Slashback: Vista Rewrite, Tuttle Travesty, Mac Botnets

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories including Microsoft denies Vista rewrite, Tuttle Oklahoma city manager still doesn't get it, MS Virtual Server slips and VMWare fills the gap, Samsung execs plead guilty to price fixing charges, Tux in retail part 2, a renewed bid to register the Linux trademark in Australia, OpenSPARC.net shades of the past, and a follow up on Mac botnets -- Read on for details.

Microsoft denies Vista rewrite. moochfish writes "Contrary to a heavily doubted feature earlier this week, Business 2.0 magazine reports that Microsoft will not be rewriting large portions of its operating system. From the article, 'Microsoft's own blogger Robert Scoble checked into the story and got a denial from an executive at Microsoft's PR firm, who says he's not aware of any Xbox programmers working on Windows.'"

Tuttle Oklahoma city manager still doesn't get it. gEvil (beta) writes "The Register has posted a followup to this past week's wonderfully humorous story about Tuttle, Oklahoma's technically inept city manager, Jerry Taylor. It appears that Mr. Taylor is not pleased with the publicity he has received due to the incident, despite his prior statement of, 'I have no fear of the media, in fact I welcome this publicity.' He sent an email to the Register's marketing team asking that people stop emailing him and making fun of him."

MS Virtual Server Slips and VMWare fills in the gap. nizo writes "On the heels of the announcement that Microsoft Virtual Server is slipping to 2007, VMware has announced the beta release of the VMware Virtual Machine Importer, which has the capability to convert system images stored in 3rd party formats (including Microsoft Virtual Server images) to VMware virtual machines. The good news is VMware released the importer as a free download."

Samsung execs plead guilty to price fixing charges. bdotcdot writes "Electronics News is running a story on Samsung executives who have plead guilty to the price fixing of DRAM. From the story 'According to the one-count felony charge filed in federal court in San Francisco, at various times during the period from April 1, 1999, to June 15, 2002, these three Samsung employees conspired with unnamed employees from other memory makers to fix the prices of DRAM sold to certain computer and server manufacturers in the U.S., in violation of the Sherman Act. The conspiracy directly affected sales to U.S. computer makers Dell Inc., Hewlett-Packard Company, Compaq Computer Corp., International Business Machines Corp., Apple Computer Inc. and Gateway Inc., the charge said.'"

Tux in retail part 2. silentbob4 writes "Mad Penguin brings us the second and final installment in their 'Tux in Retail' series, in which they interview Linspire CEO Kevin Carmony; Xandros CEO Andreas Typaldos; Mepis Linux founder Warren Woodford; and Kevin Jones, Micro Center Vice President of Merchandising, to get their take Tux's jump into big box retail. The first installment was run as an earlier Slashdot article."

Renewed bid to register Linux trademark in Australia? daria42 writes "A renewed bid to register the word 'Linux' as an Australian trademark must meet an early April deadline or face defeat." From the article: "'The deadline to file a response to the Examiner's rejection has not yet passed, and LMI and its attorneys are still determining if they will respond,' a spokesperson for the body told ZDNet Australia in an emailed statement."

OpenSPARC.net, shades of the past. Andy Updegrove writes "In what must have seemed to many as a bold move, Sun Microsystems recently announced that it would release the source code for its UltraSparc T1 processor under the GPL, supported by a new organization that it calls OpenSPARC.net. But to those that have been around for a while, the announcement had an eerily familiar sound to it, and that sound was the echo of an organization called SPARC International. Formed 18 years ago to license the SPARC chip design to multiple vendors to ensure second sourcing for the hardware vendors that Sun hoped would adopt it, SPARC International seemed to be every bit as revolutionary for its time as Sun's new initiative does today. Motorola launched a somewhat similar group called 88open to support its own RISC chip design, and later IBM, Motorola and Apple launched the PowerOpen Association to promote the PowerPC. The Websites of the PowerOpen Association and 88open are long gone, and seem to have escaped even the WayBack Machine's reach. But SPARC International's site, looking very retro and neglected, can still be seen - at least for now."

Follow up on Mac botnets. An anonymous reader writes "Washingtonpost.com has an interesting follow up to skeptical claims as a result of a previous Slashdot story. Mac OS X systems have indeed been spotted in botnets, thanks largely to several worms going around that take advantage of Web-based applications running vulnerable PHP software. From the article: 'By leveraging this PHP flaw, the attackers were able to seed the Mac systems with several tools designed to turn them into drones for use in waging destructive distributed denial of service attacks.'

"Mac" botnets are nothing more than *NIX botnets

[daveschroeder]

And they usually come from the same place, as the followup notes:

A php-based web application (forum, blog, CMS, etc.) that has an exploit, usually php injection, whereby various script/botnet kiddie tools and irc-related items are installed, usually in /tmp or /var/tmp. Perhaps they'll install a php shell too. Sometimes, they'll try to run a rootkit against the local machine.

This is nothing new, and doesn't really have anything to do with "Macs". It has more to do with php and people not keeping their php-based web applications up to date than anything[1]. It is interesting, though, that since Mac OS X is essentially a UNIX, that it's certainly vulnerable to a whole slew of this family of exploits.

[1] Just as a Mac sitting on the internet with apache and ssh open doesn't really test anything beyond the security of the default configurations of apache and OpenSSH on that OS and architecture. And that's exactly the point.

Mr Tuttle

[rob1980]

It appears that Mr. Taylor is not pleased with the publicity he has received due to the incident, despite his prior statement of, 'I have no fear of the media, in fact I welcome this publicity.'

Yeah, the publicity isn't so great when it's not the local ABC affiliate oohing and aahing over your latest plan to put a new tree in the city park, is it?

Tuttle Oklahoma city manager: next step

[m_chan]

Email him a tinyurl warning him that Tuttle's site has been coopted by an outside suspect, likely terrorist-affiliated organization.

Re:Tuttle Oklahoma city manager: next step

[merreborn]

Man, the w3 HTML validator refuses to even try to validate the site:

http://validator.w3.org/check?uri=http%3A%2F%2Ftut tle-ok.gov%2F

Re:Tuttle Oklahoma city manager: next step

[ozmanjusri]

Tuttle's site has been coopted by an outside suspect, likely terrorist-affiliated organization.

I thought it was Buttle who was affiliated with terrorits, not Tuttle.

Re:Tuttle Oklahoma city manager: next step

[Sentry21]

If you tell the validator to force the encoding to windows-1252, then it will try to validate it, and choke on 45 errors. If you tell the validator to force the doctype to XHTML 1.0 (which a quick look at the source seems to indicate they were trying for), you get 100 errors. Fantastic.

Sent to citymgr@cityoftuttle.org

[anomaly]

I sent this to the city manager. I have not yet received a reply.

Sir,
I appreciate that you were frustrated that your city website was
non-functional, but it appears to me that the people to whom you
complained were not responsible, and that the tone of your messages tended
to be combative.

The folks from CentOS were being polite and helpful, based on my read of
the messages. I believe that you owe them an apology. they had
absolutely NOTHING to do with the problems you experienced, and tried to
assist you anyway. For you to respond with "I am sorry that we had to go
through the process and accusations to get the problem resolved" They did
nothing wrong. You accused them, and frankly it was uncharitable on your
part.

Please extend an official apology to those folks at www.centos.org. They
deserve it.

Please also note that I am not affiliated with CentOS in any way (except
that I use their Linux distribution quite happliy.) I read about this
spat on a technology-focused website known as slashdot
http://www.slashdot.org/

Respectfully,

Re:Sent to citymgr@cityoftuttle.org

My note:

To the Honorable Lonnie Paxton and members of the Town Council of the City of Tuttle,

You may want to consider hiring a new town manager, replacing Mr. Jerry A. Taylor who recently earned the City of Tuttle worldwide embarrassment with his legal threats against Centos.

Mr. Taylor claims to have been a "Computer Systems Engineer" with 22 years of experience. However, upon discovering an extremely simple problem with the City of Tuttle web site, rather than proceeding to work with the hosting company responsible for the management of the City of Tuttle web site, Mr. Taylor chose to publicly harass and attempt to intimidate the developers responsible for designing a free operating system called CentOS.

What is CentOS? Like the well-known Microsoft Windows, it is an operating system. More specifically, CentOS is a FREE operating system built by volunteers, largely based on the also-free GNU and Linux projects.

Transcripts of the Mr. Taylor's juvenile threats toward CentOS are posted publicly on the Internet, and those transcripts underscore Mr. Taylor's utter incompetence, unwillingness to accept FREE help from folks who provided a FREE operating system, even though the CentOS developers have NO responsibility whatsoever to clean up Mr. Taylor's mess.

When Mr. Taylor FINALLY agreed that the Centos folks had nothing to do with the misconfiguration problem (the problem is actually due to two parties: the company hosting the City of Tuttle web site, and Mr. Jerry A. Taylor himself) he not only was not apologetic, but downright insulting in his response.

The City of Tuttle has earned worldwide ridicule in the face of this issue, and the dated and sophomoric appearance of Tuttle's now-well-publicized web site has earned widespread harsh criticism and ridicule as well.

Please consider replacing Mr. Jerry A. Taylor. Many of us feel sorry for the City of Tuttle as we believe that there are many people more deserving of his salary and who can perform a much better job were they given the opportunity to fill his position. Jerry A. Taylor's salary is money wasted right now.

Here are some of the web pages covering this story that you may wish to check out:

http://www.theregister.co.uk/2006/03/24/tuttle_cen tos/
http://linux.slashdot.org/article.pl?sid=06/03/27/ 135221&tid=133
http://www.digg.com/security/Why_every_city_counci l_needs_at_least_one_geek_=%5D
http://www.theregister.co.uk/2006/03/27/tuttle_ema il/

Mr. Taylor's outbursts and threats toward the generous CentOS folks may be seen here:

http://www.centos.org/modules/news/article.php?sto ryid=127

As you will note, Mr. Taylor's outbursts are unbecoming of a city official and earn little respect for the City of Tuttle. Even after realizing that the CentOS representatives were not to blame, but he and his web hosts are, and even after having received hundreds of emails from kind folks all over the world who are attempting to explain to him that the CentOS developers are not to blame, he is insisting that the CentOS folks would only help him after he threatened to contact the FBI. This is not only patently false, but downright slanderous and such statements could earn a defamation of character suit from CentOS. I know if I were that developer I would consider filing suit against Tuttle over such false statements made to the media.

Re:Sent to citymgr@cityoftuttle.org

[daeviltwin]

How much of your life did you waste writing that? Are you such an asshole that you actually believe you will get a response or better yet an apology? Keep firing off those letters, Sparky. You'll change the world someday. Fucking dipshit.

How much of your life did you waste writing that? Are you such an asshole that you actually believe you will get a response or better yet an apology? Keep firing off those letters, Sparky. You'll change the world someday. Fucking dipshit.

Best part of this whole Tuttle thing...

[Heem]

Is that this guy just still hasn't got a clue..

Now I am being flooded with emails from CentOS users that after knowing the answer say the problem was simple.

What I can't stand more than anything is someone that can't admit that they were wrong, even at this stage of the game.

60% of an operating system in 6 months - NO WAY

[MerlynEmrys67]

Lets assume that Vista is as few as a 1000KLoc - (I'd bet another order of magnatude personally) That implies 600KLoc of new code written, tested debugged, etc. in 6 months. Uh - NO operating system development isn't that fast. I am not even sure I would buy the line that the current Vista codebase is 60% new/changed from XP (RTM - not SP2, patched to heck)

Re:60% of an operating system in 6 months - NO WAY

[WalterGR]

Lets assume that Vista is as few as a 1000KLoc - (I'd bet another order of magnatude personally)

FWIW, according to this article (PDF - sorry) from CyberDefense Magazine, Microsoft Word alone was 2 million lines of code... in 1995.

It also says that Windows 2000 had 35 million LOC, and XP has 40 million.

Assume that the growth between XP and Vista is the same: that means 45 million LOC for Vista. So 60% is 27 million lines of code. It would be ridiculous to re-write that much - let alone impossible.

Re:60% of an operating system in 6 months - NO WAY

[EuroChild]

No, the other 400K lines are just being copied and pasted from OS X.

Easy!

VMware URL wrong

The URL for VMware Importer beta is wrong: It should be: http://www.vmware.com/products/beta/vmimporter/

Re:"Mac" botnets are nothing more than *NIX botnet

[Bonker]

It's also worth noting that the exploits are against 'PHP applications' and not PHP itself.

I can't count the number of terrified middle managers who scream bloody murder to me about PHPNuke or PHPBB bugs, thinking that the flaws are in PHP itself.

Again, this boils down to keeping your software up to date. Careful pruning of your php.ini file also helps.

Great, look at what you just did.

[Spy+der+Mann]

Sorry, but I don't agree on harassing someone over e-mail. His public shame is enough, don't you think? PLUS, by posting his e-mail on the web, you just made his e-mail vulnerable to spammers.

Worse, the e-mail address will be still available AFTER he resigns or his government period finishes. Will the next mayor have to cope with this?

Tuttle NBC video

[dustwun]

Seems even the Tulsa NBC affiliate picked up the story. They've got a video online at http://www.kfor.com/global/category.asp?c=9667, it's the Tuesday 10pm news story. The CentOS bit starts at around 4 minutes 13 seconds, and is around 3 minutes long.

I'm not linking directly to it, because we've already crushed their bandwith enough for one week, but feel free to check it out.
It's not at all flattering to the City Manager...

Check your sources ...

[Bob+Loblaw]

'Microsoft's own blogger Robert Scoble checked into the story and got a denial from an executive at Microsoft's PR firm, who says he's not aware of any Xbox programmers working on Windows.' ... because an executive from MS's PR firm is the *first* person I would go to for the "truth" ... : /

They are likely not aware of a lot of things ... that doesn't make them untrue.

This guy is the biggest tool ever

[porkThreeWays]

I still can't believe this tool. He actually thinks the threat to the FBI is what prompted the CentOS developer (lead dev if I remember correctly). More likely the developer got tired of this fagtart harassing him. The city manager justified his actions by saying that anyone who is experienced on the internet knows better than to follow directions on a website. When the directions are to consult your site's administrator, I think those are pretty safe instructions.

And I can't believe this twiddle dick STILL hasn't apologized. He shoots back with "there should have been better directions". It is mind boggling that in 20 years of his supposed IT experience he's never run into a default webserver page. I really think this ass clown is deserving of any and all harassment he gets. In fact, he is deserving of a bill for CentOS's wasted time. If I had go-go gadget balls, I'd teabag that butthole surfer from 12 states away.

Re:This guy is the biggest tool ever

[killjoe]

LOL, I was stationed in Altus AFB OK. I spent two years over there. I still have the T-Shirt front: "Where in the hell is Altus OK" Back:"About ten miles south of blair". When I left Altus I thought "Man I am never going back to that fucking state again" but alas for business reasons I have had the distinct misfortune of having to travel back there many many times.

Fuck man, if you want OK to look good don't tell people to go to that shithole of a town. Tulsa maybe, OKC maybe but Altus?? No freakin way. Having said that even Tulsa is nothing but a sea of white conservative suburbia occationally broken up by strip malls. I have never met so many rabid republitards and religious fundamentalists in my life. Man those people think BBQued bologna is gourmet!

Oh and while there are plenty of stupid people in my state it's nowhere near as many in OK.

^^ GOATSE WARNING ^^

[merreborn]

Parent's link is a tinyurl of goatse.

Kinda figured it might be, personally, but I decided to click it anyway :p

Re:OpenSPARC

[joe_bruin]

Sun was always hoping, and still is, that others will take the SPARC design and implement their own chips. They want economies of scale to start playing into SPARC like it has into the x86 and ARM market. Obviously, joe hacker is not going to be doing this, but there are some companies that can and very well might.

Here's why other people would want to make SPARC chips: Linux. Oh no, here comes the zealot talk. Actually, not quite. Linux runs on the three leading server architectures, x86 (+AMD64), POWER, and SPARC. From a deployment and administration standpoint, you don't really care what CPU you're running on. With the T1, Sun released the CPU with the highest performance per Watt on the market (for some tasks). This is an attractive chip, but buying from Sun is not always appealing. Sun gear is pretty expensive.

Today, there are many Taiwanese and Chinese motherboard makers, and they sell lots and lots of hardware. But their chips must always come from Intel or AMD (or Via, who's never been competitive). They would love nothing more than to have a standard CPU architecture that they can manufacture (TSMC or PMC can fab these for them) and take the profit cut from instead of handing that business to Intel. With Sun's release, they now have the tools to make a chip that is not only competitive with x86 and Power, but is actually top of the line, and at no additional cost to them. It already runs Linux, it's ready for blades, they know it will sell.

Sun benefits by having cheaper SPARC CPUs on the market, driving down their costs and increasing their architecture share. The manufacturers benefit by being able to sell at the high end, and sell cheaper. Server buyers benefit, because there is now a cheap source for high end machines. Now, if these chips really move, don't be surprised to see Texas Instruments (who doesn't have a server chip, but does have the fabs and experience with SPARC) and even IBM (who will make whatever sells) start to make these.

Re:PowerOpen Association and 88open

[sartin]

Neither 88Open nor PowerOpen were open opening up the chip. Both were about creating Application Binary Interface (ABI) standards so that multiple vendors could provide compatible operating systems and Independent Software Vendors could count on compiling once and run safely on any compliant implementation.

The consortia produced standards that said what must work and what an application was allowed to assume. They produced test suites that could be used to verify a platform for compliance and test suites to verify an application for compliance. Theoretically, any certified application could run on any certified platform (possibly with certain extra hardware requirements).

SPARC International did much the same thing for the SPARC, but also had some emphasis on actually opening up the hardware. HP did something similar briefly with PA-RISC, creating a wildly incomplete and vague ABI which was next to useless because it didn't include critical parts of HP's proprietary linking and dynamic loading technology.

I worked at 88Open and was primary contractor for portions of the PowerOpen and PA-RISC test suites (working for a consulting firm that had also done some of the SPARC ABI work) in a former life.

The new effort seems to be to open up the CPU architecture as well.

Let's add him to the language

[Beryllium+Sphere(tm)]

Should he be a noun, as in "that move was a real Jerry Taylor"?

Or is a verb phrase more appropriate, such as "pull a Jerry Taylor", "Jerry Taylorize", or "go totally Jerry Taylor on $INNOCENT_TARGET"?

Or should the winning entry be an adjective, as in "that email was *so* Jerry Taylor"?

Write a letter to Tuttle

[slamb]

I hope more people take the time to write to The City of Tuttle asking them to apologize. Dealing with people like this drains all motivation to get involved with projects like CentOS, so it's important to take care of this and prevent it from happening again.

Here's the email I just sent:

To: citymgr@cityoftuttle.org
CC: mayor@cityoftuttle.org
Subject: Apologize to CentOS

Mr. Taylor,

I'm writing in response to your recent letter to The Register [1]. I am appalled to learn of your continued hostility to the Johnny Hughes, the CentOS Team, and the open source community as a whole. I am a member of this community.

You wrote that you "only got help after threatening to contact the FBI" [2]. That's a misleading statement without also mentioning that you threatened to contact the FBI prior to describing the problem or asking for help. I quote from your initial email: "Please remove your software immediately before I report it to government officials!!"

Most organizations would have immediately directed you to their legal department and cut off all other contact. CentOS stuck with you through your lengthy email exchange and resolved your problem despite your threats and ingratitude. That shows a level of dedication and professionalism that you could never achieve. Even more so when you consider that they are volunteers and that you are not a paying customer. They are not obligated to help under even the best of circumstances.

After CentOS provided you with the publicity you welcomed, you apparently discovered that the open source community has no respect for those who abuse our movers and shakers. Realize that an apology is a necessary first step to repair the damage you have done to your city's reputation.

Sincerely,
Scott Lamb

[1] - http://www.theregister.co.uk/2006/03/27/tuttle_ema il/
[2] - http://www.centos.org/modules/news/article.php?sto ryid=127

Re:"Mac" botnets are nothing more than *NIX botnet

[tpgp]

doesn't really have anything to do with "Macs".

Don't be stupid. It has everything to do with "Macs" and any other unix-like operating system that runs perl & php.

Its worth knowing that that there is people attacking OS X in the wild and the vectors they are using.

Too many Mac users believe they're invlunerable & start to play around with internet facing services without adequately firewalling themselves.

Articles like this are a good reminder that any unix-like system can be made vulnerable, even if its its pretty well hardened by default.

City of Tuttle in Microsoft's Adverts

[steveoc]

It wont be long now until the next installment of microsoft's 'Get the facts' campaing includes the following headline :

City of Tuttle saves $ billions by migrating from Linux to Microsoft Windows.

After an extensive evaluation in which the City of Tuttle compared Windows® and Linux, the city selected Microsoft® Windows Server System(TM). Besides the obvious cost savings of moving to Windows, the city manager of Tuttle observed that security was of prime importance in the decision. "Ive worked with computers for 22 years, and Ive seen first hand how an interweb running on linux can easily be hijacked by hackers without MY permission."