the classroom requires express written permission. Use for any other purpose is expressly prohibited by law, and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible

Documents specified above do not include the design or layout of the Microsoft.com website or any other Microsoft owned, operated, licensed or controlled site. Elements of Microsoft websites are protected by trade dress, trademark, unfair competition, and other laws and may not be copied or imitated in whole or in part. No logo, graphic, sound or image from any Microsoft website may be copied or retransmitted unless expressly permitted by Microsoft.

Looks pretty much like the previous release, just without the trade secret nonsense.

Well, we all konstant is actually an employee of Microsoft, and he's submitted this story both here and at kuro5hin now. Haven't read the info at the website yet, but I'd be inclined to believe that this is some kind of MS set up, especially in light of their attack on /. last month...

This is a Good Book (TM), and well worth reading, and timothy 's writeup is solid. However, I was turned off initially by what I still consider to be an inexcusable failing of the book.

Per my standard practice, after cracking the spine, I went to first the ToC, then the back of the book -- the index. Entries for Microsoft, Apple, Xerox, PARC, IBM, Intel, Sun, Bill Gates, Steve Jobs, etc., etc., etc.

Entries for: Linux, Free Software Foundation, GNU, Linus Torvalds, Richard Stallman, Eric S. Raymond, Open Source, Apache -- nil. Ponder this: how many pages are printed worldwide by Xerox copiers in a week? How many pages are served worldwide by Apache webservers in an hour? "The document company" is completely dissing the Internet -- the largest, most accessible, and most efficient document distribution system ever invented?

The fact that a book could be published in the year 2000 with no references to the largest sea-change to sweep computing and IT in two decades, well into its mainstream adoption curve, is mind boggling. I'm not sure whether it's a failing of the indexers (though I don't recall specific mentions of any free software technologies, though the 'Web is referenced once or twice), the authors, or simply an example of failed vision at PARC. I remain simply stunned.

That said, where the book does go, it's good. By and large, it's an argument for many of the dynamics which make free software work. FS is a social invention as much as a technical one, and as much as our interfacing occurs over the web, email, and (sometimes) phone, I've also met some good friends FTF at local LUGs, regional meetings, and on occasions when paths crossed, even when oceans were bounded in the process.

Read this book, but read it critically.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Section 0 of the GNU GPL states:

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

(Emphasis added).

I would argue that the GPL doesn't explicitly grant public display and performance rights, but implicitly grants these rights through the highlighted language above.

A question is whether or not the GPL grants rights unless otherwise denied (subject to compliance requirements), or only grants specific rights. My reading of the license, including the Section 0: language above, is that all rights required to run a program are granted unless otherwise restricted, and that only copying, distribution, and modification are specifically restricted.

One of the issues which many would like to have addressed in GPL v3 is a linkage of distribution triggers to web-based, embedded, and CORBA-linked applications. These constitute a significantly different copyright environment than the one in which the GNU GPL was originally written.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Whee. Clearly, it's their website, and anybody can post anything they damn well please on their own site, so of course I'll look like a clueless jerk if I question that! Like I said, I'm not afraid of that.

But /. does have a stated purpose of covering (usually) a particular type of news. I was interested in seeing some arguments for or against deviating from the stated agenda of a site in order to present issues of X importance (where X is a value greater than the value of the issues normally reported on). My questions seemed topical, while also being off-topic (oh, the irony), and it piqued me, so I brought it up. It looks like my questions simply got filed under "just anonther fscking troll".

Thanks for the Kuro5hin link, though!

And now, back to your regularly scheduled penguin/jackass jokes.

So my question is: how appropriate is it for people to use their website as a medium to raise consciousness and solicit donations for whatever cause they are currently supporting?

I think you answered your own question here. It isn't, its their website.

Follow-up: does it matter if the purpose of the website typically excludes stories about that particular topic, moving though they may be?

No, it's their website, they make the topic.

And another one: are there some issues which are so important that they should headline any/all forms of media, regardless of the subject matter usually addressed by that media? If so, is this one of those topics?

Yes, there are such issues. Yes, us killing this planet and being forced to recognize it, and change our ways "before it's too late", is one of those topics.

I ask only because I'm willing to look like a nitpicking, heartless jerk in order to satisfy my curiosity.

The issue comes down to whose site is it which we have already concluded that since it isn't yours, and it is theirs, they make the topic, and you simply don't.

If you don't like this style, might I suggest, what I think anyways, is a more cutting edge way of news reporting and involving the audience or there is always the option of starting your own site.

-- iCEBaLM

IANAL also.

Quibbles on Ben's analysis, areas of agreement ignored:

• Term 1: a nonexclusive grant of copyright is conferred. In order to make copies, distribute them, and/or modify them, a copy right must be granted. However, it's nonexclusive -- that is, the grant doesn't transfer rights from holder to designee, but extends them in a limited sense.
• Term 4: additional terms. If the original grant is under additional terms (or multiple terms), essentially dual licensing as is practiced with Perl or allowed under MozPL, then the GNU GPL doesn't provide for transmission of the alternative terms, but the other license may. Dual licensing may be a useful tool for free software distribution and compatibility licensing between different codebases.
• Terms 11 & 12. More significant than perhaps Mr. Tilly may appreciate. Think third-party claims under liability or warrantee. Does the GPL put such a third-party claimee into the position of being able to press suit or be in compliance with copyright? Hmmm.... I'm not sure, but I've got to talk to my lawyer.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

• Stable out of the box.
• Easy to configure (for the average Unix guy).
• Rarely has software which contains security holes.
• BSD style init scripts
• No RPM locking dependancy. If there's an issue, you can upgrade from source quickly.

Thinking is one of hardest types of work.

Thinking is one of hardest types of work.

Beleive me it wasnt brown-nosing in the classic sense. It was more like a statement of respect like one can have for Gates or Jobs; you respect them for where they've come from and gone, not necessarily the tactics they have taken to acheive that status. My statement was "Thanks to Rob for having the vision to create a single focal point for the geek community."

How many times have you read or seen Slashdot mentioned in news broadcasts? A few, right? That woulnd't have happened if Rob never created /. However, this site doesnt reflect the feelings of the whole community (could a single site ever acomplish such a feat?). It's this fact that hurts me the most because I contribute, by way of comments, and I feel that I am a part of this site; but the stories _I_ feel important never get posted. The FAQ doesnt say much to make one feel better about it either. At least at K5, you _know_ that _someone_ is reading your potential post, and you can receive some feedback on how to fix it to get it posted.

Well, thats my story and I'm stickin' to it.

bob

I think it's really importiant to have both open media and open source. I'm one of the webmasters behind www.indymedia.org and we're working on building a new paradigm for news. One that is open and democratic, build on open publishing models and open source software.

That said the problems of a new open news media are very real. How do you organize all this content. What's worth promoting and what isn't? We've talked about building a slashdot type moderation system that molds and shapes how articles get listed. Kinda like a cross between kuro5hin's article moderation and slashdot's comment system.

One thing we've realized is that some people involved in the Independent Media Centers are trained journalists and some are less professional. You can really can tell the difference. Journalists will call up people for quotes, attempt to check their facts, writes in the second or third person, etc...

One of the things that has worked best at the IMC has been our comment system. We have an open publishing model, and when people post incorrect information it is quickly countered by somebody reading the site.

I think this kind of structured colloborative news is what makes a news site exist well within the internet as a medium. Much like the early TV broadcasts were just radio announcers on camra, most early news sites are just print or tv news jammed in to the new medium. Slashdot, kuro5hin, indymedia, and many others are starting to move forward in exploring how this new medium can really be used.

It's interesting that this push is coming not from journalists but geeks and the open source movement. It represents a potential major shift in power in who gets a say and control over this new medium. Take indymedia for an example, some of our tech collective members have worked on major commercial news sites, but because of the structure of those organizations we were only able to really use the medium in this seperate confrontational project. That the people who used to be minnions in the old world are taking power and shifting the terms of the public debate should scare the existing power structure as much as any molotov cocktail.

Flamebait?

I am now certain that I have better places to spend time on, than slashdot.

I'm out of here.

Kuro5hin.org is now having a discussion on the death of copyright, started because of a discussion on the Freenet mailing list. What if Freenet really took off and copyright became unenforcable? What would happen to artists?

Once again, Kuro5hin and Slashdot are duplicating each other. This recent thread on Kuro5hin had some answers.

--

While you could publish your own edition of AAIW, I'm not sure you could list yourself as the author, in the US, under attribution obligations of copyright. You certainly couldn't claim copyright protection for your own verbatim reproduction.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

coincidentally, I just wrote a piece on Kuro5hin.org about this very topic. Check it out if you're interested.

coincidentally, I just wrote a piece on Kuro5hin.org about this very topic. Check it out if you're interested.

First of all I'd like to clear up what seems like a misconception of the original poster. Banner ads and affiliate programs are a drop in the bucket compared to the costs of running a website. After investigating the Net scene last year when I was planning to start a website I noticed that dotcomms could be divided into eCommerce sites, pay service sites and banner ad sites. Most of the successful non-eCommerce had either been sold to larger parties (e.g. Slashdot to Andover then Andover to VA Linux, Hotmail to MSN) to offset the cost or become pay services (JenniCam) simply because banner ads couldn't cut it. heck, even rusty has incorporated kuro5hin . So even now information (non-eCommerce) websites with sizable traffic (i.e. need expensive servers, bandwidth and maintanence) cannot survive on banner ads and affiliate programs indefinitely. There is more exposition on how dotcomms cannot survive on ads alone on ZDNet

The entire everything is free idea on the Net is based around the loss leader concept. Give away stuff to gain market share then make the revenue by exploiting the marketshare. Unfortunately this is the rub, few sites have anyway to make up the revenue lost by undercharging or giving away content or product. This is now being felt by the rash of layoffs and also the large number of dead or dying dotcomms which include cdnow.com, drkoop.com, toysmart.com, boo.com, foofoo.com, reel.com, apbnews.com, etc. The surviving information/nonE-commerce sites (especially independent or pseudo-independents like slashdot) will eventually have two choices
1.)Get bought out by a larger company who either wants the site for goodwill purposes (AOL owns Winamp.com which never make back the $20 million they spent on it, VA Linux owns Freshmeat, Slashdot and freeCode.com which will make just enough to hold their own or slightly less) or want to exploit the user base in a way the original site could not (e.g. MSN buying Hotmail so that logging out of hotmail redirects you to MSN.com).

2.) The second option is to become like the only sites to actually turn a profit on the Net on information, pr0n. Charge for premium membership and giveaway just a enough to entice members. The Wall Street Journal already does this with no ill-effects.

3.) The third option is to close down. Which off course is not an option many are willing to make. Of course, if this keeps up the Net will eventually mirror the real world with it's homogenized Walmarts, Starbucks' and Barnes & Nobles' being frequented by the many while independents close up shop and die. Only a short while ago everyone espoused the beauty of the Net and how everyone could be their own publisher but with the death of websites daily (linsight.com, reel.com, toysmart.com, boo.com, drkoop.com, peabody.com, and soon cdnow.com) are we not headed for a Net that is controlled by the few? For instance VA Linux via Andover already controls Freshmeat, slashdot, and a bunch of other frequently visited open source sites and is estimated to draw 50 percent of open source/linux traffic on the Net.

PS: This post is not trying to bash VA Linux but instead is mentioning the fact that already in the real world almost everything is in the hands of a few corporate entities (the same company that sells Marlboro cigarettes sells Post Cereal and Kraft foods, Disney owns ABC television and Miramax films, AOL owns CNN and Time)and the Net was supposed to be haven away from that where opposing views and opinions were only a mouse click away. I am not sure we should be celebrating the death of that...

Actually, the really smart people don't bother with all of this weblog crap...
--
"HORSE."

Alan Knowles, an independent developer, is working on a PHP port of our OpenMerchant project. You can find information on OpenMerchant-PHP at http://www.hklc.com/projects/.

Me -- I work for OpenSales.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

there's no particular reason why icann is in charge of this whole dns thing... i don't think it would hurt to compete with them.

there was recently a discusion at kuro5hin.org about this. and folks were saying that all it would take would be some hardware and to change the defaults setting that you download bind with.

sure it would take a while before all or even most people would update to include the new dns servers. but that's ok. not everyone has AOL keywords either...

icann is good enough... it manages pretty decent considerring how fast the net is changing. but it could be better with a little competition...

Weblogs are a cool concept, but ultimately lead to fragmentation -- content, eyeballs, authors, and participants are spread among many distinct islands.

One of the more interesting ideas to emerge from the Advogato / Kuro5hin axis is the concept of syndication. This would cover content, already common -- Slashdot and LinuxToday are essentially content syndication sites, and The Register officially sanctions linking. But syndication could also include a distributed user directory, and potentially (flame on) attributes such as karma or other metrics of merit from various sites.

I see a mix of several models coallescing into the final "product":

• From Slashdot and Blockstackers -- Everything -- a hyperlinked, persistant, discussion/directory. Somewhat like Wiki.
• From Kuro5hin, a well-de signed collaborative moderating system
• From Advogato, the idea of a trust metric is useful, but not sufficient.
• From the IWETHEY EZBoard, active content promotion. Active topics float up in the discussion queue. It's a bit different from a typical weblog, but tends to promote issues of interest and bury (but not kill) those which aren't generating much traffic.
• From LinuxWorld, multiple forum interfaces -- forums can be web, Usenet, or e-mail based.

Still to be worked out are issues of story selection. Various models work -- Slashdot and IWETHEY fall at two extremes, with a dedicated editorial staff on the one hand, and a number of free-form "open forums" in which any topic may be posted and discussed. Kuro5hin's still working out the kinks, though a number of suggestions have been proposed.

The point is that high-quality (and low quality) content are created all over the Net. Mindless Link Propogation (TM) (MLP) is a useful way of aggregating it to key sites. Mindful link propogation might be even better.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Weblogs are a cool concept, but ultimately lead to fragmentation -- content, eyeballs, authors, and participants are spread among many distinct islands.

One of the more interesting ideas to emerge from the Advogato / Kuro5hin axis is the concept of syndication. This would cover content, already common -- Slashdot and LinuxToday are essentially content syndication sites, and The Register officially sanctions linking. But syndication could also include a distributed user directory, and potentially (flame on) attributes such as karma or other metrics of merit from various sites.

I see a mix of several models coallescing into the final "product":

• From Slashdot and Blockstackers -- Everything -- a hyperlinked, persistant, discussion/directory. Somewhat like Wiki.
• From Kuro5hin, a well-de signed collaborative moderating system
• From Advogato, the idea of a trust metric is useful, but not sufficient.
• From the IWETHEY EZBoard, active content promotion. Active topics float up in the discussion queue. It's a bit different from a typical weblog, but tends to promote issues of interest and bury (but not kill) those which aren't generating much traffic.
• From LinuxWorld, multiple forum interfaces -- forums can be web, Usenet, or e-mail based.

Still to be worked out are issues of story selection. Various models work -- Slashdot and IWETHEY fall at two extremes, with a dedicated editorial staff on the one hand, and a number of free-form "open forums" in which any topic may be posted and discussed. Kuro5hin's still working out the kinks, though a number of suggestions have been proposed.

The point is that high-quality (and low quality) content are created all over the Net. Mindless Link Propogation (TM) (MLP) is a useful way of aggregating it to key sites. Mindful link propogation might be even better.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Weblogs are a cool concept, but ultimately lead to fragmentation -- content, eyeballs, authors, and participants are spread among many distinct islands.

One of the more interesting ideas to emerge from the Advogato / Kuro5hin axis is the concept of syndication. This would cover content, already common -- Slashdot and LinuxToday are essentially content syndication sites, and The Register officially sanctions linking. But syndication could also include a distributed user directory, and potentially (flame on) attributes such as karma or other metrics of merit from various sites.

I see a mix of several models coallescing into the final "product":

• From Slashdot and Blockstackers -- Everything -- a hyperlinked, persistant, discussion/directory. Somewhat like Wiki.
• From Kuro5hin, a well-de signed collaborative moderating system
• From Advogato, the idea of a trust metric is useful, but not sufficient.
• From the IWETHEY EZBoard, active content promotion. Active topics float up in the discussion queue. It's a bit different from a typical weblog, but tends to promote issues of interest and bury (but not kill) those which aren't generating much traffic.
• From LinuxWorld, multiple forum interfaces -- forums can be web, Usenet, or e-mail based.

Still to be worked out are issues of story selection. Various models work -- Slashdot and IWETHEY fall at two extremes, with a dedicated editorial staff on the one hand, and a number of free-form "open forums" in which any topic may be posted and discussed. Kuro5hin's still working out the kinks, though a number of suggestions have been proposed.

The point is that high-quality (and low quality) content are created all over the Net. Mindless Link Propogation (TM) (MLP) is a useful way of aggregating it to key sites. Mindful link propogation might be even better.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Weblogs are a cool concept, but ultimately lead to fragmentation -- content, eyeballs, authors, and participants are spread among many distinct islands.

One of the more interesting ideas to emerge from the Advogato / Kuro5hin axis is the concept of syndication. This would cover content, already common -- Slashdot and LinuxToday are essentially content syndication sites, and The Register officially sanctions linking. But syndication could also include a distributed user directory, and potentially (flame on) attributes such as karma or other metrics of merit from various sites.

I see a mix of several models coallescing into the final "product":

• From Slashdot and Blockstackers -- Everything -- a hyperlinked, persistant, discussion/directory. Somewhat like Wiki.
• From Kuro5hin, a well-de signed collaborative moderating system
• From Advogato, the idea of a trust metric is useful, but not sufficient.
• From the IWETHEY EZBoard, active content promotion. Active topics float up in the discussion queue. It's a bit different from a typical weblog, but tends to promote issues of interest and bury (but not kill) those which aren't generating much traffic.
• From LinuxWorld, multiple forum interfaces -- forums can be web, Usenet, or e-mail based.

Still to be worked out are issues of story selection. Various models work -- Slashdot and IWETHEY fall at two extremes, with a dedicated editorial staff on the one hand, and a number of free-form "open forums" in which any topic may be posted and discussed. Kuro5hin's still working out the kinks, though a number of suggestions have been proposed.

The point is that high-quality (and low quality) content are created all over the Net. Mindless Link Propogation (TM) (MLP) is a useful way of aggregating it to key sites. Mindful link propogation might be even better.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).

The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.

Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.

You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---

As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).

The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.

Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.

You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---

As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).

The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.

Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.

You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---

As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).

The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.

Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.

You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---

As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).

The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.

Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.

You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---

As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).

The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.

Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.

You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---

As others have said, you should always reinstall after noticing your boxes have been cracked (you'll also want to check on things to see if you can determine the point of entry and person(s) responsible).

The better solution is to just not be cracked in the first place. The way to do this is to be known-secure. How do you do that? Audited code, such as OpenBSD provides peace of mind. Secure logging (i.e.: logging to another internal machine whose job it is to accept log reports) -- this gives you a nice write-only log target, making it easier to trace intitial probes and attacks.

Next, you'll want to check existing services, and review any services you want to add. I discussed this in Securing the Border, parts 1, 2, 3, and 4.

You might also want to read "Auditing Kuro5hin" where I found a root compromise on Kuro5hin.org when reviewing the system with Rusty, the site owner and creator. It has tips on how to recover cleanly.
---

Now don't get me wrong, I think that article moderation should be debated from time to time, but this case is not a good example of it. This article is dated today on rootprompt itself and is posted at the top of kuro5hin today as well. It seems unlikely that all three sources would be mistaken.

"fight to the death anything that threatens its intellectual property".

[WARNING: Rant follows. That I'm ending up writing this right after I wrote this very pro-Microsoft technical defense on Kuro5hin just makes me angrier.]

Death, eh? Exactly what kind of death are they referring to?

Perhaps they're talking about the infamous "Écran bleu de la mort", better known as the Blue Screen Of Death? Quite a few companies have been dying slow, ignomious deaths due to their inability to avoid these failures. Take Novell. It's the year 2000, and they still don't have a version of their Novell Client software that won't eventually and near-irrevocably cause to die(ooh!) some poor Windows 9x machine that just wants to connect to a Novell server.

Lets see now. We've got a Microsoft developer's impending death here...we've got the individual users' Win9x machines quite dead...Microsoft themselves? Hm, they're doing just fine. Not Dead Yet. Doing Just Fine. They sure seem to know how to add a core networking layer to Win9x; why should anybody else be able to?

Actually, why should anyone else be able to do anything without delivering unto Microsoft that which the stockholders demand? Using Windows 2000 to host your secure website means you've got to pay $3,000.00 to them for the right to do so. Sounds like any small business trying to sell a few t-shirts just got priced out of the market--oops, death of a little guy who suspiciously ain't Microsoft. Oh, I should be fair though. Microsoft doesn't require you to spend $3000.00 for a license; they'd be happy to just limit you to a small number of simultaneous purchases. That way, if your small business gets Slashdotted one day, and an unexpected number of people come in to buy some product, Windows 2000 will send your customers away, as you just didn't pay enough of a (protection) fee to Microsoft.

When your expensive server hardware running an expensive server operating system dies on customers because you didn't buy an expensive enough access license, lemme tell you, it ain't Microsoft who's hurting there. It ain't Microsoft who lost any sales--sure, that server may get wiped out and be replaced by Linux. But that's after that first sale. You might say Microsoft could at least experience some pain by loss of future sales, because either a) Some business(like yours) would crumble because it couldn't recoup their losses, or b) Some business(like yours) would never again buy a Microsoft server. The former posits yet another death--this time, again, of somebody Other Than Microsoft--but lets examine the latter. How easy is it to migrate away from Microsoft?

Not at all, and getting harder. Frontpage Extensions are an explicit play at tying the desktop OS to the server OS--make a business dependent on the integration, and reap the rewards when they go down in flames trying to live without it. Yes, Linux is getting support for Frontpage Extensions. But we have to wonder how long such cross platform compatibilities will be allowed--Microsoft's already banned interoperability with one file format on patent grounds(don't try to parse ASF if you're anyone else but MS; I suppose DOC is next).

The bottom line in my mind is that, when Microsoft starts talking about fighting to the death, they mean it--they've had no problem using their financial might to crush anyone who isn't convenient to them, and that appears to include their own customers, developers, and end users.

If there's one thing tragic here, it's that good, honestly respectible technical work gets disgraced because of its association to truly ugly business practices.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

"fight to the death anything that threatens its intellectual property".

[WARNING: Rant follows. That I'm ending up writing this right after I wrote this very pro-Microsoft technical defense on Kuro5hin just makes me angrier.]

Death, eh? Exactly what kind of death are they referring to?

Perhaps they're talking about the infamous "Écran bleu de la mort", better known as the Blue Screen Of Death? Quite a few companies have been dying slow, ignomious deaths due to their inability to avoid these failures. Take Novell. It's the year 2000, and they still don't have a version of their Novell Client software that won't eventually and near-irrevocably cause to die(ooh!) some poor Windows 9x machine that just wants to connect to a Novell server.

Lets see now. We've got a Microsoft developer's impending death here...we've got the individual users' Win9x machines quite dead...Microsoft themselves? Hm, they're doing just fine. Not Dead Yet. Doing Just Fine. They sure seem to know how to add a core networking layer to Win9x; why should anybody else be able to?

Actually, why should anyone else be able to do anything without delivering unto Microsoft that which the stockholders demand? Using Windows 2000 to host your secure website means you've got to pay $3,000.00 to them for the right to do so. Sounds like any small business trying to sell a few t-shirts just got priced out of the market--oops, death of a little guy who suspiciously ain't Microsoft. Oh, I should be fair though. Microsoft doesn't require you to spend $3000.00 for a license; they'd be happy to just limit you to a small number of simultaneous purchases. That way, if your small business gets Slashdotted one day, and an unexpected number of people come in to buy some product, Windows 2000 will send your customers away, as you just didn't pay enough of a (protection) fee to Microsoft.

When your expensive server hardware running an expensive server operating system dies on customers because you didn't buy an expensive enough access license, lemme tell you, it ain't Microsoft who's hurting there. It ain't Microsoft who lost any sales--sure, that server may get wiped out and be replaced by Linux. But that's after that first sale. You might say Microsoft could at least experience some pain by loss of future sales, because either a) Some business(like yours) would crumble because it couldn't recoup their losses, or b) Some business(like yours) would never again buy a Microsoft server. The former posits yet another death--this time, again, of somebody Other Than Microsoft--but lets examine the latter. How easy is it to migrate away from Microsoft?

Not at all, and getting harder. Frontpage Extensions are an explicit play at tying the desktop OS to the server OS--make a business dependent on the integration, and reap the rewards when they go down in flames trying to live without it. Yes, Linux is getting support for Frontpage Extensions. But we have to wonder how long such cross platform compatibilities will be allowed--Microsoft's already banned interoperability with one file format on patent grounds(don't try to parse ASF if you're anyone else but MS; I suppose DOC is next).

The bottom line in my mind is that, when Microsoft starts talking about fighting to the death, they mean it--they've had no problem using their financial might to crush anyone who isn't convenient to them, and that appears to include their own customers, developers, and end users.

If there's one thing tragic here, it's that good, honestly respectible technical work gets disgraced because of its association to truly ugly business practices.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Eben Moglen, Columbia Law School professor and pro bono lawyer for the FSF, spoke on MarketPlace Radio (Minnesota Public Radio, carried on many NPR stations) last Wednesday following the court's breakup finding. One of Moglen's comments was that the FoF against Microsoft, detailing as it did a list of anti-competitive and monopolistic activities, would preclude Microsoft from being able to assert its patent IP rights.

I don't recall the precise argument, and MarketPlace doesn't provide freely accessible archives, but it might be that Microsoft would find itself stripped of its patents or simply unable to assert them. Patents are a legal means for providing monopoly advantage in a restricted area for a limited time -- an advantage courts might find the company doesn't require or has lost rights to claim.

This does raise the bar though for any release of source or APIs to Microsoft code, however. Interesting times, it seems.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Gecko feet stick using Van der Walls forces (weak electrical forces at the molecular level) and due credit to kuro5hin for posting this earlier today.

• 2000-06-06 14:51:37 Existing laws fight spam (articles,spam) (rejected)

I have seen the future, and it's name is Plan 9. :-)

--

For related discussion, see this Kuro5hin story about it...

Telling someone "here, this is what we do, oh, and BTW, you can't do that without paying us licensing fees" doesn't seem much use to me. I don't think the jugement affects this. Nothing that I could see (IANAL) seemed to stop them from owning and using patents - in fact, the final judgement states that IP rights used by both companies (presumably including patents) "shall be assigned to the Applications Business, and the Operating Systems Business shall be granted a perpetual, royalty-free license to license and distribute such Intellectual Property in its products".