One was written from the MyDoom worm, and patched the hole after using it to get in.
While the person who wrote it had good intensions, the network traffic turned out to be devastating for some businesses, and caused more trouble than leaving it alone would have.
I think that the problem with that one was that it went actively looking for exploitable boxes. Far better would be to just quietly listen for a box trying to use the exploit -- presume that it's been exploited itself, and then respond by going in and patching the infected box.
That way it wouldn't actually generate any traffic other than to boxes
that have already shown signs of being infected.
I have something like that running, but it doesn't try to break into the box... I watch the apache logs for some common IIS exploit attempts, and then generate automatic messages to the responsible ISP (If my program can determine who that is).
I"m not up to learning how to write a counter-virus just to find out (post release) that it has a destructive bug that's gonna get me arrested.
Cooling the wildfire of linux through it's Unix underpinnings (elidged)
Oh, Linux has definite and real UNIX underpinnings, but what SCO 'owns' (or claims to own) isn't UNIX. SCO has the rights with respect to the code base that was once known is System V, which was a version of unix. There are other versions of UNIX.. some of which have an AT&T beginning and some of which don't.
The name "UNIX", and the right to call something "UNIX" devolved to a group that has no relation to SCOG. What SCOG controls now may, or may not, qualify today as "UNIX". On the other hand I believe that at least one release of Linu has it's UNIX certification proess.
If you bypass the protection, you're violating the DMCA, even if the purpose is for fair use.
I wonder: If the intent of the circumvention it NOT intended to circumvent producer protection of their rights -- but is, rather, intended to protect fair use, with a simple side effect of possibly enabling violation of producer rights, would that make it past the courts?
Groklaw is reporting on a Newsforge article that the FTC is investigating the apparent SCO/MS link exposed in the Halloween X document. I guess that some things are too obvious for even the Bush administration to totally ignore. The FTC will not officially acknowledge it, but their comments made by officials indicate that the deal (possibly among others) is definitely on their radar.
lemme see: Flat like a pancake, (also refers to your house after the first earthquake).
Good demographics (lots of affluent chinese business imigrants)
reasonably contained
mostly residential, (some industrial) -> fewer businesses freaking out if/when their connection drops
I think it's mostly being FLAT. This is a test market, so they don't want people complaining about dead spots a lot. If you get into the hilly areas of Vancouver (or, even worse, North Vancouver) you can almost guarantee dead spots with the resultant complaints.
google for
alt.gourmand. It began as net.recipies back in the '80s by Brian Reid who was very serious about his recipies... (the now infamous
alt.* heirarcy was created, in part, because he thought that 'rec.food.recipes' denigrated his moderated newsgroup (I vaguely remember him lobbying to have it put int the soc(social) heirarchy.
When I printed it (back in 1991, it was about 500+pages of recipies (one page/recipe). Back then it was done as a set of nroff/troff macros which (among other things) allowed you to specify whether you wanted metric or english measurments. and even allowed a permuted index (for those of you used to the old UNIX manual page books).
Some very nice recipies there, and a number of versions of some of the more popular ones.
The archive at http://www.funet.fi/pub/culture/recipes/
has about 700 recipes others may have more.
Each recipe has a rating for difficulty, time and precision needed.
I saw more like 10% (but the loginids were assigned and not all that memorable). It was also a pool of people a bit more likely to be geekish than the average population.
I use those stats to impress sysadmin students...to try and convince them that coming up with decent passwords is a good idea.
This is an actual IM chat log (names have been changed to protect the , uhm, innocent)
..... (16:13:55) hackeduser25: omg i cant belive they did this to me (16:14:35) stephen samuel: precisely what did they do?? All I saw was on the guest log page. (16:14:53) hackeduser25: they put porn on it and changed everything around (16:15:19) hackeduser25: im gonna havet to do it all over again it took me months and now i must re-type it all
(16:15:23) stephen samuel: Do you have a backup copy at home? (16:15:29) hackeduser25: im gonna have a panic attack...no (16:16:05) stephen samuel: It's possible that (most of) the original stuff is still there. (16:16:18) hackeduser25: i know the site is frozen (16:16:35) stephen samuel: How do you do updates?? (16:16:49) hackeduser25: easily but i cant access my account!!!!! (16:16:52) hackeduser25: cuz they changed it all (16:17:30) stephen samuel: You may want to get to the people who host the site and ask them to reset it back to
what it was yesterday... (at least the password). (16:19:26) stephen samuel: In the meantime, I'd suggest that you come up with a password that's not easily guessable. (16:19:48) stephen samuel: Did you have an 'easily guessable' password? (16:20:19) hackeduser25: well it was password. (16:20:47) stephen samuel: That explains why you got slimed... It's the first password that a hacker would try.
(16:21:13) hackeduser25: omg great (16:21:15) stephen samuel: Literaly -- it's the absolute MOST used password by newbies. (16:21:27) hackeduser25: oh well great then (16:21:49) stephen samuel: justasec.. I'm looking for my file on how to create relatively secure passwords.... (16:22:13) hackeduser25: k (16:24:24) stephen samuel: http://www.bcgreen.com/solaris/passwords.html .....
Moth Richards and his lawyer claim that they were not asking for $300K, but for something much less -- just bandwidth charges.. If we presume that his 3million hits per month represents 3million page views at ~10Kbytes/page, then we're looking at about 30GB/month so that would be somewhere between $60 and $200/month (depending on what sort of bandwidth costing he has).
IN 2001, the site was estimated to have about 600 pages... Let's say that they got up to 1000 pages by now. I'm not a professional web designer, but what do you charge for building a single web page? Multiply that by 1000 to figure out what this guy should probably ask for.
$300K still seems like a bit high, but it's not completely out to lunch.. I'd classify it as being in the high range of reasonable or low to medium range unreasonable.
Nontheless, he claims that he was asking for bandwidth charges (I'd read this as ~$200/month range), not for site creation charges.
My reading of the site (though, this is just HIS side of it), is that he did NOT charge them for putting the site up... He estimated that he spent about $300K worth of time and materials on putting up and hosting the site, etc. His website says, however, that he's not asking for that money.
What he was asking for was for the department to start paying for bandwidth charges because they were now using the site for all sorts of everyday uses -- far beyond just a place for people to find out their phone number/address, etc. and the name of the sheriff.
I would definitely like to see a website describing the other side of this, but it's gonna take a lot to convince me that the sheriff isn't overreacting and abusing his powers. If what is going on is what 'Pat' is claiming, then he should be filing for violation of his consitutional rights.
Pat may have been a bit of a prick in this, but the sheriff seems to have gone beyond that by an order of magnitude.
... they're claiming that AutoZone (with the help of IBM) ported it's inventory/kiosk applications from OpenServer (or was it UnixWare?) to Linux, and that they did so in part by using SCO shared libraries that AutoZone didn't have the rights to move off of the OpenServer systems.
Yeah, but the basis of their claim is simply that the migration went cleanly and smoothly... Their implication is that the only way to do a clean migration is to cheat.
"The basis for SCO's belief is the precision and efficiency with which the migration to Linux occurred, which suggests the use of shared libraries to run legacy applications on Linux."
Claiming that a clean migration has to be proof of IP violation must be the sickest cause of action that someone could come up with. The first thing that AutoZone should do is move to have that part of the case thrown out on the basis of being frivolous and vexatious.
That would then leave a pure copyright violation case that could be left to sit until the IBM/Novel stuff blows up in SCO's face (cynicism mine).
Posted on Groklaw (but they seem to be having mysql server problems at the moment)
Supplemental No. 8: AutoZone claims are false
Authored by:
jbgreer on Wednesday, February 18 2004 @ 10:00 AM EST
I don't know whether to be pleased or angry at SCO's assertion that IBM must have assisted AutoZone's transition to Linux due to the "precision and efficiency with which the migration occurred". You see, I was a Sr. Technical Advisor at AutoZone, where I was an employee for over 10 years. During my tenure, I participated and led in the design, development and maintenance of many of AutoZone's store systems. More importantly, I initiated AutoZone's transition to Linux and I directed the port of their existing store software base to Linux. I personally ported all of AutoZone's internal software libraries for use under Linux. I personally developed the rules by which other AutoZone developers should make changes to their code to support both Linux and SCO's OpenServer product. I believe at one point I had as many as 35 AutoZone developers performing porting work for me, much of which was trivial, given that our code did not generally rely on SCO specific features and that the more technologically sophisticated portions of our code tended to reside in our libraries. The developers were also responsible for testing their individual applications under both SCO and Linux; I supplemented this activity by performing builds of the entire AutoZone store software base on my desktop, which I had converted to Linux.
As to the claim that SCO's shared libraries were a necessary part of the port: false. No SCO libraries were involved in the porting activity.
As to the claim that IBM induced us to transition to Linux: false. It was, in fact, SCO's activities that 'greased the skids' and allowed the business case for using Linux to be made more easily. That is a story long in the telling; perhaps I'll share it another day.
One should remember the Linux business environment that existed at the time the AutoZone transition began. Several vendors - the original Caldera Linux distribution company, Red Hat, and Linuxcare - were offering support for enterprise installations of Linux. In fact, Bryan Sparks, then CEO of Caldera, flew to Memphis and met with me during my evaluation of the various distribution and support offerings. I also met and talked briefly with Dave Sifry of Linuxcare during the 1999 Linux Expo. AutoZone settled on Red Hat chiefly because of my familiarity with their distribution and the ease with which AutoZone could negotiate a support agreement with them.
I must add that SCO was eventually made aware of AutoZone's transition to Linux. They responded by offering to assist AutoZone in the porting activity. By the time of their offer, AutoZone had already completed the initial porting activity and had already installed a Linux-based version of their store system in several stores.
Finally, I'll add that I was for a time a member of SCO's Customer Advisory Board. As such, I believe I have some useful insights as to why SCO lost AutoZone's and several other large accounts' business.
Regards, Jim Greer
-- (end of Mr. Greer's comments)
______
For thosw who haven't been following groklaw, Suplemental no. 8 refers to
SCO's Supplemental Response to Interrogatory Number 8, in IBM's Exhibit 1, (disclosure) where they accused IBM of nefarious dealings with AugoZone because they thought that the switch over went too cleanly
(yeah.. I'm serious... IBM could make a commercial about this one).
IBM finally successfully induced Autozone to cease using the SCO software and to use Linux with IBM's version of UNIX. . . . ..
Don't think of it so much as an oversized laptop, as an all-in-one portable desktop with a built-in battery backup.
I have a friend who just bought a boat... He'd like to live there parttime. A desktop isn't mobile enough, and he's not interested in leaving it on the boat fulltime (power problems too).
A laptop like this would be almost perfect for him... Just about everything you'd see in a desktop except for the size... He could build a small hardcase for it, toss it in his duffel bag and carry it inconspicuously onto his boat with the rest of his stuff.
In truth the expandability of a desktop isn't quite as important as
it used to be. The last upgrade I made to my desktop was a CD burner.
A stacked out portable that I could plop on my desk and add an external kbd and mouse to would be just peachy. I'd just have to build some sort of lid for the keyboard so that my cat wouldn't sit on it when I've got it at home.
According to the news.com.com article, SCO is suing two more companies that have contracts with them... That makes 4 companies that they've sued in the last year -- all of whom have previous contracts with SCO (IBM, Novell and the two unnamed SCOldiers).
At the same time, they're claiming that the best way to avoid litigation with them is to sign a contract that acknowledges that
they have more power over you (and Linux code) than most people believe they have any hope of proving in court.
Come into my parlour, said the spider to the fly.
You'll be so much much safer when I've baked you in my pie.
No. Not at all, but the original comment talked abut it being safe to go to the sun.. If you (ignore the joke and) look at going at night this would be more safe -- until you get burnt by the logical falacy (among other things).
On the other hand, NASA has lost a disturbingly high percentage of spacecraft sent to mars -- and it's a lot harder to build a successful manned mission than it is to build a successful non-return robotic probe.
First thing, for a lot of good reasons, would be a robotic returnmission. Once we've proven that we can successuflly return anything from mars, then we can look at returning something with a PhD.
(that's what I get for failing to hit 'preview'....)
Ask for a preliminary motion that SCO be barred from assserting copyright violation for anything (purportedly) under the GPL that they've distributed since they filed suit against IBM, unless they immediately inform the court that:
They have never accepted the GPL, or
They are accusing the defendant of violating the GPL WRT that code
Ask for a preliminary motion that SCO be barred from assserting copyright violation for anything (purportedly) under the GPL that they've distributed since they filed suit against IBM, unless they immediately inform the court that:
They are accusing the defendant of violating the GPL WRT that code
The qualifier here is more that it didn't spread rapidly - which is more an indicator that the author should have been smart enough to make it wait several days before calling 911, so that it would have more time to spread before being found.
No. My read is that the author intended to nail a select few people, and then a couple of others got copies (collateral damage).
I'm wondering if the poster is (knows) a slashdot reader who
read my (or others') posts (in the article about VOIP providers needing to provide 911 location services) about how
the cops get REAL antsy about a no-voice 911 call, and decided that this would be a good way to rattle his not-so-friends.
Now he finds himself facing down a Patriot Act charge..
BTW: I think that the Patriot Act charge is bogus.. Criminal charges require intent... I doubt that there was any intent to harm public safety (even though a coupld dozen cops got distracted for a bit by seriously high-priority redirects), I seriously doubt that this tiny mind wrapped around the implications.
In truth, he's probably guilty of general hacking, and possibly a handfull of 'mischief endangering the public' charges.
Slashdot Mirror
While the person who wrote it had good intensions, the network traffic turned out to be devastating for some businesses, and caused more trouble than leaving it alone would have.
I think that the problem with that one was that it went actively looking for exploitable boxes. Far better would be to just quietly listen for a box trying to use the exploit -- presume that it's been exploited itself, and then respond by going in and patching the infected box. That way it wouldn't actually generate any traffic other than to boxes that have already shown signs of being infected.
I have something like that running, but it doesn't try to break into the box... I watch the apache logs for some common IIS exploit attempts, and then generate automatic messages to the responsible ISP (If my program can determine who that is).
I"m not up to learning how to write a counter-virus just to find out (post release) that it has a destructive bug that's gonna get me arrested.
Oh, Linux has definite and real UNIX underpinnings, but what SCO 'owns' (or claims to own) isn't UNIX. SCO has the rights with respect to the code base that was once known is System V, which was a version of unix. There are other versions of UNIX.. some of which have an AT&T beginning and some of which don't.
The name "UNIX", and the right to call something "UNIX" devolved to a group that has no relation to SCOG. What SCOG controls now may, or may not, qualify today as "UNIX". On the other hand I believe that at least one release of Linu has it's UNIX certification proess.
I wonder: If the intent of the circumvention it NOT intended to circumvent producer protection of their rights -- but is, rather, intended to protect fair use, with a simple side effect of possibly enabling violation of producer rights, would that make it past the courts?
SEC, not FTC. (and the DOJ appears to be quiet too).
Groklaw is reporting on a Newsforge article that the FTC is investigating the apparent SCO/MS link exposed in the Halloween X document. I guess that some things are too obvious for even the Bush administration to totally ignore.
The FTC will not officially acknowledge it, but their comments made by officials indicate that the deal (possibly among others) is definitely on their radar.
Somebody needs to sell him a copy of Paranoia -- that and a happy pill.
lemme see: Flat like a pancake, (also refers to your house after the first earthquake).
Good demographics (lots of affluent chinese business imigrants)
reasonably contained
mostly residential, (some industrial) -> fewer businesses freaking out if/when their connection drops
I think it's mostly being FLAT. This is a test market, so they don't want people complaining about dead spots a lot. If you get into the hilly areas of Vancouver (or, even worse, North Vancouver) you can almost guarantee dead spots with the resultant complaints.
Some very nice recipies there, and a number of versions of some of the more popular ones.
The archive at http://www.funet.fi/pub/culture/recipes/ has about 700 recipes others may have more.
Each recipe has a rating for difficulty, time and precision needed.
I use those stats to impress sysadmin students...to try and convince them that coming up with decent passwords is a good idea.
.....
.....
(16:13:55) hackeduser25: omg i cant belive they did this to me
(16:14:35) stephen samuel: precisely what did they do?? All I saw was on the guest log page.
(16:14:53) hackeduser25: they put porn on it and changed everything around
(16:15:19) hackeduser25: im gonna havet to do it all over again it took me months and now i must re-type it all
(16:15:23) stephen samuel: Do you have a backup copy at home?
(16:15:29) hackeduser25: im gonna have a panic attack...no
(16:16:05) stephen samuel: It's possible that (most of) the original stuff is still there.
(16:16:18) hackeduser25: i know the site is frozen
(16:16:35) stephen samuel: How do you do updates??
(16:16:49) hackeduser25: easily but i cant access my account!!!!!
(16:16:52) hackeduser25: cuz they changed it all
(16:17:30) stephen samuel: You may want to get to the people who host the site and ask them to reset it back to what it was yesterday... (at least the password).
(16:19:26) stephen samuel: In the meantime, I'd suggest that you come up with a password that's not easily guessable.
(16:19:48) stephen samuel: Did you have an 'easily guessable' password?
(16:20:19) hackeduser25: well it was password.
(16:20:47) stephen samuel: That explains why you got slimed... It's the first password that a hacker would try.
(16:21:13) hackeduser25: omg great
(16:21:15) stephen samuel: Literaly -- it's the absolute MOST used password by newbies.
(16:21:27) hackeduser25: oh well great then
(16:21:49) stephen samuel: justasec.. I'm looking for my file on how to create relatively secure passwords....
(16:22:13) hackeduser25: k
(16:24:24) stephen samuel: http://www.bcgreen.com/solaris/passwords.html
IN 2001, the site was estimated to have about 600 pages... Let's say that they got up to 1000 pages by now. I'm not a professional web designer, but what do you charge for building a single web page? Multiply that by 1000 to figure out what this guy should probably ask for.
$300K still seems like a bit high, but it's not completely out to lunch.. I'd classify it as being in the high range of reasonable or low to medium range unreasonable.
Nontheless, he claims that he was asking for bandwidth charges (I'd read this as ~$200/month range), not for site creation charges.
What he was asking for was for the department to start paying for bandwidth charges because they were now using the site for all sorts of everyday uses -- far beyond just a place for people to find out their phone number/address, etc. and the name of the sheriff.
I would definitely like to see a website describing the other side of this, but it's gonna take a lot to convince me that the sheriff isn't overreacting and abusing his powers. If what is going on is what 'Pat' is claiming, then he should be filing for violation of his consitutional rights.
Pat may have been a bit of a prick in this, but the sheriff seems to have gone beyond that by an order of magnitude.
Yeah, but the basis of their claim is simply that the migration went cleanly and smoothly... Their implication is that the only way to do a clean migration is to cheat.
Claiming that a clean migration has to be proof of IP violation must be the sickest cause of action that someone could come up with. The first thing that AutoZone should do is move to have that part of the case thrown out on the basis of being frivolous and vexatious.
That would then leave a pure copyright violation case that could be left to sit until the IBM/Novel stuff blows up in SCO's face (cynicism mine).
Supplemental No. 8: AutoZone claims are false
Authored by: jbgreer on Wednesday, February 18 2004 @ 10:00 AM EST
I don't know whether to be pleased or angry at SCO's assertion that IBM must have assisted AutoZone's transition to Linux due to the "precision and efficiency with which the migration occurred". You see, I was a Sr. Technical Advisor at AutoZone, where I was an employee for over 10 years. During my tenure, I participated and led in the design, development and maintenance of many of AutoZone's store systems. More importantly, I initiated AutoZone's transition to Linux and I directed the port of their existing store software base to Linux. I personally ported all of AutoZone's internal software libraries for use under Linux. I personally developed the rules by which other AutoZone developers should make changes to their code to support both Linux and SCO's OpenServer product. I believe at one point I had as many as 35 AutoZone developers performing porting work for me, much of which was trivial, given that our code did not generally rely on SCO specific features and that the more technologically sophisticated portions of our code tended to reside in our libraries. The developers were also responsible for testing their individual applications under both SCO and Linux; I supplemented this activity by performing builds of the entire AutoZone store software base on my desktop, which I had converted to Linux.
As to the claim that SCO's shared libraries were a necessary part of the port: false. No SCO libraries were involved in the porting activity.
As to the claim that IBM induced us to transition to Linux: false. It was, in fact, SCO's activities that 'greased the skids' and allowed the business case for using Linux to be made more easily. That is a story long in the telling; perhaps I'll share it another day.
One should remember the Linux business environment that existed at the time the AutoZone transition began. Several vendors - the original Caldera Linux distribution company, Red Hat, and Linuxcare - were offering support for enterprise installations of Linux. In fact, Bryan Sparks, then CEO of Caldera, flew to Memphis and met with me during my evaluation of the various distribution and support offerings. I also met and talked briefly with Dave Sifry of Linuxcare during the 1999 Linux Expo. AutoZone settled on Red Hat chiefly because of my familiarity with their distribution and the ease with which AutoZone could negotiate a support agreement with them.
I must add that SCO was eventually made aware of AutoZone's transition to Linux. They responded by offering to assist AutoZone in the porting activity. By the time of their offer, AutoZone had already completed the initial porting activity and had already installed a Linux-based version of their store system in several stores.
Finally, I'll add that I was for a time a member of SCO's Customer Advisory Board. As such, I believe I have some useful insights as to why SCO lost AutoZone's and several other large accounts' business.
Regards, Jim Greer
--
(end of Mr. Greer's comments)
______
For thosw who haven't been following groklaw, Suplemental no. 8 refers to SCO's Supplemental Response to Interrogatory Number 8, in IBM's Exhibit 1, (disclosure) where they accused IBM of nefarious dealings with AugoZone because they thought that the switch over went too cleanly
(yeah.. I'm serious... IBM could make a commercial about this one).
I have a friend who just bought a boat... He'd like to live there parttime. A desktop isn't mobile enough, and he's not interested in leaving it on the boat fulltime (power problems too).
A laptop like this would be almost perfect for him... Just about everything you'd see in a desktop except for the size... He could build a small hardcase for it, toss it in his duffel bag and carry it inconspicuously onto his boat with the rest of his stuff.
In truth the expandability of a desktop isn't quite as important as it used to be. The last upgrade I made to my desktop was a CD burner.
A stacked out portable that I could plop on my desk and add an external kbd and mouse to would be just peachy. I'd just have to build some sort of lid for the keyboard so that my cat wouldn't sit on it when I've got it at home.
That's why it's a good idea to quote enough of the parent article to provide some context. -- especially when there's the possibility of ambiguity.
At the same time, they're claiming that the best way to avoid litigation with them is to sign a contract that acknowledges that they have more power over you (and Linux code) than most people believe they have any hope of proving in court.
No. Not at all, but the original comment talked abut it being safe to go to the sun.. If you (ignore the joke and) look at going at night this would be more safe -- until you get burnt by the logical falacy (among other things).
On the other hand, NASA has lost a disturbingly high percentage of spacecraft sent to mars -- and it's a lot harder to build a successful manned mission than it is to build a successful non-return robotic probe.
First thing, for a lot of good reasons, would be a robotic returnmission. Once we've proven that we can successuflly return anything from mars, then we can look at returning something with a PhD.
I presume you mean especially if you go at night..
Man, you sooooo don't get tht joke.
Ask for a preliminary motion that SCO be barred from assserting copyright violation for anything (purportedly) under the GPL that they've distributed since they filed suit against IBM, unless they immediately inform the court that:
No. My read is that the author intended to nail a select few people, and then a couple of others got copies (collateral damage).
I'm wondering if the poster is (knows) a slashdot reader who read my (or others') posts (in the article about VOIP providers needing to provide 911 location services) about how the cops get REAL antsy about a no-voice 911 call, and decided that this would be a good way to rattle his not-so-friends.
Now he finds himself facing down a Patriot Act charge..
BTW: I think that the Patriot Act charge is bogus.. Criminal charges require intent... I doubt that there was any intent to harm public safety (even though a coupld dozen cops got distracted for a bit by seriously high-priority redirects), I seriously doubt that this tiny mind wrapped around the implications.
In truth, he's probably guilty of general hacking, and possibly a handfull of 'mischief endangering the public' charges.
OK: so, two juicy accounts. Day after payday is a good time... 16'th or the 31'st -- before the rent cheques go out.