Slashback: Dell, 800, Disclosure

Slashback this evening brings you an update on the (departed, or departing) Bleem; an open letter from Dell on Linux support for some of its line; another creative way to fight spam; and some gaming updates for everyone whose thumbs still function.

Spinning so had they can feel it in Ft. Worth. L-Wave writes: "This Story is running on linux.com. Apparently Dell has written an open letter toLinux users. 'Dell has published an open letter to its Linux customers "clarifying" its position as regards the insurgent OS. Actually, the letter is headed "Clarifying Dell and Linux," but either of these would be a massive task, and we think we know what they meant to say.'"

Please note that all Dell is saying here is that they will load customer-specified software at the factory -- it's probably convenient for some customers, but nothing new for Dell. In the case of software with expensive licenses, it means some simplified paperwork. With Free software, it just means convenience. The letter is therefore rather lukewarm, but at least a lot better than refusing to install software that doesn't include a licensing markup.

Brush up on your polite conversation skills. doublem writes: "This site lists the toll-free numbers of known Spammers, so they can be called, harassed and otherwise vented against for their crimes. Something tells me the ./ crowd will like this sort of thing as evidenced by this recent article. I'd like to add 1-888-288-9043 as the number for the well-known VORTEX SUPPLIES, a collection of jerks who refuse to take me off their mailing lists." I started doing the same a few months ago, but this guy has me beat by miles, even if he doesn't list Miss Cleo's number thanks to Psychic spam that knew I'd react with a call.

Yessir, our team goes into action right after the first fortnight. jeffy124 writes "Microsoft has admitted knowledge of an IE bug a full week before a security firm announced it. Turns out sec firm Online Solutions privately informed MS of the bug Nov. 1, but MS initially said they first heard of it Nov. 9 after Online made the find public the same day. MS claims standard procedure of allowing themselves two weeks in order to make sure someone's not cryin wolf and write a patch. They also claimed that no breaches occured during that wait. MS says that Online acted responsibly in their actions, and "'apologizes for innacurate statements.'"

You mean the lawsuits didn't kill it? Far from certain conpiracy theories advanced after Bleem published their own epitaph ShadeEagle writes: "Here we find out that Sony didn't know about Bleem's death until they were asked about it. Gamespot has more relevant information as to the possible (or impossible) future of Bleem." And another gaming note: mickeyreznor writes "According to this article on CNet, Sega appears to be in good financial shape despite the trouble they've had with the dreamcast. In addition, 60 games are being planned for X-box and PS2 over the next year. Sega's future looks bright, and that can only be a good thing for gamers."

Dell and Linux kinda a big deal

[compugeek007]

Getting Dell to maintain installation of Linux is kinda a big deal. I scope out servers from Dell often for my job, and I know as well as any other sys admin that when a box comes with any OS pre-loaded the first thing to do is wipe it out, resetup your RAID set and reinstall.

The importance is not that they load the OS, it's that they are treating Linux the same as Microsoft. PHB's like to feel secure, and knowing that Dell, a major player in the OEM server / PC market, is offering Linux as a platform they stand behind just like Netware and NT/2000 - makes them feel secure. It all comes down to big management catch words like "Enterprise" "Scalable" and maybe even a little "TCO."

The fight for Linux is not a fight of technical profecciency, that is already achieved, it is a fight of making managers at 35,000 feet feel comfotable with it. (IMO)

Re:Dell and Linux kinda a big deal

[DGolden]

You've got a good manager. What if your manager is country club or golf buddies with the local microsoftie, and just tells you to go microsoft regardless? Microsoft are GOOD at manipulating the opinions of the technically-clueless, by "networking". Happens all the time in Ireland+England, anyway. The subverted manager will just ignore what you say, and, when you quit*, they'll just hire a drooling-idiot MCSE to be their yes-man to back up their decisions to their bosses.

*of course, chances are, an already-subverted manager means that you woulnd't have been hired.

If you really want to get rid of MS stuff, you have to buy a few shares in the company, then go to the shareholder meetings, and vociferously question their IT overspend relative to a linux or bsd solution.

Re:why anti-MS?

[innocent_white_lamb]

"We are obviously not going to
respond instantly--we have to sieve the wheat from the chaff to determine how reliable the vulnerability warning is," said Neil Laver, Windows product marketing manager for Microsoft. "Until we can investigate the issue, we are not going to issue a bulletin, as that would create a crying wolf situation."

can anyone argue with this?

I can. It doesn't take a week to recreate an exploit like this and say, "OH shit!"
br>Microsoft is a large enough company to have someone on the job whose exclusive responsibility is to read incoming exploit reports and IMMEDIATELY test the described method. Immediately after that (ten minutes after the report arrived, if they have a bunch of configured machines immediately available - again, MS is big enough to afford this) they can say, "Report verified. Issue a bulletin and get the engineers on the job fixing that bug."

In the case of a major (or any) exploit, there is no excuse for a large outfit like MS to require more than an hour or two to verify that a problem exists. Actually fixing it will probably take longer, but the fact that the expolit exists should be immediately published so those running the affected software can decide if they want to take their servers off-line or take some kind of self-protective action.

These phone numbers are helping spammers.

[MongooseCN]

All these phone numbers are taken from spam mailings. The whole reason these numbers were put in the emails was because spammers WANT people to call them. Most of these numbers are just automated machines with menus you have to endlessly punch through before you can get to a real person. It's just like trying to reply to a spam mailing itself asking to be taken off the mailing list.

Re:These phone numbers are helping spammers.

[jonesvery]

The whole reason these numbers were put in the emails was because spammers WANT people to call them. Most of these numbers are just automated machines with menus you have to endlessly punch through before you can get to a real person.

Yeah...ok...but I believe that tthe point is that they're 800 numbers, so these companies will *pay* for that call whether or not you talk to a real person.

Re:why anti-MS?

[innocent_white_lamb]

getting something like this done in 2 weeks isn't bad for a large corporation

But THIS is security! To take a real-world example, if you break into a bank at night and start carrying out the cash, the security guards don't have to stop and ask their supervisor to wait for the next board meeting (in three weeks) to obtain permission to apprehend the criminals.

There's no room for bureaucratic bullshit in matters of security. You set a policy that affords the maximum protection to your customers, and follow that. No ad-hoc decision-making required. If there's a possible exploit, test it NOW and report NOW and release an advisory RIGHT NOW. Period. Just like apprehending the criminals on the way out of the bank. "Halt! You're under arrest!"

Re:XBox, bah

[Bullschmidt]

By jacking up sales, you actually make it cheaper for them to make them, so eventually they make money on the XBox - economies of scale. Its expensive at the start, but in the end they make money, even off the box, once they get production ramped up and going hard. So you are really just helping them along to making money on it.

Re:Disloyal Dell

[jeffphil]

Companies do things all the time "just for the good of it." That's why they participate in Charities, that's why they offer customer support which makes them no money. In their books they can actually valuate this as "GoodWill" which increases the value of their company and thus increases shareholder value.

Yes, all the other companies jumped on the same bandwagon as you say. -- However the rest are following through with their words. -- Dell is not, and Dell made a bigger fanfare than any of the other big computer makers and never did one single thing except put a page on their site that rarely worked.

And don't worry, this "naive person" stopped buying, recommending, and supporting Dell a year ago. The "bottom line" for me is not just to stop buying their products, I also have the right to tell others why they should stop being Dell zealots and get a clue as to what this company is really all about --> making Michael Dell rich.

Modem dialing...

[Mike+McTernan]

So now all I need to do is to get busy with wget | sed, make some chat scripts and have my computer dial these guys when I'm not doing anything.

Of course, I'll have to modify the init string so that it doesn't try to negotiate a modem connection, otherwise it will fail too many times and the numbers will become BLACKLISTED.

Oh - and I need to move to the US since it won't be free otherwise :(

Re:Stop bashing the X-Box!

[fm6]

Everyone here is all upset because the X-Box runs Windows. Well, guess what. So did the much-beloved Dreamcast

Wrong on two counts. First, people care less about what OS the X-Box runs than the fact that any profit it makes goes into Mister Bill's pocket. Petty of us, perhaps, but he's already the richest person in the world. Shouldn't somebody else have a chance?

Second, the Dreamcast is Windows CE compatible. The OS is actually on the CD (shades of AppleDOS!) and its up to the developer which OS to use. I have three DC games (D2, Seaman, Shenmue), and only the D2 uses Windows. Sega's in-house developers seem not to like it -- can't imagine why.

Re:A couple of notes

[bugnuts]

Yep. Consider an 800 number to be a collect call. You can't block the number, even if it's unlisted.

Re:why anti-MS?

[Darkfred]

In the case of a major (or any) exploit, there is no excuse for a large outfit like MS to require more than an hour or two to verify that a problem exists.

Wow! you really have no idea how software development and engineering departments work. With an engineering department that can switch gears and start projects as fast as the one you described we would be able to get a new version of windows ever 2 months.

I will explain to you how most large bug reporting/engineering systems work. First a secretary or intern will be assigned to read the bug mail and sort out the legitimate problems from the lunatics writing in that your product just SUCKS.
If it is a legitimate bug report and it includes all the information necessary to reproduce it then it gets entered in the bug tracking/administration system. An email or memo will be sent to the manager of the division that handles testing.
The manager will assign the bug to a tester who will try to reproduce it. That is after he has worked on all the other items in his queue that have a higher priority. Once he has reproduced it he identifys what component causes the problem (or guesses). And add adds the item as a reproduced bug to the bug tracking system.
The manager in charge of the division that handles that system or component will get the notice and eventually get around (depending on priority) to assigning the bug to an engineer.
The engineer will then start working on the bug, but only after he has already completed what he was working on at the time, and cleared any higher priority items out of his queue as well.

It would take at least a day to go through any one of these steps. And even more time depending on how busy people are and what priority rating the bug gets. Plus in larger companies these things actually go through more steps such as priority assignment meetings and impact analysis.

In short your expenctations are insane. When you are dealing with a company of any size about 30 employees you have to use a system to kepp all of them working, or you are loosing money. That means you need to manage tasks and verify bugs before assigning them to engineers. And you don't have 30 engineers just sitting in the back room waiting to work on whatever you give them. They are probably already working on fixing another terrible exploit. The resources have to be allocated as you go based on what you see the threat as.

Anyway i hope this gives you a little more respect for the engineers who actually do this.

Regards,

Re:Stop bashing the X-Box!

Play the X-Box and Gamecube side by side fucktard - this 'wimpy' RISC processor can easily keep up with your M$ whale while pushing more textures to boot

Re:why anti-MS?

[Thatman311]

Whelp...that pretty much sums it up as to how it works at MS. It takes time and usually the developer that has to fix the issue has to look at code that is over a year old since they last looked at it. So there is some ramp up time for the dev to figure out how it is best to fix it. Then even after you have a "fix" the testers have to check it not only to make sure it fixes the security hole but that the functionality is what it should be and sometimes due to the fix that can spark off a round of meetings to figure out just exactly how the fix should be implemented since some functionality may have to be taken away.