Slashback: NWLink, Vivendi, Gatherings

Slashback updates and clarifications regarding recent posts on CodeCon, the rumored takeover of Vivendi by Microsoft, SDF, DDoS and NWLink (and IRC and AUPs), and more. Read on for the details, I'm out of letters.

"Uhh ... isn't this the 'Slammer'?" An anonymous reader writes "According to the BBC, two people suspected of creating the Slammer worm have been arrested in a combined operation by the FBI and the UK's National Hi-Tech Crime Unit. The raids in the UK resulted in the seizure of two men, aged 19 and 21, accused of being members of a hacker group that calls itself THr34t-Krew."

Gather together, hoist a few drinks. We've made a few mentions of this year's CodeCon; Len Sassaman writes "The schedule for CodeCon 2.0 is now online. CodeCon is already starting to get some media attention. There's less than two weeks left to register at the reduced rate, and conference seats are filling up quickly.If this conference is anything like its predecessor, expect to see some of the most interesting new technology of the coming year discussed."

And a slightly different type of gathering: Tony Stanco writes: "The agenda is up for the March 17-19 Open Source in Government conference and the free registration is now open. Please see www.eGovOS.org.

It promises to be another educational and exciting event with over 120 sessions and the keynote from the White House. Even Microsoft is trying to directly engage the community at this conference."

On the count of three, everyone shrug at once. In January, I posted a link ("far from confirmed") about the possibility that Microsoft would buy Vivendi. Now, Yagdrasil writes "USA today is reporting that the Microsoft buyout of Vivendi's game division (which includes Blizzard) was a hoax. It looks like the hoax originated from a student at Purdue."

But the EOLs are nearly upon us! Flee! Wister285 writes "Mandrake announced that they are going to stop updating the packages of 'legacy products.' It seems as though they took their cue from Red Hat and their continuing financial problems. I was a little surprised though about how short the support periods will be. Mandrake 9.0 will be considered obsolete September 30, 2003 (for desktop) and March 31, 2004 (for the base). This brings up two questions. First of all, do distros release too often thus creating too many versions to maintain? Secondly, how much faith do you have in the upgrade feature of install?"

I hope it features a dunk tank and some perpetrators. The ongoing war on spam continues; here's your chance to influence its direction (or at least to hear about what's going on in that sphere), even if you missed the conference at MIT. wayne writes "The Federal Trade Commission (FTC) announced today that they will be holding a three day public SPAM workshop in the end of April. I wonder if they will get an overflow crowd they way the MIT SPAM conference did. I hope they also make streaming video available."

Bandwidth is expensive. ndogg writes "NWLink.com has posted a response to the events that have happened in regards to SDF. In short, they say that they support SDF and what it is doing, however, the DDoS attack over the last three weeks has been costing them a lot of money."

fonixmunkee puts it differently: "The message is an interesting read, to say the least. instead of working the issue, NWLink's apparent (unofficial) solution to combating DDoS'es is to simply terminate the subscriber's connection. with all the slammer worms & Code Reds nowadays, NWLink should have no more customers left in about 2 years."

Legal liability is expensive, too. Tom Allender writes "irc-chat.net has announced a more restrictive Acceptable Use Policy after being contacted by the MPAA. They also refer to DALnets AUP changes mentioned here recently."

The Microsoft buyout isn't a hoax, per se...

[Cutriss]

It's just that this one "source" was invalid. Reuters and AP ran wire stories on this last week, before the Purdue student put up the webpage. The first known report from ComputerAndVideoGames.com was posted over two weeks ago.

Given the "publicity" of this hoax, and the widespread rumor-mongering of this deal, I'd say that Microsoft might be using this story as a red herring to make people think that the talks never existed. It's still going on, people, and it's still a very real possibility/threat.

Spam

[MattCohn.com]

What everyone forgets is that with spam, you only get responses from one of about every couple hundred people. There's no way to win those idiot over. And until spammers start getting NO responses, they don't CARE how many inboxes they need to fill to get their 3)Profit! We just need to ENFORCE THE OPT OUT MODEL. If I don't want your spam, chances are pretty damned good I wouldn't buy from you anyway, so who looses?

hacker group that calls itself THr34t-Krew

[Gyorg_Lavode]

Seriously, if I ever start a hacker group, I'm calling it "Me and a few buddies". The lewtspeak hacker names went out with the 80's. Now it just makes it sound like a group of 16 year old HS students.

Re:hacker group that calls itself THr34t-Krew

[$$$$$exyGal]

How about "$$$$$exyGal's l33t N4k3d Ch1x" ?

--naked

We're coming after you!

[Jack+Edward+Valenti]

Tom Allender writes "irc-chat.net has announced a more restrictive Acceptable Use Policy after being contacted by the MPAA

It doesn't matter how smooth you think you are, we'll get you eventually. Don't cross the MPAA!

these arrests are NOT about the slammer worm

[slhack3r]

The Register has a very informative story on this same bust that specifically states that

None of the arrests are connected to the recent SQL Slammer Worm, the NHTCU states.

In fact, this related a completely different (and obscure) worm called the "TK worm." The folks at El Reg did some detective work...check it out. someone needs to check their facts

Re:these arrests are NOT about the slammer worm

[Distinguished+Hero]

The mistake was on the part of Anonymous Coward.

Yes, if only we could hire some people to "edit" these post. I know, I know, my idea may seem controversial, but I think it would work, unless the people just took the money and didn't actually do anything... Nah, that would never happen.

Wrong!

[.@.]

Read the #$*&^ stories before you post them!!! The people arrested were arrested on drug charges and for work on the TK worm, NOT Sapphire/Slammer.

As always, read the article (regarding MS buyout)

[entrippy]

"Microsoft and news network CNN said they were hit by a hoax Monday after a faked Web page erroneously reported the software giant had agreed to buy the video game operations of French conglomerate Vivendi Universal."

What does this mean? It means that Microsoft has *not* bought out Vivendi.

It does not mean that they are not currently in disucssion to do so. There's been a lot of rumours from a lot of sources - and no-one would deny that MS is one of the front runners in contention to buy Vivendi.

So it's far from off the cards yet.

Engage ?

[IanBevan]

Even Microsoft is trying to directly engage the community at this conference... with a 105mm Howizter.

Re:anyone using 3117 spe4k

[Distinguished+Hero]

3117 spe4k

Shit, what is this ellt speak and where can I learn it? Google searches were inconclusive.
I feel so "un-ellt" knowing only 1337.

Re:SDF?

[spamania]

SDF is a not-for-profit unix shell provider that provides hundreds if not thousands of individuals and small businesses with email, web-space, file storage, and *nix-based apllications. In short it is a very-nearly-free remote shell account.

For more information, telnet sdf.lonestar.org
login: new

or, http://www.sdf.lonestar.org

-nate
nathan@sdf.lonestar.org

There's been a lot of discussion about the EOL-ing

[leviramsey]

...on the Mandrake mailing lists.

I made a proposal that Mandrake make support of legacy distros a sort of "street-performer" system. Vincent Danen, Mandrake's security guy, who would have to oversee the update process, has indicated that he's not opposed to this idea, though he's not legally able to promise anything. Others at MandrakeSoft have indicated that this appeals to them.

My plan is quite simple: if $30,000 (or some similar number... I started with $50,000 but have further reviewed the numbers) per year (per legacy version) can be raised from interested parties, security updates and so forth will continue to be released for that legacy version for an additional year. Unlike the Mandrake Club, this money would be used exclusively to hire an additional member of the security team who would build and test updates for the legacy version(s), as well as provide fast-response tech support to those who paid. The security updates would be available to all (with a possible 24-hour exclusive window for the contributors).

Some have commented on how $30K may be too much money, but I don't see it that way. It's a question of how many organizations (especially businesses) are using old Mandrake versions. If 500 such businesses contribute $60 each, they ensure security updates continue. Considering how much it would cost to do an upgrade (in labor costs, especially) and even a couple of hundred dollars is not out of the question.

NOTE: the above is not necessarily an official position of MandrakeSoft. However, if they get commitments from people (more than just posting on Slashdot or sending an email) to pay, I cannot see them refusing. I have no connection with Mandrake, short of being an occasional contributor to their development process.

Debian?

[molo]

First of all, do distros release too often thus creating too many versions to maintain? Secondly, how much faith do you have in the upgrade feature of install?

Maybe all these commercial groups should take a page out of Debian's book. Potato, the OLD stable release, is still supported and has security updates issued.

On the other hand.. How fickle people are! First Debian releases too slowly, now RH & Mandrake release too often! Is there middle ground?

As for upgradeability, upgrading between Debian distributions is a breeze due to the high-quality packaging.

"Microsoft would buy Vivendi" (NOT)

[sl956]

Please stop equating Vivendi (2001 revenues : $60 billions) with its game publishing departement (2001 revenues : Vivendi is too big a fish for Microsoft (2001 revenus : $25 billions).
Don't forget Vivendi is also the global leader of environnemental services with Vivendi Water (water), Onyx (waste management), Dalkia (energy) and Connex (transport). This alone accounts for $30 billions annual revenues.

The Diary of a CMU CS Student

[Lethyos]

This past year, I was accepted into Carnegie Mellon's [cmu.edu] School of Computer Science [cmu.edu]. It has been a remarkable experience that I would lik e to share with the Slashdot community. Here's an account of my experience.

Week 1, Sunday: I moved in today. My roommate, a sophomore CS student, had already moved in tw o days before me. The floor is already completely covered with garbage. He also smells. I think he might be gay too. He's already asked me if I like the color he painted his toenails. This should be interesting. I am almost completely settled in. Techno music is playing in every room in every floor of my dorm. There are computers and other types of trash out in the common areas. What a mess. Tom orrow, I am going to go sign up to get my network connection.

Week 1, Monday: I got hooked up to the CMU network today! I jacked into the network, only to f ind that the hostname and address assigned to me were colliding with another system. I'll just increm ent the network numbers a few times. I am really eager to get on.

Week 1, Tuesday: I am still looking for a free IP address. Can't anybody here properly configu re their systems?

Week 1, Friday: I finally found a free IP! It's mine! You sons of bitches can't have i t, I found it, I keep it, it's mine! To hell with all of you! Head hurts really bad. I've slowly be en developing a headache since I first arrived. Everywhere I look there are these Lucent Technologies wireless access points. I wonder if that's the problem.

Week 1, Saturday: I sat down at my computer today. My desktop wall paper is now the goatse.cx guy. Pleasant. Scattered over every directory on my C: drive are thousands, possibly millions, of fi les titled "J00AR30WN3DBITCH-phj33r-" and then some random hacker's name. Don't these people have liv es? Maybe they need laid or something. It'd take days to clean this out. I mentioned to my roommate that I needed to reinstall Windows, and immediately he jumped up and shouted: "NO! Do NOT use Window s!" Suddenly, two dozen other guys (all of them possibly homosexuals) appeared at the door, each tout ing an operating system called Linux. Half of them got into a fight over which was better, Debian, Re dHat, Slackware, and a bunch of others I couldn't recognize. Some kid who appeared to not have shower ed since he was born was touting "Linux From Scratch", saying that only losers used pre-made distros. A crowd of people in the back kept quiet about how I'd be sorry if I used Linux instead of BSD on the network. Who the fuck are these people? Classes start next week. Hope I have my computer working s o I can do my assignments.

Week 3, Friday: People are still trying to get Linux to work on my system. They keep telling m y that my hardware sucks. We go through about four or five distributions a day. Every now and then, I notice a little devil on my screen. Stickers for every of these distributions have been plastered o n my case. Suddenly, my room stinks a lot more with these people in here. I ask them why they never shower, and the usual response is something along the lines of "showering is like rebooting" and "I do n't want to lose my uptime."

Week 3, Saturday: There's a troop of men running naked in a circle around McGill Hall. I am no t even going to ask.

Week 4, Wednesday: Linux is FINALLY working on my computer! I have a pretty slick desktop too. I think I might like this. I can finally work in my room instead of the labs, although considering the every increasing layer of garbage on the floor...

Week 4, Thursday: My computer flashes messages about how I am "0WNX0RED" and how I should "PHJ3 3R" whoever and how "L4MEX0R" I am for having an insecure box. A kid suggests we reinstall Linux afte r discovering about 17 rootkits.

Week 5, Friday: Someone got BSD working on my computer. I wonder if this will last. The stres s has been building and I forgot to take a shower this morning.

Week 6, Tuesday: Seems I have been "0WNX0R3D" again. Took longer this time. Minutes later, so meone comes in with a "Bastile Linux" install CD. He gets started installing. I am feeling very susp icious of these guys.

Week 6, Thursday: Everyone seems to know more about my system than I do. It's a bit unnerving. I guess anyone could feel upset from this sort of treatment. They hack my box, trash it, then reins tall everything. I guess they think they're being funny. My dirty clothes are piling up and I am out of clean ones. I don't have time to do laundry, I'll have to wear something out of the pile.

Week 6, Friday: I got up this morning, sat at my machine, and stared at it blankly. An icon ap peared on my desktop for Quake III. I suppose it couldn't hurt to play some. I have been very stress ed lately.

Week 6, Sunday: I lost track of time! I started playing Quake III on the network with some oth er CMU students (who killed me hundreds of times in the course of 10 minutes) and completely lost myse lf. There's a bag of chips that has been sitting here for a few weeks. I think I'll finish those off for breakfast and then go to sleep.

Week 7, Wednesday: I masturbate every day now. Not a single girl comes near me. This is so de pressing. Do I really smell? Oh well, I have the task of learning how to secure my Linux box to keep me busy. Who has time for the opposite sex after all?

Week 8, Tuesday: I got into a fight with this little shit who kept telling me RedHat was great. What a fucking moron! Anybody who knows Linux knows that Debian kicks its sorry little ass. I'll b e getting my judiciary papers for the incident in the mail. Doesn't this school get it? I can't let someone go around converting people to RedHat! WtF!?

Week 8, Friday: My roommate squeezed my ass today! At first I was shocked and appauled, and I told him off for it. Thinking about it later though, there was just something that seemed too strong about my reaction. I'll talk to him later and appologize for getting so upset, it wasn't really so ba d.

NWStink

[digigasm]

NWLink pulling the rug out from under SDF with no warning was bad. It left alot of people high and dry with email and websites down.

What's worse is that the VP of NWLink made it even more difficult because he trash-talked about SDF with other co-lo providers in the area. One competing provider rescinded a written offer because of this.

And, remember, this is because SDF was the victim of an attack.

Sorta like that with Debian

[dmaxwell]

I was running Woody on my desktops when it was testing and when testing became Sarge it really didn't matter as far as my machines were concerned. Like many people who use Debian on desktops, my machines are always somewhere between Sid and Testing with the odd non-official package here and there. For the most part it is the scenario you have in mind. I think you're right in that it would be nice for a paid support model as well.

I imagine its a similar experience on ports based BSD systems and Gentoo.

I can think of some things that would make a lot of the people here bitch though. Such a distribution would have to hang back 6 months or so from OSS/Free's bleeding edge. If say, an engine for vector graphics on the desktop comes out for XFree86, the distro won't be able to include it until it's solid. Contrast that with the people here who will spend 3 hours compiling tarballs so they'll be the first kid on the block to have it. Those same 'leet kiddies will whinge "Incremental distro will never succeed unless it's more current!" Solidity and up-to-last-week currentness are mutually exclusive.

There's also the question of how to handle major infrastructure transitions. I'm thinking of things like from XFree 3.x to 4.x, libc5 to libc6, KDE2.x to 3.x, kernel 2.4.x to 2.6.x, and last but not least GCC 2.9x to 3.x. Not to mention major changes in server daemons like Apache and Samba. The major libc and GCC increments are thankfully infrequent but they're also the worst. They both have severe consequences for backwards compatibility with older binaries and source trees. My point is that such transitions will force "Incremental Distro" to draw hard lines from time to time on what they'll support and what they won't. Shoot! Some people are still running heavily patched 2.0 kernels.

This brings up the other group of people Incremental Distro can't always make happy : The Ultraconservative Sysadmin. Sooner or later, support for say Apache 1.x will only be handled by boutique consultants. Most everyone but the Ultraconservative Sysadmin will have moved on. I think what will happen is that the distro will have to define brackets in time that start with those major transitions. During the bracket period (two years say) they'll have to maintain a branch of pre-transition compatible packages. The other thing they could do is be cold blooded about Ultraconservatives and just bump everybody up when these changes happen. Ultraconservative Admin is probably clued enough to manage his own upgrade schedule from patched source.

The REAL problem is that OSS/Free is developed and maintained on Internet Time. I suppose another outcome would be a spectrum of (differently organized) incremental distros with more and less aggressive attitudes toward upgrading.

THr34t-Krew is a fake!!!

[jasonrocks]

I have a radical view. I have a theory that many of these hackers that have been "found" did not create the viruses that are purported by police officials.

1) many of these hackers that have been found are oversees. Some are in Indonesia, Canada and other countries found abroad.

2) there is very little coverage after they are arrested. I alomost wonder if it is found that there is no evidence against them, or very little. Perhaps they have committed crimes of an inferior nature than first purported.

3) because there is little coverage and no support to these stories, it may be possible that these "reports" are a means of discouraging any teenagers from hacking. Of course, those who know what they are doing will still hack and not get caught. They will probably feel relieved when a scapegoat is found.

To end things, a script kiddie has never been heard of and incurs minimal damage. A cracker causes great damage but no one knows their name. The name of a hacker is widespread and causes no damage.