Slashback: Vista Rewrite, Tuttle Travesty, Mac Botnets

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories including Microsoft denies Vista rewrite, Tuttle Oklahoma city manager still doesn't get it, MS Virtual Server slips and VMWare fills the gap, Samsung execs plead guilty to price fixing charges, Tux in retail part 2, a renewed bid to register the Linux trademark in Australia, OpenSPARC.net shades of the past, and a follow up on Mac botnets -- Read on for details.

Microsoft denies Vista rewrite. moochfish writes "Contrary to a heavily doubted feature earlier this week, Business 2.0 magazine reports that Microsoft will not be rewriting large portions of its operating system. From the article, 'Microsoft's own blogger Robert Scoble checked into the story and got a denial from an executive at Microsoft's PR firm, who says he's not aware of any Xbox programmers working on Windows.'"

Tuttle Oklahoma city manager still doesn't get it. gEvil (beta) writes "The Register has posted a followup to this past week's wonderfully humorous story about Tuttle, Oklahoma's technically inept city manager, Jerry Taylor. It appears that Mr. Taylor is not pleased with the publicity he has received due to the incident, despite his prior statement of, 'I have no fear of the media, in fact I welcome this publicity.' He sent an email to the Register's marketing team asking that people stop emailing him and making fun of him."

MS Virtual Server Slips and VMWare fills in the gap. nizo writes "On the heels of the announcement that Microsoft Virtual Server is slipping to 2007, VMware has announced the beta release of the VMware Virtual Machine Importer, which has the capability to convert system images stored in 3rd party formats (including Microsoft Virtual Server images) to VMware virtual machines. The good news is VMware released the importer as a free download."

Samsung execs plead guilty to price fixing charges. bdotcdot writes "Electronics News is running a story on Samsung executives who have plead guilty to the price fixing of DRAM. From the story 'According to the one-count felony charge filed in federal court in San Francisco, at various times during the period from April 1, 1999, to June 15, 2002, these three Samsung employees conspired with unnamed employees from other memory makers to fix the prices of DRAM sold to certain computer and server manufacturers in the U.S., in violation of the Sherman Act. The conspiracy directly affected sales to U.S. computer makers Dell Inc., Hewlett-Packard Company, Compaq Computer Corp., International Business Machines Corp., Apple Computer Inc. and Gateway Inc., the charge said.'"

Tux in retail part 2. silentbob4 writes "Mad Penguin brings us the second and final installment in their 'Tux in Retail' series, in which they interview Linspire CEO Kevin Carmony; Xandros CEO Andreas Typaldos; Mepis Linux founder Warren Woodford; and Kevin Jones, Micro Center Vice President of Merchandising, to get their take Tux's jump into big box retail. The first installment was run as an earlier Slashdot article."

Renewed bid to register Linux trademark in Australia? daria42 writes "A renewed bid to register the word 'Linux' as an Australian trademark must meet an early April deadline or face defeat." From the article: "'The deadline to file a response to the Examiner's rejection has not yet passed, and LMI and its attorneys are still determining if they will respond,' a spokesperson for the body told ZDNet Australia in an emailed statement."

OpenSPARC.net, shades of the past. Andy Updegrove writes "In what must have seemed to many as a bold move, Sun Microsystems recently announced that it would release the source code for its UltraSparc T1 processor under the GPL, supported by a new organization that it calls OpenSPARC.net. But to those that have been around for a while, the announcement had an eerily familiar sound to it, and that sound was the echo of an organization called SPARC International. Formed 18 years ago to license the SPARC chip design to multiple vendors to ensure second sourcing for the hardware vendors that Sun hoped would adopt it, SPARC International seemed to be every bit as revolutionary for its time as Sun's new initiative does today. Motorola launched a somewhat similar group called 88open to support its own RISC chip design, and later IBM, Motorola and Apple launched the PowerOpen Association to promote the PowerPC. The Websites of the PowerOpen Association and 88open are long gone, and seem to have escaped even the WayBack Machine's reach. But SPARC International's site, looking very retro and neglected, can still be seen - at least for now."

Follow up on Mac botnets. An anonymous reader writes "Washingtonpost.com has an interesting follow up to skeptical claims as a result of a previous Slashdot story. Mac OS X systems have indeed been spotted in botnets, thanks largely to several worms going around that take advantage of Web-based applications running vulnerable PHP software. From the article: 'By leveraging this PHP flaw, the attackers were able to seed the Mac systems with several tools designed to turn them into drones for use in waging destructive distributed denial of service attacks.'

"Mac" botnets are nothing more than *NIX botnets

[daveschroeder]

And they usually come from the same place, as the followup notes:

A php-based web application (forum, blog, CMS, etc.) that has an exploit, usually php injection, whereby various script/botnet kiddie tools and irc-related items are installed, usually in /tmp or /var/tmp. Perhaps they'll install a php shell too. Sometimes, they'll try to run a rootkit against the local machine.

This is nothing new, and doesn't really have anything to do with "Macs". It has more to do with php and people not keeping their php-based web applications up to date than anything[1]. It is interesting, though, that since Mac OS X is essentially a UNIX, that it's certainly vulnerable to a whole slew of this family of exploits.

[1] Just as a Mac sitting on the internet with apache and ssh open doesn't really test anything beyond the security of the default configurations of apache and OpenSSH on that OS and architecture. And that's exactly the point.

VMware URL wrong

The URL for VMware Importer beta is wrong: It should be: http://www.vmware.com/products/beta/vmimporter/

CityManager Email

[AmigaAvenger]

Looks like he managed to figure out how to edit the frontpage site so that it no longer shows his email, so if any slashdot user wishes to express their opinions on this matter the corresponding public official, here they are!

city manager at citymgr@cityoftuttle.org,
mayor at mayor@cityoftuttle.org.

Enjoy!

Re:"Mac" botnets are nothing more than *NIX botnet

[Bonker]

It's also worth noting that the exploits are against 'PHP applications' and not PHP itself.

I can't count the number of terrified middle managers who scream bloody murder to me about PHPNuke or PHPBB bugs, thinking that the flaws are in PHP itself.

Again, this boils down to keeping your software up to date. Careful pruning of your php.ini file also helps.

Tuttle NBC video

[dustwun]

Seems even the Tulsa NBC affiliate picked up the story. They've got a video online at http://www.kfor.com/global/category.asp?c=9667, it's the Tuesday 10pm news story. The CentOS bit starts at around 4 minutes 13 seconds, and is around 3 minutes long.

I'm not linking directly to it, because we've already crushed their bandwith enough for one week, but feel free to check it out.
It's not at all flattering to the City Manager...

Re:Tuttle NBC video

[internewt]

Well, it appears the video only works in IE, that will save bandwidth.

That's not quite true. The video can be accessed with WMP if you open this URL (watch for /. adding spaces)

http://www.kfor.com/Global/Video/WorldnowASX.asp?o s=&vt=v&clipid=734082

I watched the video in WMP 6.4 on Win2000, and no version of WMP higher than 6.4 has ever been installed... so I feel this video will probably be viewable in MPlayer, for example (i.e. this stream isn't DRM'd up).

Re:MS Virtual Server slips and VMWare fills the ga

They're working on it. Try the Workstation beta.

Re:MS Virtual Server slips and VMWare fills the ga

[davidesh]

we have been running Virtual Server 2005 for a while now and it runs great. I was actually surprised.

Re:Mr Tuttle

[LDoggg_]

There was a pretty good and mostly objective wikipedia page about the guy.

Unfortunately it has been removed.

Looks like Mr Taylor wasn't bluffing about his FBI connections.

^^ GOATSE WARNING ^^

[merreborn]

Parent's link is a tinyurl of goatse.

Kinda figured it might be, personally, but I decided to click it anyway :p

Re:This guy is the biggest tool ever

[Syberghost]

He is from Oklahoma. Have you ever been there? If have been there then you would know why he is acting the way he is. To him everybody who is not from OK or TX is "one of them sumbitches". The word "sumbitch" by the way is the most used word in Oklahoma as in "I'll have some eyygs (eggs) and one of those submtiches over there".

Go visit OK some time, it's an interesting sociological learning experience.

Yes, please do. You could go to one of the conferences NASA holds there, or to visit Altus Air Force Base, where a bunch of "dumb Okies" teach Air Force pilots how to fly their jets to protect your freedom to make stupid bigoted statements on Slashdot. Or maybe you could meet some of thost stupid backwoods morons like astronauts Dr. Shannon Lucid, William Pogue, Owen Garriott, or any of the many other astronauts from Oklahoma. Or former Ambassador to the UN Jean Kirkpatrick. Or visit the birthplace of Wiley Post, who among other things discovered the jet stream and invented the space suit. Or visit the spaceport.

Or, you could just spout off like a bigot because God knows there are no stupid people in YOUR state.

Re:60% of an operating system in 6 months - NO WAY

[WalterGR]

Lets assume that Vista is as few as a 1000KLoc - (I'd bet another order of magnatude personally)

FWIW, according to this article (PDF - sorry) from CyberDefense Magazine, Microsoft Word alone was 2 million lines of code... in 1995.

It also says that Windows 2000 had 35 million LOC, and XP has 40 million.

Assume that the growth between XP and Vista is the same: that means 45 million LOC for Vista. So 60% is 27 million lines of code. It would be ridiculous to re-write that much - let alone impossible.

Re:PowerOpen Association and 88open

[sartin]

Neither 88Open nor PowerOpen were open opening up the chip. Both were about creating Application Binary Interface (ABI) standards so that multiple vendors could provide compatible operating systems and Independent Software Vendors could count on compiling once and run safely on any compliant implementation.

The consortia produced standards that said what must work and what an application was allowed to assume. They produced test suites that could be used to verify a platform for compliance and test suites to verify an application for compliance. Theoretically, any certified application could run on any certified platform (possibly with certain extra hardware requirements).

SPARC International did much the same thing for the SPARC, but also had some emphasis on actually opening up the hardware. HP did something similar briefly with PA-RISC, creating a wildly incomplete and vague ABI which was next to useless because it didn't include critical parts of HP's proprietary linking and dynamic loading technology.

I worked at 88Open and was primary contractor for portions of the PowerOpen and PA-RISC test suites (working for a consulting firm that had also done some of the SPARC ABI work) in a former life.

The new effort seems to be to open up the CPU architecture as well.

Re:"Mac" botnets are nothing more than *NIX botnet

[Chmarr]

PHP is not totally blameless in this. It is VERY easy to write PHP code that is subject to injection-style attacks, mostly because it's SO easy to insert one string into another string without doing the appropriate quoting and character escaping. Ie, PHP makes it easy to do the wrong thing.

Whether or not this is PHP's fault, or the fault of a programming community that doesn't think enough about security, is left as an excercise for the reader :)

Re:Mr Tuttle

[whitehatlurker]

The page was removed basically because the powers-that-be felt Taylor wasn't worth the waste of wiki space. That has to hurt even more than the publicity.

There was also concern that the page was an attack on Taylor. There were some sections that could have been reworded, but he's gotten more than his share of Warhol time.

Re:This guy is the biggest tool ever

[killjoe]

LOL, I was stationed in Altus AFB OK. I spent two years over there. I still have the T-Shirt front: "Where in the hell is Altus OK" Back:"About ten miles south of blair". When I left Altus I thought "Man I am never going back to that fucking state again" but alas for business reasons I have had the distinct misfortune of having to travel back there many many times.

Fuck man, if you want OK to look good don't tell people to go to that shithole of a town. Tulsa maybe, OKC maybe but Altus?? No freakin way. Having said that even Tulsa is nothing but a sea of white conservative suburbia occationally broken up by strip malls. I have never met so many rabid republitards and religious fundamentalists in my life. Man those people think BBQued bologna is gourmet!

Oh and while there are plenty of stupid people in my state it's nowhere near as many in OK.

Re:Mr Tuttle

[AndroidCat]

There's still the Talk page to see.

Re:PowerOpen Association and 88open

[alienw]

You are reading the wrong books. Look at some of the IEEE publications, they are full of cutting-edge research results that nobody had a chance to apply yet.

Re:Tuttle Oklahoma city manager: next step

[Sentry21]

If you tell the validator to force the encoding to windows-1252, then it will try to validate it, and choke on 45 errors. If you tell the validator to force the doctype to XHTML 1.0 (which a quick look at the source seems to indicate they were trying for), you get 100 errors. Fantastic.

Re:Mr Tuttle

Mein Gott ... this guy was an Internet Technologies manager!!!!

(From wikipedia) "Taylor earned a BS in Electrical Engineering from University of Texas at Arlington, a BA in management from National-Louis University's McLean, Virginia campus, and a MBA from Averett University in Danville, Virginia.[1]

Taylor worked for 22 years with E-Systems as a program manager, 17 of those years working on a classified government contract in Virginia. He later ran his own computer business and worked as an Internet technologies manager for Choctaw Electric Cooperative. Taylor was city manager of Harrah, Oklahoma and Hugo, Oklahoma.

Taylor was selected city manager of Tuttle in August 2005, after an absence of a manager for almost two years.[2] ...."