Call me an idiot, but I can't imagine that they'd go down this path if they knew they were only bluffing.
OK, idiot...
You obviously don't understand the concept of bluffing do you? The idea of bluffing is to make people think that you've got a much stronger hand than you really do by doing something that would be stupid for someone with a hand as weak as you'v really got.. Personally, I don't think that they'd do something this stupid if they thought that they had a real chance of winning in court. They've just turned what few allies they had left into enemies, but it's one of the few things left for them to do (given the recent RedHat suit), if they're bluffing.
It's not like they could prove that they really have a strong case....
My guess is that they're simply trying to keep the stock above the $10.00 mark long enough to sell off all of their remaining stock.
Sundance Film Festival will not accept entries that are currently available to the public through a website or any other showcase platforms.
So you have to produce it specifically for the 'net, but you're not allowed to post it on your own website (at least not until after the film festival).
It kinda makes sense, but mostly it just makes me cringe.
Obviously, somebody has to point out the Academy Awards Of Halo Videos to them. It may not have the best technical effects, but RvB has a reasonably consistent story line, and it's gotten a good number of long belly-laughs out of me.
Yep. BitTorrent worked just fine for the most recent RvB eppisodes.. Saturated my ADSL at 1.5Megabits.
(Of course, it's also now saturating my outbound connection at 600kilobits... I think it's time to shut down bittorrent before my ISP has a hissy-fit).
Dunno why they don't torrent their older episodes, though.
The way that IBM is going about this seems to make perfect sense... First go after the simpler certification on a specific box. Once that's done, all you need to do is figure out what the differences are between that box, and the more general case, and between the lower certification level and the higher one... Then document that those changes are secure. It's a lot easier than going after the whole enchilada in one fell swoop.
That IBM is willing to go foreward on this definitely indicates that there's a real market for Linux in the government workspace... They're not likely to do something like this unless they have a strong enough demand for the products to pay off the expenses that this process entails.
My guess (given that they certified SuSe rather than RedHat, is that it has something to do with the Munich contract.
IBM and SuSE Linux Earn First Security Certification of Linux
Meets Federal Standards Critical to Homeland Security
ARMONK, N.Y. and OAKLAND, Calif. -- Aug. 5, 2003
-- IBM and SuSE Linux today announced that SuSE achieved the first ever
security certification of Linux, taking the critical next step in the
maturation of Linux and enabling the adoption of Linux by governments
and companies around the world for mission critical environments.
SuSE
Linux Enterprise Server 8 has achieved Common Criteria Security running
on IBM eServer xSeries. The Common Criteria (CC) is an internationally
recognized ISO standard (ISO 15408) used by the Federal government and
other organizations to assess security and assurance of technology
products. The Common Criteria provides a standardized way of expressing
security requirements and defines the respective set of rigorous
criteria by which the product will be evaluated. It is widely
recognized among IT professionals, government agencies, and customers
as a seal of approval for mission-critical software.
"We
are pleased that Linux has reached this important security milestone
through the joint efforts of IBM and SuSE," said Fritz Schulz, Defense
Information Systems Agency. "The Common Criteria certification of Linux
will be a critical factor as Linux is applied to mission critical
environments."
SuSE Linux Enterprise Server 8 on
IBM eServer xSeries has earned an Evaluation Assurance Level 2+
certification, commonly referred to as EAL2. IBM and SuSE also
announced today that the companies have filed for a higher level of
security certification for SuSE Linux, the Controlled Access Protection
Profile with EAL3+ across the IBM eServer product line, which is
expected later this year.
In addition to the
Common Criteria certification, SLES 8 on IBM eServer platforms is
expected to meet the Common Operating Environment (COE) standard later
this year. This will lead to a product that simultaneously meets Common
Criteria and COE requirements. This standard, unique to the US
Department of Defense (DoD), addresses functionality and
interoperability requirements for commercially acquired IT products.
The COE specification is used to verify the look and feel and function
of software products as they are joined with government customized
code. The COE is broadly recognized as a standard computing environment
across the U.S. Government command and control systems.
"The
landmark decision to submit the SuSE Linux Enterprise Server product to
Common Criteria testing challenges the view of many skeptics that open
source systems could not withstand such testing due to the difficulty
of establishing processes in an open-source environment. This
announcement demonstrates IBM's commitment to enterprise infrastructure
that is secure, cost effective and open," said IBM Senior Vice
President of Technology and Manufacturing, Nicholas Donofrio. "With
this announcement, we continue to build upon our commitment to
delivering Common Criteria certification across the IBM eServer
platforms. Most importantly, the Common Criteria certification further
validates the security and quality of open source software, not only
for Global Government, but for other industries with critical security
requirements."
"SuSE is the world's only open
source operating system manufacturer which has technically demonstrated
Common Criteria proficiency that can control and minimize security
risks through a comprehensive quality assurance process," said Richard
Seibt, Chief Executive Officer, SuSE Linux. "The Common Criteria
evaluation marks yet another first for
It looks like they have cert level 2, and they're working towards level 3. They also seem to be looking for DOD certification (both level 3 and DOD certification are supposed to be across the entire IBM server line).
When I tried to follow the IBM press release on this, I ran into a brick wall (long delay before a server error). It looks like a capitalization error, and This where I was able to find the page.
What is absolutely unbelievable to me is that investors are accepting and banking on SCO's FUD tactic. Check out SCO's stock. That jump at the end of Monday just looks a bit suspicious, in the absense of any good news.
yeah, I did look, and now I'm wondering if someone is manipulating their stock.... That jump at the end of Monday in the absence of any good news doesn't make any sense.
I still believe that Red Hat SHOUDLN'T have sued SCO. Red Hat is going to be drained of money for a loooong time in court. Or do you simply think that by suing, they would win in a few weeks.
RedHat's cash on hand is 1/3 of SCOs (rather inflated) stock valuation. -- and that's before SCOX started falling on the news of RedHat's lawsuit.
RH put $1Million into a fund for other Open Source authors involved in lawsuits. I'm presuming that they've saved a million or two for their own lawsuit. This compares to SCO who had to hire Boies on contingency.
Red Hat is probably prepared for a long lawsuit, but I'm expecting some preliminary findings which will have SCO hurting real bad in short order.
Really, it would probably be a way more relevant test to see the same test subjects take each OS out of the box, install from scratch, install a few apps, configure their gui, etc.
Maybe not relevant, but I'd be interested in seeing the results... I haven't installed XP, but my the only thing that's saved me from throwing my Win/95 disk on the ground and stomping on it was the knowledge that I'd be re-installing the b@stard software again in a few months.
...the ease of use is only for USE. Not for support. There are a bajillion different variants of "desktop Linux" system, and each has to be supported differently.
In most shops, they say "We will support Software X, Y and Z. Anything else, and you're on your own."
In any sane Linux shop, they'll say something like, We'll support OpenOffice on Linux with KDE. Just because Gnome, tvm, Koffice and AbiWord are available doesn't mean that they have to be supported -- any more than a Microsoft Office shop sould have to support Works and Lotus.
b1 = total bugs before debugging starts
b2 = total bugs after debugging ends .....
Thus if b2 = b1 (all bugs are fixed)
then -(b2 -b1) = 0
Er, um. That's only true if there were no bugs found at all... and if (as you presume) all bugs are fixed, this only applies to the case where therw were no bugs to begin with.
So all this proves is that your proofs don't really prove anything.
2 windows vunerabilities in the last month
9 Linux vunderablilites in the last month
That's 9 annoying gnats vs a Predator(tm) and Alien(tm). I think I'll trust my computer with the Linux 'exploits' today.
What it takes for MS to declare a security vulnerability and what it takes for the Linux community to declare a security vulnerability are two entirely different animals. Microsoft tries to argue against bugs being declared bugs, and then screams "blindsided!" when somebody combines two exploite that MS pooh-poohed months ago and manages to do combine them into abritrary remote command execution.
The Linux community, on the other hands, considers getting parts of random packets (that were probably sent across the internet for everybody in the middle to see anyways) to be a security problem requiring immediate closure.
There's no reason to replace SMTP... Just extend it.. in much the same way that most servers transparently use ESMTP (Extended SMTP) instead of SMTP, we could define something (call it TSMTP (Trusted SMTP) which would incorporate trust extensions to SMTP. A server would (like with ESMTP) identify itself as accepting TSMTP, and if both ends support it, and the message contains the requisite parts and trust, then the transaction can proceed using TSMTP.
If any of the sender, reciever and message don't support TSMTP, then the message would simply be delivered using regular SMTP. (unless the messsage was somehow flagged as requiring TSMTP transmission).
Of course, defining this protocol is still left as an exercise for the reader... I'm expecting something with public key signatures and possibly distributed via DNS (all sorts of record types in DNS that are getting little use these days that could be used for that purpose).
Once the protocol gained support of a few of the big players (both servers and user agents), it could start to snowball. In the world of open standards it's almost all about momentum.
SMTP over TLS is mostly for encrypting mail so that eavesdroppers can't read the plain text.. It also allows servers to authenticate each other, but that doesn't help much... especially when the email has gone through multiple hops.
What you need to do is to (in some way or other) authenticate the sender. -- a completely different issue.
If SCO loses to IBM, the only people they can ever hope to collect from afterwards are anyone so poor that they can't mount a defense in court to start with.
Repeat after me: "SCO's suit against IBM has NOTHING TO DO WITH COPYRIGHT"
If SCO loses to IBM, the supposed copyright claims against Linux could still stand. If SCO wins, then the copyright claims still stand (but would appear to have some support). If we want to get out from under this torrent of SCO FUD, then the best way is to launch a pre-emptive suit that directly adresses the copyright issues -- This is what RedHat has now done.
Although IBM could countersue on these issues, I can't really see any good reason to drag copyright claims into the mess... At best it does them no good. At worst: if they managed to lose, it would only provide SCO with an extra bullet. In either case, it's not to IBM's benefit.
Besides the fact that IBM already has legal action filed against it from the SCO Group.
And the most probable/appropriate place for IBM to respond would probably be to file a counter-suit... Of course that could take years -- decades, even.
SCOX: 146.2M link Red Hat: 1.142B link Novel: 1.337B link IBM: 139.9B link [yahoo.com]
One thing to notice, though, is that SCO's market cap is almost entirely dependent on a lawsuit built on what is (so far) very sketchy facts. If/when that bubble bursts, they could easily end up a penny stock (again).
Slashdot Mirror
OK, idiot...
You obviously don't understand the concept of bluffing do you? The idea of bluffing is to make people think that you've got a much stronger hand than you really do by doing something that would be stupid for someone with a hand as weak as you'v really got.. Personally, I don't think that they'd do something this stupid if they thought that they had a real chance of winning in court. They've just turned what few allies they had left into enemies, but it's one of the few things left for them to do (given the recent RedHat suit), if they're bluffing.
It's not like they could prove that they really have a strong case....
My guess is that they're simply trying to keep the stock above the $10.00 mark long enough to sell off all of their remaining stock.
So you have to produce it specifically for the 'net, but you're not allowed to post it on your own website (at least not until after the film festival).
It kinda makes sense, but mostly it just makes me cringe.
Obviously, somebody has to point out the Academy Awards Of Halo Videos to them. It may not have the best technical effects, but RvB has a reasonably consistent story line, and it's gotten a good number of long belly-laughs out of me.
(Of course, it's also now saturating my outbound connection at 600kilobits... I think it's time to shut down bittorrent before my ISP has a hissy-fit).
Dunno why they don't torrent their older episodes, though.
That IBM is willing to go foreward on this definitely indicates that there's a real market for Linux in the government workspace... They're not likely to do something like this unless they have a strong enough demand for the products to pay off the expenses that this process entails.
My guess (given that they certified SuSe rather than RedHat, is that it has something to do with the Munich contract.
IBM and SuSE Linux Earn First Security Certification of Linux
Meets Federal Standards Critical to Homeland Security
ARMONK, N.Y. and OAKLAND, Calif. -- Aug. 5, 2003 -- IBM and SuSE Linux today announced that SuSE achieved the first ever security certification of Linux, taking the critical next step in the maturation of Linux and enabling the adoption of Linux by governments and companies around the world for mission critical environments.
SuSE Linux Enterprise Server 8 has achieved Common Criteria Security running on IBM eServer xSeries. The Common Criteria (CC) is an internationally recognized ISO standard (ISO 15408) used by the Federal government and other organizations to assess security and assurance of technology products. The Common Criteria provides a standardized way of expressing security requirements and defines the respective set of rigorous criteria by which the product will be evaluated. It is widely recognized among IT professionals, government agencies, and customers as a seal of approval for mission-critical software.
"We are pleased that Linux has reached this important security milestone through the joint efforts of IBM and SuSE," said Fritz Schulz, Defense Information Systems Agency. "The Common Criteria certification of Linux will be a critical factor as Linux is applied to mission critical environments."
SuSE Linux Enterprise Server 8 on IBM eServer xSeries has earned an Evaluation Assurance Level 2+ certification, commonly referred to as EAL2. IBM and SuSE also announced today that the companies have filed for a higher level of security certification for SuSE Linux, the Controlled Access Protection Profile with EAL3+ across the IBM eServer product line, which is expected later this year.
In addition to the Common Criteria certification, SLES 8 on IBM eServer platforms is expected to meet the Common Operating Environment (COE) standard later this year. This will lead to a product that simultaneously meets Common Criteria and COE requirements. This standard, unique to the US Department of Defense (DoD), addresses functionality and interoperability requirements for commercially acquired IT products. The COE specification is used to verify the look and feel and function of software products as they are joined with government customized code. The COE is broadly recognized as a standard computing environment across the U.S. Government command and control systems.
"The landmark decision to submit the SuSE Linux Enterprise Server product to Common Criteria testing challenges the view of many skeptics that open source systems could not withstand such testing due to the difficulty of establishing processes in an open-source environment. This announcement demonstrates IBM's commitment to enterprise infrastructure that is secure, cost effective and open," said IBM Senior Vice President of Technology and Manufacturing, Nicholas Donofrio. "With this announcement, we continue to build upon our commitment to delivering Common Criteria certification across the IBM eServer platforms. Most importantly, the Common Criteria certification further validates the security and quality of open source software, not only for Global Government, but for other industries with critical security requirements."
"SuSE is the world's only open source operating system manufacturer which has technically demonstrated Common Criteria proficiency that can control and minimize security risks through a comprehensive quality assurance process," said Richard Seibt, Chief Executive Officer, SuSE Linux. "The Common Criteria evaluation marks yet another first for
(Text of the IBM press release:)
It looks like they have cert level 2, and they're working towards level 3. They also seem to be looking for DOD certification (both level 3 and DOD certification are supposed to be across the entire IBM server line).
When I tried to follow the IBM press release on this, I ran into a brick wall (long delay before a server error). It looks like a capitalization error, and This where I was able to find the page.
No. SCO says "THROW me the money."
(preferrably small, unmarked bills in a brown paper bag).
Please, please, please do links in html: <A HREF="http://www.thesite.com/somepage.html"> like this</A>
Otherwise, us poor pleebes have to clean up what slashdot does to long strings of text.
yeah, I did look, and now I'm wondering if someone is manipulating their stock.... That jump at the end of Monday in the absence of any good news doesn't make any sense.
RedHat's cash on hand is 1/3 of SCOs (rather inflated) stock valuation. -- and that's before SCOX started falling on the news of RedHat's lawsuit.
RH put $1Million into a fund for other Open Source authors involved in lawsuits. I'm presuming that they've saved a million or two for their own lawsuit. This compares to SCO who had to hire Boies on contingency.
Red Hat is probably prepared for a long lawsuit, but I'm expecting some preliminary findings which will have SCO hurting real bad in short order.
Consider this a declaration that the Open Source Community does not negotiate with terrorists.
Be warned that this is probably just the beginning.
Maybe not relevant, but I'd be interested in seeing the results... I haven't installed XP, but my the only thing that's saved me from throwing my Win/95 disk on the ground and stomping on it was the knowledge that I'd be re-installing the b@stard software again in a few months.
In most shops, they say "We will support Software X, Y and Z. Anything else, and you're on your own."
In any sane Linux shop, they'll say something like, We'll support OpenOffice on Linux with KDE. Just because Gnome, tvm, Koffice and AbiWord are available doesn't mean that they have to be supported -- any more than a Microsoft Office shop sould have to support Works and Lotus.
b2 = total bugs after debugging ends
.....
Thus if b2 = b1 (all bugs are fixed) then -(b2 -b1) = 0
Er, um. That's only true if there were no bugs found at all... and if (as you presume) all bugs are fixed, this only applies to the case where therw were no bugs to begin with.
So all this proves is that your proofs don't really prove anything.
This statement is recursive.
And if you can mess up something that simple.....
9 Linux vunderablilites in the last month
That's 9 annoying gnats vs a Predator(tm) and Alien(tm). I think I'll trust my computer with the Linux 'exploits' today.
What it takes for MS to declare a security vulnerability and what it takes for the Linux community to declare a security vulnerability are two entirely different animals. Microsoft tries to argue against bugs being declared bugs, and then screams "blindsided!" when somebody combines two exploite that MS pooh-poohed months ago and manages to do combine them into abritrary remote command execution.
The Linux community, on the other hands, considers getting parts of random packets (that were probably sent across the internet for everybody in the middle to see anyways) to be a security problem requiring immediate closure.
To put this more firmly in context, one of the two Windows vulnerabilities is soo bad that Homeland Security almost declared it a Weapon of Mass Distraction. With 'security' like that, who needs enemies?
If any of the sender, reciever and message don't support TSMTP, then the message would simply be delivered using regular SMTP. (unless the messsage was somehow flagged as requiring TSMTP transmission).
Of course, defining this protocol is still left as an exercise for the reader... I'm expecting something with public key signatures and possibly distributed via DNS (all sorts of record types in DNS that are getting little use these days that could be used for that purpose).
Once the protocol gained support of a few of the big players (both servers and user agents), it could start to snowball. In the world of open standards it's almost all about momentum.
SMTP over TLS is mostly for encrypting mail so that eavesdroppers can't read the plain text.. It also allows servers to authenticate each other, but that doesn't help much... especially when the email has gone through multiple hops.
What you need to do is to (in some way or other) authenticate the sender. -- a completely different issue.
Repeat after me:
"SCO's suit against IBM has NOTHING TO DO WITH COPYRIGHT"
If SCO loses to IBM, the supposed copyright claims against Linux could still stand. If SCO wins, then the copyright claims still stand (but would appear to have some support). If we want to get out from under this torrent of SCO FUD, then the best way is to launch a pre-emptive suit that directly adresses the copyright issues -- This is what RedHat has now done.
Although IBM could countersue on these issues, I can't really see any good reason to drag copyright claims into the mess... At best it does them no good. At worst: if they managed to lose, it would only provide SCO with an extra bullet. In either case, it's not to IBM's benefit.
It's really nice to make things like that proper hotlinks...
How about " Suing 'Cause Obsolete".
And the most probable/appropriate place for IBM to respond would probably be to file a counter-suit... Of course that could take years -- decades, even.
Red Hat: 1.142B link
Novel: 1.337B link
IBM: 139.9B link [yahoo.com]
One thing to notice, though, is that SCO's market cap is almost entirely dependent on a lawsuit built on what is (so far) very sketchy facts. If/when that bubble bursts, they could easily end up a penny stock (again).