Horsefeathers, poppycock and fiddlesticks. Claptrap, horse puckey and bullshit. If someone breaks into my house, I have no way of knowing whether he's merely threatening my property or is a threat to harm or kill me and my family as well. I have every right to assume that he's armed and dangerous, and will use a weapon if he perceives he's threatened. I'm goint to do my best to hit him before he know's he's been busted and to hit him hard enough that he can't hit back. If I have a gun to hand, I'm going to shoot and shoot to kill. If I don't have a gun to hand, I'm going to try to cave his head in with a baseball bat or whatever else I can find.
Of course, a great deal of it depends on the situation. If I'm not sure that I can get the drop on him, then I'll reevaluate the situation and determine what to do next. If he realizes he's been spotted and is running away, your viewpoint has some merit. He's demonstrated that he's no threat to me or mine. But breaking into my house is a violent act. He initiated the use of violence. I'm not going to be the tiniest bit concerned for the value of his life so long as I feel he's a threat to me or my family, and I'm going to assume he's a threat until he proves otherwise.
Can't happen. The electronics doesn't fire the gun. It only locks the trigger, preventing it from being depressed. It's still the mechanical movement of the trigger that causes the gun to fire, and the electronics are not capable of creating that mechanical movement. Rather like hotel rooms with electronic keys. Once you swipe your card, you still have to grab the door knob and physically turn the handle before the door will open.
Hardly. This isn't that difficult. Here's one scheme that immediately comes to mind. I don't know that it's the best one but it'll certainly work.
Lets say that password PASS hashes to 9Abz. We don't know that, of course, we just know that we have a hash of 9Abz and want to find out the password it represents. The first thing we need to do is to convert our hash to a unique number.
I don't know for sure how many unique characters there are in the LM hash output. The grandparent post which started this said 68, so I'll go with that. You therefore consider the hash as a number in a base 68 number system. 0 is 0, 1 is 1,..., 9 is 9, a is 10, b is 11... z is 35, A is 26, etc, including whatever punctuation and special characters are allowed. (It doesn't really matter what value you assign to which symbol, so long as you're consistent and you assign a unique value to each symbol, starting with a value of 0 and working up to 1 less than the base.) To convert a number from another base to base 10, you simply add the value of the least significant digit, multiple the value of the next least by the base, the third least by the base squared, etc. So if you have a hash like 9Abz, it converts to 35 + (11 * 68) + (26 * 68 * 68) + (9 * 68 * 68 * 68) = 2,950,895. (Essentially what we've done is hash our hash, but we do it using a reversible hash rather than a non-reversible one.)
You then go to your database and lookup entry number 2,950, 895. You find out that that entry is a base 10 number 328,551. You then need to convert that base 10 number into a base 26 number, using the symbols A through Z with a value of 0 through 25 respectively. To do that, you divide the number by 26 repeatedly, noting your remainders. 328,551 / 26 = 12,636 r 15. 12,636 / 26 = 486 r 0. 486 / 26 = 18 r 18. 18/26 = 0 r 18. Write down your remainders: 15 0 18 18. Convert those numbers to letters using the A = 0...Z = 25 scheme. P A S S. We just converted the hash 9Abz to the password PASS. The mathematics is trivial and would take no time at all.
The time consuming part, of course, is populating your database. To do that, you simply itterate through all possible passwords. You hash the password, convert that hash to a number, convert the password to a number and store the password number in the location indicated by hash numbers entry. In other words, you'd hash PASS to 9Abz, convert 9Abz to the number 2,950,895 and convert PASS to the number 328,551. Then you store the number 328,551 in the 2,950,895th location in your database.
You'd end up with a database that contains GP posts 6,722,988,818,432 entries. Each entry contains a number that is at max 26^7, which can be stored in four bytes. So you're only storing four bytes per entry, not 14. Additionally, since you have 68 characters in the hash and only 26 in the passwords, most of those entries will be empty. There should be lots of clever little tricks to reduce the size further.
That's uncompressed. Since we're talking about regular sequences, they should compress quite well.
Additionally, it seems like there's a much easier way to do this. If you number the passwords and the hashes in sequence, you should be able to store a simple mapping. If the first password (the single letter a) hashes to the 1,367,429 hash, your first entry would be 1 -> 1367429, which takes considerable less than 14 bytes to store. Converting from the number back to the actual password/hash and vice versa shouldn't be that difficult. I'm too lazy and too busy to do the actual calculation but I'm quite sure this scheme would get you onto a single hard drive easily, and there are lots of other ways you could compress it even further.
It seems to me that the morally challenged ones are many (though not all) of the posters and readers of/. If I write a piece of software to connect two computers and transfer a file from one to the other, then that's cool. The software itself is amoral, I am assumed to have had a legitimate purpose in writing the software, and if someone uses the software to transfer warez or share copyrighted music or perform some other illegal act, then that person is solely responsible and should be held accountable for their actions. But if I write a piece of software to send out large groups of email, and that software is used by someone else to send spam or to go phishing, suddenly the software itself is evil and the act of writing it has become a contemptible activity. I am morally challenged, a stooge who has been led astray by the temptation of money.
You can't have it both ways. Either software is a tool that can be used or misused, and the responsibility lies with the person using the software, or software authors are responsible for ensuring that their creations can not be used for nefarious purposes.
Sun doesn't want Java to be a Solaris language. They want it to be a ubiquitous language. If Java can't be run on ony OS, then Sun loses. Which isn't to say that this can't help Sun. If they have a license for their runtimes, then any other implementation could require a Kodak license. Bye-bye, any other implementation. Hello, Sun regains their absolute control of the language and implementation.
There's also another issue. If this affects.NET, where does that leave Mono? How much do you figure Microsoft would pay to shut down Mono?
From Ars Technica:...the numbers that the RIAA uses to talk about "sales" are actually just numbers relating to shipments. The gist of it is pretty simple: the RIAA has their own tracking system based on units shipped, while Nielsen Ratings bases their Soundscan tracking system on actual barcode-scanned purchases. The problem is that Soundscan shows a 10% increase in music sales when comparing the first quarter of 2004 to 1Q 2003.
I've been using Linux at home in some level or other for around a decade and I certainly don't consider myself qualified to work as a System administrator. How much experience do you get at home setting up DHCP, DNS, adding users, configuring Sendmail or an alternate MTA, etc. I have a nine computer network at home, run my own web server, mail server, a couple of mailing lists, etc. and I've done all of the things I mention above. But for many of those tasks, I sweated for a couple of days digging through man pages and web sites and HOWTOs until I got it working and then never looked at it again. If I had to do it all over again, I'd be pretty much back to square one because I don't remember how I got it working three years ago. Using Linux at home is a great idea for getting comfortable with the OS but it doesn't come close to preparing you to be a real SysAdmin.
One thing that I would absolutely love to see is to be able to specify what program the page is opened in when you select "View Source" or some other simple, one-click way to say "I want to edit the source of the page that has the focus in my browser right now."
Not only that, but there are a few other details that make this a little different.
First, all of the email will be coming from.mil domains. The military owns the entire domain. Implement a verification procedure, such as a reply-to-sender that "I received your vote. Please reply to this email to let me know that you actually sent it."
Second, the military ID card (the CAC, or Common Access Card) is a Smartcard. (Hopefully, the link works. I'm not positive that it's accesible from a machine outside the.mil enclave, but I'm on base right now and can't check.) Every member of the military should have three certificates that are issued by one of the military's private PKI servers. The three certs are intended for identification (such as logging into computers and web sites), email signing and email encryption.
This doesn't make the scheme foolproof or provide airtight security. But an email that is verfied as coming from a.mil domain, and that is signed and encrypted by two different PKI certs issued by private and extremely well protected PKI servers isn't the gaping security hole that "Just send your vote by email" makes it sound like.
But don't you think there might have been some not very clueful but honest customers?
So it's the FBI's fault if you don't bother to research your hosting provider before moving your mission critical data there? I'm not saying it doesn't suck to be them (if there were any innocent but not very clueful customers -- which with Foonet is a large assumption) but let's be real -- why would you host your business website with any "IRC Shell provider" let alone Foonet? That's what these guys are for.
Because they're cheap? Because I'm clueless and don't realize what sort of company there is? Because I had a dream that included the word "Foo" and next day discovered their hosting site and thought that the dream meant hosting with them would be good karma? For any reason or no reason at all?
The bottom line is that I'm an adult living in a free country engaged in entirely lawfaul activity, and I have no need to justify my behavior to you or anyone else. It doesn't matter how foolish you happen to think my behavior is, or how justified you are in thinking it. I can be incredibly foolish if I want to. But so long as my foolishness doesn't violate any laws nor endanger other people, I'm perfectly within my rights to be foolish and the mere fact that I'm being foolish in no way justifies the government damaging my property or costing me money.
It may very well be the case that the government had no choice. The scenario you described might be 100% correct and every action the authorities took might have been justified. But, just as I'm presumed innocent until I'm proven guilty, the government is presumed to be at fault until they can show their actions are justified. They caused me (hypothetical me) harm. It's up to them to show why it was OK for them to do that.
No, it hasn't "turned out they were wrong." Based on the information available, it seems they were likely right. The cops did their usuall swoop-and-grab with no regard to whomever else might be damaged. That's the whole point of this thread.
Too many "what if's" to be reasonably encapsulated in a half dozen sentences in a/. post. However, I will say this. The cops are given special authority to do their job. Along with increased authority comes increased responsibility. One of the responsibilities is to minimize collateral damage caused by an investigation. It can't always be eliminated but it can be minimized, and I'm not certain that was the case in this instance.
From what I understand, the authorities marched in and took down systems which hosted a great many people's data. Whatever the administrator might have done, the vast majority of the people hosting sites on the hardware were innocent. They lost data and money. Perhaps the collateral damage was necessary to prevent evidence from being altered or destroyed, and perhaps it was a question of uneducated, incompetent and/or overzealous authorities. Just becase an actual crime was being investigated doesn't mean that any and all actions taken by the investigators are summarily justified.
I don't think they've proven themselves to be a friend. They're currently allies, and hopefully will be for a long time to come, but alliances do not friendship make.
And the letter after the 'd' is 'u'. It is most defninitely not an 'i'. Although, if he were misquoted and it was SUPPOSED to be an 'i', it would make more sense considering the state of their legal case at the moment.
First, there's no one algorithm which works best for all cases. You may be right that this particular approach would not work well for chemists. Since chemists (and those who frequently converse with them about chemistry) are actually a quite small population in comparison to the rest of the world's email users, it's hardly a knock on the algorithm if it doesn't work well for chemists. But I suspect a bit of tweaking would make the method useful. For example, chemical names have a great many syllables that are commonly used. A decent programmer could easily tweak the algorithm to check misspelled words for those syllable, and reduce the weight given those words where they're found.
Obviously, you'll need to customize your dictionary. A reasonable implementation would allow you to examine which messages were rejected as spam, underline or otherwise mark the misspelled words, and allow you to add them to your custom dictionary. Like Beysian filters, you might have to take a bit of time to train the filter but it could prove quite effective.
How long is the email and how many different new compounds do you talk about? If the filter counts a single word as only one misspelling, no matter how many times it occurs, then that's one misspelling, which is only a small percentage of total words used.
Compases point south, too. Saying the compass points north is just as arbitrary.
The thing the compasses point at is in the north.
Uh, did you think about his before you posted? A compass consists of a magnetized needle spinning on a post. A needle is a straight line. Yes, one end points north. The other end points south. You can just as easily put the arrow on the end that points south and claim that the compass is pointing south. Again, it's arbitrary. Either way works just fine.
Yes, I know, "up" was chosen because that's where North is, but try to remember the whole polar reversal thing that happens from time to time.
Uh, it's still arbitrary. Do you suppose that there's a law of physics which says North must be up? Having globes and maps uniformly show South as up would work just as well. It's simply a convention and absolutely arbitrary.
No, the GPL can't force them to do anything. That's the whole point. They were not forced. Grant that they are correct for a moment - that the Linux kernel includes code to which they hold the copyright. They certainly haven't proven this, but we'll give them the benefit of the doubt. Assuming this is true, they knew that the kernel in their distribution contained their own propreitary code. They knew that this code was distributed under the GPL. They did nothing to stop distributing the code. Of their own free will, without force from anyone, even after knowing that their proprietary code was in the kernel, they voluntarily made it available for download under the GPL.
At a minimum, what makes code released under the GPL is when the owner of the code knowingly distributes that code under the GPL. SCO has done precisely that.
US Navy, tied into NMCI (Navy Marine Corp Intranet). Every app that is installed must be tested for compatibility. There is a procedure for getting new apps justified, but no apps will even be considered if they duplicate the functionality of an existing, approved app. There's a basic loadout, which includes MS Office and IE, which is the same on all machines and it was determined several years ago. It might eventually change in response to weaknesses in IE but it'll take a couple of years or so for all the paperwork to be filled out and a decision to be made.
Slashdot Mirror
Horsefeathers, poppycock and fiddlesticks. Claptrap, horse puckey and bullshit. If someone breaks into my house, I have no way of knowing whether he's merely threatening my property or is a threat to harm or kill me and my family as well. I have every right to assume that he's armed and dangerous, and will use a weapon if he perceives he's threatened. I'm goint to do my best to hit him before he know's he's been busted and to hit him hard enough that he can't hit back. If I have a gun to hand, I'm going to shoot and shoot to kill. If I don't have a gun to hand, I'm going to try to cave his head in with a baseball bat or whatever else I can find.
Of course, a great deal of it depends on the situation. If I'm not sure that I can get the drop on him, then I'll reevaluate the situation and determine what to do next. If he realizes he's been spotted and is running away, your viewpoint has some merit. He's demonstrated that he's no threat to me or mine. But breaking into my house is a violent act. He initiated the use of violence. I'm not going to be the tiniest bit concerned for the value of his life so long as I feel he's a threat to me or my family, and I'm going to assume he's a threat until he proves otherwise.
Can't happen. The electronics doesn't fire the gun. It only locks the trigger, preventing it from being depressed. It's still the mechanical movement of the trigger that causes the gun to fire, and the electronics are not capable of creating that mechanical movement. Rather like hotel rooms with electronic keys. Once you swipe your card, you still have to grab the door knob and physically turn the handle before the door will open.
Hardly. This isn't that difficult. Here's one scheme that immediately comes to mind. I don't know that it's the best one but it'll certainly work.
... z is 35, A is 26, etc, including whatever punctuation and special characters are allowed. (It doesn't really matter what value you assign to which symbol, so long as you're consistent and you assign a unique value to each symbol, starting with a value of 0 and working up to 1 less than the base.) To convert a number from another base to base 10, you simply add the value of the least significant digit, multiple the value of the next least by the base, the third least by the base squared, etc. So if you have a hash like 9Abz, it converts to 35 + (11 * 68) + (26 * 68 * 68) + (9 * 68 * 68 * 68) = 2,950,895. (Essentially what we've done is hash our hash, but we do it using a reversible hash rather than a non-reversible one.)
/26 = 0 r 18. Write down your remainders: 15 0 18 18. Convert those numbers to letters using the A = 0...Z = 25 scheme. P A S S. We just converted the hash 9Abz to the password PASS. The mathematics is trivial and would take no time at all.
Lets say that password PASS hashes to 9Abz. We don't know that, of course, we just know that we have a hash of 9Abz and want to find out the password it represents. The first thing we need to do is to convert our hash to a unique number.
I don't know for sure how many unique characters there are in the LM hash output. The grandparent post which started this said 68, so I'll go with that. You therefore consider the hash as a number in a base 68 number system. 0 is 0, 1 is 1,..., 9 is 9, a is 10, b is 11
You then go to your database and lookup entry number 2,950, 895. You find out that that entry is a base 10 number 328,551. You then need to convert that base 10 number into a base 26 number, using the symbols A through Z with a value of 0 through 25 respectively. To do that, you divide the number by 26 repeatedly, noting your remainders. 328,551 / 26 = 12,636 r 15. 12,636 / 26 = 486 r 0. 486 / 26 = 18 r 18. 18
The time consuming part, of course, is populating your database. To do that, you simply itterate through all possible passwords. You hash the password, convert that hash to a number, convert the password to a number and store the password number in the location indicated by hash numbers entry. In other words, you'd hash PASS to 9Abz, convert 9Abz to the number 2,950,895 and convert PASS to the number 328,551. Then you store the number 328,551 in the 2,950,895th location in your database.
You'd end up with a database that contains GP posts 6,722,988,818,432 entries. Each entry contains a number that is at max 26^7, which can be stored in four bytes. So you're only storing four bytes per entry, not 14. Additionally, since you have 68 characters in the hash and only 26 in the passwords, most of those entries will be empty. There should be lots of clever little tricks to reduce the size further.
That's uncompressed. Since we're talking about regular sequences, they should compress quite well.
Additionally, it seems like there's a much easier way to do this. If you number the passwords and the hashes in sequence, you should be able to store a simple mapping. If the first password (the single letter a) hashes to the 1,367,429 hash, your first entry would be 1 -> 1367429, which takes considerable less than 14 bytes to store. Converting from the number back to the actual password/hash and vice versa shouldn't be that difficult. I'm too lazy and too busy to do the actual calculation but I'm quite sure this scheme would get you onto a single hard drive easily, and there are lots of other ways you could compress it even further.
Since when does "no announced plans" mean "... they don't know how they're going to use it...?"
If MS IS breathing down their neck, do you think the wisest move would be to announce to the world exactly what their plans are?
It seems to me that the morally challenged ones are many (though not all) of the posters and readers of /. If I write a piece of software to connect two computers and transfer a file from one to the other, then that's cool. The software itself is amoral, I am assumed to have had a legitimate purpose in writing the software, and if someone uses the software to transfer warez or share copyrighted music or perform some other illegal act, then that person is solely responsible and should be held accountable for their actions. But if I write a piece of software to send out large groups of email, and that software is used by someone else to send spam or to go phishing, suddenly the software itself is evil and the act of writing it has become a contemptible activity. I am morally challenged, a stooge who has been led astray by the temptation of money.
You can't have it both ways. Either software is a tool that can be used or misused, and the responsibility lies with the person using the software, or software authors are responsible for ensuring that their creations can not be used for nefarious purposes.
Sun doesn't want Java to be a Solaris language. They want it to be a ubiquitous language. If Java can't be run on ony OS, then Sun loses. Which isn't to say that this can't help Sun. If they have a license for their runtimes, then any other implementation could require a Kodak license. Bye-bye, any other implementation. Hello, Sun regains their absolute control of the language and implementation.
.NET, where does that leave Mono? How much do you figure Microsoft would pay to shut down Mono?
There's also another issue. If this affects
From Ars Technica: ...the numbers that the RIAA uses to talk about "sales" are actually just numbers relating to shipments. The gist of it is pretty simple: the RIAA has their own tracking system based on units shipped, while Nielsen Ratings bases their Soundscan tracking system on actual barcode-scanned purchases. The problem is that Soundscan shows a 10% increase in music sales when comparing the first quarter of 2004 to 1Q 2003.
I've been using Linux at home in some level or other for around a decade and I certainly don't consider myself qualified to work as a System administrator. How much experience do you get at home setting up DHCP, DNS, adding users, configuring Sendmail or an alternate MTA, etc. I have a nine computer network at home, run my own web server, mail server, a couple of mailing lists, etc. and I've done all of the things I mention above. But for many of those tasks, I sweated for a couple of days digging through man pages and web sites and HOWTOs until I got it working and then never looked at it again. If I had to do it all over again, I'd be pretty much back to square one because I don't remember how I got it working three years ago. Using Linux at home is a great idea for getting comfortable with the OS but it doesn't come close to preparing you to be a real SysAdmin.
One thing that I would absolutely love to see is to be able to specify what program the page is opened in when you select "View Source" or some other simple, one-click way to say "I want to edit the source of the page that has the focus in my browser right now."
Not only that, but there are a few other details that make this a little different.
.mil domains. The military owns the entire domain. Implement a verification procedure, such as a reply-to-sender that "I received your vote. Please reply to this email to let me know that you actually sent it."
.mil enclave, but I'm on base right now and can't check.) Every member of the military should have three certificates that are issued by one of the military's private PKI servers. The three certs are intended for identification (such as logging into computers and web sites), email signing and email encryption.
.mil domain, and that is signed and encrypted by two different PKI certs issued by private and extremely well protected PKI servers isn't the gaping security hole that "Just send your vote by email" makes it sound like.
First, all of the email will be coming from
Second, the military ID card (the CAC, or Common Access Card) is a Smartcard. (Hopefully, the link works. I'm not positive that it's accesible from a machine outside the
This doesn't make the scheme foolproof or provide airtight security. But an email that is verfied as coming from a
But don't you think there might have been some not very clueful but honest customers?
So it's the FBI's fault if you don't bother to research your hosting provider before moving your mission critical data there? I'm not saying it doesn't suck to be them (if there were any innocent but not very clueful customers -- which with Foonet is a large assumption) but let's be real -- why would you host your business website with any "IRC Shell provider" let alone Foonet? That's what these guys are for.
Because they're cheap? Because I'm clueless and don't realize what sort of company there is? Because I had a dream that included the word "Foo" and next day discovered their hosting site and thought that the dream meant hosting with them would be good karma? For any reason or no reason at all?
The bottom line is that I'm an adult living in a free country engaged in entirely lawfaul activity, and I have no need to justify my behavior to you or anyone else. It doesn't matter how foolish you happen to think my behavior is, or how justified you are in thinking it. I can be incredibly foolish if I want to. But so long as my foolishness doesn't violate any laws nor endanger other people, I'm perfectly within my rights to be foolish and the mere fact that I'm being foolish in no way justifies the government damaging my property or costing me money.
It may very well be the case that the government had no choice. The scenario you described might be 100% correct and every action the authorities took might have been justified. But, just as I'm presumed innocent until I'm proven guilty, the government is presumed to be at fault until they can show their actions are justified. They caused me (hypothetical me) harm. It's up to them to show why it was OK for them to do that.
No, it hasn't "turned out they were wrong." Based on the information available, it seems they were likely right. The cops did their usuall swoop-and-grab with no regard to whomever else might be damaged. That's the whole point of this thread.
Too many "what if's" to be reasonably encapsulated in a half dozen sentences in a /. post. However, I will say this. The cops are given special authority to do their job. Along with increased authority comes increased responsibility. One of the responsibilities is to minimize collateral damage caused by an investigation. It can't always be eliminated but it can be minimized, and I'm not certain that was the case in this instance.
From what I understand, the authorities marched in and took down systems which hosted a great many people's data. Whatever the administrator might have done, the vast majority of the people hosting sites on the hardware were innocent. They lost data and money. Perhaps the collateral damage was necessary to prevent evidence from being altered or destroyed, and perhaps it was a question of uneducated, incompetent and/or overzealous authorities. Just becase an actual crime was being investigated doesn't mean that any and all actions taken by the investigators are summarily justified.
That idea seems to be fading.
I don't think they've proven themselves to be a friend. They're currently allies, and hopefully will be for a long time to come, but alliances do not friendship make.
And the letter after the 'd' is 'u'. It is most defninitely not an 'i'. Although, if he were misquoted and it was SUPPOSED to be an 'i', it would make more sense considering the state of their legal case at the moment.
First, there's no one algorithm which works best for all cases. You may be right that this particular approach would not work well for chemists. Since chemists (and those who frequently converse with them about chemistry) are actually a quite small population in comparison to the rest of the world's email users, it's hardly a knock on the algorithm if it doesn't work well for chemists. But I suspect a bit of tweaking would make the method useful. For example, chemical names have a great many syllables that are commonly used. A decent programmer could easily tweak the algorithm to check misspelled words for those syllable, and reduce the weight given those words where they're found.
Obviously, you'll need to customize your dictionary. A reasonable implementation would allow you to examine which messages were rejected as spam, underline or otherwise mark the misspelled words, and allow you to add them to your custom dictionary. Like Beysian filters, you might have to take a bit of time to train the filter but it could prove quite effective.
How long is the email and how many different new compounds do you talk about? If the filter counts a single word as only one misspelling, no matter how many times it occurs, then that's one misspelling, which is only a small percentage of total words used.
Compases point south, too. Saying the compass points north is just as arbitrary.
The thing the compasses point at is in the north.
Uh, did you think about his before you posted? A compass consists of a magnetized needle spinning on a post. A needle is a straight line. Yes, one end points north. The other end points south. You can just as easily put the arrow on the end that points south and claim that the compass is pointing south. Again, it's arbitrary. Either way works just fine.
Yes, I know, "up" was chosen because that's where North is, but try to remember the whole polar reversal thing that happens from time to time.
Uh, it's still arbitrary. Do you suppose that there's a law of physics which says North must be up? Having globes and maps uniformly show South as up would work just as well. It's simply a convention and absolutely arbitrary.
No, the GPL can't force them to do anything. That's the whole point. They were not forced. Grant that they are correct for a moment - that the Linux kernel includes code to which they hold the copyright. They certainly haven't proven this, but we'll give them the benefit of the doubt. Assuming this is true, they knew that the kernel in their distribution contained their own propreitary code. They knew that this code was distributed under the GPL. They did nothing to stop distributing the code. Of their own free will, without force from anyone, even after knowing that their proprietary code was in the kernel, they voluntarily made it available for download under the GPL.
At a minimum, what makes code released under the GPL is when the owner of the code knowingly distributes that code under the GPL. SCO has done precisely that.
US Navy, tied into NMCI (Navy Marine Corp Intranet). Every app that is installed must be tested for compatibility. There is a procedure for getting new apps justified, but no apps will even be considered if they duplicate the functionality of an existing, approved app. There's a basic loadout, which includes MS Office and IE, which is the same on all machines and it was determined several years ago. It might eventually change in response to weaknesses in IE but it'll take a couple of years or so for all the paperwork to be filled out and a decision to be made.