Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
I predict that they will choose Google as the recipient of the first suit. Once they have crushed them then Microsoft will step in and pick up the pieces of Google which they were after in the first place.
They're also running a mailserver which is clearly a retarded shell script:
{setantae@shrike}-{~} $ telnet sdfsdfwetew43efwe.net smtp
Trying 64.94.110.11...
Connected to sdfsdfwetew43efwe.net.
Escape character is '^]'.
220 snubby4-wceast Snubby Mail Rejector Daemon v1.3 ready
sdsd
250 OK
sdfsd
250 OK
sdgsd
550 User domain does not exist.
sdgsg
250 OK
sdgds
221 snubby4-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel
Connection closed by foreign host
Now, assume I fatfinger a local alias in a database, so that all users are entered as user1@submonke.net, user2@submonke.net, etc. and then send a mail to allusers@submonkey.net which then pulls them all out of the database. Also, assume I have 1000 users.
Due the above stupid shell script, my first SMTP session goes like this:
220 snubby3-wceast Snubby Mail Rejector Daemon v1.3 ready
HELO shrike.submonkey.net
250 OK
MAIL FROM:
250 OK
RCPT TO:
550 User domain does not exist.
RCPT TO:
250 OK
RCPT TO:
221 snubby3-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel
Connection closed by foreign host.
Well, thank you. Since you 250'd the second user, and 221'd the third, but I didn't get to actually send any mail, this now takes 1000 remote delivers for all these messages to bounce, instead of one DNS lookup.
I hope whichever a*****e came up with this idea rots in his new Porsche.
Is it me or is Microsoft getting worse at realising security flaws in their own software?:)
Realising? Discovering?
There are a large number of people here who think that this is just a bug that's been discovered! It's a security hole that has been deliberately engineered and designed into the server. This is absolutely outrageous and makes me worry what else they are likely to do:
"Whoops! We accidentally intercepted your credit card number and bought ourselves a helicopter, but we guess you'll put up with it because you forgive us everything."
Slashdot Mirror
The normal ports already do that.
This license was for precompiled binaries.
CVSup doesn't really have any ties to CVS - it will distribute any tree you care to give it quite happily.
I'd be really surprised if anyone else here thought that whether they had been awarded anything was the issue.
You are mistaken.
/bin/whatever to execute the script.
"#!/bin/whatever" is interpreted by the kernel, which then asks
Symantec say that the DDOS will begin on February 1st.
Looks like SCO have taken their site down too early.
Clauses 1 and 2 are still in full effect:
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
The s1g bug did actually hit the CVSup program - see http://people.freebsd.org/~jdp/s1g/ for the details.
Have you tried running it on NetBSD with the COMPAT_IBCS2 kernel option?
My prediction from one week ago: I predict that they will choose Google as the recipient of the first suit. Once they have crushed them then Microsoft will step in and pick up the pieces of Google which they were after in the first place.
Perhaps that's their plan. They'll sneakily transfer all of SCO's assets to the lawyers over the next 12 months, and then wind it up.
Expect to see Darl as a highly paid mailboy for Boies soon.
I predict that they will choose Google as the recipient of the first suit. Once they have crushed them then Microsoft will step in and pick up the pieces of Google which they were after in the first place.
I thought that was just for swap partitions. Correct me if I'm wrong.
Copyright defends everyone who authors a work.
Abolishing it would be simply ridiculous (and throws the GPL out the window, for those who care). I'm amazed that someone here would even propose it.
It doesn't work for AAAA or A6 records, so if we drop IPv4 we should be safe for a while...
They're also running a mailserver which is clearly a retarded shell script:
{setantae@shrike}-{~} $ telnet sdfsdfwetew43efwe.net smtp
Trying 64.94.110.11...
Connected to sdfsdfwetew43efwe.net.
Escape character is '^]'.
220 snubby4-wceast Snubby Mail Rejector Daemon v1.3 ready
sdsd
250 OK
sdfsd
250 OK
sdgsd
550 User domain does not exist.
sdgsg
250 OK
sdgds
221 snubby4-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel
Connection closed by foreign host
Now, assume I fatfinger a local alias in a database, so that all users are entered as
user1@submonke.net, user2@submonke.net, etc. and then send a mail to
allusers@submonkey.net which then pulls them all out of the database.
Also, assume I have 1000 users.
Due the above stupid shell script, my first SMTP session goes like this:
220 snubby3-wceast Snubby Mail Rejector Daemon v1.3 ready
HELO shrike.submonkey.net
250 OK
MAIL FROM:
250 OK
RCPT TO:
550 User domain does not exist.
RCPT TO:
250 OK
RCPT TO:
221 snubby3-wceast Snubby Mail Rejector Daemon v1.3 closing transmission channel
Connection closed by foreign host.
Well, thank you. Since you 250'd the second user, and 221'd the third, but I didn't get
to actually send any mail, this now takes 1000 remote delivers for all these messages to
bounce, instead of one DNS lookup.
I hope whichever a*****e came up with this idea rots in his new Porsche.
See http://www.domainregistry.ie/sear ch/ whois.html for their reasons why.
It does sometimes make dealing with a transfer a bit harder, but that's not necessarily a bad thing.
Realising? Discovering?
There are a large number of people here who think that this is just a bug that's been discovered!
It's a security hole that has been deliberately engineered and designed into the server.
This is absolutely outrageous and makes me worry what else they are likely to do:
"Whoops! We accidentally intercepted your credit card number and bought ourselves a helicopter, but we guess you'll put up with it because you forgive us everything."
decksandrumsandrockandroll