Slashdot Mirror

Secunia collectively rated the vulnerabilities as "Moderately Critical," and said that only Firefox has been fixed. Users should download the newest edition, Firefox 1.0.1, which was released last week.

The vulnerabilities have been corrected in Mozilla, but the patched edition, 1.7.6, has not yet been officially released. The same goes for Thunderbird, the Mozilla Foundation's free e-mail client, which is also susceptible to the bugs. Both Mozilla 1.7.6 and Thunderbird 1.0.1 should roll out this week, Mozilla has said.

8 More Bugs Found In Firefox And Mozilla

It's very entertaining to read /. comments on China. These Internet cafes are shutdown to plow the way for bigger, better and nicer franchised Internet cafe chains bankrolled by IBM and Intel!.

On the heels of Austin, Munich, Vienna and entire countries e.g. in South America, LA City Councilmembers have unveiled plans for an extended transition to FOSS in their press release conspicuously labelled "FREE OPEN SOURCE SOFTWARE MEANS MORE POLICE ON THE STREETS - COUNCIL BETS THAT OPEN SOURCE MOVEMENT CAN SAVE CITY MILLIONS".

Despite the telling omission of "AND" in its caption, the statement actually does look beyond the "...as in beer" part of the equation.

A spokesman also explained the project and its inspiration in greater detail to German heise online news.

For Ballmer and Gates, the good news is that they won't have to travel quite as far any more to try and win back their latest defectors.

The "bad" news (for them!) can be summed up as "Tux ante portas": their arch-enemy and worst nightmare already knocking (or should we say: pecking?) right at their porch now.

On the same day as slashdot reports Mike Nash, Microsoft's Chief Security Executive, has made claims that Windows is more secure than Linux

I'll remind you of this old story; which if you come to think of it, is quite an advertisement for Novell products...

Pacheco, a Democrat, said the new policy is "perceived to be an exclusionary policy that excludes proprietary software." He is chairman of the Post Audit and Oversight Committee and said he has received "lots of calls" from software companies whose business revolves around proprietary software, many of whom are concerned that they will be locked out of Massachusetts' $80 million IT budget.

That doesn't make Linux "more secure," in the sense of a native attribute of the O/S; it just means people are less interested in writing exploits or there are fewer unpatched machines to propagate them.

Vendors shipped 165 million cell phones worldwide in the third quarter of 2004. In-start/MDR predicts 653 million units to be shipped this year. So, even by 2004 numbers, Zigbee will be in less than 1% of new cell phones shipped next year if they hit their target. Bluetooth, on the other hand, ships two million units per week in various devices. Perhaps it "will be big", but you need far stronger numbers to back up your prediction.

Heile says it'll be "on target for 5 million units"? Your own article reports that he also said "analysts are predicting between 5 million and 50 million Zigbee devices in the first year", which means Zigbee might make the low end of predictions.

Also, $5 per unit is a huge cost for cell phone vendors. Nokia, for instance, would have to pay over $1 billion a year (~200 million units, excluding engineering costs) to support this in all their phones. To put that number in perspective, that's about a good quarter's worth of net profit for Nokia.

In other words, like any new technology, it will become much cheaper with wide adoption, but it will not be widely adopted unless it's cheap. Its future may be interesting, but is by no means assured. I simply don't see the evidence for your optimism.

Would somebody please explain how AOL thinks users who can't install the full AOL client on their workstations thanks to sysadmin-imposed policies will be able to get the AOL Browser installed?

That's easy. The reason they picked IE as the base is obviously so they can exploit the IFRAME vulnerability to install their software. Brilliant!

Prediction for next year's pet phrase: "Old people in Korea".

Here is more information.

While the original poster is undoubtably a linux fan, I think it's unfair to suggest he's being unreasonable. There are several articles, studies, and analyses that conclude running unpatched windows on a network is dangerous. You seem to be a diligent user who probably runs a gateway firewall, personal firewalls, and/or anti-virus software on all of your connected windows boxen as well as keeping them up to date through Microsoft's security patches, etc. However, the sad truth is that the majority of home users are not so diligent. Here is an article on survival time of unpatched windows machines connected to the internet. I have heard anecdotes from friends associated with SANS that the mean time between hostile probes of any given internet address is about 24 seconds. Given that most people do not take proper precautions when installing windows, most machines are comprimised before they are able to log into the windows update servers to check for critical patches.

So, where the initial poster was incorrect about it being possible to run windows securely connected to the internet, their defeatist opinioned posture is founded in some strong factual evidence.

A couple weeks ago, HP had a press release announcing the "Global Grid Exchange":

http://www.globalgridexchange.com/

It's interesting to me that IBM would feel pressured to "play catch up" against HP (Should we expect one from Sun next month?) Obviously both companies have been percolating SOME sort of "Killer App" Grid Initiative for some time now. Perhaps the Grid Wars are finally starting to heat up!

(The name "World Community Grid" DOES sound like a blatant copy of "Global Grid Exchange", IMHO. C'mon guys! Be original!)

It's my understanding that because the Global Grid Exchange is bytecode-based (Java) they will support Linux as well as Windows (and eventually OS X.) Also, researchers will be able to write their OWN applications to run on the Grid, rather than limiting themselves to Proteome Folding.

Imagine that -- a researcher on a Windows box will be able to write a program which could be run on a Linux box (or, I'll go ahead and say it, a Beowolf Cluster) all without the programmer having to know -- OR CARE!

For that reason alone, IBM's offering seems like "Too Little, Too Late".

LINK

And they announced it back in 2003 "We plan to hit about one million lines by the end of 2003".

And they announced it back in 2002.

Stay tuned for another announcement in 2005.

This time they're paying back the Bush adminstration for the FCC deal that permits them to keep third-party ISPs from using their lines. The telcos have been lobbying for this for years, so that consumers don't have a choice of ISPs. It's an election year move, not a new development.

SBC has talked up a few fibre-to-the home trials, but even the small scale trials never seem to happen.

I really look forward to more of Mark Cuban's predictions.

Seansy is right.

I reckon that if the base station has the G5 CPU with the screen detachable then it would be very useful. It'd be an iMac most of the time.

Then when you move about with it the video streaming screen function kicks in. It'd have it's own cut down OS like the iPod that is optimised to run the video stream and the simple tablet interface. There could be some data storage using iPod type microdrives.

The video could be streamed using FireWire of UWB as described here.

Then imagine all the features you could add in.

Universal Remote for iTunes / Airport Express etc...
eBook reader with books sold over iTunes
Wacom tablet replacement
Remote watching of DVDs in bed - or as a remote for the Plasma Screen also connected to the iMac base station via FireWireUWB.

The Cost = an iPod plus an iMac - and since it also acts as the screen for the iMac when docked it remains useful when it is not being used as an iTablet.

I'd buy one like a shot as it replicates my current set up in one neat package...

iBook for mobility with Wacom Tablet
iMac G3 with Bluetooth adaptor for media serving
DVD Player ( Only USD49.99 in Hong Kong ) and LCD monitor
SonyEricsson with SallingClicker for remote

If it could be done with that functionality and at that price it'd be a sure fire winner.

Computer Associates will buy your company, chew on it until its got all the flavor, then spit you out. My company started a data warehouse with Platinum software (great a metadata and data movement), then Platinum was bought by these guys, and CA halted development. We had to sue them to get our project money back.

CA has been buying companies for years, and not necessarily in a good way for consumers.

"At No. 4, we have Computer Associates. The current federal investigation into accounting irregularities notwithstanding, the company's longtime practice of acquiring aging technologies, slashing new development, and attempting to milk the installed base for service and support is a bigger issue. Users are trapped, CA knows it, and it does its best to take advantage of the situation."

This browser warning page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:

Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website, and could have a large number of problems that allow hackers to hijack it with viruses. These viruses could be used by criminals to secretly take over your computer, download child-pornography, or to commit acts of terrorism and fraud. You may automatically update it now with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available due to Microsoft's somewhat sluggish development schedule.

The US Department of Homeland Security strongly suggests that you stop using Internet Explorer immediately.

There are several standards-compliant web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.

• Opera [Download Now]
• Mozilla [Download Now]
• Netscape [Download Now]
• K-Meleon [Download Now]

If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners that are available.

Here are some. Some may be a year or so old, and I don't recall what links I sent as examples. Google should help you find all you need.

Microsoft software "riddled with vulnerabilities", trade body claims
30 unpatched holes in IE, says security researcher
Credit card theft feared in Windows flaw | CNET News.com
Microsoft Issues Five New Security Warnings
Microsoft WinXP Update spies on other PC software
Microsoft issues patch for "serious" XP hole
Microsoft Windows Insecure by Design (TechNews.com)
Server attacks stump Microsoft
Windows flaw threatens PC services
Gartner: Worms Jack Up the Total Cost of Windows
CERT recommends anything but IE
Exploiting design flaws in the Win32 API for privilege escalation
Worm Exploits Multiple Windows Vulnerabilities
Unpatched Internet Explorer Bugs

Here are some. Some may be a year or so old, and I don't recall what links I sent as examples. Google should help you find all you need.

Microsoft software "riddled with vulnerabilities", trade body claims
30 unpatched holes in IE, says security researcher
Credit card theft feared in Windows flaw | CNET News.com
Microsoft Issues Five New Security Warnings
Microsoft WinXP Update spies on other PC software
Microsoft issues patch for "serious" XP hole
Microsoft Windows Insecure by Design (TechNews.com)
Server attacks stump Microsoft
Windows flaw threatens PC services
Gartner: Worms Jack Up the Total Cost of Windows
CERT recommends anything but IE
Exploiting design flaws in the Win32 API for privilege escalation
Worm Exploits Multiple Windows Vulnerabilities
Unpatched Internet Explorer Bugs

I guess my point is that there is nothing else available right now that does what Bluetooth does. Market adoption is *increasing*, if slowly. Bluetooth is far from failing. The truth is that right now, it's the only game in town. More personally, I love it and use it every day. My heart wouldn't be broken if something better replaced it, but in the meantime, improvements like lower power and faster data transfer are welcome.

Want bandwidth for video, how about 'Wireless Firewire' :) More info from the 1394 Trade Association.

PORK!

-Adam

How about changing to GNL, or GNUoL, or GNLU...?

Isn't it the same thing?(GNU)

Actually, that's not correct. My understanding is that it was a classic example of the use of submarine patents. Basically, Rambus participated in JEDEC, a memory technology conference whose purpose was to standardize SDRAM, while at the same time neglecting to mention that they, in fact, held patents or had patents pending on that very technology. They then attempted to elicit licensing fees for those technologies once it was firmly entrenched in the industry. See this article for a somewhat more detailed history of the case.

Of course that Chinese can't do this without the help and lobbying of monopolistic American corporations like Intel or IBM. These 8,600 cafes are shutdown to make way for bigger, larger cafes spec by Intel and bank roll by IBM. See this story China's Internet Cafes Ignite Thriving Gaming Industry.

was that Big Mouth Billy Bass someone modded a long time ago to say "Pork!

To put it simply, *nix owns the server market

To put it even more simply, you are wrong.

Windows: 55.1%
Linux: 23.1%
Unix: 11.0%
Netware: 9.9%

Source

With a pair of Chinese and Japanese software companies developing a version of Linux for the Asian market I'm sure that M$ can already see their potential market shrinking. I'm also pretty sure that many at M$ are worried about the desktop deal that Sun has struck with China. So M$ tries to counter these moves with a language pack? I'm sure that M$ is going to have to try a lot harder than that!

This article is a decent brief overview of what I was referring to: http://www.techweb.com/wire/story/TWB20031205S0009

Among the organizations working with Yahoo! are National Public Radio, Northwestern University, the Library of Congress, the New York Public Library and the National Science Digital Library.

Like the PIII Coppermine CPUs that wouldn't even boot sometimes.

Or the randomly rebooting PII Xeons.

Or the voltage problems with certain PIII Xeons.

Or the memory request system hang bug in the PIII/Xeon.

Or the PIII's SSE bug whose 'fix' killed i810 compatability.

Or the MTH bug in the PIII CPUs that forced Intel customers to replace boards and RAM.

Or the recalled, that's right, recalled PIII chips at 1.13GHz.

Or the recalled (there's that word again) Xeon SERVER chips at 800 and 900MHz.

Or the recalled (that word, AGAIN?!) cc820 "cape cod" Intel motherboards.

Or the data overwriting bug in the P4 CPUs.

Or the P4 chipset bug that killed video performance.

Or the Sun/Oracle P4 bug.

Or the Itanium bug that was severe enough to make Compaq halt Itanium shipments.

Or the Itanium 2 bug that "can cause systems to behave unpredictably or shut down".

Or the numerous other P4/Xeon/XeonMP bugs that have been hanging around.

Yes, I did consider the possibility that there might just be some basis for the belief that Intel's products are superior. Having considered that, in light of the mountains of evidence to the contrary, I shall now proceed to laugh at you.

Ha ha ha.

Now go away, or I shall mock you again.

Geez I feel safe already. It's not like any teenager could break into a gov website or anything. Makes me warm and fuzzy inside. And in more "E"lated news... The US government announces the greatest terrorist to walk the planet... Mother Nature, and her Weather of Mass Destruction

Just because they said they'd sue someone within three months doesn't create any legal obligation for them to meet that deadline, so counting down those three months is useless. They can sue anybody anytime they damn well please.

Furthermore, if you actually read the Techweb article that's linked to in the headline, you'll see the clear implication that the estimate of 90 days was approximate ("I think you'll certainly be seeing that within the next 90 days").

I mean, come on: Of all the things to call SCO on, this is one of the least constructive.

The Lindon, Utah, company, which has a $3 billion lawsuit pending against IBM, told reporters and analysts in a teleconference that it would begin suing companies that use Linux, but refuse to pay licensing fees to SCO.

"One of things that we will be looking to do is to identify a defendant that we believe will illustrate the nature of the problem," David Boies, managing partner of SCO's law firm Boies, Schiller & Flexner LLP, said. "I don't want to try and identify that defendant on this call, for obvious reasons . . . but you will be seeing the identification of a significant user that has not paid license fees and is in fact using proprietary and copyrighted material. I think you'll certainly be seeing that within the next 90 days."

I hate to say this, but the last time I looked, Cadence only last month was ported to 64bit Linux

Now maybe in a year or two my company can start running Cadence on cheaper boxen.

Just a tiny question here, but I run SCO Countdown, and according to what ,A HREF="http://www.linuxworld.com/story/38045.htm">d ocuments I have, the deadline for SCO to sue another Linux user is fast approaching. Problem is, I have just received a question on the feedback form wondering whether the 90 day countdown ends on February 16 or 17. Currently, it ends on the 17, but I'd thought I'd get an educated person's opinion on this. Thanks.

Also, just wanted to insert a small poll here. I have noticed that SCOlawsuit.com website is kind of (-1, Redundant) with people like PJ and everyone else covering the SCO case far better than I can, so I wanted to put out a quick poll: since really the important things that I own are the domain names (scoletters.com, scoletter.com, scofile.com, scofiles.com, scoreport.com, scoreport.com, scolawsuit.com) would it be beneficial it I pointed one or two of these domain names to another site? Thanks.

As well as RFID jamming technology being in development, the makers of the tags themselves want to find a decent compromise, such as a kill command.

I liked option #5 in the article you linked to:

Solution 5: SCO Execs point www.sco.com at the loopback address 127.0.0.1, end lawsuits, dismiss lawyers, and invest remaining corporate cash reserves in call options in Dell & Microsoft stock.

Consequences: No denial of service traffic whatsoever seen on the Internet. Millions of Windows users notice that their computer is running extremely slowly. Many buy new machines, which fixes the problem. Dell & Microsoft stock rises. Everyone lives happily ever after.

:-)

Seriously, I find it interesting that more news hasn't been made of the apology buried in the MyDoom.B virus: The creator of what anti-virus experts say is the fastest spreading virus ever on the Internet signed Mydoom and Mydoom.B with "andy," and left the following message in the latter version: "I'm just doing my job, nothing personal, sorry."

I really, really wonder if a programmer out there will develop a burning conscience, quit his job and leak his story to the press. Man, I'd really like to know what company was responsible for this.

Yep

A really good troll makes every word in his sentence a link so that his point seems valid.

You don't even have to visit the sites, just google something like "linux vs windows", grab relevent links and include then in your post. No one will read them anyways, and believe you because you provided plenty of background Info and reputable sources (computing.net included!). They will have to believe your Pro-Windows rant.

Linux isn't a Toy OS. it's used by google. Who provided you this Informative post :)

RSA claimed a patent on C = me mod m. It has since expired, but I don't see any hardware there, do you? What hardware is in BT's hyperlink patent? That's two, need more?

You mean like this?

Or do you think that cheating is uncommon? Quote an article:

Percentage of students in 1988 survey of Who's Who Among American High School Students that admitted cheating: 70

Percentage of students in 1998 survey of Who's Who Among American High School Students that admitted cheating: 80

Percentage of cheating students who say they were never caught, same 1998 study: 95

Percentage of parents of Who's Who students who said they believed their children never cheated, 1997 study: 63

Well spoken. It's nice to see some clear examples instead of "AMD sucks".

But, being the AMD fan I am, I must say that perhaps your problems are more due to bad luck than anything, since RMA rates for motherboards are significantly higher than other components.

And so this brings me to a question... is there a site that gives statistics on RMA rates?

- - - - - - - - - -

P.S. - The following riposte is a cut and paste of a previous slashdot post:

Pentium Floating-point division bug [ku.edu] (it's close enough, isn't it?)
Invalid Operand Instruction crashes original Pentiums [iss.net] Pentium crash codes
Pentium Pro/II still having problems with floats [ddj.com] Unable to convert to int
Pentium III can't even start up [bbc.co.uk] You went faster with an 8088
SSE is great for when you want your PIII to crash [zdnet.co.uk] Pretty blue screens abound.
PIII Xeon, quality you can count on, except at high CPU usage [macworld.com] Watch the task manager, Phil.
Yay, PIII MTH crashes! [com.com] Does MTH stand for Meth?
Total Recall 2: PIII@1.13GHz [com.com] Fastest crashes ever.
Total Recall 3: PIII Xeons@800/900Mhz [com.com] More Xeon quality in a box.
Total Recall 4: CC820 [techweb.com] How many defects? Can't recall...
Pentium 4 overwriting data [zdnet.co.uk] Hope it wasn't something important.
Pentium 4 chipset bug [com.com] Fast video performance? Naaa.
P4 Oracle/Sun problems [indiana.edu] More workarounds than work
Itanium shipments halted [theinquirer.net] That's an expensive oops.

Just so nobody gets any ideas that Intel is perfect...

Well, I run SCO countdown.com (see link in my sig) and I just wanted to remind everyone that the 90 day deadline SCO imposed on itself to sue a linux user is coming up. The deadline comes up February 17, so SCO better start unloading some serious lawyer firepower...

I've come across a similar-ish problem to this, but with a twist...

Techweb.com has the story, but here's the outline...

I was testing new versions of anti-virus software for a major pharmaceuticals company. This is the kind of place where you have to keep *every* version of *every* document for many, many years - and you cannot afford mistakes. If the FDA or the European equivalent asks for a document, you'd better be able to produce it, and it had better be correct.

Anyway, I was also resposible for pricing up new desktop boxes, 99% of which were Dell. However, when I downloaded the current price list from Dell.co.uk, my PC flagged it as being infected with a macro virus, Tristate.

Strange, thought I - and I tried to download it on another PC which I knew to be clean but which had the previous week's AV software. It was quite happy it was clean, but again when I copied it to my up-to-date box, it complained it was infected.

This virus disabled MS Office 97 macro virus protection on PCs it was opened on, and also spread itself to any opened Office document - Powerpoint, Word and Excel. This meant it could spread very quickly through a company, leaving PCs wide open to all other macro virii - there were some nasty ones around at that time which changed words numbers and so on at random - very bad news. I indeed caught it on a couple of other PCs - encouraging my bosses to roll out the newest AV updates with a little less testing than normal. Problem averted.

But then I though of the thousands of people who could be downloading it unwittingly - do I did the decent thing and called Dell. And got absolutely nowhere. Jack Daniels is certainly affecting my typing now, but I am reasonably capable of getting messages through to people, and I could *not* get anyone on the Dell phone system to a) accept there was a problem, and b) pass me on to someone with the nous and/or authority to react to the information.

There was one guy who sneeringly agreed to try and virus-check the document, and he happily told me it was clean. I asked him if his AV was up-to-date, and got a snotty "Of course it is, we're Dell" in reply. Two whole days later I managed to persuade someone it was real, and soon after that it was removed from the site. And what was there? "Please update your anti-virus software, we may have given you a virus"? No. "This service is temporarily unavailable" was there for a few weeks, and then Dell launched their new XML-based site which amazingly enough didn't have a downloadable price list in any format.

Recently I have been doing business with Dell again, and sadly their internal communications are are very poor - the outsider has very little chance of speaking to someone of useful authority. I found that talking about buying a 250,000 pound SAN from them opened a few doors, however.

Check this out.

http://www17.tomshardware.com/motherboard/19980710 /index.html
DRAM Performance: Latency vs. Bandwidth Created:
July 10, 1998 By: Bert McComas

http://www17.tomshardware.com/motherboard/19980729 /index.html
Performance Impact of Low Latency DRAM Created:
July 29, 1998 By: Bert McComas

http://www17.tomshardware.com/motherboard/19980814 /index.html
Performance Impact of Rambus Created:
August 14, 1998 By: Bert McComas

http://www17.tomshardware.com/motherboard/19980923 /index.html
Rambus on Alternate Platforms Created:
September 23, 1998 By: Bert McComas

...and touring the world demonstrating the Micron "Samurai" DDR chipset; a chipset that would never be built, and which was intended only to divert mindshare from Intel and RDRAM:

http://www17.tomshardware.com/motherboard/19991216 /index.html

http://www.ebnonline.com/digest/story/OEG19991110S 0054

http://www.techweb.com/wire/story/TWB19991110S0028

While at the same time he was colluding with the industry to limit RDRAM production, coordinate their lies, and provide some cover from antitrust prosecution [From the FTC-Rambus case docket at http://www.ftc.gov/os/adjpro/d9302/index.htm]:

1567. In April 1998, Bert McComas, an industry consultant, gave an "exclusive" seminar for DRAM manufacturers about Intel's selection of RDRAM (Rambus memory). (RX 1138 at 1; Tabrizi, Tr. 9061-62). Mr. McComas pre-cleared his seminar invitation and list of topics with Mr. Tabrizi. (Tabrizi, Tr. 9064).

1568. Mr. McComas's invitation asked its recipients not to forward the invitation to Rambus or Intel. (RX 1138 at 1). A few days later, Desi Rhoden (now Chairman of the Board of JEDEC) sent an email to Mr. Tabrizi about the attendance restrictions. (RX 1149; Tabrizi, Tr. 9064-65). Mr. Rhoden's e-mail stated that he knew McComas and that his "main focus appears to make sure that Rambus and Intel do not attend and therefore has been very restrictive on who can attend. If he says everyone except Rambus and Intel, then it is restraint of trade; while if he says only suppliers, then most of who he wants can attend without there being a charge of restraint of trade." (RX 1149 at 1).

1569. During his April 1998 seminar presentation to the DRAM manufacturers, Mr. McComas stated that a manufacturer that chose to build RDRAMs was making a "guaranteed bad bet for margin enhancement" (RX 1482 at 12), and he stated that RDRAM "deepens [the manufacturer's] financial dilemma." (RX 1482 at 26). As a "possible strateg[y]," Mr. McComas suggested that DRAM manufacturers "tape out but do not fully productize or cost reduce" the RDRAM device, in the hopes of "resist[ing] popular deployment" of RDRAM. (RX 1482 at 34-35).

***************

1571. Mr. McComas spoke at the June 25, 1998 SLDRAM Executive Summit about the problems faced by DRAM manufacturers. One of the "tactical" problems he identified was how to "Manage Price Competition, Profitability." (RX 1188 at 1). He also talked about how man