Here's the security problems, quickly summarized (and oversimplified). These are in the same order as the paper. The paper is lengthy and not an easy read... if you can't be bothered to RTFA, maybe this will help.
Filenames, file sizes, time/date stamps are plaintext. Only the file contents are encrypted. Filenames, dates may be sensitive data (example giving, pinkslips.zip contains file pinkslip-bob.doc).
Both compressed and uncompressed sizes are stored without encryption, so an attacker can know the compression ratio and perhaps infer what type of data it is based upon its compressability.
File lengths are not authenticated. A man-in-the-middle attack could modify the file sizes recorded inside the zip archive so decrypting produces "garbage" output files (without warning that the zip archive was tampered). The man in the middle intercepts the communication about the problem and impersonates a request from the sender to see the "garbage". The garbage is after decryption, so if the receipient sends it in the clear, the man in the middle can easily turn it into the original plaintext.
File names are not authenticated, so an attacker could tamper with the file names and change their extensions. On windows and other systems, the file name extension determines which software will be used to view the file.
The CRC is stored without encryption. If an attacker suspects he knows what the message is, he can replace the ciphertext with his guess, and watch if the receipient complains about a CRC error.
Zip archives can contain some encrypted files, others plaintext. They worry that a receipient may believe all or most files were protected, when only a few or one was.
Key generation isn't random enough, so keys may be reused. I don't fully understand this one... maybe someone who does will reply and explain it??
Attacker can create a "self-extracting" archive that mimics the GUI of Winzips, but is actually a trojan horse. They admit this isn't really winzip's problem.
Similar to IANAL, I'm not a crypto expert. I probably botched some of these a bit, especially the key collisions one. If I've misunderstood any of these, please reply.
This arguement is a classic example of logical fallacy term
begging the question really means:
There is no right in the copyright law to make backup copies of motion pictures, so the whole argument that people should have the right to make backup copies of DVDs has no legal support whatsoever
In the context of a proposed change to a law, the fact that the law does not specifically enumerate a right today is the matter in question... is not proof that no such right ought to be specifically added.
For those who post using the term "begs the question" to means that a question is merely raised, please take note. Begging the question is the logical fallacy where the matter at hand is assumed to be true (or in the favor the arguing party desires) and then taken as accepted fact.
In this case, it's OBVIOUS that copyright law doesn't specifically mention the right to make backup copies of DVDs. If it did, the discussion at hand would not be whether to make an amendment to add such a clause. Trying to use this obvious fact that such language is missing today, without any other reasoning, as ground that is should not be added is a clear case of begging the question.
I agree. Aren't these microbroadcasters on the same level as spammers?
No. Well, not usually.
By broadcasting whatever they please over top of the expected/indended brodcasts, they interfere with the regular reception on my radio.
Like many other's posting today, you're stuck in the paradigm that microbroadcasters are going to intentionally broadcast "on top" of some already in-use band... and that if it weren't for the FCC's enforcement of the licensed allocation the FM and AM bands would be utter chaos. I've got some news for you...
Broadcasting in the same band as an established station with a strong signal isn't going to get you any significant coverage or audience (no matter how compelling your program material may be). A low power transmitter's field strength is going to be overwhelmed after only a short distance if there's a powerful transmitter within the same city... especially if it has the tremendous advantage of transmitting from a tower on top of a hill. This is especially true for FM, where the radio will track the higher amplitude frequency and effectively ignore your smaller signal. Even on AM, where you have a chance of superimposing your audio, it doesn't take much signal from the strong source before your voice/music is not intelligable.
Low power radio transmission also doesn't reach enough people to be effecive at selling the scams and questionable products that most spammers push.
What if I prefer 'top-40' drivel?
In the extreemly unlikely case some low power transmitter spewing an unlicensed signal on top of your pop music station... you'll probably only have to move a short distance or just orient your antenna a little differently to pick up the extreemly strong signal these stations transmit.
Even if you're deprived of Top-40 for a little while, take comfort in the likelyhood that it won't last long. Sure, someone may be having a good laugh somewhere... but they're probably going to shut it off soon, partly for fear of getting caught, but also because it won't be long until they realize turning to an unused band or one with a very weak signal is going to buy them a lot more coverage.
Ok, I'll bite... I'm trying to figure out exactly what "support" is. Such a simple word... yet somehow in this post even more confusing than tracing the name chages between (old)SCO, SCO, Caldera Sys, Caldera Inc, etc.
For the base price of a MS OS (98+) you get an online KB for free, windows update for free, support from hundreds of vendors and there KB's for free.
So "support" is an update service and the availability of on-line documentation. The "free" update service, by the way, no longer provides updates for Win98 or IE 5, so (2000+) would be more accurate. Nowhere is "support" claimed to be actually getting a question answered, for some strange reason.
But in the next sentence "support" is the availability of 3rd party applications, and their on-line documentation. There's a notion of the documenation being free. Certainly that term doesn't apply in any way to the common windows applications, which are expensive.
What do you get from Red Hat, a single point of contact for support or RTFM from people in the community?
You get an update service and a bunch of on-line documentation. Somehow it was "support" or "KB" when provided by Microsoft, but from Redhat it becomes "single point of contact" and "RTFM"... a distinction I don't quite understand.
It is true, of course, that most vendors like Adobe don't publish linux versions of their software (yet). However, the number of vendors who "support" linux, meaning they provide a linux native version of their software or instructions, is steadily increasing.
What you DO get from redhat and other linux distros is a LOT of software. You get Open Office, GIMP, Evolution (and many others). While these may not be quite as good as Word, Excel, Powerpoint, Photoshop and Outlook... they are included with the linux distribution. They also come with plenty of documentation. Somehow it's "support" when you can go buy they at (considerable) extra cost from 3rd party vendors, but it's not support if they're included?
If I were to purchase a desktop OS purely on the idea of support MS products would be top of my list due to the fact they actually might be around for awhile.
Again, the term "support" is illusive. First it an update service and on-line documentation.... but similar documentation on the linux side was RTFM instead of "support" or "KB". Then "support" became the availability of 3rd party applications. Now "support" is the long-term financial stability of the vendor.
The term "FUD" is also often used loosely. But this arguement, choose Windows because only Microsoft will "be around for a while", is a clear attempt to provoke Fear, Uncertainty and Doubt that anything but Microsoft "might be around for a while". Therefore MS products should be on the top of my list, because anything else might not be around for a while. Therefore it wouldn't have any "support"... whatever "support" really means?
It is most certainly not free in terms of things like time spent configuring and downloading it,
It came pre-installed with Redhat.
I'll probably switch to Debian later this year. I'm pretty sure it'll be inlcuded in Debian too.
or wasted time spent trying to get used to its interface before realizing it just can't be done.
I got used to it, so it definately can be done. It's really not that hard.
Photoshop probably is better... but it's $700, which is definately far too expensive for my occasional usage, and it doesn't run in Linux, so it also incurs the cost of rebooting and dealing with another OS.
Even poor countries still have rich people. That's the beauty of capitalism.
Yep, indeed. And these rich people often end up being in a coup, or are jailed/exiled in a power struggle, or just die of old age. Their wealth is almost always left laying around in a bank account or other financial institution, in a sort of financial limbo... leaving their heirs with no alternative but to seek out foreign assistance to seize those funds that are rightfully their inheiritance. These are good natured folks, of course, who are more than willing to share a generous portion of their newfound wealth with whomever is helpful enough to lend a hand completing such an ugent transaction.
But before they die, be it natural causes or malicious power struggle, these rich people, who are forced to store their unusual wealth in such stealth accounts (that aren't readily accessible to their next of kin), suffer difficulty in actually spending their money. Since it's in these special holding accounts, to actually buy anything, they have to regularily rotate through lots of credit cards... often buying that "I don't care what it is as long as it's the top of the line" batch of laptops with several of these credit cards.
What if someone in Nigeria actually wants to purchase $30,000 worth of laptops? It's not impossible.
Unlikely as it is, they have to pay with their own money... not stolen credit cards!
Our little site gets these Nigerians attempting to purchase with stolen credit cards. It's pretty easy to spot, as we've never has a legitimate order to Nigeria... but it's an annoyance.
Eventually, I ended up logging their IP numbers and now I just drop any packet that appears to have originated in Nigeria. Worked pretty well so far... might have to imclude open proxies if they start using them. For anyone else faced with the same problem, here's a little list:
# firewall out all Nigerian ISPs and Cybercafes /usr/local/sbin/iptables -A INPUT -s 212.100.64.0/19 -j DROP # Cyberspace Limited (Nigerian internet cafe) /usr/local/sbin/iptables -A INPUT -s 195.166.224.0/19 -j DROP # Linkserve Nigeria Limited (ISP) /usr/local/sbin/iptables -A INPUT -s 216.139.176.112/29 -j DROP # Q-KON (South Africa) /usr/local/sbin/iptables -A INPUT -s 81.199.82.0/23 -j DROP # Communication Trends Nigeria Ltd. (ISP) /usr/local/sbin/iptables -A INPUT -s 81.199.84.0/22 -j DROP # Communication Trends Nigeria Ltd. (ISP) /usr/local/sbin/iptables -A INPUT -s 81.199.88.0/23 -j DROP # Communication Trends Nigeria Ltd. (ISP) /usr/local/sbin/iptables -A INPUT -s 81.199.90.0/24 -j DROP # Communication Trends Nigeria Ltd. (ISP) /usr/local/sbin/iptables -A INPUT -s 212.96.2.0/19 -j DROP # Communication Trends Nigeria Ltd. (ISP) /usr/local/sbin/iptables -A INPUT -s 217.117.8.0/18 -j DROP # Communication Trends Nigeria Ltd. (ISP) /usr/local/sbin/iptables -A INPUT -s 192.116.89.0/24 -j DROP # Sky2net (UK Satellite ISP serving Nigeria) /usr/local/sbin/iptables -A INPUT -s 192.116.91.0/24 -j DROP # Sky2net (UK Satellite ISP serving Nigeria) /usr/local/sbin/iptables -A INPUT -s 192.116.94.0/24 -j DROP # Sky2net (UK Satellite ISP serving Nigeria) /usr/local/sbin/iptables -A INPUT -s 192.116.98.0/23 -j DROP # Sky2net (UK Satellite ISP serving Nigeria) /usr/local/sbin/iptables -A INPUT -s 192.116.120.0/21 -j DROP # Sky2net (UK Satellite ISP serving Nigeria) /usr/local/sbin/iptables -A INPUT -s 192.116.128.0/23 -j DROP # Sky2net (UK Satellite ISP serving Nigeria) /usr/local/sbin/iptables -A INPUT -s 62.128.175.10/23 -j DROP # Iway Africa (south africa and nigeria)
Saddly, Baystar is not fed up with the litigous behavior, and in fact they want SCO to focus only on the lawsuits. Baystar is unhappy the SCO is chasing after too much PR and they are continuing their worthless Unix business. Baystar wants them to shut up, focus on the lawsuit, and drop their unix products.
I'll quote the most important statements for you....
"We think they need to strengthen the senior team to get people with experience and background in the legal issues," McGrath said.
....
BayStar asserts SCO's Unix products business doesn't hold long-term value for shareholders, McGrath said. SCO reported $9.7 million in Unix products revenue and $1.6 million in Unix services revenue in its quarter ended Jan. 31.
"We think there are limited prospects of that business ever generating growing and significant revenue," McGrath said. "And we believe it is diverting resources from going where they would have the most value--the intellectual property process."
I finished downloading WL-122_GPL.zip. It's a 67 meg ZIP file, containing the following:
-rw-rw-rw- 1 paul paul 222373 Mar 17 14:54 appbuild.tgz -rw-rw-rw- 1 paul paul 5120 Mar 17 15:00 Applicability of Licenses.doc -rw-rw-rw- 1 paul paul 30091160 Mar 17 14:53 apps-gpl_wisoc.tgz -rw-rw-rw- 1 paul paul 1302 Mar 17 14:55 Documentation_wisoc.tgz -rw-rw-rw- 1 paul paul 18009 Mar 23 11:25 gpl.txt -rw-rw-rw- 1 paul paul 2858 Mar 17 14:56 include_wisoc.tgz -rw-rw-rw- 1 paul paul 35376063 Mar 17 14:42 kernel_wisoc.tgz -rw-rw-rw- 1 paul paul 1428307 Mar 17 14:58 lib_wisoc.tgz -rw-rw-rw- 1 paul paul 4017 Mar 17 14:59 make_include_wisoc.tgz -rw-rw-rw- 1 paul paul 12031 Mar 17 14:58 scripts_wisoc.tgz
Notice the March 17th timestamps on the files?
The "Applicability of Licenses" word document contains the following text:
In order to assist licensees with determining what code can be shared with the end customer, the
following summary of release package should be used:
/MIBS ==> can be distributed /Software/firmware/apfw ==> can not be distributed /include ==> can not be distributed /mvc ==> can not be distributed /uClinux/appbuild ==> can be distributed /apps-gpl ==> can be distributed /apps-non-gpl ==> can not be distributed /Documentation ==> can be distributed /include ==> can be distributed /kernel ==> can be distributed /lib ==> can be distributed /make_include ==> can be distributed /romfs ==> can not be distributed /scripts ==> can be distributed /test ==> can not be distributed /tools ==> can not be distributed
Upon extracting all the.tgz archives, it appears they are only distributing the "can be distributed" directories from this list. The one exception is "include", which the word doc claims "can not be distributed", but it is indeed in the "include_wisoc.tgz" and contains a few GPL's header files. I can only assume "can not be distributed" for the include directory was a simple error in the word doc.
Maybe someone will post a more detailed analysis... we'll probably hear something public soon, I'd imagine. In the meantime, anyone can visit that page and download the 67 meg zip file.
It's not clear if this is the original unmodified code, or if it truely corresponds to what they are shipping. It's also not apparant when this was added to their site... maybe have been in response to the injunction.
If anyone from sitecom is reading this, your website's fancy navigation system makes it almost impossible to copy-n-paste a URL to refer someone to a specific page on your site. Also, the search does not work in Mozilla/linux with the Sun JRE. Why not just use standard links and entry boxes?
It's about time a company started this - good job - and let's hope other tech companies take the hint.
Hello, wake up call. This is a major industry trend. Intel is following along. They're definately not the ones starting this, in hopes the rest of the industry will catch on. It is a European Union Directive that deserves the "good job" credit... and it is Intel and every other major manufacturer in the electronics industry that is "taking the hint".
Most new electronic components are being made with little or no lead. Major companies and contract manufacturers (who solder boards for most smaller companies) are switching to lead-free soldering processes.
Already this forum is filled with +5 comments about power consumption and how the solder contains much more lead than the chips. Well, here's the news... the whole industry is migrating to lead-free solder.
Much of the conversion is driven by an EU directive that all electronic products sold in Europe be lead-free by 2008.
Here's
an EE Times Article about the trend, and a possibility that the deadline may be moved up to 2006.
I am an electrical engineer, and even at the US-based company where I used to work, they're having to go through the painful process of switching the wave solder and reflow ovens (surface mount soldering) to lead-free fluxes and solder alloys.
So give credit where credit is due. It's the European Union, not Intel, that deserves "good job". The whole industry is taking the hint, as selling or being able to sell in the EU is important to almost everybody.
Internet marketers are promising a new generation of online advertising that's more effective and less annoying than some current methods
Less annoying than...
Reprogramming the browser's toolbar, sometimes even removing the back button.
Collecting private information without consent.
Slowing computers to a crawl, and sometimes even crashing them.
Making the users home (default page when starting) a bunch of advertising, and disabling ways for them to set it back to something desirable/useful like google or yahoo or whatever they originally had.
Detecting ads placed (and paid for) by the website authors, and intentionally displaying other competing ads on top of them.
Well, I supposed to get any MORE annoying, they'd have to do something like completely disable your whole computer until you scan in a receipt for one of their advertiser's products.
The article mentions they're planning to intentionally add hyperlinks to existing web pages as the browser displays them... similar to Microsoft's (abandoned) Smart Tags. But unlike Microsoft, which has the power to make those links visually distinct (the plan was a purple squiggle underline, visually similar to the red one under misspelled words in their word processor)... these slimey adware crooks are going to have to make their added links look exactly like legitimate links placed in the html by the author.
Yeah, that's less annoying than a wave a unstopped popups, expecially porn, drugs, mortgage and other commonly pitched crap. But not much less annoying to anyone who actually "surfs" around by clicking on links.
As a website author (who's put in a LOT of work on hundreds of pages for my own site over the years), I personally find it really annoying that someone visiting my site is going to see a bunch of links in MY html that I didn't write and I don't endorse. I put a lot of work in the site and there are many links to products and other sites... but I only make links when I know the remote site has good, valuable information or a solid product I can personally recommend. It really pisses me off that someone who's fallen victim to this new adware/spyware is going to have my intented links mixed in with a bunch of links to all the questional products and services that are willing to stoop to the lows of these slimey adware companies.
I hope someone sues them into oblivian over making unauthorized derivitive works (copyright), or maybe trademark violation, or maybe injury due to modifications interfering with business, or anything else. These slimey bastards deserve to be put down.
.... Darl isn't able to *give any credible theory or evidence or reasoning about how he might win*...
Roughly in the order they appear in the interview (not that I believe them, but they are there):
Darl claims IBM told Caldera they would continue to support Monterey
Sontag believe their distribution of linux containing their code was an accident, and thus the GPL doesn't apply
Darl believes the ABI "code" is copyrightable
Darl claims they have shown IBM copied code, but not to the general public
Darl claims they have even more code nobody has seen yet
Sontag claims the structure and menthods are copyrightable (sites Dmitry Yemets copy of Harry Potter books), then goes on about similarity in music (out of court settlement by Vanilla Ice) and specifically names "dynamic shared libraries" as an example of this.
Personally, I don't find it very convincing. But to say they didn't put forth any reason they could win is to neglect all these (rather weak) reasons they mentioned.
In order to claim damages in such a lawsuit you would have to prove that the company in question knew about a vulnerablilty and didn't fix it.
Actually, there was a high profile case, where it was clear the software vendor had knowledge of a very serious bug which cost the plaintif a lot of money, but the court did not find against the vendor, only because of the numerous disclaimers. It was covered here on Slashdot at least a couple times.
As I recall, the software was used by construction contractor to plan jobs. Some contractor ran into the bug, where the software added up the costs wrong. The contractor under bid by a couple million, and of course won the job because their quote was the lowest. Needless to say, they lost millions on the job, and it was very clearly the software vendor's fault.
The court ruled in favor of the software vendor, despite clear evidence that they knew of other clients running into this same bug. The decisions went to an appeal, and the ruling in favor of the software vendor was upheld.
I'm sure with some digging someone could find links to the case and media coverage about it.
Anyone who buys into this arguement, but also rejects the notion that violent films and videogames have a causal effect leading to violent behavior, is a hypocrite. Not everyone reading or posting to slashdot has uniform beliefs, but the rejection games-leads-to-violence theory is a regular slashdot theme....
In order to afford the expensive "car-toys" on their shows and commercials, they offer them credit and bankruptcy help. Hmm. And we wonder why the country's average personal debt load is so frighteningly high. They are pushing a culture of borrowing and short term vision for immediate gratification.
Personally, I believe those ads air because of the target audience. Maybe they serve to reinforce a behavior, but in all likelyhood the behavior already existed.
Sounds like the execs at Fox are in pretty deep denial. There's just gotta be some explaination that doesn't point to their programming being simply less interesting that sitting in front of a computer.
Sounds like the telco industry's rejection of the WAP
usability study they comissioned from Jacob Neilson. When the answer was basically they the WAP design was flawed and nobody would use it, they just couldn't accept the bad news. So they rejected the study, and instead hired a bunch of "yes men" to give them the reassuring answers they wanted to hear. But ultimately WAP was doomed, and a biased study saying it wasn't only prolonged the denial.
As someone who stopped watching TV years ago, it brings a bit of a smile to my face to see Fox in similar denial. Maybe they'll surround themselves with "yes men". Then again, maybe they're actually smart and this second study is an honest attempt to get at the truth. But after not watching zero TV for a few years, and less than 1 hour each week for many years before that, it's really amazing to see how wrapped up a lot of people get in such compelling but utterly worthless little staged dramas.
Then again, the same thing could be said of posting to slashdot, I suppose....
Microsoft will once again use its monopoly to ruin a great product.
Yes, they'll illegally leverage their monopoly position, just like they always do.
But keep a tiny sense of history....
Just like IE.
Netscape 4.x, slower, buggy, so poorly written it was discarded by the Mozilla project.
Just like Windows Media.
Tried RealOne? Long list of opt-in things you need to reject during installation, constantly getting bugged to pay for the premium player, advertising, and a legacy of silently collecting private info against users wishes.
Just like Office.
Remember Wordperfect, and all those machines with the little strips of paper taped abobe the function keys. Par for the course in the text-only DOS days, but seemed ancient and ugly as Win 3.0 and Win 3.1 took off.
Just like Windows itself.
Yes, Apple was better in almost every way, except that most of the market rejected the high price tag.
thanks a lot bill for making the free market look so bad. Sheesh. To think of all the cool shit Bill Gates could do with 50 billion dollars. He could make robot servants or racing spaceships he could waste it all on scientific cool progress stuff.
Or he could make massive donations to education and medicine in third world countries...
when Longhorn comes out and EVERYTHING including Windows itself is running on.NET libraries, you're going to have some damn secure systems.
Maybe. Every version of Windows has been promised to cure all the wrongs of all previous versions. The reality has always been a lot of hype, and incremental improvement rather than massive leaps forward.
What will Slashdotters find to bitch about next?
Probably the same things as now....
Bugs
Blantant Anti-Competitive Maneuvers
Price Gouging
Price Discrimination
Intentional Incompatibility With Non-Microsoft Systems
"Extensions" to Standards, and Coaxing People to use them to subvert interoperability with other software
DRM Restrictions
Product Tying (gotta have Exchange Server to use new "Office System" features)
1. [snip] You're saying losing all that stuff is _better_ than losing the core OS, which you can replace over HTTP in 10 minutes?
You are saying that damage limited to one user's files is equivilant to damage that could cause destruction of all user's files, plus complete loss of control of the system.
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
Windows has had many dozen such bugs in the same 6 month period. But on windoze, it matters not.... because malicious code gets to execute with privs anyway.
But because of a non-zero bug history, a Linux-based system is now somehow in the same risk category as Windows, with easily 10X the priv escalation bug history, and apps that run potentially malicious code with full privs anyway.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
I personally have not, but many others have.... at least in portions of the code.
Has Microsoft? Years ago they claimed to have stopped all product development for 2 months for retraining and a complete audit of all their code. Since then, the history of weekly "critical" security updates and a massive flood of less than "critical" bugs speaks volumes to how effectively Microsoft audited their code. Remember, a priv escalation bug isn't "critical" to microsoft... basically only remote admin access is.
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
Yes, I trust them. Certainly a lot more than Microsoft. Microsoft has suffered break-ins too. Compare the open and forthcoming public responses from the free software world with the closed, hushed-up, PR-spin responses from Microsoft.
Maybe you can't trust anyone... but if you must trust someone, certainly Debian and GNU are much more worthy of your trust than Microsoft is.
And don't forget the many, many lies Microsoft has been caught in... including even going so far as introducing doctored videotape evidence in court under oath! Debiand and DNU and other free software projects simply do not have a history of deception, half-truths, misleading spin, and outright lies. Microsoft does.
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
I know redhat's update uses SSL and PGP hashes. Sounds pretty good to me.
What does Microsoft use? And how well is it implemented? Has anybody audited it? Oh yeah, I forgot, Microsoft spent months stopping all development and auditing all their code a couple years ago when they announced "Trustworthy Computing". So you can trust them. Honest!
Reading the article (yes, I must be new here) mentions several street prices for various HP models.
Anyone know how those compare to the same machines pre-loaded with a Microsoft operating system? Are HP's linux customers getting the same price, higher or lower for buying Mandrake instead of Windows?
if this case is as you suggest, it may just have merit
To have merit, SCO's "belief" that AutoZone copied their shared libs to Linux would need to be proven true.
But it is indeed not true. AutoZone did not use SCO's shared libraries. So not only is the case not really about companies simply using Linux being at risk, but the wrongdoing AutoZone is accused of is merely speculation on SCO's part.
But this case should be a wake-up call for anyone who has actually copied SCO's shared libs.... to either replace them with the GPL's alternative, or do a true port and make a clean break away from anything remoting having to do with compatibility with OpenServer and UnixWare.
SCO, yet again, is being very deceptive. They say the case is about a switch to linux and in the press make noise about how AutoZone is liable because of their use of Linux. But in the actual court filing, the copyright complaint is actually centered around the "belief" that AutoZone copied SCO's sharded libs to their new Linux system. So they're really suing over use of their copyrighted shared libs on a different platform, when their license presumably specifies that those shared libs are only to be used on SCO's OpenServer.
SCO's only arguement that AutoZone has copied their shared libs to linux is:
The basis for SCO's belief is the precision and efficiency with which the migration to Linux occurred, which suggests the use of shared libraries to run legacy applications on Linux. Among other things, this was a breach of the Autozone OpenServer License Agreement for use of SCO software beyond the scope of the license.
Once more, SCO's making a lot of noise, but the facts are clearly against them.
Diversion from upcoming bad news. It's the same thing they always do when bad news is coming.
What bad news, you may ask? Could be Judge Wells is (finally) about the issue a ruling... and you can be pretty darn sure it ain't going to be good for SCO. Or it could be something as simple as their financial report, which is due to be published later this week. That ain't going to be pretty either!
Slashdot Mirror
Similar to IANAL, I'm not a crypto expert. I probably botched some of these a bit, especially the key collisions one. If I've misunderstood any of these, please reply.
In the context of a proposed change to a law, the fact that the law does not specifically enumerate a right today is the matter in question... is not proof that no such right ought to be specifically added.
For those who post using the term "begs the question" to means that a question is merely raised, please take note. Begging the question is the logical fallacy where the matter at hand is assumed to be true (or in the favor the arguing party desires) and then taken as accepted fact.
In this case, it's OBVIOUS that copyright law doesn't specifically mention the right to make backup copies of DVDs. If it did, the discussion at hand would not be whether to make an amendment to add such a clause. Trying to use this obvious fact that such language is missing today, without any other reasoning, as ground that is should not be added is a clear case of begging the question.
No. Well, not usually.
By broadcasting whatever they please over top of the expected/indended brodcasts, they interfere with the regular reception on my radio.
Like many other's posting today, you're stuck in the paradigm that microbroadcasters are going to intentionally broadcast "on top" of some already in-use band... and that if it weren't for the FCC's enforcement of the licensed allocation the FM and AM bands would be utter chaos. I've got some news for you...
Broadcasting in the same band as an established station with a strong signal isn't going to get you any significant coverage or audience (no matter how compelling your program material may be). A low power transmitter's field strength is going to be overwhelmed after only a short distance if there's a powerful transmitter within the same city... especially if it has the tremendous advantage of transmitting from a tower on top of a hill. This is especially true for FM, where the radio will track the higher amplitude frequency and effectively ignore your smaller signal. Even on AM, where you have a chance of superimposing your audio, it doesn't take much signal from the strong source before your voice/music is not intelligable.
Low power radio transmission also doesn't reach enough people to be effecive at selling the scams and questionable products that most spammers push.
What if I prefer 'top-40' drivel?
In the extreemly unlikely case some low power transmitter spewing an unlicensed signal on top of your pop music station... you'll probably only have to move a short distance or just orient your antenna a little differently to pick up the extreemly strong signal these stations transmit.
Even if you're deprived of Top-40 for a little while, take comfort in the likelyhood that it won't last long. Sure, someone may be having a good laugh somewhere... but they're probably going to shut it off soon, partly for fear of getting caught, but also because it won't be long until they realize turning to an unused band or one with a very weak signal is going to buy them a lot more coverage.
For the base price of a MS OS (98+) you get an online KB for free, windows update for free, support from hundreds of vendors and there KB's for free.
So "support" is an update service and the availability of on-line documentation. The "free" update service, by the way, no longer provides updates for Win98 or IE 5, so (2000+) would be more accurate. Nowhere is "support" claimed to be actually getting a question answered, for some strange reason.
But in the next sentence "support" is the availability of 3rd party applications, and their on-line documentation. There's a notion of the documenation being free. Certainly that term doesn't apply in any way to the common windows applications, which are expensive.
What do you get from Red Hat, a single point of contact for support or RTFM from people in the community?
You get an update service and a bunch of on-line documentation. Somehow it was "support" or "KB" when provided by Microsoft, but from Redhat it becomes "single point of contact" and "RTFM"... a distinction I don't quite understand.
It is true, of course, that most vendors like Adobe don't publish linux versions of their software (yet). However, the number of vendors who "support" linux, meaning they provide a linux native version of their software or instructions, is steadily increasing.
What you DO get from redhat and other linux distros is a LOT of software. You get Open Office, GIMP, Evolution (and many others). While these may not be quite as good as Word, Excel, Powerpoint, Photoshop and Outlook... they are included with the linux distribution. They also come with plenty of documentation. Somehow it's "support" when you can go buy they at (considerable) extra cost from 3rd party vendors, but it's not support if they're included?
If I were to purchase a desktop OS purely on the idea of support MS products would be top of my list due to the fact they actually might be around for awhile.
Again, the term "support" is illusive. First it an update service and on-line documentation.... but similar documentation on the linux side was RTFM instead of "support" or "KB". Then "support" became the availability of 3rd party applications. Now "support" is the long-term financial stability of the vendor.
The term "FUD" is also often used loosely. But this arguement, choose Windows because only Microsoft will "be around for a while", is a clear attempt to provoke Fear, Uncertainty and Doubt that anything but Microsoft "might be around for a while". Therefore MS products should be on the top of my list, because anything else might not be around for a while. Therefore it wouldn't have any "support"... whatever "support" really means?
It came pre-installed with Redhat.
I'll probably switch to Debian later this year. I'm pretty sure it'll be inlcuded in Debian too.
or wasted time spent trying to get used to its interface before realizing it just can't be done.
I got used to it, so it definately can be done. It's really not that hard.
Photoshop probably is better... but it's $700, which is definately far too expensive for my occasional usage, and it doesn't run in Linux, so it also incurs the cost of rebooting and dealing with another OS.
Yep, indeed. And these rich people often end up being in a coup, or are jailed/exiled in a power struggle, or just die of old age. Their wealth is almost always left laying around in a bank account or other financial institution, in a sort of financial limbo... leaving their heirs with no alternative but to seek out foreign assistance to seize those funds that are rightfully their inheiritance. These are good natured folks, of course, who are more than willing to share a generous portion of their newfound wealth with whomever is helpful enough to lend a hand completing such an ugent transaction.
But before they die, be it natural causes or malicious power struggle, these rich people, who are forced to store their unusual wealth in such stealth accounts (that aren't readily accessible to their next of kin), suffer difficulty in actually spending their money. Since it's in these special holding accounts, to actually buy anything, they have to regularily rotate through lots of credit cards... often buying that "I don't care what it is as long as it's the top of the line" batch of laptops with several of these credit cards.
Unlikely as it is, they have to pay with their own money... not stolen credit cards!
Our little site gets these Nigerians attempting to purchase with stolen credit cards. It's pretty easy to spot, as we've never has a legitimate order to Nigeria... but it's an annoyance.
Eventually, I ended up logging their IP numbers and now I just drop any packet that appears to have originated in Nigeria. Worked pretty well so far... might have to imclude open proxies if they start using them. For anyone else faced with the same problem, here's a little list:
Rather than the article slashdot linked to, which only gives a second-hand summary of the interview someone else did with Baystar, try reading this article with direct quotes from Baystar's Bob McGrath.
I'll quote the most important statements for you....
Notice the March 17th timestamps on the files?
The "Applicability of Licenses" word document contains the following text:
Upon extracting all the .tgz archives, it appears they are only distributing the "can be distributed" directories from this list. The one exception is "include", which the word doc claims "can not be distributed", but it is indeed in the "include_wisoc.tgz" and contains a few GPL's header files. I can only assume "can not be distributed" for the include directory was a simple error in the word doc.
Maybe someone will post a more detailed analysis... we'll probably hear something public soon, I'd imagine. In the meantime, anyone can visit that page and download the 67 meg zip file.
http://www.sitecom.com/driversmanuals.php?grp_id=6 &prod_id=237&search=1
It's not clear if this is the original unmodified code, or if it truely corresponds to what they are shipping. It's also not apparant when this was added to their site... maybe have been in response to the injunction.
If anyone from sitecom is reading this, your website's fancy navigation system makes it almost impossible to copy-n-paste a URL to refer someone to a specific page on your site. Also, the search does not work in Mozilla/linux with the Sun JRE. Why not just use standard links and entry boxes?
It's about time a company started this - good job - and let's hope other tech companies take the hint.
Hello, wake up call. This is a major industry trend. Intel is following along. They're definately not the ones starting this, in hopes the rest of the industry will catch on. It is a European Union Directive that deserves the "good job" credit... and it is Intel and every other major manufacturer in the electronics industry that is "taking the hint".
Most new electronic components are being made with little or no lead. Major companies and contract manufacturers (who solder boards for most smaller companies) are switching to lead-free soldering processes.
Already this forum is filled with +5 comments about power consumption and how the solder contains much more lead than the chips. Well, here's the news... the whole industry is migrating to lead-free solder.
Much of the conversion is driven by an EU directive that all electronic products sold in Europe be lead-free by 2008.
Here's an EE Times Article about the trend, and a possibility that the deadline may be moved up to 2006.
I am an electrical engineer, and even at the US-based company where I used to work, they're having to go through the painful process of switching the wave solder and reflow ovens (surface mount soldering) to lead-free fluxes and solder alloys.
So give credit where credit is due. It's the European Union, not Intel, that deserves "good job". The whole industry is taking the hint, as selling or being able to sell in the EU is important to almost everybody.
Less annoying than...
Reprogramming the browser's toolbar, sometimes even removing the back button.
Collecting private information without consent.
Slowing computers to a crawl, and sometimes even crashing them.
Making the users home (default page when starting) a bunch of advertising, and disabling ways for them to set it back to something desirable/useful like google or yahoo or whatever they originally had.
Detecting ads placed (and paid for) by the website authors, and intentionally displaying other competing ads on top of them.
Well, I supposed to get any MORE annoying, they'd have to do something like completely disable your whole computer until you scan in a receipt for one of their advertiser's products.
The article mentions they're planning to intentionally add hyperlinks to existing web pages as the browser displays them... similar to Microsoft's (abandoned) Smart Tags. But unlike Microsoft, which has the power to make those links visually distinct (the plan was a purple squiggle underline, visually similar to the red one under misspelled words in their word processor)... these slimey adware crooks are going to have to make their added links look exactly like legitimate links placed in the html by the author.
Yeah, that's less annoying than a wave a unstopped popups, expecially porn, drugs, mortgage and other commonly pitched crap. But not much less annoying to anyone who actually "surfs" around by clicking on links.
As a website author (who's put in a LOT of work on hundreds of pages for my own site over the years), I personally find it really annoying that someone visiting my site is going to see a bunch of links in MY html that I didn't write and I don't endorse. I put a lot of work in the site and there are many links to products and other sites... but I only make links when I know the remote site has good, valuable information or a solid product I can personally recommend. It really pisses me off that someone who's fallen victim to this new adware/spyware is going to have my intented links mixed in with a bunch of links to all the questional products and services that are willing to stoop to the lows of these slimey adware companies.
I hope someone sues them into oblivian over making unauthorized derivitive works (copyright), or maybe trademark violation, or maybe injury due to modifications interfering with business, or anything else. These slimey bastards deserve to be put down.
Roughly in the order they appear in the interview (not that I believe them, but they are there):
Personally, I don't find it very convincing. But to say they didn't put forth any reason they could win is to neglect all these (rather weak) reasons they mentioned.
This is more or less equivilant to the patching process.... except that you don't need to have the car recalled multiple times each month.
Actually, there was a high profile case, where it was clear the software vendor had knowledge of a very serious bug which cost the plaintif a lot of money, but the court did not find against the vendor, only because of the numerous disclaimers. It was covered here on Slashdot at least a couple times.
As I recall, the software was used by construction contractor to plan jobs. Some contractor ran into the bug, where the software added up the costs wrong. The contractor under bid by a couple million, and of course won the job because their quote was the lowest. Needless to say, they lost millions on the job, and it was very clearly the software vendor's fault.
The court ruled in favor of the software vendor, despite clear evidence that they knew of other clients running into this same bug. The decisions went to an appeal, and the ruling in favor of the software vendor was upheld.
I'm sure with some digging someone could find links to the case and media coverage about it.
In order to afford the expensive "car-toys" on their shows and commercials, they offer them credit and bankruptcy help. Hmm. And we wonder why the country's average personal debt load is so frighteningly high. They are pushing a culture of borrowing and short term vision for immediate gratification.
Personally, I believe those ads air because of the target audience. Maybe they serve to reinforce a behavior, but in all likelyhood the behavior already existed.
Sounds like the telco industry's rejection of the WAP usability study they comissioned from Jacob Neilson. When the answer was basically they the WAP design was flawed and nobody would use it, they just couldn't accept the bad news. So they rejected the study, and instead hired a bunch of "yes men" to give them the reassuring answers they wanted to hear. But ultimately WAP was doomed, and a biased study saying it wasn't only prolonged the denial.
As someone who stopped watching TV years ago, it brings a bit of a smile to my face to see Fox in similar denial. Maybe they'll surround themselves with "yes men". Then again, maybe they're actually smart and this second study is an honest attempt to get at the truth. But after not watching zero TV for a few years, and less than 1 hour each week for many years before that, it's really amazing to see how wrapped up a lot of people get in such compelling but utterly worthless little staged dramas.
Then again, the same thing could be said of posting to slashdot, I suppose....
Yes, they'll illegally leverage their monopoly position, just like they always do.
But keep a tiny sense of history....
Just like IE.
Netscape 4.x, slower, buggy, so poorly written it was discarded by the Mozilla project.
Just like Windows Media.
Tried RealOne? Long list of opt-in things you need to reject during installation, constantly getting bugged to pay for the premium player, advertising, and a legacy of silently collecting private info against users wishes.
Just like Office.
Remember Wordperfect, and all those machines with the little strips of paper taped abobe the function keys. Par for the course in the text-only DOS days, but seemed ancient and ugly as Win 3.0 and Win 3.1 took off.
Just like Windows itself.
Yes, Apple was better in almost every way, except that most of the market rejected the high price tag.
Or he could make massive donations to education and medicine in third world countries...
Oh, wait...
Maybe. Every version of Windows has been promised to cure all the wrongs of all previous versions. The reality has always been a lot of hype, and incremental improvement rather than massive leaps forward.
What will Slashdotters find to bitch about next?
Probably the same things as now....
and more stuff I probably left out
You are saying that damage limited to one user's files is equivilant to damage that could cause destruction of all user's files, plus complete loss of control of the system.
2. Even with 'l00s4h', if your kernel has priviledge escalation bugs, bad guys can still get r00t. Linux had two of these in the past six months.
Windows has had many dozen such bugs in the same 6 month period. But on windoze, it matters not.... because malicious code gets to execute with privs anyway.
But because of a non-zero bug history, a Linux-based system is now somehow in the same risk category as Windows, with easily 10X the priv escalation bug history, and apps that run potentially malicious code with full privs anyway.
3. You've personally audited mutt for overflow issues? How about the 1GB mozilla codebase?
I personally have not, but many others have.... at least in portions of the code.
Has Microsoft? Years ago they claimed to have stopped all product development for 2 months for retraining and a complete audit of all their code. Since then, the history of weekly "critical" security updates and a massive flood of less than "critical" bugs speaks volumes to how effectively Microsoft audited their code. Remember, a priv escalation bug isn't "critical" to microsoft... basically only remote admin access is.
4. You trust Debian? Gentoo? GNU? Even though they don't always cryptographically sign binaries and even though their servers were 0wned a few weeks back?
Yes, I trust them. Certainly a lot more than Microsoft. Microsoft has suffered break-ins too. Compare the open and forthcoming public responses from the free software world with the closed, hushed-up, PR-spin responses from Microsoft.
Maybe you can't trust anyone... but if you must trust someone, certainly Debian and GNU are much more worthy of your trust than Microsoft is.
And don't forget the many, many lies Microsoft has been caught in... including even going so far as introducing doctored videotape evidence in court under oath! Debiand and DNU and other free software projects simply do not have a history of deception, half-truths, misleading spin, and outright lies. Microsoft does.
5. apt-get, emerge, etc don't typically use SSL, so how do you know you aren't being man-in-the-middled when you run it (as root)?
I know redhat's update uses SSL and PGP hashes. Sounds pretty good to me.
What does Microsoft use? And how well is it implemented? Has anybody audited it? Oh yeah, I forgot, Microsoft spent months stopping all development and auditing all their code a couple years ago when they announced "Trustworthy Computing". So you can trust them. Honest!
Anyone know how those compare to the same machines pre-loaded with a Microsoft operating system? Are HP's linux customers getting the same price, higher or lower for buying Mandrake instead of Windows?
To have merit, SCO's "belief" that AutoZone copied their shared libs to Linux would need to be proven true.
But it is indeed not true. AutoZone did not use SCO's shared libraries. So not only is the case not really about companies simply using Linux being at risk, but the wrongdoing AutoZone is accused of is merely speculation on SCO's part.
But this case should be a wake-up call for anyone who has actually copied SCO's shared libs.... to either replace them with the GPL's alternative, or do a true port and make a clean break away from anything remoting having to do with compatibility with OpenServer and UnixWare.
Yet again, the facts aren't in SCO's favor. Read this comment from the former Sr Technical Advisor at AutoZone, who directed the migration and personally ported much of the code.
SCO's only arguement that AutoZone has copied their shared libs to linux is:
Once more, SCO's making a lot of noise, but the facts are clearly against them.
Diversion. That's what.
Diversion from upcoming bad news. It's the same thing they always do when bad news is coming.
What bad news, you may ask? Could be Judge Wells is (finally) about the issue a ruling... and you can be pretty darn sure it ain't going to be good for SCO. Or it could be something as simple as their financial report, which is due to be published later this week. That ain't going to be pretty either!