Don't do business with the RIAA if you don't want to get screwed
Your idealism is touching, but you really should get out more often. Without content from the 'majors', all of whom insist on DRM, online music stores are dead in the water. It's not like music stores actually like DRM: most indie labels, for example, allow their music to be sold without DRM, and most music stores will jump at the opportunity do so. Sales of indie content alone, though, are nowhere (and I mean: nowhere) near enough for the stores to survive.
"Don't deal with the RIAA" sounds good, but it's just not practical in the real world.
The KB891122 patch wasn't developed in response to FairUse4WM 1.0 -- MS started working on it after seeing an earlier bunch of tools (drmdbg and friends) that were released on the cover CD of a Japanese magazine a few months ago, but were too cumbersome in operation to gain widespread use.
FairUse4WM "merely" wrapped up the techniques used by these tools in a neat package, and got to the frontpage of Engadget. It was pure luck that MS had a patch available at the time, even though it took extraordinary effort on the behalf of its DRM partners to implement, and denied "legacy" OS users, as well as users of the latest Media Center version, the use of new DRM-protected tracks.
A patch for FairUse4WM 1.2 still isn't available, even though the tool was released last weekend.
BTW, if you think MS is getting screwed by class breaks like this, think again. Content providers (think: RIAA members) will call in their non-refundable advances (usually over $25K per label!) received from distribution partners (think: music stores) for "material breach of contract". MS will fix the issue, the RIAA gets richer, and the guys that actually try to get music to you get screwed. Oh, well, they're used to it...
Nice to see a kooky theory get so much attention, just because of its high "ghee-whiz" appeal. But, let's face it, this "technology" is utterly fake -- even a casual read of the article should make this quite clear. Let me count the ways:
-The "prototype" drawing shows "optical data" and "power/control" connectors, neither of which are exactly standard on today's (or yesterday's, or tomorrow's...) PCs. If this drive where anywhere near real, a controller card or at least an existing interface standard (IEEE1394, USB, PCI...) would be shown
-The inventor was invited to present this fascinating discovery to the National Science Foundation in February 2004. So, what was the outcome of that meeting, a few MONTHS ago? And what, exactly, do you have to do to get invited by the NSF? Send them a proposal?
-The Optical Density Roadmap misspells the trade name of at least one important competitor, and fails to make the difference between "2D" and "3D" technology sufficiently clear. If current DVDs are "2D" technology, where EXACTLY does the third dimension come from for this new product? The disc shown in the prototype drawing looks like a regular CD/DVD to me... Also, why would the very clever engineers at Maxstor (sic) et al be too stupid to use a different color laser?
-The real clincher, though, is the Schematics Atomic Switch diagram. OK, so we take a really thin laser beam to change the energy level of an atom/molecule(?). So far so good... But how does the particle RETAIN this energy level after the laser is turned OFF? The Transparent substrate and Air gap are very unlikely to help a lot here, so... how does it work? What magic substance will keep the particle at the desired energy level? And what will keep the particle from moving (always a downer for consistency...) or interacting with its neighbors?
Questions, questions, questions... And no answers on the company's web site -- cool background MIDI, though...
...to achieve the O(1) timing, quite a leap forward that we had not even thought of!
The NT scheduler has been O(1) like, eh, forever.
Our kernel produces far superior performance due to providing hooks for the COM layer
Yeah, whatever. There is no COM anywhere near the NT kernel, and the latest and greatest from Microsoft, the.NET framework, isn't even based on COM anymore
I don't want to interrupt a perfectly good rant here, but you may want to follow the link in comment #6269021 (should be the FP in this thread if you're reading at a reasonable score treshold...). Idiotic though the whole SCO lawsuit is, the protest and counter-protest actually seemede quite friendly -- to quote a poster on the aforementioned LWN board:
It's the people who don't have a shred of humor left and, more importantly, weren't even there who seem to be take everything SCO employees touch as being an insult.
I work across the street from SCO. I was at the protest. At one point, I was one of the people carrying a SCO-produced sign (as a JOKE. At one point I even saw picketters holding SCO signs). If you were there you'd know that the entire event -- albeit serious in its message -- was taken in good spirits by pretty much everyone. I'd be surprised if anyone seriously though the SCO signs were meant to be anything but fun.
You remember FUN, don't you?? It's like when you're in a bar watching a football game and there are folks rooting for the other team in the bar with you; friendly "traitor" jabs are tossed back and forth, joking insinuations are made, and in the end you all laugh together and say "bye" when you leave.
You may want to read the rest of that message as well, and just give it a rest... Not if Slashdot hasn't dumped enough vitriol on SCO already lately.
Unlike Windows, Unix and Linux doesn't allow any ordinary application to write to the kernel.
Even ignoring the grammar, that's a foolish statement. No 'ordinary application' can 'write to the kernel' in any modern version of Windows. Like *ix, Windows has separate address spaces for userland and kernel-mode code, and without special measures, these two worlds simply don't 'see' each other.
Interesting to read that the government is involved with this -- kind of makes you wonder what happened to CERT, which always used to coordinate public disclosure of and vendor response to bugs like this.
The fact that CERT always seemed to do a decent job makes this even more interesting. The biggest criticisms voiced about CERT were that they acted too slow and didn't provide enough detail information about problems (other than to acknowledge the general nature of it). How will the government do better in these areas?
My guess is that the answer to the latter question is 'not much', and that we'll start hearing the same complaints about the Dept. of Homeland Security soon...
I think the article was implying an ISP's BGP router being compromised, THAT would cause a big headache for their peers until it got corrected
Well, that would depend on the nature of the compromise, and what exactly the attacker is trying to achieve. The worst case scenario as described by the article, the compromised router acting as some kind of global Internet default gateway, is unlikely to happen, though, for several reasons:
1. All peers of the compromised routers will have route filters in place. That means they simply will not accept announcements for unexpected address space, including 0.0.0.0/0;
2. Even if one or more peers are braindead, and have not configured route filters, the resulting traffic spike will cause link saturation, and thus the BGP session to go down at some point. The resulting flapping will definitely get noted by someone...
Of course, any situation where a router gets compromised is bad news, but even Secure BGP won't fix that: the current 'non secure' situation is a non-issue even in that light. Errors in protocol implementations, bad network security, etcetera are bigger problems, and can be mitigated today (by using IPsec to carry BGP traffic, amongst other things), without the BGP protocol redesign the article seems to want.
While the article is correct in stating that BGPv4 doesn't offer any support for route authentication, this problem isn't very likely to 'bring down' the Internet anytime soon.
Just about every ISP already implements route filters, so they will only accept expected routes from its peers. So if a rogue BGP speakers suddenly starts announcing a default route, not many (if any...) peers are going to believe it, keeping the impact on the global Internet next to nothing.
Several databases are used by ISPs to automatically build route filters, for example Merit's RADB. Although not every ISP participates in databases like this, all of them use at least a private scheme, unless they're especially small and/or clueless.
Secure BGP would be really nice (as would Secure DNS, etc.), since it would eliminate the need for a lot of manual and error-prone list maintenance. However, the infrastructure changes and (most importantly) the more difficult initial set-up for new sessions (need to authenticate and exchange keys out-of-band) will probably keep this from happening for a while.
Re:best sample of search and replace...
on
MicroBSD Is No More
·
· Score: 3, Funny
This reminds me of the manual for the Commodore VIC20, where the body text had been localized, but the screenshots were still all in the original English. Especially in the 'introduction to BASIC' section, this had some interesting effects:
PRINT "REGENBOOG" RAINBOW
Very impressive level of machine translation going on there for a box with just a few kilobytes of RAM...
The BBC Micro (known as 'The Beeb'...) was manufactured by Acorn (who were very successful with it on the UK market, went on to try to push RISC machines in the PC era and are still around in some form today). Also "Which Computer?" was a popular magazine at the time...
Yeah, yeah, whatever. In case you were not paying attention: the entire *building* (which happened to contain most core routers etc. - there are servers in other buildings as well, but they kinda lost connectivity) burnt down. This building not only contained the IS department (which, I'm sure, has active fire protection in its most data centers), but also normal offices, classrooms, etc. Once an entire structure is on fire and collapsing in flames, there's only so much your fire suppression system can do. In this case, it will most likely have evaporated... Fire suppression systems only help if a fire is *starting* in a protected area, not if the entire structure the system is in is collapsing in flames
Microsoft Lawyer #1 So, what should we do about those sites displaying unauthorized screen shots from our Intellectual Property(tm)? Some of them are not responding too well to our usual cease & desist letters...
Microsoft Lawyer #2 Just post their URLs to Slashdot, that will take care of 'em!
Microsoft Lawyer #1 Sweeeeet!
Re:DOS didn't have automount.
on
Linux 3.0
·
· Score: 1
dir a: without a floppy in the drive creates the following message on my system
That's nice. I was talking about a situation where the drive itself is not present, not just the media. HTH.
Been there, done that....
on
Linux 3.0
·
· Score: 1
have yet to see any evidence that Linux even has a BSOD, let alone a customizable one.
On Win9x, you can, in fact, customize the kernel 'fatal error' screen. For a nice 'red screen of death', in the [386Enh] section of your SYSTEM.INI file add these two lines:
MessageTextColor=C
MessageBackColor=0
On NT-based systems, this won't do anything, but then again, your chances of ever seeing a 'BSOD' in the first place decreases by several orders of magnitude by switching to that platform in the first place...
Re:DOS didn't have automount.
on
Linux 3.0
·
· Score: 1
Windows emulates its behaviour towards floppy disk drives, as you will find out very painfully if you click on the A: on a computer without a floppy drive (which, for me, is all of them), or without a disk in the drive.
Hmm, you must not use Windows much. Any recent version of Windows (that is: 2000 or XP) will not show a floppy disk drive if one is not present (e.g. on my system, even a DIR A: will yield a neat 'system cannot find the path specified).
Also, if you 'click' on a CD drive (assuming the hardware supports media detection) without a CD in it, Windows will prompt you to insert a disc (or report 'device not ready' when using a command prompt) without trying to access it in any way.
Given the difficulty of satellite connectivity alone in Europe[...]
Ehm, would anyone mind explaining what exactly is so difficult about satellite connectivity in Europe? From my experience in setting up systems all over the world, it's no more difficult (or easier) than setting up in the US or pretty much anywhere else (some fun regions in Africa or Asia excluded, where spotty coverage and 'rain fade' can really ruin the party - but Europe??)
You may want to have a look at vandyke.com; their VShell SSH server has a 'personal' edition which works very well for systems management and is cheaper than the SSH product. I've used their products for years on the server as well as client-side, and found them very reliable, as well as very well-behaved Windows services...
MS Clustering for W2K REQUIRES IIS and the Index service!
Oh, wow, I guess I better go fix all my Windows 2000 AS clusters, then, since it's impossible that they have been running only SQL server for the past few years! Even if the cluster service install depends on IIS/Index Server (I don't remember and am too lazy to try, although I doubt it...), you can definitely disable the services afterwards.
Firewalls are a false illusion of safety
Yeah, in most cases I would tend to agree with you, especially since the term "firewall" has been overloaded into oblivion. Firewall-like tools (NAT, port/address ACLs, content screening, etc.) can be extremely valuable in building secure services, though.
The most common problem is that people equate a $100K Firewall-1 box with security. In reality, security requires a deep awareness of all related issues on all levels (hardware, software, people).
Well to counter point 1 - we had a user take windows 2000 laptop home, get infected with code red, then bring it back in the office and start infecting IIS that hadn't been patched because "they weren't exposed to the internet"
May I suggest reading point 1? "Only trusted systems should have strict "need to know" access to your server" (emphasis mine). Now, user laptops != trusted systems -- they should not be anywhere on the same network. In some scenarios, the user could infect a trusted system, which would then get to the Datacenter server, but clueful system designers/admins would not let that happen either (by not installing IIS and/or Index Server on systems that don't require it, limiting outbound connections from the middleware servers to the Datacenter server to be SQL-only, etc. etc.)
Windows 2000 Datacenter installations are hard to patch for the very same reason that apply to IBM, Sun, HP, etc. installations of the same magnitude: you just don't touch them.
This is commonly refered to as the Mainframe Mentality: these systems are so critical to a business, you don't make any changes to them unless these changes are a. absolutely critical and b. have been tested extensively in the exact configuration you'll be running them.
Now, it may seem that this would cause every Windows 2000 Datacenter server to be instantly infected with Code Red and friends, but in reality this will not be the case, because:
1. You don't expose your Datacenter servers to the Internet -- never. No matter if you're running Microsoft, AIX, Solaris or Linux: only trusted systems should have strict "need to know" access to your server;
2. Datacenter-type servers typically don't run HTTP servers. You would scale out HTTPDs (more boxes), not scale them up (bigger boxes). Also see rule 1;
3. The config of your Datacenter server is the bare minimum. So, in the case of Windows 2000, you would not ever run IIS or Index Server (the true culprit in case Code Red et al...) on it, just your database server and perhaps your business logic (although that, again, tends to scale out better than it scales up).
In summary: security hotfixes and Datacenter-type environments tend to be mutually exclusive. If you need a patch to your Datacenter server, it pretty much needs to be custom-developed for you. Fortunately, since Datacenter setups are not typically designed by the clueless individuals that gave Code Red free reign, this tends not to be an issue in real life.
For non-trivial webfarms, the OS running on the servers often has little to do with the TCP/IP packet signature, because of transparent proxies, firewalls and/or load balancers in the path. In this case, SourceForge is most likely running Novell ICS or some other variant on the old "BorderManager" theme. That, or your signature tool is just a bit confused -- not surprising, as different Linux kernel/patch levels have dramatically different signatures.
First of all, it's spam, not SPAM or Spam (the first refers to unsollicited commercial e-mail, the latter two are trademarks of Hormel). Also, by referencing 'nazis' in your first paragraph, you've already lost your argument, whatever it is...
OK, back to the facts: Macromedia was listed on the RBL because, after several warnings, they continued to operate their 'opt-in' mailing list in an unsafe way, i.e. without requiring confirmation of subscription requests. The RBL is subscribed to by a large number of ISPs to keep their mailservers free from spam: Abovenet uses it to filter all IP packets from or to RBL-listed destinations from their network, which is a little extreme, but not 'stealth' in any way, since it is their stated policy to do this. (Don't like this? Don't buy transit from Abovenet or get an ISP that doesn't transit Abovenet...)
Since Macromedia apparently used their web server to send mail at some point, the result of their RBL listing was: no more Macromedia web services to Abovenet customers, or customers who receive their transit via Abovenet.
Does this suck for these customers? Yes. Does it suck as much as large corporations not being a responsible Netizen? No, not at all.
Macromedia could have fixed this 'censorship' problem in 10 minutes by separating the mail and web services on their server, and assigning the web server a new IP address. One DNS change (and a few cache expiries later: give or take 4 hours) later, all would have been OK, web-wise. Why didn't they do it? Probably for the same reason their mailing list practices still suck: ignorance and/or incompetence.
This is not a censorship issue: it's an issue about weeding out the clueless on the Internet. And Macromedia apparently is the weakest link. Goodbye!
Ow, please -- the IP you mentioned is one of Microsoft's many proxy servers (just doing a reverse DNS lookup would have been sufficient to show it's a microsoft.com address, by the way, instead of posting a hopelessly verbose whois lookup...). MS has a few gazillion employees on their network, and, like employees of other companies, many of them like to surf the net on the boss' time. Conspiracy? Hardly - I would care more if you saw this kind of stuff being posted by MS' PR firm... (wagged.com)
Given the national hysteria over violence in schools, this is hardly surprising: the guy was using the Internet (gasp!) as well as using words like 'kill' (double gasp!) and thus must have been about to pop the entire population of his dorm anytime...
Disturbing? Yes. Surprising? No: if suspending children over pointing at a teacher with a chicken wing (potential deadly weapon!) and going 'bang' is OK, this makes sense as well.
This all is a result of this 'zero tolerance' thing that people seem to want (or at least don't protest against -- pretty much the same). When 'zero tolerance' towards drugs was new, students got suspended for keeping Tylenol in their lockers. But I guess it was worth it, since our schools are now 100% drug free and we're about to achieve the same for violence!
Slashdot Mirror
"Don't deal with the RIAA" sounds good, but it's just not practical in the real world.
The KB891122 patch wasn't developed in response to FairUse4WM 1.0 -- MS started working on it after seeing an earlier bunch of tools (drmdbg and friends) that were released on the cover CD of a Japanese magazine a few months ago, but were too cumbersome in operation to gain widespread use.
FairUse4WM "merely" wrapped up the techniques used by these tools in a neat package, and got to the frontpage of Engadget. It was pure luck that MS had a patch available at the time, even though it took extraordinary effort on the behalf of its DRM partners to implement, and denied "legacy" OS users, as well as users of the latest Media Center version, the use of new DRM-protected tracks.
A patch for FairUse4WM 1.2 still isn't available, even though the tool was released last weekend.
BTW, if you think MS is getting screwed by class breaks like this, think again. Content providers (think: RIAA members) will call in their non-refundable advances (usually over $25K per label!) received from distribution partners (think: music stores) for "material breach of contract". MS will fix the issue, the RIAA gets richer, and the guys that actually try to get music to you get screwed. Oh, well, they're used to it...
Nice to see a kooky theory get so much attention, just because of its high "ghee-whiz" appeal. But, let's face it, this "technology" is utterly fake -- even a casual read of the article should make this quite clear. Let me count the ways:
-The "prototype" drawing shows "optical data" and "power/control" connectors, neither of which are exactly standard on today's (or yesterday's, or tomorrow's...) PCs. If this drive where anywhere near real, a controller card or at least an existing interface standard (IEEE1394, USB, PCI...) would be shown
-The inventor was invited to present this fascinating discovery to the National Science Foundation in February 2004. So, what was the outcome of that meeting, a few MONTHS ago? And what, exactly, do you have to do to get invited by the NSF? Send them a proposal?
-The Optical Density Roadmap misspells the trade name of at least one important competitor, and fails to make the difference between "2D" and "3D" technology sufficiently clear. If current DVDs are "2D" technology, where EXACTLY does the third dimension come from for this new product? The disc shown in the prototype drawing looks like a regular CD/DVD to me... Also, why would the very clever engineers at Maxstor (sic) et al be too stupid to use a different color laser?
-The real clincher, though, is the Schematics Atomic Switch diagram. OK, so we take a really thin laser beam to change the energy level of an atom/molecule(?). So far so good... But how does the particle RETAIN this energy level after the laser is turned OFF? The Transparent substrate and Air gap are very unlikely to help a lot here, so... how does it work? What magic substance will keep the particle at the desired energy level? And what will keep the particle from moving (always a downer for consistency...) or interacting with its neighbors?
Questions, questions, questions... And no answers on the company's web site -- cool background MIDI, though...
The NT scheduler has been O(1) like, eh, forever.
Our kernel produces far superior performance due to providing hooks for the COM layer
Yeah, whatever. There is no COM anywhere near the NT kernel, and the latest and greatest from Microsoft, the .NET framework, isn't even based on COM anymore
Nice troll...
I don't want to interrupt a perfectly good rant here, but you may want to follow the link in comment #6269021 (should be the FP in this thread if you're reading at a reasonable score treshold...). Idiotic though the whole SCO lawsuit is, the protest and counter-protest actually seemede quite friendly -- to quote a poster on the aforementioned LWN board:
It's the people who don't have a shred of humor left and, more importantly, weren't even there who seem to be take everything SCO employees touch as being an insult.
I work across the street from SCO. I was at the protest. At one point, I was one of the people carrying a SCO-produced sign (as a JOKE. At one point I even saw picketters holding SCO signs). If you were there you'd know that the entire event -- albeit serious in its message -- was taken in good spirits by pretty much everyone. I'd be surprised if anyone seriously though the SCO signs were meant to be anything but fun.
You remember FUN, don't you?? It's like when you're in a bar watching a football game and there are folks rooting for the other team in the bar with you; friendly "traitor" jabs are tossed back and forth, joking insinuations are made, and in the end you all laugh together and say "bye" when you leave.
You may want to read the rest of that message as well, and just give it a rest... Not if Slashdot hasn't dumped enough vitriol on SCO already lately.
Even ignoring the grammar, that's a foolish statement. No 'ordinary application' can 'write to the kernel' in any modern version of Windows. Like *ix, Windows has separate address spaces for userland and kernel-mode code, and without special measures, these two worlds simply don't 'see' each other.
Interesting to read that the government is involved with this -- kind of makes you wonder what happened to CERT, which always used to coordinate public disclosure of and vendor response to bugs like this.
The fact that CERT always seemed to do a decent job makes this even more interesting. The biggest criticisms voiced about CERT were that they acted too slow and didn't provide enough detail information about problems (other than to acknowledge the general nature of it). How will the government do better in these areas?
My guess is that the answer to the latter question is 'not much', and that we'll start hearing the same complaints about the Dept. of Homeland Security soon...
I think the article was implying an ISP's BGP router being compromised, THAT would cause a big headache for their peers until it got corrected
Well, that would depend on the nature of the compromise, and what exactly the attacker is trying to achieve. The worst case scenario as described by the article, the compromised router acting as some kind of global Internet default gateway, is unlikely to happen, though, for several reasons:
1. All peers of the compromised routers will have route filters in place. That means they simply will not accept announcements for unexpected address space, including 0.0.0.0/0;
2. Even if one or more peers are braindead, and have not configured route filters, the resulting traffic spike will cause link saturation, and thus the BGP session to go down at some point. The resulting flapping will definitely get noted by someone...
Of course, any situation where a router gets compromised is bad news, but even Secure BGP won't fix that: the current 'non secure' situation is a non-issue even in that light. Errors in protocol implementations, bad network security, etcetera are bigger problems, and can be mitigated today (by using IPsec to carry BGP traffic, amongst other things), without the BGP protocol redesign the article seems to want.
While the article is correct in stating that BGPv4 doesn't offer any support for route authentication, this problem isn't very likely to 'bring down' the Internet anytime soon.
Just about every ISP already implements route filters, so they will only accept expected routes from its peers. So if a rogue BGP speakers suddenly starts announcing a default route, not many (if any...) peers are going to believe it, keeping the impact on the global Internet next to nothing.
Several databases are used by ISPs to automatically build route filters, for example Merit's RADB. Although not every ISP participates in databases like this, all of them use at least a private scheme, unless they're especially small and/or clueless.
Secure BGP would be really nice (as would Secure DNS, etc.), since it would eliminate the need for a lot of manual and error-prone list maintenance. However, the infrastructure changes and (most importantly) the more difficult initial set-up for new sessions (need to authenticate and exchange keys out-of-band) will probably keep this from happening for a while.
This reminds me of the manual for the Commodore VIC20, where the body text had been localized, but the screenshots were still all in the original English. Especially in the 'introduction to BASIC' section, this had some interesting effects:
PRINT "REGENBOOG"
RAINBOW
Very impressive level of machine translation going on there for a box with just a few kilobytes of RAM...
The BBC Micro (known as 'The Beeb'...) was manufactured by Acorn (who were very successful with it on the UK market, went on to try to push RISC machines in the PC era and are still around in some form today). Also "Which Computer?" was a popular magazine at the time...
Yeah, yeah, whatever. In case you were not paying attention: the entire *building* (which happened to contain most core routers etc. - there are servers in other buildings as well, but they kinda lost connectivity) burnt down. This building not only contained the IS department (which, I'm sure, has active fire protection in its most data centers), but also normal offices, classrooms, etc. Once an entire structure is on fire and collapsing in flames, there's only so much your fire suppression system can do. In this case, it will most likely have evaporated... Fire suppression systems only help if a fire is *starting* in a protected area, not if the entire structure the system is in is collapsing in flames
Microsoft Lawyer #2 Just post their URLs to Slashdot, that will take care of 'em!
Microsoft Lawyer #1 Sweeeeet!
dir a: without a floppy in the drive creates the following message on my system
That's nice. I was talking about a situation where the drive itself is not present, not just the media. HTH.
have yet to see any evidence that Linux even has a BSOD, let alone a customizable one.
On Win9x, you can, in fact, customize the kernel 'fatal error' screen. For a nice 'red screen of death', in the [386Enh] section of your SYSTEM.INI file add these two lines:
MessageTextColor=C
MessageBackColor=0
On NT-based systems, this won't do anything, but then again, your chances of ever seeing a 'BSOD' in the first place decreases by several orders of magnitude by switching to that platform in the first place...
Windows emulates its behaviour towards floppy disk drives, as you will find out very painfully if you click on the A: on a computer without a floppy drive (which, for me, is all of them), or without a disk in the drive.
Hmm, you must not use Windows much. Any recent version of Windows (that is: 2000 or XP) will not show a floppy disk drive if one is not present (e.g. on my system, even a DIR A: will yield a neat 'system cannot find the path specified).
Also, if you 'click' on a CD drive (assuming the hardware supports media detection) without a CD in it, Windows will prompt you to insert a disc (or report 'device not ready' when using a command prompt) without trying to access it in any way.
Ehm, would anyone mind explaining what exactly is so difficult about satellite connectivity in Europe? From my experience in setting up systems all over the world, it's no more difficult (or easier) than setting up in the US or pretty much anywhere else (some fun regions in Africa or Asia excluded, where spotty coverage and 'rain fade' can really ruin the party - but Europe??)
You may want to have a look at vandyke.com; their VShell SSH server has a 'personal' edition which works very well for systems management and is cheaper than the SSH product. I've used their products for years on the server as well as client-side, and found them very reliable, as well as very well-behaved Windows services...
Oh, wow, I guess I better go fix all my Windows 2000 AS clusters, then, since it's impossible that they have been running only SQL server for the past few years! Even if the cluster service install depends on IIS/Index Server (I don't remember and am too lazy to try, although I doubt it...), you can definitely disable the services afterwards.
Firewalls are a false illusion of safety
Yeah, in most cases I would tend to agree with you, especially since the term "firewall" has been overloaded into oblivion. Firewall-like tools (NAT, port/address ACLs, content screening, etc.) can be extremely valuable in building secure services, though.
The most common problem is that people equate a $100K Firewall-1 box with security. In reality, security requires a deep awareness of all related issues on all levels (hardware, software, people).
May I suggest reading point 1? "Only trusted systems should have strict "need to know" access to your server" (emphasis mine). Now, user laptops != trusted systems -- they should not be anywhere on the same network. In some scenarios, the user could infect a trusted system, which would then get to the Datacenter server, but clueful system designers/admins would not let that happen either (by not installing IIS and/or Index Server on systems that don't require it, limiting outbound connections from the middleware servers to the Datacenter server to be SQL-only, etc. etc.)
This is commonly refered to as the Mainframe Mentality: these systems are so critical to a business, you don't make any changes to them unless these changes are a. absolutely critical and b. have been tested extensively in the exact configuration you'll be running them.
Now, it may seem that this would cause every Windows 2000 Datacenter server to be instantly infected with Code Red and friends, but in reality this will not be the case, because:
1. You don't expose your Datacenter servers to the Internet -- never. No matter if you're running Microsoft, AIX, Solaris or Linux: only trusted systems should have strict "need to know" access to your server;
2. Datacenter-type servers typically don't run HTTP servers. You would scale out HTTPDs (more boxes), not scale them up (bigger boxes). Also see rule 1;
3. The config of your Datacenter server is the bare minimum. So, in the case of Windows 2000, you would not ever run IIS or Index Server (the true culprit in case Code Red et al...) on it, just your database server and perhaps your business logic (although that, again, tends to scale out better than it scales up).
In summary: security hotfixes and Datacenter-type environments tend to be mutually exclusive. If you need a patch to your Datacenter server, it pretty much needs to be custom-developed for you. Fortunately, since Datacenter setups are not typically designed by the clueless individuals that gave Code Red free reign, this tends not to be an issue in real life.
For non-trivial webfarms, the OS running on the servers often has little to do with the TCP/IP packet signature, because of transparent proxies, firewalls and/or load balancers in the path. In this case, SourceForge is most likely running Novell ICS or some other variant on the old "BorderManager" theme. That, or your signature tool is just a bit confused -- not surprising, as different Linux kernel/patch levels have dramatically different signatures.
OK, back to the facts: Macromedia was listed on the RBL because, after several warnings, they continued to operate their 'opt-in' mailing list in an unsafe way, i.e. without requiring confirmation of subscription requests. The RBL is subscribed to by a large number of ISPs to keep their mailservers free from spam: Abovenet uses it to filter all IP packets from or to RBL-listed destinations from their network, which is a little extreme, but not 'stealth' in any way, since it is their stated policy to do this. (Don't like this? Don't buy transit from Abovenet or get an ISP that doesn't transit Abovenet...)
Since Macromedia apparently used their web server to send mail at some point, the result of their RBL listing was: no more Macromedia web services to Abovenet customers, or customers who receive their transit via Abovenet. Does this suck for these customers? Yes. Does it suck as much as large corporations not being a responsible Netizen? No, not at all.
Macromedia could have fixed this 'censorship' problem in 10 minutes by separating the mail and web services on their server, and assigning the web server a new IP address. One DNS change (and a few cache expiries later: give or take 4 hours) later, all would have been OK, web-wise. Why didn't they do it? Probably for the same reason their mailing list practices still suck: ignorance and/or incompetence.
This is not a censorship issue: it's an issue about weeding out the clueless on the Internet. And Macromedia apparently is the weakest link. Goodbye!
Ow, please -- the IP you mentioned is one of Microsoft's many proxy servers (just doing a reverse DNS lookup would have been sufficient to show it's a microsoft.com address, by the way, instead of posting a hopelessly verbose whois lookup...). MS has a few gazillion employees on their network, and, like employees of other companies, many of them like to surf the net on the boss' time. Conspiracy? Hardly - I would care more if you saw this kind of stuff being posted by MS' PR firm... (wagged.com)
Disturbing? Yes. Surprising? No: if suspending children over pointing at a teacher with a chicken wing (potential deadly weapon!) and going 'bang' is OK, this makes sense as well.
This all is a result of this 'zero tolerance' thing that people seem to want (or at least don't protest against -- pretty much the same). When 'zero tolerance' towards drugs was new, students got suspended for keeping Tylenol in their lockers. But I guess it was worth it, since our schools are now 100% drug free and we're about to achieve the same for violence!
(exits stage left, laughing hysterically)