Slashdot Mirror

An analysis of hacker attacks on online servers in January by security consultancy mi2g found that Linux servers were the most frequently violated, accounting for 13,654 successful attacks, or 80 per cent of the survey total. Windows ran a distant second with 2,005 attacks. A more specific analysis of government servers also found Linux more susceptible, accounting for 57 per cent of all breaches

Developer Spotlight: Martin Pool

If Linux were as popular as Windows is today, it would be just as plagued by security holes.

First, wrong. Apache runs 60%-70% of the world's web servers, yet MS II has far more security holes (at least judging by # of exploits). Following your logic, this would not be the case.

Second, what that generates spam zombies is not really "security holes" in general, but more than anything, a particular type of exploit, namely viruses (virii?). These are nearly exclusive to Windows. (Indeed, by some accounts, Linux installations on the internet are more exploited than Windows installations -- discounting viruses. Take it with a grain of salt, but you get the idea - we are not talking about "security" in general).

Third, even though Windows may be more widely used by home users than Linux, most crackers ("evil hackers") are more familiar with the world of UNIX and Linux -- typically these OSes are their own tools of choice. Moreover, the source code for Linux (and *BSD) is widely available, and so any holes are much easier to find. (You saw that based only a tiny fraction of the Windows source code, leaked to only a tiny fraction of the worlds cracker population, several new "critical" exploits surfaced within days, if not hours).

-tor

Currently with the Free Trade Agreement negotiated with (or forced on us by) the U.S., australia is set to introduce the "mickey mouse" clause into copyright and bring the whole place more in line with ill-considered U.S. laws. The Sharman networks raid caught me by surprise, but there has been very little said about it in official political circles. It's an election year here too and Australian political parties aren't really known for their tech-saviness at the best of times. It will be extremely difficult for the current government politically if the FTA isn't accepted.

As far as copyright goes, there's a reason it was sacrificed on the altar of free trade: it's expend- extendable..

The fact that you don't need a backlight anymore makes it not only more energy efficient, but also a lot thinner.

They are already used in some mobile phones.

Sure it's been fixed. But the vulnerability still existed and could have been (and may have been) exploited. Unpatched Linux systems are still around just in the same way that people don't keep their Windows systems patched and have exploits as a result.

The grandparent post made the completely valid point that if Linux isn't perfect then you have no right to advocate it as secure and mock Windows for its flaws. Take a look at this article. It shows the BSDs as the preferred choice over both Linux and Windows, yet it doesn't have nearly as much hype as Linux.

I can relate to your concerns about the validity of an anonymous email. You'll be pleased to know that SCO has confirmed the authenticity of the email though they claim that the writer misunderstood Microsoft's involvement.

Maybe it had something to do with Symantec's purchase of Central Point.

Maybe the current work stems from this aquisition.

Common bugs in both IP stack examples noted here.

More, but not as many accusations.

The details in these links seem to be more useful than statements that are too empty or too broad. I was surprised that concrete evidence of rampant code copying relevant to the IP stack from BSD was not very easy to find. "Urban legend" is an overstatment because there is some truth that some things relevant to the IP stack were copied, but the scale probably has been exagerrated.

You're proposing a browser that's not even out of beta for corporate use? I wouldn't consider that a particularly good idea

Oh really.

Why You Should Switch to FireFox

"Further improvements to IE will require enhancements to the underlying OS"

Secunia Internet Explorer System Compromise Vulnerabilities. Solution: "Use another product"

The Twenty Most Critical Internet Security Vulnerabilities IE: Number four.

"we are not aware of any vendor-supplied patches for this issue"

Patch for 'critical' IE vulnerability doesn't work

IE full of holes, unsafe: Security experts

AMS Vice President and CTO: Mozilla Firebird is a Tier 1, Best of Breed Open Source Application

I don't care if it's a beta. Firebird/FireFox/Whatever is simply a better product than IE in every conceivable way - with the pertinent exception of branding, but including stability and security. So what exactly makes its use at a corporate level a "bad idea?"

You're proposing a browser that's not even out of beta for corporate use? I wouldn't consider that a particularly good idea

Oh really.

Why You Should Switch to FireFox

"Further improvements to IE will require enhancements to the underlying OS"

Secunia Internet Explorer System Compromise Vulnerabilities. Solution: "Use another product"

The Twenty Most Critical Internet Security Vulnerabilities IE: Number four.

"we are not aware of any vendor-supplied patches for this issue"

Patch for 'critical' IE vulnerability doesn't work

IE full of holes, unsafe: Security experts

AMS Vice President and CTO: Mozilla Firebird is a Tier 1, Best of Breed Open Source Application

I don't care if it's a beta. Firebird/FireFox/Whatever is simply a better product than IE in every conceivable way - with the pertinent exception of branding, but including stability and security. So what exactly makes its use at a corporate level a "bad idea?"

It was more than inspiration. Linus did a charitable fundraiser for Cystic Fibrosis, and offered to name the next release after the Austrialian animal of the highest bidder's choice. Someone gave a few thousand dollars ($3600 to be exact) to choose this name. Next Linux kernel to get Aussie name

>If mozilla were be the most popular browser then it would have the most exploits.

I disagree. Exploits are not generated by market share but are side-effects of bad design decisions (one word: ActiveX), bad coding practices, insufficent code reviews, clueless management ("I say we ship it, and I'm the boss!") etc.

If Mozilla were the most popular browser, it would certainly get more attention from the black hat scene, and whatever weaknesses are lurking in the code would be exploited. Whether the number of exploits would be bigger than IE's is pure conjecture, since Mozilla's market share is still way lower than Interner Explorer's.

However, the Mozilla team has an excellent track record when it comes to patching known vulnerabilities, while Microsoft used to treat them like dead raccoons. To be fair, they have improved a little in that regard, but there is a reason why this page has been "temporarily suspended", and it's not that there are no unpatched vulnerabilities in IE left for Microsoft to patch...

Some food for thought, more, even more - you get the idea.

I don't think that's going to help them too much - and Judge Wilson is actually following well-established legal precident in his ruling.

"Pink" contracts for spammers, routinely binning/ignoring/denying spam complaints, even supplying spammers with tools to bypass spam filters - The Death Star does it all if you want to spam.

No, but Michael Geist is, and he's also the Canadian research chair in Internet and e-commerce law, and he seems to think there is a good legal argument for saying it is legal.

But more to the point, the parent article here is not about the legality of downloading songs in Canada. It's about payment of royalties. In my own words, as I understand it, other broadcasters (radio, TV, etc.) have to play royalties to artists when they broadcast a copyrighted work. This case is trying to determine if ISPs, or anybody else, can be classified as "broadcasters" with respect to internet file trading for the purposes of collecting royalties.

In a sense, it's the other side of the coin from the downloading question. The Canadian Copyright Act appears to make downloading legal, but it seems quite clear that uploading (distributing) is not legal. While the levy on CD-R's legitimizes downloading in the Copyright Act, making ISPs (or somebody else) pay royalties for "broadcasting" may very well legitimize the distribution end of online sharing. After all, if you charge royalties to an ISP for songs that are distributed through it, you are creating a de facto license for the songs to be distributed through it. Might not be as clear cut as the CD-R levy, but I think it has legal merit.

No, but Michael Geist is, and he's also the Canadian research chair in Internet and e-commerce law, and he seems to think there is a good legal argument for saying it is legal.

But more to the point, the parent article here is not about the legality of downloading songs in Canada. It's about payment of royalties. In my own words, as I understand it, other broadcasters (radio, TV, etc.) have to play royalties to artists when they broadcast a copyrighted work. This case is trying to determine if ISPs, or anybody else, can be classified as "broadcasters" with respect to internet file trading for the purposes of collecting royalties.

In a sense, it's the other side of the coin from the downloading question. The Canadian Copyright Act appears to make downloading legal, but it seems quite clear that uploading (distributing) is not legal. While the levy on CD-R's legitimizes downloading in the Copyright Act, making ISPs (or somebody else) pay royalties for "broadcasting" may very well legitimize the distribution end of online sharing. After all, if you charge royalties to an ISP for songs that are distributed through it, you are creating a de facto license for the songs to be distributed through it. Might not be as clear cut as the CD-R levy, but I think it has legal merit.

I don't think you have a very good argument here. As has been pointed out in other responses to you, Michael Geist, the Canada research chair in Internet and e-commerce law, believes that there is a pretty good legal argument for individual downloaders. We do all seem to agree that this has not been tested in court, but it seems even the Canadian legal community thinks it is probably legal.

What hasn't been discussed much, though, is the principle that one cannot legally profit from illegal activity, especially third parties. I'm not aware if this is written in Canadian law, but the principle is generally established. The current levy on CD-Rs is specifically to compensate for copyrighted material. Therefore, it seems like a good legal argument that the recording industry cannot say on one hand that your copying is illegal on one hand, but that they profit from it on the other. In short, under current Canadian copyright law, I think there are several good legal arguments about downloading being legal. Now uploading, or making songs available (shared) over P2P seems quite clearly to be illegal.

It's probably not too far off to say 99.9% of Windows crashing problems are due to operator error from installing bad drivers (from other manufacterers), installing bad hardware, installing crappy software.

Microsoft itself says half of Windows crashes are due to Windows or other Microsoft software.

So, either "99.9%" is far off, or installing Microsoft software is "installing crappy software".

It's probably not too far off to say 99.9% of Windows crashing problems are due to operator error from installing bad drivers (from other manufacterers), installing bad hardware, installing crappy software.

Evidently you did not read the report that stated that only 50% of Windows crashes were due to such problems. By implication, the other 50% are due to Windows itself.

77% of illegal pre-release movies available on P2P networks are put there by movie-industry insiders

I recently started working at IBM doing iSeries Linux work, when I mentioned to someone that I had taken an MPI class in college. I found out later that he was doing BGL work and needed help, so now I work on this! IBM Research BGL Home

There are 65536 (2^16) compute nodes (CNs) on the system running a very small, from-scratch OS. There are also 1024 (2^10) I/O nodes on the system running a full Linux system (ZDnet article). The custom CN kernel is designed to look like linux, but is much smaller and written for a very singular purpose.

The system has a number of networks that link all the nodes together. The first is the 3-D Torus network, the point-to-point node connection topology. The asteroids game is a 2-D torus because the top connects to the bottom and the sides connect; a 2-D torus looks like a donut when connected together. A 3-D torus looks like a cube (3-D Mesh), but the sides are directly connected to the opposite end (it really requires 4 Euclidean dimension to draw well). This network only connects the 2^16 CNs.

The I/O nodes (running Linux) are connected by ethernet and then each linked to 64 CNs by the tree network. Unsurprisingly, it looks like a tree (for the people who actually know what a plant called a tree looks like, it is not like that).

Summary PDF

The article just says 'Mozilla Browser', I wonder whether this means Mozilla or Firebird?
On another (possibly related note), the front page of Mozilla.org is displaying the following message:
Mozilla Foundation Launches Mozilla 1.5, End User Services
We are pleased to announce new versions of Mozilla 1.5, the award winning Internet suite, and new Technology Preview releases of Mozilla Firebird (version 0.7) and Mozilla Thunderbird (version 0.3).
Maybe this and Sun's announcement have been timed so they purposefully coincide?

ConCen are claiming that the site was a search engine and no music was actually hosted on their servers:

The Internet company targeted by the music industry over alleged copyright breaches, ComCen, has denied it hosted any copyright-infringing MP3 files on its servers and claims the Web site cited in the civil action brought against it acted only as a search engine.

Won't have to wait long m8.

Telstra is starting our very own downunder ripper bonza online music service*.

(*Disclaimer: must be a Telstra customer who likes music published by the Warner label, slathered in Microsoft DRM at $20 an album. Apart from that, it's all good.)

Telstra has revealed the reason for the e-mail delays many of its customers have experienced over the last two weeks.

Some BigPond customers have experienced diminished incoming mail performance, with messages often being delayed by several hours or more. Telstra spokesperson Kerrina Lawrence told ZDNet Australia the problem was with a software upgrade recently implemented by Telstra.

Danny.

This story might provide some more info on why this is happening.

Adobe is introducing product activation, Symantec has added product activiation to the latest Norton Antivirus product for consumers, and I know someone who works for another large consumer software company who will be introducing activation. In addition, Macromedia was rumored to be adding activation to StudioMX but I haven't heard if they went through with it or not.

This will be a growing pain until enough companies realize that they're only pissing off consumers because those who want to copy it will find a way.

Take a look at RecoverMyFiles. There is also a review at ZDNet Australia (RecoverMyFiles.com is based in Australia).

It will scan your hard drive to look for different kinds of files (JPEGs, Word, Excel, whatever) and let you preview many of these file types before you save them. The scan runs faster if you limit the number of file types that you are searching for.

You might want to look at these instructions on how to make a version that runs from CD, although it involves installing it on a different machine from the one you are trying to recover first, and making the CD on that machine. That way, you can run the software from the CD, and you won't overwrite files on the drive you are trying to recover.

It costs $70, but they let you run a full version of the software for free that does everything except let you save your files. Paying the $70 gives you a registration key to unlock the software so you can save the files it found. So, on the one hand, they are holding your files hostage until you pay; on the other hand, you don't have to pay anything if the software doesn't find anything.

The reason I know about this software is because my friend just formatted her drive by mistake, and she had pictures on it that weren't backed up. I did some searching on Google and found this software. I went over to her place with the CD I made, and it started finding JPEGs. I had to leave before it was done scanning, but it seemed to be finding a lot of files. It didn't seem to have a limit on the number of files you could recover at one time, when I left it was up to about 70 files and counting.

Wow, another linkingly challenged /.er

trying to destroy the Human Rights and Equal Opportunity Commission

Being the force behind Australia's equivalent of the Patriot Act

Refusing to defend a homosexual judge, despite being bound by his position as Attorney General to act as an advocate and protector for the judiciary

Refusing to accept UN reports on racism in Australia

Lobbying for increased intellectual property rights

Lobbying for laws allowing Australia's spy agency, ASIO, to read domestic emails

Supporting the increase in the rate of phone tapping

And generally trampling on human rights and civil liberties wherever possible.

This is definately not good news.

Original Article

VeriSign said Thursday that it would respond to technical complaints over its recent move to redirect Internet users who enter nonexistent or misspelled domain names to its Web site, but it said it would not pull the plug on the service. Criticism has been growing over the company's surprise decision to take control of unassigned .com and .net domain names, which has confused antispam utilities and drawn angry denunciations of the company's business practices from frustrated network administrators.

"There is a lot of fiction about the actual technology and the service," VeriSign spokesman Brian O'Shaughnessy said. "What we are doing is trying to determine fact and fiction and we're doing so by reaching out to the technology community and helping them to understand exactly what is fact and fiction."

VeriSign would not disclose what changes it might make to address technical complaints about its SiteFinder service.

O'Shaughnessy said the service has been embraced by end users. "We've seen nothing but very positive results from the Internet community," he said. "Usage is extraordinary. Both individual users and enterprises are giving very positive feedback."

VeriSign's new policy is intended to generate more advertising revenue from additional visitors to its network of Web sites. But the change has had the side effect of rewiring a portion of the Internet that software designers always had expected to behave a certain way. That can snarl anti-spam mechanisms that check to see if the sender's domain exists, complicate the analysis of network problems and possibly even pollute search engine results. Because VeriSign will become a central destination for mistyped e-mail and Web traffic, its move also raises serious privacy questions.

In response, the Internet's technical community has developed a patch to BIND, the workhorse utility that implements the Domain Name System protocols. It's designed to counteract VeriSign's change by blocking traffic to its SiteFinder site and returning the same "domain not found" error message as before.

When asked why VeriSign did not inform the Internet's technical organisations of the change in advance, O'Shaughnessy replied: "There's not much I can add except to say that our testing and the resources we've applied toward this have been in accordance with prevailing industry standards for new products and services."

Neither the Internet Corporation for Assigned Names and Numbers (ICANN), which in principle oversees VeriSign's actions as a domain name registrar, nor the U.S. Department of Commerce, which has a contract with VeriSign that grants it a government-granted monopoly over .com and .net, has responded to repeated requests for comment since Tuesday.

O'Shaughnessy said there's no need for any outside organisation to get involved. "There's some religiousness that's been brought to bear here besides the technical reality," he said. "We're fully compliant with every RFC," O'Shaughnessy said in reference to the technical standards that govern the Internet.

Sony is *not*, and never has, lost money on the PS1 or the PS2 in order to make up the difference on the games.

Really now?

Sony seems to differ with you on that opinion...

Sony loses AU$100 per unit

Sony Computer Entertainment Australia MD, Michael Ephraim:
No. Generally the manufacturer takes the losses on the cuts. If you look at a lot of reports, manufacturers of console games machines lose money. It's the razors and blades game. If a person buys the razors, they keep buying the blades. The company that owns the format is the one that has to ensure that it's a viable business model long term, when you consider the sales of software.

Merrill Lynch has reported that our competitor was losing AU$100 per machine prior to their price cut, about the same as we were losing per machine when we launched PlayStation 2.

I'm certainly behind this idea, providing they get the wording of the legislation right.

However, given the Australian government's track record on these matters, I'm not confident it will make that much difference in practice. Take Internet censorship as an example. Similar concept, the legislation gives them the power to take down Australian hosted sites. Result - dismal failure

Could you provide links to substantiate your claims of increased music sales linked to P2P piracy? Thanks.

Here's a start

More on the Ipso-Reid study covered here. The original study isn't available through their website, unless you look a lot harder than I did.

Here's more on the Jupiter study

Still more

Liebowitz writes about it, but his only purpose was to conclude that filesharing doesn't hurt the music business.

ZDNet reports on what is probably the same Jupiter study

This article sits right in the middle of the issue, but certainly hints at an Odyssey study supporting my point.

Here's a study about studies

This came out during the height of the Metallica fight against Napster

You can google for more if you're not satisfied with these. :)

Since at least August, SCO have been floating the idea of sending invoices to Linux users. It's even been reported, seemingly incorrectly, back in August, that SCO was beginning to send invoices. The invoice story has been taken up with a vengence in the last few days, for example, here, here and here.

SCO Australia says the invoicing plan doesn't "ring true" and contradicts very recent strategy discussions. Unfortunately, SCO USA's Blake Stowell, doesn't seem to have yet responded to SCO Australia's request for clarification. SCO Australia also says that they're unsure about the question of invoices being sent in the US even though there are reports on the web [examples: here, here and here] about just such a thing being planned.

Since at least August, SCO have been floating the idea of sending invoices to Linux users. It's even been reported, seemingly incorrectly, back in August, that SCO was beginning to send invoices. The invoice story has been taken up with a vengence in the last few days, for example, here, here and here.

SCO Australia says the invoicing plan doesn't "ring true" and contradicts very recent strategy discussions. Unfortunately, SCO USA's Blake Stowell, doesn't seem to have yet responded to SCO Australia's request for clarification. SCO Australia also says that they're unsure about the question of invoices being sent in the US even though there are reports on the web [examples: here, here and here] about just such a thing being planned.

There are only two reasons why Telstra would make a press release announcing their intention to use Linux:
(1) 'cos they've found a way to further screw their customers by their use of Linux, or
(2) 'cos they've found a way to further screw their competitors by their use of Linux.

That aside, if you go one step further, and read the article, you see that they're actually not using linux at all. They're beating around the bush with lines about XP and NT and Sun and HP-UX and Solaris and Linux and Citrix and XP-on-a-chip and you-name-it. The article is completely meaningless marketeer speak designed to trick some journo's into picking up on the key words "unix" and "linux", and it worked.

Don't get me wrong, I'm as happy as the next guy if a large corporate makes the switch to Linux, but that's not what this article is about. Never lose site of the fact that Telstra are evil. Every bit as evil as Microsoft or SCO.

...even on ZDNet, we are now kicking SCO's sorry asses.

Or an 11Mbit link to your NASCAR? Okay, you caught me, it's actually an AusCar!

I thought the guys who did something similar with the xbox were getting sued... or am I mistaken. I know they were being Threatened with legal action at the very least. Anyway why would a guy leave out his information like that (see the bottom of the article) after taunting a gigantic company like Sony in this way?

IRA McGee over at LinuxToday had a brilliant suggestion, if you get one.

Call your local USPS or FBI and claim MailFraud

the objective of mail fraud is to accomplish a desired result by deception, trickery, concealment, and/or dishonesty, albeit through the use of the United States Mail Service or other private/commercial interstate carriers

This is taken serious and hopefully will result in Darl getting his behind serviced on a regular basis.

http://www.zdnet.com.au/newstech/ebusiness/story/0 ,2000048590,20277192,00.htm

You didn't have to read the article, just the titles for the article (Not the Slashdot info, the ZDNet info).

I must have missed it. I only saw, "half of all crashes in Windows are caused not by Microsoft code, but third-party code".

Ahh A Troll, I should have known. Well, if half of the crashes are 3rd party code, where do the other half come from? "Acts of God"? Maybe it should be: "Acts of g0d"

You must have read another article where it said half of all Windows crashes, can you send me the URL to that article? I would like to read it.

Same url as what's listed in the post

Did you read the title of the article?
"Microsoft criticises third party code for Windows crashes"

My emphasis.

Then the bolded header of the paragraph:
"Microsoft has laid the blame for half of all Windows crashes on third-party code."

My emphasis.

You know, even if YOU SAY the glass is half-full, it's still half-empty.

Hooray! Remember, no one ever got fired for sending 230,000 Klez viruses.

With Windows 'Innovating' (sigh) and not bug fixing, third party code will be the least of their problems, infact, with undocumented 'features' and system calls and closed source code, how can anyone be expected to write drivers and such that never crash?

Hmm.

how schizophrenic are our laws?

Hmm, not allowed to copy music, but are allowed to backup/copy software. Are allowed to tape broadcasts. Is Kazaa/Internet a broadcast medium? What about streaming radio? etc etc.

Article Link

• Your car was built mostly by robot.
  
• Your computer's motherboard was built mostly by robots.
  
• Computers control your flights when the plane is on autopilot.
  
• Computers control the actual braking on your ABS brakes.
  
• Computers control the traffic lights you stop/go at.
  
• A robot (built by Honda) is working as a receptionist at IBM in Japan.
  
• People can buy robotic dogs.
  

gere are some articles that have some quotes about the G4:

ths is a refrence about plans for the G4
there ya go

this is a nice articel with a nice table for ya.
here it is

here is one with a discusion of just the x86 line.
and that should do it for ya

let me know if you need anything else on the subject.

oh...in case you would liek to know, I went here to find it all.

Maybe those in Chicago remember divine.

They tried the same exact tactic last year using their broadly defined shopping cart patent. Let's hope this action ends the same way, divine was out of business 4 months later. (But succeeded in licensing the right to use a shopping cart for $25,000 to a couple dozen small companies before they went under)

My guess is this DE Technologies will soon be bankrupt, so I'd just ignore any of their demands. As with divine, I think the only company that's dumb enough to try something like this is one that is already going under and so has nothing to lose. These companies know their patents are bullshit and will never stand up in court, that's why their licensing fees are always in the $10k to $25k range, just low enough so that it's cheaper for the mom and pop shops they abuse to pay the license rather than hire a lawyer. Their worst nightware would be to end up in court, I don't think a company would even have to actually hire a lawyer to make them go away, just tell them you're not paying the license and will see them in court, they'll back off just out of fear of going to court and seeing their whole ponzi scheme fall apart.