Slashback: Apple, Lawyers, Backbones

More below on improving OS X security, AOL GPL SNAFUs, Mandrake's reputed layoffs (short answer: No.), Big Daddy's control over gaming in Connecticut, and more. All below in tonight's episode of Slashback.

We are from France! And we're doing fine ... PovRayMan writes "Mandrakesoft has denied rumors of it's recent layoffs and management change due to "financial liquidity." The article mentions how the former CEO, Henri Poole, agreed on the management change. The article even goes out to say that their "prospects never looked so good" with the recent release of Mandrake 8. Either way, I'm downloading Mandrake 8 iso's right now and look forward to playing with it."

Like Alar for the other kind of apple. Lots of people were interested in the possible security flaws in OS X; thanks to Alex Salkever of BusinessWeek, we have word from Apple SE Manager Jeff Gagne, who writes: "We have just posted a Mac OS security web page for people looking for information concerning security updates, security notifications, etc. involving Mac OS X. Please visit the following url for more information: http://www.apple.com/support/security/security.html."

Follow the bouncing lawyers, with a mallet and a browser. Mike Haisley of AOL watchdog Observers.net writes with an update to yesterday's AOL And The GPL story: "It seems that America Online has their legal team working overtime on this one, site was pulled, and back up, and we were just given notice that it's going down again." Here is the Emergency Mirror.

Go forth and legislate no more. mikey573, pointing to a Hartford Courant Article, writes: "It's nice to see that Connecticut governor John Rowland is protecting gamers' rights by vetoing a bill that would have limited access to arcade point-and-shoot games: "Asserting that government should not act as 'Big Daddy,' Gov. John G. Rowland said Thursday that he will veto a bill barring children under 18 from playing 'point-and-shoot' video games in public places." I'm going to play Duck Hunt now in celebration! My only concern is the Connecticut legislature got as far as passing the bill in the first place." Well said.

Erratus, errata, erratum. Jamie would like to make several corrections to Monday's story about Macromedia being blackholed:

(1) I really shouldn't have singled out Above.net in the headline. They're just one backbone that uses the MAPS RBL to block non-mail traffic from their subscribers. In fact, Teleglobe.net was the backbone that blocked web access from one of our submittors.

And (B), Paul Vixie, the co-founder of MAPS, is no longer the CTO of Above.net.

Re:Jamie also part of blocked Peacefire.

[jamiemccarthy]

"I call this a conflict of intrest."

I support Peacefire, the EFF, the ACLU, and other online civil-liberties organizations. If you think this makes me unqualified to write about online civil-liberties issues that affect and are affected by these organizations, you need to rethink what "conflict of intrest" [sic] means.

Re your (not very clear) allegation of Media3 moving Peacefire, I addressed this already.

Jamie McCarthy

Re:TeleGlobe and the MAPS RBL!?!

[jamiemccarthy]

"While I might believe that they offer it as a service to some of their customers, I just can't see one of the world's top five IP carriers [Teleglobe] refusing to route any part of the Internet."

Here's their part of the traceroute from the Slashdot submittor from Greece who reported being unable to access www.macromedia.com. This is as reported to me on Friday, after macromedia.com was taken off the RBL:

5 310 ms 311 ms 250 ms oteny-otenet2.ote.otenet.gr [194.153.81.13]
6 311 ms 310 ms 310 ms if-2-0-0.bb3.NewYork.Teleglobe.net [207.45.199.2 25]
7 300 ms 311 ms 310 ms if-3-1.core2.NewYork.Teleglobe.net [207.45.221.9 8]

He also reported that many of his friends in Greece were unable to access the site, writing: "Every person in business (I am web developer/designer) couldn't not see Macromedia server for the past 4 days. They 'see' internet from different ISPs. I am very certain." This meshes with your pointing out that Teleglobe often is the primary access provider for entire countries.

Teleglobe is a licensed subscriber to the RBL, but as for whether they use it to block traffic other than mail, a quick Google search on "teleglobe MAPS RBL" turns up good leads. See e.g. "JANET, Teleglobe and the RBL," in which one of Teleglobe's clients -- itself a well-known internet provider -- explains to its own customers the situation which has been forced upon them:

Does this affect things other than mail?

Yes. No connections of any kind will work in either direction between JANET and a blackholed address -- not Web, FTP, telnet or anything else.

On another page, they hopefully claim "it is not likely that any valid use of JANET requires access to such networks." Well, maybe that page needs to be updated.

You see why I think this is important?

Jamie McCarthy

TeleGlobe and the MAPS RBL!?!

[jonbrewer]

TeleGlobe happens to be the primary connection to the Internet for some COUNTRIES in this world.

From their marketing propaganda (which is to be believed) "Teleglobe's Internet customer base represents 15 percent of the world's Internet routes."

I can't believe it's true that TeleGlobe as a whole subscribes to the MAPS RBL as Jamie states above.

While I might believe that they offer it as a service to some of their customers, I just can't see one of the world's top five IP carriers refusing to route any part of the Internet.

Re:GPL Don't be matter'n

[Chuck+Chunder]

You are most likely correct. AOL can argue that they have not violated the GPL because they never agreed to it in the first place (no signature, etc etc).

However, by doing this they would be arguing that they have breached the copyright on the software by distributing it without a licence to do so.

Fun eh!

Re:No drugs for you!

[Alik]

The other problem, of course, being that the real process of governing is just not fun. Sure, if you get up high enough, you get some power and maybe some bribes/kickbacks/perqs. However, realize that you are no longer permitted to express your own thoughts on anything, because the media will lynch you. Your entire day consists of sorting through arcane bits of legal code and mile-high stacks of budget figures, trying to figure out what it all says and what changes might actually work. Meanwhile, your door is being beaten down by thousands of special-interest groups, all of whom say that you must do as they say or the country will go to Hell *and* they'll run ads showing you kicking a small child in the face. Oh, and did we mention that even though you're not allowed to express your true opinion on anything, you've got to have a position on everything? Or the party whip, whose sole job is to keep you in line with The Platform and The Agenda by whatever means necessary? And all your college buds who own companies and law firms make about ten times as much as you?

You want a game that'll drive people to murder, that'd be it.

*sigh*

[supabeast!]

"John G. Rowland said Thursday that he will veto a bill barring children under 18 from playing 'point-and-shoot' video games in public places."

Imagine what would happen if they passed a bill prohibitng kids from shooting real guns at human shaped targets at a public firing range. I cna guarantee you that it would go nowhere...

Re:No drugs for you!

[Greyfox]

Of course if it had passed, they'll have started running out of things to point fingers at other than where the real blame lies, which is with the disinterested parents and the school system that doesn't do a damn thing to prevent children from behaving like animals. I expect that blaming Canada would be next, which ultimately would only result in the Canadian Royal Air Force bombing the Baldwin Residence.

Love those "Brickhouse" terms

[_Mustang]

Right off that site, the best terms for shareware I ever heard!

Registration BrickHouse is a shareware product. The cost is $25 per machine. I'm of the opinion that people will either pay shareware fees, or they won't. You may use BrickHouse without registering it until you feel that it is worth $25 to you. If you like BrickHouse, you should pay the shareware fee to help ensure future development of the product.

I gotta say it!!

[tester13]

Not only did we speculate on the death of Mandrake. We also followed it to its next illogical conclusion, being that Linux on the desktop may be dead!

Ouch!!! We really need to calm down in the future (myself included) and actually wait a few seconds, minutes, or days before we start making dire predictions about the future of anything. Here we did not even have correct information.

Re:Jamie also part of blocked Peacefire.

[dbirchall]

To the best of my knowledge (as someone who's read a lot that Bennett has had to say about this, and a lot that other people have had to say as well), the chronology was like this:

1. Peacefire got hosted by Media3 in netblock A.
2. Media3 netblock B hosted a bunch of spammers.
3. MAPS received complaints about netblock B.
4. Media3 *moved* Peacefire from A to B.
5. MAPS blocked netblock B due to the spammers.

Step 4 above is roughly akin to surrounding your biological-weapons plant with women and children so you can claim it was a school, hospital or residential neighborhood when it gets blown up.

There are some things I do not know, namely:

• Whether MAPS and Media3 were in communication before Peacefire was moved. (In other cases I'm aware of, MAPS has seemed to respond to spam complaints with almost glacial speed, so there may have been some bureaucratic back-and-forth in the weeks or months preceding the RBL listing.)
• If so, whether Media3 made Peacefire aware that the netblock into which they were moved was likely to be RBLed.

I find it hard to believe that Media3 wouldn't have known they were likely to be RBLed for hosting so many spammers in that block. From what I've heard over the years, an RBL nomination is unlikely to be accepted if the person submitting it hasn't already communicated with the target without success.

If Media3 did know (which seems likely), and failed to tell Peacefire, Bennett has every right to be pissed - at Media3. If someone pushes you in front of a bus, is the bus company liable? No, the person who pushed you is. :)

If Media3 did know and told Peacefire, and Peacefire willingly consented to be placed in a netblock that was likely to be RBL'ed, it becomes a manner of "why the heck would you do that? *slap slap slap*"

Come to think of it, that's pretty much the reaction Bennett got on comp.dcom.telecom...

--

Good To See Someone Taking A Step-Up

[DarkrhaveN]

It's good to see our Governor standing up against, letting the United States government as a whole let parents off the hook from thier roles as parents in the first place.

John Rowland ( A Man I've Met Before, And I Shook His Hand ) is taking the proper steps in doing the right thing, by pointing out the parents need to get up and take thier roles as parental guidance units for thier kids, also by doing this, its a huge message that says "hey get up and do your job, because I'm not going to do it for you"

Start taking notes Mr. Bush.. learn something here.

Two Mandrake's Most recent interviews...

[joestar]

With Jacques Le Marois (CEO & Co-Founder of Mandrakesoft) on: http://www.newsforge.com/article.pl?sid=01/05/22/1 754212&mode=thread

With Gaël Duval (Creator of Linux-Mandrake & Co-Founder of Mandrakesoft) on: http://lwn.net/2001/features/MandrakeSoft.php3

Worth a read.

My, aren't we mouthy

[melquiades]

OK, I'll grant that Apple's page is no encyclopedia of security. But it sounds like you didn't even read through what's there. The security page has several concrete and useful bits of information, including:

• a list of security patches and directions for patching;
  
• general directions for disabling FTP, HTTP, Telnet, SSH, and Appleshare (nice and simple for the non-techies);
  
• a security mailing list, with directions for verifying Apple's PGP signature; and
  
• links to three other relevant security sites (CERT, FIRST, and FreeBSD security).
  

It would be nice if they had links to security software such as Brickhouse, and community security sites such as SecureMac. But they page is not as useless as you make it out to be.

Actually...

[increduloidx]

From The Misanthropic Bitch's Mailing List...

INDIANA - A compulsive gambler is suing Casino Aztar for allegedly failing to enforce a ban barring him from the floating casino. A lawsuit filed on behalf of David Williams of Evansville charges that casino officials mailed him a letter barring him from the boat, but did nothing to enforce the ban. The suit alleges that Aztar officials instead continued to "ply" Williams by mailing him promotional materials, and allowed him to board and to gamble on the boat's slot machines. Williams alleges that he has lost a total of about $175,000 dollars gambling on the Evansville riverboat. His suit alleges in part that, by using the mailings both to ban Williams and to continue to entice him to gamble, Aztar committed mail fraud, which amounts to racketeering under federal law. Aztar attorney Patrick Shoulders compares Williams' lawsuit to "an alcoholic suing a liquor store." Source: Associated Press
Quaint, isn't it?


The One,
The Only,
--The Kid

You Linux zealots are so predictable

This zealot algorithm is released under the GPL.

1. Search slashdot for pro-Linux comments. Mod them up without regard to the merit of the story.
2. Search slashdot for anti-Linux comments. Mod them down without regard to the merit of the story.
3. Add nightly security patches to Linux and recompile kernel for the umpteen-millionth time.
4. Go back to 1.

Re:Jamie also part of blocked Peacefire.

[strredwolf]

I belive you are well versed with EFF, ACLU, et al that you are a very effective advocate of them; however, since Peacefire lists you as a *member*, I see an extreme bias.

On the allegation:
I'm at least glad to hear that you have attempted contact with Abuse.Net and MAPS. Unfortuantely, I'm dismayed that MAPS didn't talk to you. MAPS is very open on Usenet, and you should post there (Google now allows posting).

There are about 241 spams from email and usenet involving Macromedia. I didn't attempt to filter if they came directly or were spamming Macromedia themselves. Aparently, MAPS was justified in listing with this proof.

Bennett Haselton has also lied to you. He's still talking on Usenet (news.admin.net-abuse.email. Drop in some time!). He is being clued in by many folk as we speak, while continuing to spread disinformation. Talk with someone else from PeaceFire to confirm Bennet's allegations. We (tinw) just don't belive him anymore.

The main questions (in my mind) are now: Has Peacefire contacted MAPS to get off the RBL? If so, Peacefire got swept into it by Media 3 w/o any notice that it was going to be in an RBL block, which Media 3 knew about. If not, then Peacefire knew that it was getting involved to smear MAPS. None the less, a ton of indivitual blacklists have just cut out Media 3.

Keep probing! There's more to this story and we (tinw) sysadmins on NANAE are continuing to probe!

--
WolfSkunks for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.keenspace.com";

MacOS X security/cryptographt code open sourced

[Oniros]

http://www.opensource.apple.com/projects/cdsa/inde x.html

But if we make the drugs illegal...

[Cardinal]

The kids obviously won't be able to get any! She said it herself!

"We are assisting parents the same way we make it illegal to buy cigarettes, to buy guns," said Harp.

Obviously the laws that make it illegal to buy cigarettes and guns are working famously, so a law to ban them from playing games will work great, too!

This senator sounds like a mother who has raised her children while keeping her head planted firmly in the sand. No law, passed at any level of government, will ever be able to prevent kids going postal, any more than a law can prevent them from smoking or drinking while driving.

No drugs for you!

[Magus311X]

Ugh. Gotta love the reactions like this one:

"I would hope if he vetoes it, we don't have a tragedy like ... Columbine, because then he can take some responsibility," she said.

Now that alone is pretty well... sad. That's like vetoing a bill that outlaws gambling and saying "I'm poor! I gambled all my money because I have a problem! You didn't prevent me from gambling so this is all your fault!"

Oh, and let's not forget this:

"I hope he reconsiders," said Harp, a mother of three children. "I don't think he understands the bill. It is not just a violence bill. These are games that train people to kill."

I see. And by that token Flight SImulators make me a pilot, SimCity makes me a qualified mayor, and Transport Tycoon has made me a millionaire. Oh, and Black and White makes me GOD.

You heard her. I am GOD. Now bow before me before my sheep poos on you and I fling you across the state!

-----

Re:No drugs for you!

[doorbot.com]

You know, we need a SimPolitics and then we can get rid of all our politicians (no need for them anymore, anyone who plays the game instantly becomes a politician).

Although the game would probably be too complex to understand, and likely require you to maintain a minimum number of mistresses to continue playing.

Impeach Him!

I see great potential here... the game could even download scenarios off the 'net in real time. In fact, it could be the next insanely popular (I'm serious) MMORPG.

"Backstab your friends, steal your enemy's thunder; build your own government."

Re:Best way to improve NT security: install BSD

[Quietti]

It's well known that the BSD platform on which OS X is based is historically chock full of security holes. Seriously, ditch that and go with Windows NT, a solid OS backed by the world's largest software company.

Read what a MSCE had to say about Why Microsoft uses Solaris instead of NT and how most large corporations are fazing out NT in favor of BSD or Linux. While you're at it, try a search on "blue screen of the death" on Google, for a proof that NT is worthless garbage and that Windows 1901 is even worst.