The bottom line of intellectual property is this: The creator of that IP has an absolute moral right to determine how his property may be used.
Absolutely wrong!
The authors and publisher of a newspaper has no moral right to determine how I use my lawfully acquired copy of their newspaper. It's up to me if I want to read it, discard it, or wad it up to aid starting wood burning in my fireplace.
Likewise, Microsoft has no moral right to determine is I use Word to write a business letter, or write advertising material for products I might sell, or any other function. How I use the copy I have legally obtained is up to me. The author has absolutely no moral right to dictate how I make use if it.
In fact, I would argue that it is morally obectional for authors to attempt to control exactly how people may make use of their works, after having lawfully obtained them.
There is a distinction between using work and publically performing it, such as movies.
PGP is not designed for the same purpose as Microsoft's Caller-ID and SPF.... to determine if the transmitting server's IP number is an authorized transmit point for the domain claimed as the sender.
A PGP signature will be vunerable to replay attacks if it does not sign the message body, or at least a good portion of the headers. So using PGP (or quite likely Yahoo's domain keys when they finally release the spec), you can not detect that the transmitting MTA is not authorized to send BEFORE wasting the bandwidth to receive the message. SPF can do that. Caller-ID probably can too...
PGP requires the secrecy of the private key to be maintained. Maintaining and managing secrets is costly. Caller-ID and SPF do not require keeping secrets.
PGP also requires costly computation, which is costly for servers that handle a large volume of mail.
There are numerous other problems with deploying PGP or a similar crypto system, which have been discussed over and over on the SPF mail list.
IMHO MS is reinventing a wheel, or trying to own it.
Well, they've apparantly been working on this for 1 year... so they began roughly around the time RMX, DMP and SPF began in a serious way. It would only be fair to characterize their effort as reinventing the wheel if a viable wheel existed around the timeframe they began.
Maybe the idea that mail could potentially be completely private (read:encrypted) is not that appealing to everyone.
MS's Caller-ID and SPF (and the earlier DMP and RMX that SPF has effectively superceeded) are sender authentication systems. They solve the problem of spoofed headers, commonly used by spammers and email worms/viruses, which is a very widespread problem in need of a solution.
PGP, as it is applied today, does not solve header spoofing.
PGP also solves the problem of unauthorized reception. But that simply is not a widespread problem. Certainly not on the scale of spam and email virus propagation.
Is is true that strong crypto is illegal in many countries, which is also a great problem in its widespread acceptance. MS Called-ID and SPF do not suffer from that problem.
So, tell them you read it here first.
Nope, sorry. Many others have thought of this before.
(Or point me to a similar idea.)
Try the SPF mail list archives for recent, relevant discussion. There are numerous other lists with older discussions on using PGP and similar systems for sender authentication.
One of the most effective ways I've ever seen to filter out mail
Yes, you are absolutely correct. This approach you describe, and which is implemented in the sendmail milter, is indeed very effective in filtering out mail.
It's effective against spam too.
... is to just simply follow the RFC. When you get mail from a domain name, look up the ip address, when you get the ip address, reverse lookup the name. If forward and backward don't match, reject the mail.
A: No, we just need to make stripped down copies for people who won't pay full price
Q: Is Microsoft soul searching?
A: No, of course not. We're categorizing customers to figure out how to customize to their needs and extract as much money as they will pay.
Q: Are you going to make Windows do this automatically?
A: No, we're not that good.
Q: Where is linux successful today:
A: Firewalls, appliances, supercomputers, legacy unix migrations. But we're not worried because the ISVs are not big yet.
Q: Are you worried linux will get more traction?
A: Nope. It's all because we don't have a good firewall, and we're releasing one soon now.
Q: How do you respond to the notion that peer review leads to better code?
A: Very few people read the code, and most of them are idiots.
Q: Is desktop linux a threat?
A: Only in gov't and third world countries. We're working on customizing for them, slashing prices, changing license terms, or whatever other "challenges" are needed.
Q: Why should solution providers use Windows instead of Linux?
A: Microsoft doesn't give a damn about the serice and support business. So you can depend on Microsoft to throw you that bone, year after year. A linux distributor can't reap excessive profits from licensing terms, and they have crappy business models based on giving stuff away for free. In several years down the road they might decide to compete with you and stab you in the back. Microsoft would never do a thing like that its solution providers, honest!
Now my little server can do advanced reverse lookups on the over 90,000 spam messages it handles per month. I'm thinking not...
90000 messages per month works out to approx 2 message per minute.
I'm thinking you can do two "advanced reverse lookups" every minute, especially when some portion of those lookups allow you to close the connection and avoid receiving the spam.
Then again, your server is already overwhelmed by one spam every 28.8 seconds, which if you assume an average spam message size of 8k works out to be a whopping average bandwidth of 277 bytes/sec, or 2.2 kbit/sec.
Is the code that bad such that this news story considers this so dangerous to Microsoft?
Well, that's what Microsoft claimed in court, in response to the notion of requiring them to provide the source. Microsoft claimed releasing the source could compromise (USA) national security, because the malicious individuals could find and exploit all the holes. Yes, they really did say that, more or less.
But only a couple months later, faced with China adopting Linux over concerns of hidden backdoors, Microsoft provided a copy of the source to the Chineese. So much for national security (or was that honest under oath?)
Well, the web site I could live with, seein' as you can eventually find the free link. Waste of time and lame, yes, but still... it's a one time affair.
For YOU it's a sleezy one-time affair.
But for the broadcaster, it's every new listener/viewer having to suffer a slimey negative experience, before they can even hear/see what you are offering. It's an endless stream of complaints (hmm, bad pun).
... the best Microsoft can hope for is to slow it down and bank the profits while they last.
No. The best case scenario Microsoft could hope for it a greatly tighten their proprietary lock-in, perhaps using DRM and patented protocols and file formats to legally inhibit competitors from offering interoperable alternatives.
No. It doesn't matter if the insiders laugh all the way to the bank (presumably in the Cayman Islands). What matters is SCOX investors losing money and the company utterly ruined.
The only reason Darl and crew are able to take this stupid strategy is they've managed to convince some investors there is a chance they can pull it off. When it turns out to be a dismal, money losing failure for all investors, future greedy unscrupulous CEOs just won't have the backing to persue such a folly.
many people have a use for http://username:password@domain links, especially in bookmarks
Well, they're going to have to learn to live without this dangerous feature, because Microsoft
is going to disable user:passwd@site syntax soon. (in slashdot editor form)... Now if only they could design new software securly to begin with.
I'm the one who submitted the story that Timothy posted.
Microsoft damn well deserves some bashing. They didn't fix the phishing bug in their monthly patch set, and the phishing bug was reported very close to the beginning of that monthly cycle, and only 1 week after it was discovered, scammers started making heavy use of it in their attempts to defraud people of banking details. So Microsoft had 3 weeks to witness the phishing bug being abused in the wild, and still they did not patch it almost a full month.
This all comes on the heels of a bunch of PR Microsoft spewed not long ago, claiming a study (they paid for) found that Microsoft issues patches faster than Redhat.
I call them a bunch of lying hypocrites who only care about money and not the security of their customers. You call me a Microsoft basher. You are right, I'm saying Microsoft sucks and the lie. I believe I am right too, they do suck and they do have little regard for honesty, as can plainly be seen.
In fact, you can do that while installing the 35th sendmail patch this week. Or the 54th SSH.
In fact, the last security patch for sendmail was on September 17, 2003. That's over 4 months ago. There have been zero sendmail security patches this week, not 35. The previous patch was released March 29th, 2003. Not the same week, but 5.5 months earlier.
OpenSSH doesn't have the same web pages with patch info as Sendmail... so looking at Redhat's update history on OpenSSH, I see new RPMs published on the following dates:
17-Sep-2003,
16-Sep-2003,
04-Jul-2003,
14-Feb-2003.
It's not clear if these are security updates or other less serious updates. But only once did two patches appear in the same week. On average, it's over 2 months between updates.... hardly 54 in one week.
Now compare that the MSIE. Microsoft's customers complained that multiple patches were required every week, so they recently switched to a monthy patch schedule. But there was news coverage that shortly after the switch, they still had to break that schedule and release patches more frequently because of very critical security bugs discovered.
And remember that Microsoft doesn't even bother to fix things like this phishing bug, which makes it easy for scammers to direct people to false banking login pages and have them appear to be the legitimate websites of the banks people trust! Contrast that lack of concern for customers getting ripped off against some of the openssh patches, which fix timing problems where the sub-milisecond delay changes could theoretically leak info if probed repetitively probed over a low-latency LAN.... but virtually impossible to attack over the internet, and no known exploits in use.
It's pretty clear which software has a good security track record and which software has more holes that swiss cheese. It's quite clear who deserves to be bashed.
When I submitted this story a couple hours ago, I gave it the title "Yet another serious MSIE Hole". Timothy chopped off the redundant "Yet", so what you see on the slashdot front page is already one itteration of redundant word chopping.
I actually discovered the Infoworld article mentioned in a comment over at groklaw... to give some credit where credit is due.
HOW would distracting the press and a few clueless people actually help the criminals?.... Seriously, What do the criminals get out of it other than enjoying sticking it to SCO.
Fewer people will act quickly to clean up their systems to remove the keystroak logger, which the criminals hope will capture credit card numbers, passwords to on-line banking or paypal accounts, and other sensitive information.
If the main message is "virus uses your computer to attack SCO", that's different than "virus is spying on you, to capture your credit card number and passwords", and ordinary people who couldn't care less about SCO, but care rather deeply about their credit card numbers, will respond differently depending on which message the media manages to deliver past their short attention spans (you know, the sort of people who saw the "computer error" and then clicked on the attachment to "solve" it without giving it a second thought).
Yes, but are 100% certain. But until IBM provides every revision of AIX, Dynix, and every other operting system and piece of software they've ever written over the last 40 years, SCO won't be able to say with specifity exactly why they are 100% certain....
Since Mydoom has been identified as a variant of Mimail, which is largely believe to have been written on behalf of spammers and/or paypal scammers (apparantly in Russia), the most likely scenario is that the same group created Mydoom.
The attack on SCO is most likely just a diversion. A simple distraction from the actual goal... to turn millions of machines into zombies which can be used to conduct illegal activities (phishing scams), or can turned into email/spam relays to be sold to spammers.
It's already been established that Mydoom installs a backdoor and allows routing of tcp/ip connections to mask the identity of the originator. More or less exactly what scammers hoping to defraud ordinary people of banking details (phishing) need. Also the standard approach to turning machines into a valuable asset that can be sold to spammers in need of mail relays or "bulletproof hosting" for their websites that host the images all those spam messages reference.
Attacking SCO is a smart diversion.... especially if SCO takes the bait and publishes a flamebait press release (seems almost certain), which will of course provoke a response from the free software / open source communities. Lots of free press to help divert the anger of millions of (clueless) victims towards the very visible open source and free software people, and SCO, and away from the real criminals.
Judging from most of the comments here on Slashdot so far, it appears to be working perfectly.
This is someone who just wants to feel important and who thinks that by DDoS'ing SCO everyone will call him a hero.
Or someone who doesn't give a damn about SCO, and merely wants to distract attention away from their real goal of turning millions of end-user PCs into zombies to do their future bidding.
Hmmm... who would be interested in that <cough> spammers <cough> and has an established history of it?
Long ago, SpamAssassin had a rule to check if a message had something like a pgp signature, and deduct a bit from the score.
Spammers started including a fake pgp signature line... not a real signature that pgp or gnu gpg would parse, but just enough to trick spamassassin. Slashdot even linked to an article about it at the time.
The rule was removed from spamassassin, rather than attempting to truely check if it was a valid signature. The spamassassin developers probably figured the spammers would just do the same thing over again... study the filter code and devise an improved fake signature to evade the filter.
Such is the nature of the arms race between filter designers and spammers. Anything the filter checks, especially for an indication of a legitimate message, must not be easily spoofed. Without PKI (or some other scheme like a well interconnected "web of trust" as in PGP among known senders), spammers will find a way to trick such a check for a signature.
Don't use an address that's easy for others to remember and easy to speak in conversation
Don't tell any prospective customers visiting your website how to contact you
Institute changes to mail list archives for which you have no administrative control
At least the comment about using a Bayesian filter is good, though it's becoming less so as spammers are now adapting and poisioning the Bayesian learning with lots of extra text.
What the hell were the UNIX companies doing during that time?
SCO wasn't among the many who did try to keep up... but others did (at least try).
They could have remained competitive. They could have kept up with the times. They could have written the GUI apps that their users wanted.
CDE
They could have incorporated new coding techniques into their code bases.
Posix threads, sysv shared memory, and so on.
They could have kept the desktop market.
The unix vendors never had the desktop market. In the early 80's, Apple ][ and the C-64 had it. Then IBM took it (neglecting the portion held by Apple's Macintosh), and eventually PC-DOS felt to MSDOS. Microsoft has had it ever since, and kept it largely be leveraging the MSDOS and then Windows monopoly. Unix vendors never had it to keep hold of.
But we need some good, solid, well-written points in rebuttal to include in those letters.
How's this:
Dear Honorable (insert name)
In January, SCO sent you a letter arguing that Open Source software and the GNU General Public License (GPL) are a threat to the economy, American competitiveness and national security.
What SCO failed to mention is that they themselves use Open Source software. Their website is run by Linux, not their own unixware product, and Apache, the most popular open source web browser. SCO's own products rely heavily on the inclusion of open source software, including the GNU C Compiler and Samba file and print server, which are distributed using the terms of the GPL.
.
.... you could go on and on, but if anyone read to this point, the damage to SCO would be done.
Slashdot Mirror
Absolutely wrong!
The authors and publisher of a newspaper has no moral right to determine how I use my lawfully acquired copy of their newspaper. It's up to me if I want to read it, discard it, or wad it up to aid starting wood burning in my fireplace.
Likewise, Microsoft has no moral right to determine is I use Word to write a business letter, or write advertising material for products I might sell, or any other function. How I use the copy I have legally obtained is up to me. The author has absolutely no moral right to dictate how I make use if it.
In fact, I would argue that it is morally obectional for authors to attempt to control exactly how people may make use of their works, after having lawfully obtained them.
There is a distinction between using work and publically performing it, such as movies.
No responses! Compare to SPF:
Here is the real reason Microsoft had to publish their Caller-ID spec now!
Before replying with "those 7500 domains are tiny", AOL is publishing a SPF record NOW. Microsoft is not publishing their own Caller-ID record yet.
A PGP signature will be vunerable to replay attacks if it does not sign the message body, or at least a good portion of the headers. So using PGP (or quite likely Yahoo's domain keys when they finally release the spec), you can not detect that the transmitting MTA is not authorized to send BEFORE wasting the bandwidth to receive the message. SPF can do that. Caller-ID probably can too...
PGP requires the secrecy of the private key to be maintained. Maintaining and managing secrets is costly. Caller-ID and SPF do not require keeping secrets.
PGP also requires costly computation, which is costly for servers that handle a large volume of mail.
There are numerous other problems with deploying PGP or a similar crypto system, which have been discussed over and over on the SPF mail list.
IMHO MS is reinventing a wheel, or trying to own it.
Well, they've apparantly been working on this for 1 year... so they began roughly around the time RMX, DMP and SPF began in a serious way. It would only be fair to characterize their effort as reinventing the wheel if a viable wheel existed around the timeframe they began.
Maybe the idea that mail could potentially be completely private (read:encrypted) is not that appealing to everyone.
MS's Caller-ID and SPF (and the earlier DMP and RMX that SPF has effectively superceeded) are sender authentication systems. They solve the problem of spoofed headers, commonly used by spammers and email worms/viruses, which is a very widespread problem in need of a solution.
PGP, as it is applied today, does not solve header spoofing.
PGP also solves the problem of unauthorized reception. But that simply is not a widespread problem. Certainly not on the scale of spam and email virus propagation.
Is is true that strong crypto is illegal in many countries, which is also a great problem in its widespread acceptance. MS Called-ID and SPF do not suffer from that problem.
So, tell them you read it here first.
Nope, sorry. Many others have thought of this before.
(Or point me to a similar idea.)
Try the SPF mail list archives for recent, relevant discussion. There are numerous other lists with older discussions on using PGP and similar systems for sender authentication.
Yes, you are absolutely correct. This approach you describe, and which is implemented in the sendmail milter, is indeed very effective in filtering out mail.
It's effective against spam too.
Q: Is windows too expensive?
A: No, we just need to make stripped down copies for people who won't pay full price
Q: Is Microsoft soul searching?
A: No, of course not. We're categorizing customers to figure out how to customize to their needs and extract as much money as they will pay.
Q: Are you going to make Windows do this automatically?
A: No, we're not that good.
Q: Where is linux successful today:
A: Firewalls, appliances, supercomputers, legacy unix migrations. But we're not worried because the ISVs are not big yet.
Q: Are you worried linux will get more traction?
A: Nope. It's all because we don't have a good firewall, and we're releasing one soon now.
Q: How do you respond to the notion that peer review leads to better code?
A: Very few people read the code, and most of them are idiots.
Q: Is desktop linux a threat?
A: Only in gov't and third world countries. We're working on customizing for them, slashing prices, changing license terms, or whatever other "challenges" are needed.
Q: Why should solution providers use Windows instead of Linux?
A: Microsoft doesn't give a damn about the serice and support business. So you can depend on Microsoft to throw you that bone, year after year. A linux distributor can't reap excessive profits from licensing terms, and they have crappy business models based on giving stuff away for free. In several years down the road they might decide to compete with you and stab you in the back. Microsoft would never do a thing like that its solution providers, honest!
90000 messages per month works out to approx 2 message per minute.
I'm thinking you can do two "advanced reverse lookups" every minute, especially when some portion of those lookups allow you to close the connection and avoid receiving the spam.
Then again, your server is already overwhelmed by one spam every 28.8 seconds, which if you assume an average spam message size of 8k works out to be a whopping average bandwidth of 277 bytes/sec, or 2.2 kbit/sec.
Ah, You must be new here.
Or better yet, update your link and sig to www.thescogroup.com, the litigious bastards.
Well, that's what Microsoft claimed in court, in response to the notion of requiring them to provide the source. Microsoft claimed releasing the source could compromise (USA) national security, because the malicious individuals could find and exploit all the holes. Yes, they really did say that, more or less.
But only a couple months later, faced with China adopting Linux over concerns of hidden backdoors, Microsoft provided a copy of the source to the Chineese. So much for national security (or was that honest under oath?)
Migrating (in our lifetime).
What is wrong with developing better challenge/response systems?
Again, the migrating part.
For YOU it's a sleezy one-time affair.
But for the broadcaster, it's every new listener/viewer having to suffer a slimey negative experience, before they can even hear/see what you are offering. It's an endless stream of complaints (hmm, bad pun).
No. The best case scenario Microsoft could hope for it a greatly tighten their proprietary lock-in, perhaps using DRM and patented protocols and file formats to legally inhibit competitors from offering interoperable alternatives.
The only reason Darl and crew are able to take this stupid strategy is they've managed to convince some investors there is a chance they can pull it off. When it turns out to be a dismal, money losing failure for all investors, future greedy unscrupulous CEOs just won't have the backing to persue such a folly.
Well, they're going to have to learn to live without this dangerous feature, because Microsoft is going to disable user:passwd@site syntax soon. (in slashdot editor form)... Now if only they could design new software securly to begin with.
I'm the one who submitted the story that Timothy posted.
Microsoft damn well deserves some bashing. They didn't fix the phishing bug in their monthly patch set, and the phishing bug was reported very close to the beginning of that monthly cycle, and only 1 week after it was discovered, scammers started making heavy use of it in their attempts to defraud people of banking details. So Microsoft had 3 weeks to witness the phishing bug being abused in the wild, and still they did not patch it almost a full month.
This all comes on the heels of a bunch of PR Microsoft spewed not long ago, claiming a study (they paid for) found that Microsoft issues patches faster than Redhat.
I call them a bunch of lying hypocrites who only care about money and not the security of their customers. You call me a Microsoft basher. You are right, I'm saying Microsoft sucks and the lie. I believe I am right too, they do suck and they do have little regard for honesty, as can plainly be seen.
In fact, you can do that while installing the 35th sendmail patch this week. Or the 54th SSH.
In fact, the last security patch for sendmail was on September 17, 2003. That's over 4 months ago. There have been zero sendmail security patches this week, not 35. The previous patch was released March 29th, 2003. Not the same week, but 5.5 months earlier.
OpenSSH doesn't have the same web pages with patch info as Sendmail... so looking at Redhat's update history on OpenSSH, I see new RPMs published on the following dates: 17-Sep-2003, 16-Sep-2003, 04-Jul-2003, 14-Feb-2003. It's not clear if these are security updates or other less serious updates. But only once did two patches appear in the same week. On average, it's over 2 months between updates.... hardly 54 in one week.
Now compare that the MSIE. Microsoft's customers complained that multiple patches were required every week, so they recently switched to a monthy patch schedule. But there was news coverage that shortly after the switch, they still had to break that schedule and release patches more frequently because of very critical security bugs discovered.
And remember that Microsoft doesn't even bother to fix things like this phishing bug, which makes it easy for scammers to direct people to false banking login pages and have them appear to be the legitimate websites of the banks people trust! Contrast that lack of concern for customers getting ripped off against some of the openssh patches, which fix timing problems where the sub-milisecond delay changes could theoretically leak info if probed repetitively probed over a low-latency LAN.... but virtually impossible to attack over the internet, and no known exploits in use.
It's pretty clear which software has a good security track record and which software has more holes that swiss cheese. It's quite clear who deserves to be bashed.
I actually discovered the Infoworld article mentioned in a comment over at groklaw... to give some credit where credit is due.
Fewer people will act quickly to clean up their systems to remove the keystroak logger, which the criminals hope will capture credit card numbers, passwords to on-line banking or paypal accounts, and other sensitive information.
If the main message is "virus uses your computer to attack SCO", that's different than "virus is spying on you, to capture your credit card number and passwords", and ordinary people who couldn't care less about SCO, but care rather deeply about their credit card numbers, will respond differently depending on which message the media manages to deliver past their short attention spans (you know, the sort of people who saw the "computer error" and then clicked on the attachment to "solve" it without giving it a second thought).
Yes, but are 100% certain. But until IBM provides every revision of AIX, Dynix, and every other operting system and piece of software they've ever written over the last 40 years, SCO won't be able to say with specifity exactly why they are 100% certain....
The attack on SCO is most likely just a diversion. A simple distraction from the actual goal... to turn millions of machines into zombies which can be used to conduct illegal activities (phishing scams), or can turned into email/spam relays to be sold to spammers.
It's already been established that Mydoom installs a backdoor and allows routing of tcp/ip connections to mask the identity of the originator. More or less exactly what scammers hoping to defraud ordinary people of banking details (phishing) need. Also the standard approach to turning machines into a valuable asset that can be sold to spammers in need of mail relays or "bulletproof hosting" for their websites that host the images all those spam messages reference.
Attacking SCO is a smart diversion.... especially if SCO takes the bait and publishes a flamebait press release (seems almost certain), which will of course provoke a response from the free software / open source communities. Lots of free press to help divert the anger of millions of (clueless) victims towards the very visible open source and free software people, and SCO, and away from the real criminals.
Judging from most of the comments here on Slashdot so far, it appears to be working perfectly.
Or someone who doesn't give a damn about SCO, and merely wants to distract attention away from their real goal of turning millions of end-user PCs into zombies to do their future bidding.
Hmmm... who would be interested in that <cough> spammers <cough> and has an established history of it?
Spammers started including a fake pgp signature line... not a real signature that pgp or gnu gpg would parse, but just enough to trick spamassassin. Slashdot even linked to an article about it at the time.
The rule was removed from spamassassin, rather than attempting to truely check if it was a valid signature. The spamassassin developers probably figured the spammers would just do the same thing over again... study the filter code and devise an improved fake signature to evade the filter.
Such is the nature of the arms race between filter designers and spammers. Anything the filter checks, especially for an indication of a legitimate message, must not be easily spoofed. Without PKI (or some other scheme like a well interconnected "web of trust" as in PGP among known senders), spammers will find a way to trick such a check for a signature.
At least the comment about using a Bayesian filter is good, though it's becoming less so as spammers are now adapting and poisioning the Bayesian learning with lots of extra text.
SCO wasn't among the many who did try to keep up... but others did (at least try).
They could have remained competitive. They could have kept up with the times. They could have written the GUI apps that their users wanted.
CDE
They could have incorporated new coding techniques into their code bases.
Posix threads, sysv shared memory, and so on.
They could have kept the desktop market.
The unix vendors never had the desktop market. In the early 80's, Apple ][ and the C-64 had it. Then IBM took it (neglecting the portion held by Apple's Macintosh), and eventually PC-DOS felt to MSDOS. Microsoft has had it ever since, and kept it largely be leveraging the MSDOS and then Windows monopoly. Unix vendors never had it to keep hold of.
How's this:
Dear Honorable (insert name)
In January, SCO sent you a letter arguing that Open Source software and the GNU General Public License (GPL) are a threat to the economy, American competitiveness and national security.
What SCO failed to mention is that they themselves use Open Source software. Their website is run by Linux, not their own unixware product, and Apache, the most popular open source web browser. SCO's own products rely heavily on the inclusion of open source software, including the GNU C Compiler and Samba file and print server, which are distributed using the terms of the GPL.
.
Oh my Mr Kettle, look how black you are, thus spoke a champion of SPEWS.