Slashback: Vista Rewrite, Tuttle Travesty, Mac Botnets

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories including Microsoft denies Vista rewrite, Tuttle Oklahoma city manager still doesn't get it, MS Virtual Server slips and VMWare fills the gap, Samsung execs plead guilty to price fixing charges, Tux in retail part 2, a renewed bid to register the Linux trademark in Australia, OpenSPARC.net shades of the past, and a follow up on Mac botnets -- Read on for details.

Microsoft denies Vista rewrite. moochfish writes "Contrary to a heavily doubted feature earlier this week, Business 2.0 magazine reports that Microsoft will not be rewriting large portions of its operating system. From the article, 'Microsoft's own blogger Robert Scoble checked into the story and got a denial from an executive at Microsoft's PR firm, who says he's not aware of any Xbox programmers working on Windows.'"

Tuttle Oklahoma city manager still doesn't get it. gEvil (beta) writes "The Register has posted a followup to this past week's wonderfully humorous story about Tuttle, Oklahoma's technically inept city manager, Jerry Taylor. It appears that Mr. Taylor is not pleased with the publicity he has received due to the incident, despite his prior statement of, 'I have no fear of the media, in fact I welcome this publicity.' He sent an email to the Register's marketing team asking that people stop emailing him and making fun of him."

MS Virtual Server Slips and VMWare fills in the gap. nizo writes "On the heels of the announcement that Microsoft Virtual Server is slipping to 2007, VMware has announced the beta release of the VMware Virtual Machine Importer, which has the capability to convert system images stored in 3rd party formats (including Microsoft Virtual Server images) to VMware virtual machines. The good news is VMware released the importer as a free download."

Samsung execs plead guilty to price fixing charges. bdotcdot writes "Electronics News is running a story on Samsung executives who have plead guilty to the price fixing of DRAM. From the story 'According to the one-count felony charge filed in federal court in San Francisco, at various times during the period from April 1, 1999, to June 15, 2002, these three Samsung employees conspired with unnamed employees from other memory makers to fix the prices of DRAM sold to certain computer and server manufacturers in the U.S., in violation of the Sherman Act. The conspiracy directly affected sales to U.S. computer makers Dell Inc., Hewlett-Packard Company, Compaq Computer Corp., International Business Machines Corp., Apple Computer Inc. and Gateway Inc., the charge said.'"

Tux in retail part 2. silentbob4 writes "Mad Penguin brings us the second and final installment in their 'Tux in Retail' series, in which they interview Linspire CEO Kevin Carmony; Xandros CEO Andreas Typaldos; Mepis Linux founder Warren Woodford; and Kevin Jones, Micro Center Vice President of Merchandising, to get their take Tux's jump into big box retail. The first installment was run as an earlier Slashdot article."

Renewed bid to register Linux trademark in Australia? daria42 writes "A renewed bid to register the word 'Linux' as an Australian trademark must meet an early April deadline or face defeat." From the article: "'The deadline to file a response to the Examiner's rejection has not yet passed, and LMI and its attorneys are still determining if they will respond,' a spokesperson for the body told ZDNet Australia in an emailed statement."

OpenSPARC.net, shades of the past. Andy Updegrove writes "In what must have seemed to many as a bold move, Sun Microsystems recently announced that it would release the source code for its UltraSparc T1 processor under the GPL, supported by a new organization that it calls OpenSPARC.net. But to those that have been around for a while, the announcement had an eerily familiar sound to it, and that sound was the echo of an organization called SPARC International. Formed 18 years ago to license the SPARC chip design to multiple vendors to ensure second sourcing for the hardware vendors that Sun hoped would adopt it, SPARC International seemed to be every bit as revolutionary for its time as Sun's new initiative does today. Motorola launched a somewhat similar group called 88open to support its own RISC chip design, and later IBM, Motorola and Apple launched the PowerOpen Association to promote the PowerPC. The Websites of the PowerOpen Association and 88open are long gone, and seem to have escaped even the WayBack Machine's reach. But SPARC International's site, looking very retro and neglected, can still be seen - at least for now."

Follow up on Mac botnets. An anonymous reader writes "Washingtonpost.com has an interesting follow up to skeptical claims as a result of a previous Slashdot story. Mac OS X systems have indeed been spotted in botnets, thanks largely to several worms going around that take advantage of Web-based applications running vulnerable PHP software. From the article: 'By leveraging this PHP flaw, the attackers were able to seed the Mac systems with several tools designed to turn them into drones for use in waging destructive distributed denial of service attacks.'

"Mac" botnets are nothing more than *NIX botnets

[daveschroeder]

And they usually come from the same place, as the followup notes:

A php-based web application (forum, blog, CMS, etc.) that has an exploit, usually php injection, whereby various script/botnet kiddie tools and irc-related items are installed, usually in /tmp or /var/tmp. Perhaps they'll install a php shell too. Sometimes, they'll try to run a rootkit against the local machine.

This is nothing new, and doesn't really have anything to do with "Macs". It has more to do with php and people not keeping their php-based web applications up to date than anything[1]. It is interesting, though, that since Mac OS X is essentially a UNIX, that it's certainly vulnerable to a whole slew of this family of exploits.

[1] Just as a Mac sitting on the internet with apache and ssh open doesn't really test anything beyond the security of the default configurations of apache and OpenSSH on that OS and architecture. And that's exactly the point.

VMware URL wrong

The URL for VMware Importer beta is wrong: It should be: http://www.vmware.com/products/beta/vmimporter/

Re:"Mac" botnets are nothing more than *NIX botnet

[Bonker]

It's also worth noting that the exploits are against 'PHP applications' and not PHP itself.

I can't count the number of terrified middle managers who scream bloody murder to me about PHPNuke or PHPBB bugs, thinking that the flaws are in PHP itself.

Again, this boils down to keeping your software up to date. Careful pruning of your php.ini file also helps.

Tuttle NBC video

[dustwun]

Seems even the Tulsa NBC affiliate picked up the story. They've got a video online at http://www.kfor.com/global/category.asp?c=9667, it's the Tuesday 10pm news story. The CentOS bit starts at around 4 minutes 13 seconds, and is around 3 minutes long.

I'm not linking directly to it, because we've already crushed their bandwith enough for one week, but feel free to check it out.
It's not at all flattering to the City Manager...

^^ GOATSE WARNING ^^

[merreborn]

Parent's link is a tinyurl of goatse.

Kinda figured it might be, personally, but I decided to click it anyway :p

Re:60% of an operating system in 6 months - NO WAY

[WalterGR]

Lets assume that Vista is as few as a 1000KLoc - (I'd bet another order of magnatude personally)

FWIW, according to this article (PDF - sorry) from CyberDefense Magazine, Microsoft Word alone was 2 million lines of code... in 1995.

It also says that Windows 2000 had 35 million LOC, and XP has 40 million.

Assume that the growth between XP and Vista is the same: that means 45 million LOC for Vista. So 60% is 27 million lines of code. It would be ridiculous to re-write that much - let alone impossible.

Re:PowerOpen Association and 88open

[sartin]

Neither 88Open nor PowerOpen were open opening up the chip. Both were about creating Application Binary Interface (ABI) standards so that multiple vendors could provide compatible operating systems and Independent Software Vendors could count on compiling once and run safely on any compliant implementation.

The consortia produced standards that said what must work and what an application was allowed to assume. They produced test suites that could be used to verify a platform for compliance and test suites to verify an application for compliance. Theoretically, any certified application could run on any certified platform (possibly with certain extra hardware requirements).

SPARC International did much the same thing for the SPARC, but also had some emphasis on actually opening up the hardware. HP did something similar briefly with PA-RISC, creating a wildly incomplete and vague ABI which was next to useless because it didn't include critical parts of HP's proprietary linking and dynamic loading technology.

I worked at 88Open and was primary contractor for portions of the PowerOpen and PA-RISC test suites (working for a consulting firm that had also done some of the SPARC ABI work) in a former life.

The new effort seems to be to open up the CPU architecture as well.

Re:This guy is the biggest tool ever

[killjoe]

LOL, I was stationed in Altus AFB OK. I spent two years over there. I still have the T-Shirt front: "Where in the hell is Altus OK" Back:"About ten miles south of blair". When I left Altus I thought "Man I am never going back to that fucking state again" but alas for business reasons I have had the distinct misfortune of having to travel back there many many times.

Fuck man, if you want OK to look good don't tell people to go to that shithole of a town. Tulsa maybe, OKC maybe but Altus?? No freakin way. Having said that even Tulsa is nothing but a sea of white conservative suburbia occationally broken up by strip malls. I have never met so many rabid republitards and religious fundamentalists in my life. Man those people think BBQued bologna is gourmet!

Oh and while there are plenty of stupid people in my state it's nowhere near as many in OK.

Re:Tuttle Oklahoma city manager: next step

[Sentry21]

If you tell the validator to force the encoding to windows-1252, then it will try to validate it, and choke on 45 errors. If you tell the validator to force the doctype to XHTML 1.0 (which a quick look at the source seems to indicate they were trying for), you get 100 errors. Fantastic.