Slashdot Mirror
Slashback: NWLink, Vivendi, Gatherings
"Uhh ... isn't this the 'Slammer'?" An anonymous reader writes "According to the BBC, two people suspected of creating the Slammer worm have been arrested in a combined operation by the FBI and the UK's National Hi-Tech Crime Unit. The raids in the UK resulted in the seizure of two men, aged 19 and 21, accused of being members of a hacker group that calls itself THr34t-Krew."
Gather together, hoist a few drinks. We've made a few mentions of this year's CodeCon; Len Sassaman writes "The schedule for CodeCon 2.0 is now online. CodeCon is already starting to get some media attention. There's less than two weeks left to register at the reduced rate, and conference seats are filling up quickly.If this conference is anything like its predecessor, expect to see some of the most interesting new technology of the coming year discussed."
And a slightly different type of gathering: Tony Stanco writes: "The agenda is up for the March 17-19 Open Source in Government conference and the free registration is now open. Please see www.eGovOS.org.
It promises to be another educational and exciting event with over 120 sessions and the keynote from the White House. Even Microsoft is trying to directly engage the community at this conference."
On the count of three, everyone shrug at once. In January, I posted a link ("far from confirmed") about the possibility that Microsoft would buy Vivendi. Now, Yagdrasil writes "USA today is reporting that the Microsoft buyout of Vivendi's game division (which includes Blizzard) was a hoax. It looks like the hoax originated from a student at Purdue."
But the EOLs are nearly upon us! Flee! Wister285 writes "Mandrake announced that they are going to stop updating the packages of 'legacy products.' It seems as though they took their cue from Red Hat and their continuing financial problems. I was a little surprised though about how short the support periods will be. Mandrake 9.0 will be considered obsolete September 30, 2003 (for desktop) and March 31, 2004 (for the base). This brings up two questions. First of all, do distros release too often thus creating too many versions to maintain? Secondly, how much faith do you have in the upgrade feature of install?"
I hope it features a dunk tank and some perpetrators. The ongoing war on spam continues; here's your chance to influence its direction (or at least to hear about what's going on in that sphere), even if you missed the conference at MIT. wayne writes "The Federal Trade Commission (FTC) announced today that they will be holding a three day public SPAM workshop in the end of April. I wonder if they will get an overflow crowd they way the MIT SPAM conference did. I hope they also make streaming video available."
Bandwidth is expensive. ndogg writes "NWLink.com has posted a response to the events that have happened in regards to SDF. In short, they say that they support SDF and what it is doing, however, the DDoS attack over the last three weeks has been costing them a lot of money."
fonixmunkee puts it differently: "The message is an interesting read, to say the least. instead of working the issue, NWLink's apparent (unofficial) solution to combating DDoS'es is to simply terminate the subscriber's connection. with all the slammer worms & Code Reds nowadays, NWLink should have no more customers left in about 2 years."
Legal liability is expensive, too. Tom Allender writes "irc-chat.net has announced a more restrictive Acceptable Use Policy after being contacted by the MPAA. They also refer to DALnets AUP changes mentioned here recently."
It's just that this one "source" was invalid. Reuters and AP ran wire stories on this last week, before the Purdue student put up the webpage. The first known report from ComputerAndVideoGames.com was posted over two weeks ago.
Given the "publicity" of this hoax, and the widespread rumor-mongering of this deal, I'd say that Microsoft might be using this story as a red herring to make people think that the talks never existed. It's still going on, people, and it's still a very real possibility/threat.
"Mod, mod, mod...and another troll bites the dust."
What everyone forgets is that with spam, you only get responses from one of about every couple hundred people. There's no way to win those idiot over. And until spammers start getting NO responses, they don't CARE how many inboxes they need to fill to get their 3)Profit! We just need to ENFORCE THE OPT OUT MODEL. If I don't want your spam, chances are pretty damned good I wouldn't buy from you anyway, so who looses?
Seriously, if I ever start a hacker group, I'm calling it "Me and a few buddies". The lewtspeak hacker names went out with the 80's. Now it just makes it sound like a group of 16 year old HS students.
I do security
Tom Allender writes "irc-chat.net has announced a more restrictive Acceptable Use Policy after being contacted by the MPAA
It doesn't matter how smooth you think you are, we'll get you eventually. Don't cross the MPAA!
You are all pirates, plain and simple.
couldn't have written slammer; unless of course M$'s sucurity sucks that much shit....
I suppose it is rather rude of me to judge a group by its name; let's still hope that it is a parody of something.
You can't judge a book by the way it wears its hair.
Jesse Newland
Call me ignorant, but what exactly is SDF, and what is the situation with them? I'm sure I missed a story somewhere, but come on, can someone spell it out for me?
When in danger or in doubt, run in circles, scream and shout. --Robert A. Heinlein
Read the #$*&^ stories before you post them!!! The people arrested were arrested on drug charges and for work on the TK worm, NOT Sapphire/Slammer.
.@.
"Microsoft and news network CNN said they were hit by a hoax Monday after a faked Web page erroneously reported the software giant had agreed to buy the video game operations of French conglomerate Vivendi Universal."
What does this mean? It means that Microsoft has *not* bought out Vivendi.
It does not mean that they are not currently in disucssion to do so. There's been a lot of rumours from a lot of sources - and no-one would deny that MS is one of the front runners in contention to buy Vivendi.
So it's far from off the cards yet.
March 17th == St. Patricks Day
Washington D.C. != Dublin, Ireland
Dublin, Ireland == my.home
Never underestimate the dark side of the Source
That was my first linux distro, and it actually DID suck quite a lot! Ive seen mandrake get better, and I'm running Mandrake Cooker 9.1 right now, and its got the new kde 3.1 and gnome 2.2, although they still need the last few bugs to be ironed out
The community side is great too. Urpmi kicks ass and Mandrake is what debian WANT's to be but can't.
I can understand 8.1 since thats now almost 2 years old, but 8.2 & 9.0? Thats crazy!
Don't forget to have your pgp key ready when registering for CodeCon. Then you can participate in the key signing.
burris
According to The Register these guys are not responsible for Slammer, but for some other little-known worm. The article also mentions the arrest of one other person in the USA somewhere.
Never, ever lose a file again. Ever.
Finally, the quantity I want because a 128oz cup still not big enough!
--
But then again I thought VCR+ was a stupid idea and would die a quick death--so what do I know?
Yeah, I heard about that.
Even Microsoft is trying to directly engage the community at this conference... with a 105mm Howizter.
Never, ever lose a file again. Ever.
Hardly seems like a misuse of technology to me. Organ transplant rejection is a terrible killer of hospital patients, and this research seems like a very promising route to a possible solution.
Furthermore, the ethical issues governing the treatment of animals used in research are commonly reviewed by a board at the university where the research takes place. Why don't you contact the relevant board at Nebraska and inform them of your concerns? It's a trifle off-topic in a Slashback forum.
you un-hip luser.
As a sysadmin, I have the right to make mistakes and make others feel bad about them. I also have a right to get my joke stolen by another poster.
You can't judge a book by the way it wears its hair.
Several years ago, I worked for a company that wrote their billing software. There are a bunch of good people over there. It's a shame to see that they are getting hammered in this way.
As we finish out a week in which we find out there's a new desktop consortium with huge industry leaders footing the paybill, I must question others as to whether or not these MPAA/RIAA rulings and covert operations are good for Linux as we know it.
Linux thrives on open program exchanges, so if these industry behemouths are hell intent on shutting down and and all file sharing, how would code be distributed in the future?
How will the MPAA, FBI, ect. be able to determine whether you're trading the latest Top 40 mp3 or if you're sending Linux code?
Thanks in advants to any one who can provide links to interesting information about this topic.
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
ipxodi
...on the Mandrake mailing lists.
I made a proposal that Mandrake make support of legacy distros a sort of "street-performer" system. Vincent Danen, Mandrake's security guy, who would have to oversee the update process, has indicated that he's not opposed to this idea, though he's not legally able to promise anything. Others at MandrakeSoft have indicated that this appeals to them.
My plan is quite simple: if $30,000 (or some similar number... I started with $50,000 but have further reviewed the numbers) per year (per legacy version) can be raised from interested parties, security updates and so forth will continue to be released for that legacy version for an additional year. Unlike the Mandrake Club, this money would be used exclusively to hire an additional member of the security team who would build and test updates for the legacy version(s), as well as provide fast-response tech support to those who paid. The security updates would be available to all (with a possible 24-hour exclusive window for the contributors).
Some have commented on how $30K may be too much money, but I don't see it that way. It's a question of how many organizations (especially businesses) are using old Mandrake versions. If 500 such businesses contribute $60 each, they ensure security updates continue. Considering how much it would cost to do an upgrade (in labor costs, especially) and even a couple of hundred dollars is not out of the question.
NOTE: the above is not necessarily an official position of MandrakeSoft. However, if they get commitments from people (more than just posting on Slashdot or sending an email) to pay, I cannot see them refusing. I have no connection with Mandrake, short of being an occasional contributor to their development process.
I applaud this IRC network for its stance related to the MPAA demands, and I hope it can survive the worst that the MPAA can throw at it.
Seriously, its about time that people started requiring evidence and due process of law again when dealing with criminals. Letting the MPAA and RIAA bully people around with the threat of ungrounded DMCA action has gone on long enough.
I still want to hear about someone getting a piece of the RIAA or MPAA's hide over a misfired DMCA letter, using that clause requiring them to pay for damages if it turns out that there was no copyright infringement.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Leet speak is used by moronic script kiddy wantabe hackers.
As for the name, "Threat Crew?" I guess throwing leet in there makes it even cooler sounding.
I suggest next time they try using "Du/\/\b 455 5cr1p7 k1ddy5."
Maybe the usa today article is a fake article about the fake cnn article. think about that!
I've had a DSL line with nwlink for the past 4 years. I've *never* had any significant problems with them. I even mentioned I was using a linux box to NAT some internal machines to one of their service reps, he couldn't care less. My net connection has been great, I ssh to home from work for 8 hours a day to keep tabs on email.
Two years ago they had a food drive where customers bringing in a couple cans of food got a discounted rate for a month. Kinda neat, you don't see too many companies doing that type of thing.
First of all, do distros release too often thus creating too many versions to maintain? Secondly, how much faith do you have in the upgrade feature of install?
Maybe all these commercial groups should take a page out of Debian's book. Potato, the OLD stable release, is still supported and has security updates issued.
On the other hand.. How fickle people are! First Debian releases too slowly, now RH & Mandrake release too often! Is there middle ground?
As for upgradeability, upgrading between Debian distributions is a breeze due to the high-quality packaging.
Using your sig line to advertise for friends is lame.
As we see yet-another Windows virii hit the mainstream press, I think it's time to really start preeching the Linux payload -- "We can deliver an instantly secure system that's unvulnerable to today's modern computer viruses".
;-)
With that tone, I think we could sell Linux to any corporation and even small businesses.
MCRSFT has a huge monopoly on the small business and business-2-business dealings these days here in America, but I for one say its high time that we embrace and extend the Linux way to implore just how rock-solid our OS's truely are.
Anyone who questions Linux's power of security compared to Window's needs a head exam
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
- they didn't write the virus; and
- you are a troll
Always get your facts straight, I say.Please stop equating Vivendi (2001 revenues : $60 billions) with its game publishing departement (2001 revenues : Vivendi is too big a fish for Microsoft (2001 revenus : $25 billions).
Don't forget Vivendi is also the global leader of environnemental services with Vivendi Water (water), Onyx (waste management), Dalkia (energy) and Connex (transport). This alone accounts for $30 billions annual revenues.
It's still a valid address that can be sold off to someone else. Lists are sold at a price based on how many are on the list. Not how many want to be on the list.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Welcome to the only all 64bit public access supercomputing center!
The Super Dimensional Fortress is a networked community of free software authors, teachers, students, researchers, hobbyists and enthusiasts. It is operated as a nonprofit 501(c)7 and is supported and governed by its members.
Our mission is to provide remotely accessible computing facilities for the advancement of public education, cultural enrichment, scientific research and recreation. Members can interact electronically with each other regardless of their location using passive or interactive forums. Further purposes include the recreational exchange of information concerning the Liberal and Fine Arts.
Members have access to games, email, usenet, chat, bboard, gopherspace, webspace, programming utilities, archivers, browsers, and more. The SDF community is made up of caring, highly skilled people who operate behind the scenes to maintain a non-commercial INTERNET.
While we did initially start out on a single computer in 1987, the SDF is now a network of 8 64bit enterprise class servers running NetBSD realising a combined processing power of over 21.1 GFLOPS.
For information about membership levels, click on 'donate' above
Although the spaceship was my first thought. And yes, you did miss a story.
--
But then again I thought VCR+ was a stupid idea and would die a quick death--so what do I know?
That Vivendi Universal is just using this as a way to get other investors to bail them out and buy them.
If Microsoft is considering buying Vivendi Universal's game divisions, some might think that it is a deal that is worth more then it is.
I can see someone thinking "They must be good and worth a lot if Microsoft is considring buying them, maybe I should get in on the action before Microsoft does."
Even if Microsoft never buys their divisions, just being considered worth purchasing by Microsoft will increase Vivendi's value. I wouldn't be supprised to see more people poping up to get some of the action that Microsoft passed up on.
Yeah, I know this could have an oposit effect, it must be bad if Microsoft didn't buy Vivendi. But I tend to think that it will still attract more inverstors either way. In Vivendi's situation this is proabably a win win opertunity.
i take it fonixmunkee has never worked at any sort of isp/ipp. hm...let's see...we have client A who pays us X amount a month for bandwidth. we have clients B C D E F who are all paying us 5X a month for bandwidth. A gets attacked and sucks up everyone's bandwidth so BCDEF all want refunds. why in hell should nwlink keep A as a customer when it may (and probably did) cost them other, paying, _good_ customers in addition to having to put out money in refunds to keep customers happy?
i'd have done the same thing in their place, yanked the cat5 out and called them saying "hi, your machine is being attacked and is costing us tens of thousands of dollars. it will remain off until such time as it is no longer a threat to our business. sorry."
ddos attacks are outrageously hard to track and stop if done correctly. the only effective way to quickly restore service to a network that is being crippled by one is to null-route the destination ip at your border router and turn away any/all packets meant for it immediately
-dk
Dream with the feathers of angels stuffed beneath your head.
Lets see how long this will last.
Is this account Tps12's new trolling account? This fits the good/bad news for linux trolls, and their karma whoring patterns.
We keep reading about all these spam conferences and how we can make a difference and all that.
My question is this.
EVERYONE knows what a pain in the ass spam is.
NO ONE likes it. Why in the hell are people still debating this crap?
Yeah, I am aware that they are determining different ways to handle it and everything, but what's the point?
There is no viable solution other than using trusted addresses or outlawing it and making HUGE FINES the cost of spamming.
So, do that and your spam problem goes away.
Sent from your iPad.
I recently upgraded an old faithful server from RedHat 6.1 to 7.3. I allowed an entire day for the process, and was very worried as the machine held almost the entire working life of about 100 people.
Flawless victory. Back up and running perfectly inside two hours. I was quite impressed for such a large version jump.
Wasting your time since 1997.
This past year, I was accepted into Carnegie Mellon's [cmu.edu] School of Computer Science [cmu.edu]. It has been a remarkable experience that I would lik e to share with the Slashdot community. Here's an account of my experience.
Week 1, Sunday: I moved in today. My roommate, a sophomore CS student, had already moved in tw o days before me. The floor is already completely covered with garbage. He also smells. I think he might be gay too. He's already asked me if I like the color he painted his toenails. This should be interesting. I am almost completely settled in. Techno music is playing in every room in every floor of my dorm. There are computers and other types of trash out in the common areas. What a mess. Tom orrow, I am going to go sign up to get my network connection.
Week 1, Monday: I got hooked up to the CMU network today! I jacked into the network, only to f ind that the hostname and address assigned to me were colliding with another system. I'll just increm ent the network numbers a few times. I am really eager to get on.
Week 1, Tuesday: I am still looking for a free IP address. Can't anybody here properly configu re their systems?
Week 1, Friday: I finally found a free IP! It's mine! You sons of bitches can't have i t, I found it, I keep it, it's mine! To hell with all of you! Head hurts really bad. I've slowly be en developing a headache since I first arrived. Everywhere I look there are these Lucent Technologies wireless access points. I wonder if that's the problem.
Week 1, Saturday: I sat down at my computer today. My desktop wall paper is now the goatse.cx guy. Pleasant. Scattered over every directory on my C: drive are thousands, possibly millions, of fi les titled "J00AR30WN3DBITCH-phj33r-" and then some random hacker's name. Don't these people have liv es? Maybe they need laid or something. It'd take days to clean this out. I mentioned to my roommate that I needed to reinstall Windows, and immediately he jumped up and shouted: "NO! Do NOT use Window s!" Suddenly, two dozen other guys (all of them possibly homosexuals) appeared at the door, each tout ing an operating system called Linux. Half of them got into a fight over which was better, Debian, Re dHat, Slackware, and a bunch of others I couldn't recognize. Some kid who appeared to not have shower ed since he was born was touting "Linux From Scratch", saying that only losers used pre-made distros. A crowd of people in the back kept quiet about how I'd be sorry if I used Linux instead of BSD on the network. Who the fuck are these people? Classes start next week. Hope I have my computer working s o I can do my assignments.
Week 3, Friday: People are still trying to get Linux to work on my system. They keep telling m y that my hardware sucks. We go through about four or five distributions a day. Every now and then, I notice a little devil on my screen. Stickers for every of these distributions have been plastered o n my case. Suddenly, my room stinks a lot more with these people in here. I ask them why they never shower, and the usual response is something along the lines of "showering is like rebooting" and "I do n't want to lose my uptime."
Week 3, Saturday: There's a troop of men running naked in a circle around McGill Hall. I am no t even going to ask.
Week 4, Wednesday: Linux is FINALLY working on my computer! I have a pretty slick desktop too. I think I might like this. I can finally work in my room instead of the labs, although considering the every increasing layer of garbage on the floor...
Week 4, Thursday: My computer flashes messages about how I am "0WNX0RED" and how I should "PHJ3 3R" whoever and how "L4MEX0R" I am for having an insecure box. A kid suggests we reinstall Linux afte r discovering about 17 rootkits.
Week 5, Friday: Someone got BSD working on my computer. I wonder if this will last. The stres s has been building and I forgot to take a shower this morning.
Week 6, Tuesday: Seems I have been "0WNX0R3D" again. Took longer this time. Minutes later, so meone comes in with a "Bastile Linux" install CD. He gets started installing. I am feeling very susp icious of these guys.
Week 6, Thursday: Everyone seems to know more about my system than I do. It's a bit unnerving. I guess anyone could feel upset from this sort of treatment. They hack my box, trash it, then reins tall everything. I guess they think they're being funny. My dirty clothes are piling up and I am out of clean ones. I don't have time to do laundry, I'll have to wear something out of the pile.
Week 6, Friday: I got up this morning, sat at my machine, and stared at it blankly. An icon ap peared on my desktop for Quake III. I suppose it couldn't hurt to play some. I have been very stress ed lately.
Week 6, Sunday: I lost track of time! I started playing Quake III on the network with some oth er CMU students (who killed me hundreds of times in the course of 10 minutes) and completely lost myse lf. There's a bag of chips that has been sitting here for a few weeks. I think I'll finish those off for breakfast and then go to sleep.
Week 7, Wednesday: I masturbate every day now. Not a single girl comes near me. This is so de pressing. Do I really smell? Oh well, I have the task of learning how to secure my Linux box to keep me busy. Who has time for the opposite sex after all?
Week 8, Tuesday: I got into a fight with this little shit who kept telling me RedHat was great. What a fucking moron! Anybody who knows Linux knows that Debian kicks its sorry little ass. I'll b e getting my judiciary papers for the incident in the mail. Doesn't this school get it? I can't let someone go around converting people to RedHat! WtF!?
Week 8, Friday: My roommate squeezed my ass today! At first I was shocked and appauled, and I told him off for it. Thinking about it later though, there was just something that seemed too strong about my reaction. I'll talk to him later and appologize for getting so upset, it wasn't really so ba d.
Why bother.
If the DDoS attack against SDF was really costing them money, then it is within NWLink's moral and legal rights to cancel the contract. The problem is that NWLink canceled SDF's contract immediately with no advance notice whatsoever.
Even 48 hours of advance notice would have made a huge difference, as people would have been able to log in to download their important files and take care of any last minute correspondance with important contacts. Hell, even six hours of advance notice would have difference.
I'm told that NWLink was required by their own contract to give SDF fifteen days of advance notice in writing before pulling the plug. If that's correct, then NWLink legally violated their contract and ought to have its bottom spanked in court. But even if NWLink did have the legal right to do what it did, they've nonetheless demonstrated that they are untrustworthy and unprofessional business partners.
Steve
I get So Sick of people bashing distro's because of support EOL. Look, these packages are out there and get fixed usually with or without the distribution support. Upgrade what you need. If you want things to be *automagic* then you will likely have to pay for them. If you want packages upgraded for your old distro's you know 'ol RedHat will have to update the source for their Advanced Server/Workstation product anyhow so just build it man! I think too much of free and easy has adled the reasonable expectations of too many people.
HKF
NWLink pulling the rug out from under SDF with no warning was bad. It left alot of people high and dry with email and websites down.
What's worse is that the VP of NWLink made it even more difficult because he trash-talked about SDF with other co-lo providers in the area. One competing provider rescinded a written offer because of this.
And, remember, this is because SDF was the victim of an attack.
_.:*~*:._.:*~*:._.:*~*:._.:*~*:._.:*~*:._
ASCII art?? I thought it was a REGULAR expression
For those attending codecon there will also be a WiFi Caravan traveling from Portland OR to San Francisco which all are welcome to participate in.
:-)
We will be out and about on the evenings after the conference precedings if you dont feel like driving all the way to portland
As one last FYI, be sure to bring your wireless gear to codecon! There will be lots of A/V streaming going on, and lots of wireless enabled presentations in addition to other fun stuff.
Check out the InfoAnarchy CodeCon 02 coverage if you would like a better feel for what this conference is all about...
Rather than releasing new versions, perhaps the distro vendors should eliminate the concept altogether in favor of the sort of seamless, continuous per-package upgrading I suspect most people would like to see. Does anyone really care what version number a distribution has? I suspect more people care what kernel and security patches and application versions they're running.
For the user, this would have the advantage of being able to click a button or insert the latest update CD and upgrade all of the necessary packages. (We presume, of course, that you could elect to forego certain upgrades -- one might wish to continue running Apache 1.3.x instead of a 2.x version.)
For the vendor, this would be an obvious opportunity to sell subscriptions as well as avoid the endless cost of producing shrinkwrapped distributions.
Of course -- of course -- this would require greater effort on the part of vendors to make sure that the upgrade process is robust and seamless so as to avoid the problems M$ customers have with their so-called Service Packs, but it ought to be doable.
Proud member of the Weirdo-American community.
They both suck so who cares?
Dear lord! Are they showing Pokemon to suspected criminals now??
This is COMMON. On an IRC network I am involved with, over the years we have taken to asking potential new server links in advance what the ISP policy is on DDOS, because we found that many ISPs would simply let a customer go if they found out a DDOS was targeted at them. In addition, often times this was accompnied by a large fee for the overuse of bandwidth (don't let the door hit ya on the way out.)
To me, this is a crime, because the ISP (and their ISP, their ISP's ISP, etc) are responsible for the structure of the internet, its technologies, and its suseptability to DDOS in the first place. Its their technology, their problem. In addition, they could detect the problem when it does happen and filter it.
They provide bandwidth as a service.. if it can get tanked by a bunch of script-kiddies how is that not their fault, ultimately? How is it mine? -Lecca
"In a time of universal deceit, telling the truth becomes a revolutionary act" - George Orwell
Does this mean everything on Press Pass is a hoax?
Why not start up a consultancy to do just that? If your numbers are good, you could make quite a bit.
He who laughs last is stuck in a time dilation bubble.
Nah, it's Friday afternoon i-need-one-more-coffee typing :-)
Friday afternoon? It's Friday morning here (11:40am) in Tokyo... where is it Friday afternoon already?
3cx.org - A truly bad website.
I was running Woody on my desktops when it was testing and when testing became Sarge it really didn't matter as far as my machines were concerned. Like many people who use Debian on desktops, my machines are always somewhere between Sid and Testing with the odd non-official package here and there. For the most part it is the scenario you have in mind. I think you're right in that it would be nice for a paid support model as well.
I imagine its a similar experience on ports based BSD systems and Gentoo.
I can think of some things that would make a lot of the people here bitch though. Such a distribution would have to hang back 6 months or so from OSS/Free's bleeding edge. If say, an engine for vector graphics on the desktop comes out for XFree86, the distro won't be able to include it until it's solid. Contrast that with the people here who will spend 3 hours compiling tarballs so they'll be the first kid on the block to have it. Those same 'leet kiddies will whinge "Incremental distro will never succeed unless it's more current!" Solidity and up-to-last-week currentness are mutually exclusive.
There's also the question of how to handle major infrastructure transitions. I'm thinking of things like from XFree 3.x to 4.x, libc5 to libc6, KDE2.x to 3.x, kernel 2.4.x to 2.6.x, and last but not least GCC 2.9x to 3.x. Not to mention major changes in server daemons like Apache and Samba. The major libc and GCC increments are thankfully infrequent but they're also the worst. They both have severe consequences for backwards compatibility with older binaries and source trees. My point is that such transitions will force "Incremental Distro" to draw hard lines from time to time on what they'll support and what they won't. Shoot! Some people are still running heavily patched 2.0 kernels.
This brings up the other group of people Incremental Distro can't always make happy : The Ultraconservative Sysadmin. Sooner or later, support for say Apache 1.x will only be handled by boutique consultants. Most everyone but the Ultraconservative Sysadmin will have moved on. I think what will happen is that the distro will have to define brackets in time that start with those major transitions. During the bracket period (two years say) they'll have to maintain a branch of pre-transition compatible packages. The other thing they could do is be cold blooded about Ultraconservatives and just bump everybody up when these changes happen. Ultraconservative Admin is probably clued enough to manage his own upgrade schedule from patched source.
The REAL problem is that OSS/Free is developed and maintained on Internet Time. I suppose another outcome would be a spectrum of (differently organized) incremental distros with more and less aggressive attitudes toward upgrading.
Two weeks ago, I read A Plan for Spam article from the last conference, announced on Slashdot. There, the author describes spam-of-the-future as "some completely neutral text followed by a url".
Voila, the future has come. Yesterday I got a short message in Russian, in friendly tone, with an URL. Just like the ones I sometimes get. I'm a webmaster of a site with diverse content, and strangers sometimes send me stuff like this for news etc. There is absolutely no way to tell whether it's a spam or not without visiting the URL.
While the developers wrestle with one strategy and openly discuss the remedies, the spammer sees it and picks the next strategy, always ahead of you! Who benefits more from these conferences, good folks or the spammers?
One fix I'd propose is to stop publishing and webcasting the conference stuff. Then the spammers would have to attend in person. You know what happens next. A spammer surrounded with angry geeks :)
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
If spammers are selling lists of those who have opted out, here's a way to keep those lists from doing any harm: Require those who sell lists of e-mail addresses to include, in any list of addresses, whether or not the user has opted out of any UCE communication. Require those who buy lists of e-mail addresses and then spam those addresses to disclose from whom the spammer bought the address. Then ban spamming those who have opted out.
Will I retire or break 10K?
That was so predictable.
...wanna' buy a vowel?
Probably.. but going to the other extreme isn't going to help them (or us), either. I'm thinking that probably the best thing for them to do would be to specify one minor rev of each major version for long-term support.
For example, redhat should probably designate 5.2 6.2 and 7.3 for long-term support. Although it could cause some (generally minor) upset for users of the less-supported revs to go to the long=term revs, it's not likely as bad as being forced to always upgrade to the current 'in' version every 6-16 months.
I think the appropriate cliche here for the current attitude is "Penny wise, pound foolish'
OS Software is like love: The best way to make it grow is to give it away.
perhaps ive not being reading /. as often as I should, but wtf is sdf?
Anyone remember Yggdrasil linux cd's from back in the day? Are they still around even?
Did you read your own post? The SDF from Robotech stood for "Super Dimensional Fortress." Does that sound familiar?
I have a radical view. I have a theory that many of these hackers that have been "found" did not create the viruses that are purported by police officials.
1) many of these hackers that have been found are oversees. Some are in Indonesia, Canada and other countries found abroad.
2) there is very little coverage after they are arrested. I alomost wonder if it is found that there is no evidence against them, or very little. Perhaps they have committed crimes of an inferior nature than first purported.
3) because there is little coverage and no support to these stories, it may be possible that these "reports" are a means of discouraging any teenagers from hacking. Of course, those who know what they are doing will still hack and not get caught. They will probably feel relieved when a scapegoat is found.
To end things, a script kiddie has never been heard of and incurs minimal damage. A cracker causes great damage but no one knows their name. The name of a hacker is widespread and causes no damage.
void
And damage is always exaggerated. 5.5 million pounds (>7 million dollars) of damage caused by this worm? Who incurs these great damages. Why are they not reported to their stockholders? If the damages are made up, this is a blatent lie to stir sympathy.
void
Switch to Slack...
freakin' whiney babies.
Since a VB virus is so easy to make and can cause damage to "certain" operating systems the government should imprison the creators of this flawed code aswell :P
So some kids hacked your system? execute them! how dare they behave like teenagers/children who do they think they are!
The worm that those two people are accused of 'creating' is the one that DALnet has mentioned is part of it's cause of DDoS attacks, not Slammer.
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
Ignore DDOS attacks.
Just disconnect the network when they are DDOS'ing it. Reconnect it later. Disconnecting it makes te traffic go away. Connecting it again makes it operational before.
If they managed their network they would have reacted before it would have cost them money. SDF would still be temorarely offline, but it would not have cost them money.
Yes. Of course no one should be responsible for their actions, especially teengagers.
According to this story on Yahoo! News, the two men were arrested for their alleged part in spreading the "TK" worm, which is completely different. How did this suddenly mutate into a story about Slammer?
Check out my eclectic infosec blog at InfoSecPotpou
We believe that customers should be able to plan migrations to newer distributions well in advance of their discontinuation date.
And that's why you're discontinuing several distributions "immediately." I see.
Northwest Link is basically a Portland, OR company, Pacifier. Doug Palin bought them out within the past year, and as far as I can tell, there are few to zero Northwest Link employees left and Doug was definately not an original owner until he purchased them back from US.Net/Millenium Digital Media. They're just using the name, attack Pacifier while you are at it.
Is that CMU went from a free-thinking, geek school to a brain-dead/follow the crowd, yuppie/preppy school? That sucks. CMU used to be all geeks and lots of enthusiasm for independent thought and not joining the rat race. Times change...
Looking further at the troubles with the e-gov-os conference and after reviewing the opinions of Bruce Perens, Richard Stallman, David Sugar, Jay Sulzburger, David Wheeler, Stanley Klein, Chalu Kim, Claus Srensen, Jason Faulkner, Russell McOrmond, Louis Suarez-Potts, David A. Hammond and others, comments which have expanded over 10 mailing lists, and which have generated a few hundred private emails to me in my private email box, I'm forced to draw several conclusions.
First, as President of NYLXS and President of New Yorkers for Fair Use, my primary concern is two fold:
First, in my role as President of NYLXS, my primary goal is to cater to the needs of the membership, and the extended constituency of the organization, the Free Software development community and users in the New York City area. In truth, all organizations have a primary responsibility to their constituencies. It is time for others to look at their constituency and see how they are serving them. An organization which doesn't serve a constituency is an organization in name only.
Secondly, as an individual citizen and active member of the Free Software movement, I'm concerned with broad policy decisions of others in regards to individual rights with in our digitalized communications network. I'm focused on practical activities which protect the freedom of individuals and empower individuals and communities in education, government and business.
These are the only two prisms in which I can view the planned events of EgovOS conference.
I tend to be very thorough and deliberate in my conclusions. When I work through the process of developing activities and actions, or when I write in regard to issues of importance in a proper fashion for publication, or when I give a formal opinion piece representing any of our organizations journals, radio shows, public speeches, or other formalized media outlets, I bring to bear on that presentation, not only thorough research of the issue and much consultation, but also my 30 years of political and practical experience in affecting positive political and social outcomes.
I bring this same effort to this current letter, which I am opening up to the public and which will be published on http://fairuse.nylxs.com and which will be included in the coming NYLXS Journal.
First, let's look at the stated goals of the sponsored event. As listed on htttp://www.egovos.org/, the goals of this conference is:
Open Source for National and Local eGovernment Programs in the U.S. and EU
Goals:
the presentation of best practices
raising awareness
sharing of experiences among policy makers, donors, users/consumers, universities, and industry specialists in Open Source, e-Government and related fields.
NYLXS has, for a couple of years, worked to sell Free Software on both the local, New York City Level and in the Federal Government. We'll had a variety of experiences in this regard, many of them very negative. As such, this conference seems to be important to the economic and political health of the NYLXS membership, including The Free Software Chamber of Commerce, our Public Educational initiative in New York City Public Schools, and New Yorkers for Fair Use. Our direct prosperity as a community is tied to the stated goals of the conference, and in fact, members of the Free Software Chamber of Commerce had prepared to make presentations at the conference. It was the concerns of members of the Free Software Chamber of Commerce which brought the problems which have enveloped the conference to my attention.
The main problem is the participation of Microsoft as a speaker and presenter at the conference. In a previous email, I have already listed the problems that Microsoft presents. But for the sake of making this a complete document, I will reiterate them and expand upon the Microsoft issue.
First of all, Microsoft is a reckless company which operates above the law. It has recently been convicted twice for antitrust activities, and has been guilty of numerous other illegal competitive practices which have gone without prosecution. http://www.usdoj.gov/atr/cases/ms_index.htm is a rundown of the current conviction of Microsoft for antitrust actions which is still going through the courts. Microsoft was not only determined have acted illegally in regard to browser technology, but they have also had their CEO, Bill Gates, lie under oath. The testimony can be searched here:
http://www.cnn.com/TECH/computing/video/gates/
http://www.broadcast.com/news/billgates/
investigation of his perjury is here:
http://www.theregister.co.uk/content/4/24990.html
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=A rticle&cid=FT3MLEDHF0D&live=true&useoverridetempla te=ZZZUGORQ00C&tagid=ZZZNSJCX70C&subheading=global
http://abcnews.go.com/sections/tech/DailyNews/msdo j991107.html
They even doctored their prepared testimony which got much press:
http://www.idg.net/crd_microsoft_67162.html and to quote:
Chase's testimony last week struck a note similar to the previous week's fiasco over a Microsoft videotaped demonstration. Government attorney David Boies had scored by pointing out inconsistent details in a videotape, submitted by Microsoft as evidence, that showed that Microsoft had used multiple PCs to film a demo the company first implied was a seamless segment filmed on one computer. U.S. District Court Judge Thomas Penfield Jackson said he did not believe that the Microsoft witness who had testified to the truthfulness of the tape lied about it, but trial observers said the incident undermined the defense's credibility.
Further discussion of the Gate's Perjury includes http://groups.google.com/groups?q=Bill+Gates+testi mony+Perjury&hl=en&lr=&ie=UTF-8&selm=nobody-060200 2327560001%40adsl-209-233-20-69.dsl.snfc21.pacbell .net&rnum=5
In fact, this reprint of the original Ziff Davis Net article with a John Hall interview is in my private archive of resources. The article quotes Mad Dog Hall as properly urging the government to jail Bill Gates for his illegal activities:
http://www2.mrbrklyn.com/resources/johnhall-ms.h tml
Microsoft has competed unfairly with Borland, FoxPro, Netscape, Sun, Apple among others. They have actively pursued a business plan designed to strip individuals and organization from the fruits of their efforts by tweaking the desktop making others products function worse than Microsoft's products. They have repeatedly hindered the empowerment of people and prevented the empowerment of individuals, especially negatively impacting disenfranchised communities, such as those that NYLXS represents in Brooklyn, and the City of New York. 60 minutes even broadcast a show which showed to fear that developers have of Microsoft and the expectations of these developers to be damaged by their 'Partner'
Of the many corporations in the global economy, Microsoft alone has distinguished itself as a proactive opponent to Free Software.
Things began to heat up with the Halloween Papers.
http://www.opensource.org/halloween/
Microsoft then made a frontal attack on the Free Software Foundations GPL, the most potent tool which protects the community from hostile activities by businesses and individuals who wish to destroy our ability to collaborate.
This article by The Register at http://www.theregister.co.uk/content/4/25891.html
looks at how DRM (trusted computing) attacks the GPL.
This certification scheme will rip the guts out of the GPL. That is, the minute I begin tinkering with my software, my ability to interface with the Great PKI in the Sky will be broken. I'll have a Linux box with a GPL, all right; but if I exercise the license in any meaningful way I'll render my system 'unauthorized for Palladium' and lose business. So instead, I imagine I'll be turning to my vendor for support, updates, modifications and patches. And I'll be dependent on them for support services at whatever price they can wheedle out of me because I dare not lose my Palladium authorization. I wonder if the cost of ownership of an open-source system will actually be lower than the cost of a proprietary system under such circumstances.
Prior to this, Microsoft's Craig Mundie made several false statements against the GPL at New York University.
Some of the most successful OSS technology is licensed under the GNU General Public License or GPL. The GPL mandates that any software that incorporates source code already licensed under the GPL will itself become subject to the GPL. When the resulting software product is distributed, its creator must make the entire source code base freely available to everyone, at no additional charge. This viral aspect of the GPL poses a threat to the intellectual property of any organization making use of it. It also fundamentally undermines the independent commercial software sector because it effectively makes it impossible to distribute software on a basis where recipients pay for the product rather than just the cost of distribution.
Microsoft had mailed to every IT director in the US brochures which vilified the GPL, the Free Software movement, and by extension, the Open Source advocates. These mailings contained blatant lies about the contribution of Free Software to the economy and threatened IT directors and developers with unfounded negative consequences if they deploy or use Free Software. The recent GPL FAQ, for example, has the following excerpt:
Have your lawyers read the GPL (and the LGPL)? Because the GPL is so frequently misunderstood and because it attempts, under certain circumstances, to impose significant obligations on licensees and their intellectual property rights, no responsible business should use GPL software without ensuring that its lawyers have read the license and explained the business rights and obligations. They should also review and explain the Lesser General Public License, or LGPL, a related license that is sometimes used with open source libraries.
Businesses every day uses Microsoft Software and the software of others which contain intrusive and abusive licensing which is directly in conflict with logical business practices. They would never be accepted by legal teams if the process was open to genuine contract negotiation. The contracts with Microsoft foists on businesses through its abusive monopoly powers constrains segments which allow the disabling of the software and intrudes on the private ownership of data and systems by businesses which purchase Microsoft products today. This is in addition to the clauses which waves them from any responsibility for damages done to business through security violations or the failure of products to perform according to their expectations. And then they sponsored UCITA to make sure that downloaded software from Free Software vendors can not get the same level of protection in a blatant effort to damage efforts of distributors of Free Software to comply with the GPL.
Microsoft has been such an aggressive enemy of Free Software, and the general public that they have used the BSA to do witch hunts against users and business.
They have threatened lawsuits against those who have reversed engineered their document formats They moved their free font access because users downloaded them for Free Software systems. They have proposed a DRM system designed to circumvent the freedom of Free Software development. They have fixed benchmarking studies versus Free Software systems. They have obstructed the legally required refund for operating systems which are forced on consumers with preinstalled systems. They built spyware into their multimedia players, twisted the Java programming language to be incompatible with the implementation on other platforms, refused to release products on Free Software platforms, which includes Microsoft Internet Explorer, introduced in NT4 service pack 3 changes to the SMB protocols to make it break with the Free Software SAMBA product, built back doors into in it's CryptoAPI, deliberately broke the Opera Web Browser when used with the MSN network, have brought down the internet through viruses TWICE in the last year, supported DRM in concert with Record Labels
( http://rss.com.com/2100-1023-983017.html?type=pt&p art=rss&tag=feed&subj=news
),
broke basic TCP/IP protocols with IE5 and IIS
( http://grotto11.com/blog/slash.html?+1039831658 ), advertised recently for advanced Free Software administrators to work for Microsoft in order to create a strategy to force businesses off of Free Software, and more.
Overall, Microsoft alone as a corporation has distinguished itself as an entity which, as a core business policy, is set to enslave Free Software and the general population. Their mission is to dehumanize and embarrass our membership, and to impoverish our community.
This body of evidence would be enough to reject out of hand the entry of Microsoft to the conference. But NYLXS and NY Fair Use has a growing new concern which is pushing it to action. In the face of the growing threat by the Microsoft Corporation to the well-being of Free Software developers, a threat that can be seen by Microsoft hiring GNU/Linux experts in the effort to undermine the business efforts of our community through lies and falsehoods, as well as technically breaking the beneficial integration of mixed environments, and which can be further seen by the 'shared source' media campaign which lies about the foundation of a free society and the stake of businesses in the promotion of both Open Sourced and Free Software legal foundation, there is an increasing knee jerk reaction by organizations supposedly representing the communities interests to give Microsoft a platform and a business advantage at conferences and shows which are designed to promote the community's effort in establishing digital rights and economic development. This started at 'Linux World Expo' in San Fransico and has moved into the New York 'Linux World Expo', where it directly damaged the well being of my membership through the winning of an award which rewarded them for creating a program only could properly write if you have the Windows code base, and it is now making its way to the egov-os conference.
The inclusion of Microsoft at this event directly threatens the health of the Free Software Chamber of Commerce in New York City. There are places for an academic style debate for Free Software versus Sun's community license and Microsoft's Share Source' . A conference whose stated goals is to raise awareness of Free Software and Open Software benefits, to present the best practices for government, and to share experiences about the benefits of using Free Software in government, is not such a venue. This venue is about selling Free Software and the community's efforts to the government. It is hoped to and create a much needed stable economic pipeline for free software vendors with government, based on its technical and political merits. Microsoft's goals are in direct conflict with the stated agenda of the conferences. Allowing them to participate, based on the sole attribute that they are Microsoft and feel that they have something to say, is not enough reason to allow them a platform which will be used to hurt members of the community.
Microsoft has never contributed any code to the community.
Microsoft has never advocated any benefits of the use of Free Software or Open Source Software
Microsoft has never financially contributed to any Free Software development or promoted the education of people about Free Software
Microsoft has not, in any way, befriended the community.
Microsoft has positioned itself as an enemy of the community and has threatened it on numerous occasions. In fact, Microsoft has singled out the Free Software and Open Source community for abuse.
Because of the growing misconduct of those who are presenting Free Software and Open Sourced Software to the public, first IDG and now egovos, NYLXS and New Yorkers for Fair Use is now contemplating action, not so much directed against Microsoft, but those wolves in sheep closing who are more directly hurting my membership and the community at large.
In considering actions to take, we are looking at a number of possibilities.
First, it is the opinion of Jay Sulzburger that we can use a hour of time to counter the arguments of Microsoft. My experience is that this will not work. On July 17th, I lead NY Fair Use to Washington to argue against the inclusion of DRM. Despite the fact that our presence was the most important part of the conference, to the point where we engaged productively from the audience both Jack Valenti and Philip Bond, we got no mainstream press. This was despite the presence of the New York Time's Amy Harmon and others. But our action was famous on Capital Hill. When we went back for the Peer to Peer/Berman Bill hearing two months later, several congressional staff members sought me out to ask what we did and to give us compliments. Simply, in regard to Jay's suggestion, nobody will attend such a session outside of the choir, and it will receive no press. On the other hand, Microsoft will get much press.
It has been suggested that egov-os is better to concede a place for Microsoft to allow an open debate. This will not be affective, and the alternative of being tongue whipped by Microsoft in the press is far better since they simply don't qualify for a placement at the conference, and it will allow us to present to the government administrators without interference. It is not NY Fairuse's policy to play 'whack the mole' with DRM issues. Instead, we focus on specific actions which will have broad affect and undermine the ability of our political foes to bring endless action again and again through the governments entire alphabet soup of bureaucracy and congressional committees. If Microsoft objects to being excluded, NY Fair Use (http://fairuse.nylxs.com) would be all to happy to provide a forum for both Microsoft and Richard Stallman, and others, for the benefit of academic debate. It would be a good fund raiser for the Free Software Institute in the coming months. My guess is that Bill Gates has no interest in such a real debate. His company is only interested in marketing and damaging the community. Therefore, participation by any Free Software advocates, or Open Source advocates, in this egov-os conference is highly damaging to the community if it includes Microsoft. And we are therefor calling on a boycott for this event.
It has been said that nobody is stupid enough to believe that Microsoft's 'shared source' promotes Open Source software. Unfortunately, this is very wrong. On the Open Office.org website, every day people ask if they can use and distribute the products. While I wouldn't say people are as dumb as rocks, I will say that they've been so conditioned to think out software as a super-restricted, crash inducing, virus ridden products, that they often have trouble thinking straight about what they should expect from business and software providers.
NY Fair Use is now looking to organize a protest of the event in Washington. A protest will at least give those genuinely from the community an uninhibited outlet. However, NY Fair Use, in general, dislikes protests as a vehicle of change, as we feel they mostly are ignored by a public besieged by 'the protest of the day'.
As a result, we are looking at a more organized campaign against this convention and those who would put events like this one together without considering the moral imperative of not harming the community by giving those who wish to destroy use a platform such as this. Egov-os supposedly advocates Free Software usage in business and government. It should do so without constraint and without apologies.
We are calling for an investigation of the egov-os organizers for misconduct. I've spoken with Tony Stanco many times and it's not possible that he doesn't grasp the basics of the issues outlined here, or how including Microsoft will negatively affect our community. Therefor, the invitation of Microsoft to this conference must be either a direct payoff, or self promotion. Since they are moral equivalents, they are both both equally condemnable.
We insist that Microsoft should not be given any platform at this event, because it is their purpose to undermine the community and its efforts. Since this is not being promoted as an academic debate, but instead is a marketing tool for Open Source and Free Software, we reject any arguments which are based on the concept that we should open the floor to them in order to dispel Microsoft corporate lies. This venue does not have the most basic format to handle this problem.
If, for contractual reasons, it is impossible to remove them from the conference, we ask the organizers to give NYLXS's subcommittee, New Yorkers for Fair Use, both the keynote and the Microsoft slot in the speaking arraignments. David Sugar will represent NYLXS, and I will represent NY Fair Use.
Finally, the website for the event needs to have on the front page a clear statement that it has determined that Microsoft's 'shared' code' program to be directly in opposition to both Free Software and the Open Source ideals, in that it does not promote the empowerment of the community through the freedom of innovation and digital systems ownership by individuals, the government or businesses.
I do not expect that these suggestions will be taken by Bruce Perens, or the other organizers of the egov-os events. So I expect that we will have to work to oppose the event.
Ruben Safir
President New Yorkers for Fair Use
http://fairuse.nylxs.com
http://www.mrbrklyn.com/amsterdam.html http://www.brooklyn-living.com