Slashdot Mirror
Slashback: NWLink, Vivendi, Gatherings
"Uhh ... isn't this the 'Slammer'?" An anonymous reader writes "According to the BBC, two people suspected of creating the Slammer worm have been arrested in a combined operation by the FBI and the UK's National Hi-Tech Crime Unit. The raids in the UK resulted in the seizure of two men, aged 19 and 21, accused of being members of a hacker group that calls itself THr34t-Krew."
Gather together, hoist a few drinks. We've made a few mentions of this year's CodeCon; Len Sassaman writes "The schedule for CodeCon 2.0 is now online. CodeCon is already starting to get some media attention. There's less than two weeks left to register at the reduced rate, and conference seats are filling up quickly.If this conference is anything like its predecessor, expect to see some of the most interesting new technology of the coming year discussed."
And a slightly different type of gathering: Tony Stanco writes: "The agenda is up for the March 17-19 Open Source in Government conference and the free registration is now open. Please see www.eGovOS.org.
It promises to be another educational and exciting event with over 120 sessions and the keynote from the White House. Even Microsoft is trying to directly engage the community at this conference."
On the count of three, everyone shrug at once. In January, I posted a link ("far from confirmed") about the possibility that Microsoft would buy Vivendi. Now, Yagdrasil writes "USA today is reporting that the Microsoft buyout of Vivendi's game division (which includes Blizzard) was a hoax. It looks like the hoax originated from a student at Purdue."
But the EOLs are nearly upon us! Flee! Wister285 writes "Mandrake announced that they are going to stop updating the packages of 'legacy products.' It seems as though they took their cue from Red Hat and their continuing financial problems. I was a little surprised though about how short the support periods will be. Mandrake 9.0 will be considered obsolete September 30, 2003 (for desktop) and March 31, 2004 (for the base). This brings up two questions. First of all, do distros release too often thus creating too many versions to maintain? Secondly, how much faith do you have in the upgrade feature of install?"
I hope it features a dunk tank and some perpetrators. The ongoing war on spam continues; here's your chance to influence its direction (or at least to hear about what's going on in that sphere), even if you missed the conference at MIT. wayne writes "The Federal Trade Commission (FTC) announced today that they will be holding a three day public SPAM workshop in the end of April. I wonder if they will get an overflow crowd they way the MIT SPAM conference did. I hope they also make streaming video available."
Bandwidth is expensive. ndogg writes "NWLink.com has posted a response to the events that have happened in regards to SDF. In short, they say that they support SDF and what it is doing, however, the DDoS attack over the last three weeks has been costing them a lot of money."
fonixmunkee puts it differently: "The message is an interesting read, to say the least. instead of working the issue, NWLink's apparent (unofficial) solution to combating DDoS'es is to simply terminate the subscriber's connection. with all the slammer worms & Code Reds nowadays, NWLink should have no more customers left in about 2 years."
Legal liability is expensive, too. Tom Allender writes "irc-chat.net has announced a more restrictive Acceptable Use Policy after being contacted by the MPAA. They also refer to DALnets AUP changes mentioned here recently."
It's just that this one "source" was invalid. Reuters and AP ran wire stories on this last week, before the Purdue student put up the webpage. The first known report from ComputerAndVideoGames.com was posted over two weeks ago.
Given the "publicity" of this hoax, and the widespread rumor-mongering of this deal, I'd say that Microsoft might be using this story as a red herring to make people think that the talks never existed. It's still going on, people, and it's still a very real possibility/threat.
"Mod, mod, mod...and another troll bites the dust."
That was my first linux distro, and it actually DID suck quite a lot! Ive seen mandrake get better, and I'm running Mandrake Cooker 9.1 right now, and its got the new kde 3.1 and gnome 2.2, although they still need the last few bugs to be ironed out
The community side is great too. Urpmi kicks ass and Mandrake is what debian WANT's to be but can't.
I can understand 8.1 since thats now almost 2 years old, but 8.2 & 9.0? Thats crazy!
...on the Mandrake mailing lists.
I made a proposal that Mandrake make support of legacy distros a sort of "street-performer" system. Vincent Danen, Mandrake's security guy, who would have to oversee the update process, has indicated that he's not opposed to this idea, though he's not legally able to promise anything. Others at MandrakeSoft have indicated that this appeals to them.
My plan is quite simple: if $30,000 (or some similar number... I started with $50,000 but have further reviewed the numbers) per year (per legacy version) can be raised from interested parties, security updates and so forth will continue to be released for that legacy version for an additional year. Unlike the Mandrake Club, this money would be used exclusively to hire an additional member of the security team who would build and test updates for the legacy version(s), as well as provide fast-response tech support to those who paid. The security updates would be available to all (with a possible 24-hour exclusive window for the contributors).
Some have commented on how $30K may be too much money, but I don't see it that way. It's a question of how many organizations (especially businesses) are using old Mandrake versions. If 500 such businesses contribute $60 each, they ensure security updates continue. Considering how much it would cost to do an upgrade (in labor costs, especially) and even a couple of hundred dollars is not out of the question.
NOTE: the above is not necessarily an official position of MandrakeSoft. However, if they get commitments from people (more than just posting on Slashdot or sending an email) to pay, I cannot see them refusing. I have no connection with Mandrake, short of being an occasional contributor to their development process.
I've had a DSL line with nwlink for the past 4 years. I've *never* had any significant problems with them. I even mentioned I was using a linux box to NAT some internal machines to one of their service reps, he couldn't care less. My net connection has been great, I ssh to home from work for 8 hours a day to keep tabs on email.
Two years ago they had a food drive where customers bringing in a couple cans of food got a discounted rate for a month. Kinda neat, you don't see too many companies doing that type of thing.
First of all, do distros release too often thus creating too many versions to maintain? Secondly, how much faith do you have in the upgrade feature of install?
Maybe all these commercial groups should take a page out of Debian's book. Potato, the OLD stable release, is still supported and has security updates issued.
On the other hand.. How fickle people are! First Debian releases too slowly, now RH & Mandrake release too often! Is there middle ground?
As for upgradeability, upgrading between Debian distributions is a breeze due to the high-quality packaging.
Using your sig line to advertise for friends is lame.
I recently upgraded an old faithful server from RedHat 6.1 to 7.3. I allowed an entire day for the process, and was very worried as the machine held almost the entire working life of about 100 people.
Flawless victory. Back up and running perfectly inside two hours. I was quite impressed for such a large version jump.
Wasting your time since 1997.
Rather than releasing new versions, perhaps the distro vendors should eliminate the concept altogether in favor of the sort of seamless, continuous per-package upgrading I suspect most people would like to see. Does anyone really care what version number a distribution has? I suspect more people care what kernel and security patches and application versions they're running.
For the user, this would have the advantage of being able to click a button or insert the latest update CD and upgrade all of the necessary packages. (We presume, of course, that you could elect to forego certain upgrades -- one might wish to continue running Apache 1.3.x instead of a 2.x version.)
For the vendor, this would be an obvious opportunity to sell subscriptions as well as avoid the endless cost of producing shrinkwrapped distributions.
Of course -- of course -- this would require greater effort on the part of vendors to make sure that the upgrade process is robust and seamless so as to avoid the problems M$ customers have with their so-called Service Packs, but it ought to be doable.
Proud member of the Weirdo-American community.
I have a radical view. I have a theory that many of these hackers that have been "found" did not create the viruses that are purported by police officials.
1) many of these hackers that have been found are oversees. Some are in Indonesia, Canada and other countries found abroad.
2) there is very little coverage after they are arrested. I alomost wonder if it is found that there is no evidence against them, or very little. Perhaps they have committed crimes of an inferior nature than first purported.
3) because there is little coverage and no support to these stories, it may be possible that these "reports" are a means of discouraging any teenagers from hacking. Of course, those who know what they are doing will still hack and not get caught. They will probably feel relieved when a scapegoat is found.
To end things, a script kiddie has never been heard of and incurs minimal damage. A cracker causes great damage but no one knows their name. The name of a hacker is widespread and causes no damage.
void
And until spammers start getting NO responses, they don't CARE how many inboxes they need to fill to get their 3)Profit!
It's even worse. Spammers make money by selling their "service" to morons who think they can make a quick buck. Even if no spam is effective, their customers don't know that.
I believe posters are recognized by their sig. So I made one.