Slashback: Dell, 800, Disclosure
Spinning so had they can feel it in Ft. Worth. L-Wave writes: "This Story is running on linux.com. Apparently Dell has written an open letter toLinux users. 'Dell has published an open letter to its Linux customers "clarifying" its position as regards the insurgent OS. Actually, the letter is headed "Clarifying Dell and Linux," but either of these would be a massive task, and we think we know what they meant to say.'"
Please note that all Dell is saying here is that they will load customer-specified software at the factory -- it's probably convenient for some customers, but nothing new for Dell. In the case of software with expensive licenses, it means some simplified paperwork. With Free software, it just means convenience. The letter is therefore rather lukewarm, but at least a lot better than refusing to install software that doesn't include a licensing markup.
Brush up on your polite conversation skills. doublem writes: "This site lists the toll-free numbers of known Spammers, so they can be called, harassed and otherwise vented against for their crimes. Something tells me the ./ crowd will like this sort of thing as evidenced by this recent article. I'd like to add 1-888-288-9043 as the number for the well-known VORTEX SUPPLIES, a collection of jerks who refuse to take me off their mailing lists." I started doing the same a few months ago, but this guy has me beat by miles, even if he doesn't list Miss Cleo's number thanks to Psychic spam that knew I'd react with a call.
Yessir, our team goes into action right after the first fortnight. jeffy124 writes "Microsoft has admitted knowledge of an IE bug a full week before a security firm announced it. Turns out sec firm Online Solutions privately informed MS of the bug Nov. 1, but MS initially said they first heard of it Nov. 9 after Online made the find public the same day. MS claims standard procedure of allowing themselves two weeks in order to make sure someone's not cryin wolf and write a patch. They also claimed that no breaches occured during that wait. MS says that Online acted responsibly in their actions, and "'apologizes for innacurate statements.'"
You mean the lawsuits didn't kill it? Far from certain conpiracy theories advanced after Bleem published their own epitaph ShadeEagle writes: "Here we find out that Sony didn't know about Bleem's death until they were asked about it. Gamespot has more relevant information as to the possible (or impossible) future of Bleem." And another gaming note: mickeyreznor writes "According to this article on CNet, Sega appears to be in good financial shape despite the trouble they've had with the dreamcast. In addition, 60 games are being planned for X-box and PS2 over the next year. Sega's future looks bright, and that can only be a good thing for gamers."
The importance is not that they load the OS, it's that they are treating Linux the same as Microsoft. PHB's like to feel secure, and knowing that Dell, a major player in the OEM server / PC market, is offering Linux as a platform they stand behind just like Netware and NT/2000 - makes them feel secure. It all comes down to big management catch words like "Enterprise" "Scalable" and maybe even a little "TCO."
The fight for Linux is not a fight of technical profecciency, that is already achieved, it is a fight of making managers at 35,000 feet feel comfotable with it. (IMO)
Jesse Wolfe Sr. Manager Systems Integration
"We are obviously not going to
respond instantly--we have to sieve the wheat from the chaff to determine how reliable the vulnerability warning is," said Neil Laver, Windows product marketing manager for Microsoft. "Until we can investigate the issue, we are not going to issue a bulletin, as that would create a crying wolf situation."
can anyone argue with this?
I can. It doesn't take a week to recreate an exploit like this and say, "OH shit!"
br>Microsoft is a large enough company to have someone on the job whose exclusive responsibility is to read incoming exploit reports and IMMEDIATELY test the described method. Immediately after that (ten minutes after the report arrived, if they have a bunch of configured machines immediately available - again, MS is big enough to afford this) they can say, "Report verified. Issue a bulletin and get the engineers on the job fixing that bug."
In the case of a major (or any) exploit, there is no excuse for a large outfit like MS to require more than an hour or two to verify that a problem exists. Actually fixing it will probably take longer, but the fact that the expolit exists should be immediately published so those running the affected software can decide if they want to take their servers off-line or take some kind of self-protective action.
If you're a zombie and you know it, bite your friend!
All these phone numbers are taken from spam mailings. The whole reason these numbers were put in the emails was because spammers WANT people to call them. Most of these numbers are just automated machines with menus you have to endlessly punch through before you can get to a real person. It's just like trying to reply to a spam mailing itself asking to be taken off the mailing list.
Outdoor digital photography, mostly in New Engl
Second, the Dreamcast is Windows CE compatible. The OS is actually on the CD (shades of AppleDOS!) and its up to the developer which OS to use. I have three DC games (D2, Seaman, Shenmue), and only the D2 uses Windows. Sega's in-house developers seem not to like it -- can't imagine why.
In the case of a major (or any) exploit, there is no excuse for a large outfit like MS to require more than an hour or two to verify that a problem exists.
Wow! you really have no idea how software development and engineering departments work. With an engineering department that can switch gears and start projects as fast as the one you described we would be able to get a new version of windows ever 2 months.
I will explain to you how most large bug reporting/engineering systems work. First a secretary or intern will be assigned to read the bug mail and sort out the legitimate problems from the lunatics writing in that your product just SUCKS.
If it is a legitimate bug report and it includes all the information necessary to reproduce it then it gets entered in the bug tracking/administration system. An email or memo will be sent to the manager of the division that handles testing.
The manager will assign the bug to a tester who will try to reproduce it. That is after he has worked on all the other items in his queue that have a higher priority. Once he has reproduced it he identifys what component causes the problem (or guesses). And add adds the item as a reproduced bug to the bug tracking system.
The manager in charge of the division that handles that system or component will get the notice and eventually get around (depending on priority) to assigning the bug to an engineer.
The engineer will then start working on the bug, but only after he has already completed what he was working on at the time, and cleared any higher priority items out of his queue as well.
It would take at least a day to go through any one of these steps. And even more time depending on how busy people are and what priority rating the bug gets. Plus in larger companies these things actually go through more steps such as priority assignment meetings and impact analysis.
In short your expenctations are insane. When you are dealing with a company of any size about 30 employees you have to use a system to kepp all of them working, or you are loosing money. That means you need to manage tasks and verify bugs before assigning them to engineers. And you don't have 30 engineers just sitting in the back room waiting to work on whatever you give them. They are probably already working on fixing another terrible exploit. The resources have to be allocated as you go based on what you see the threat as.
Anyway i hope this gives you a little more respect for the engineers who actually do this.
Regards,
----- 70% of all statistics are completely made up.