Any device trying to connect to the network will be checked to see whether it has security measures already in place.
I just gotta wonder if this is going to look for any response on certain ports like 135-139, or if Cisco is specificly going to check for a proprietary response from the products of Network Asc, Symantec and Trend Micro?
What it ought to do is a TCP fingerprint and look for any Microsoft Windows operating system.
Re:The historical importance of SCO
on
SCO News Roundup
·
· Score: 1
SCO.... think about how future generations will view this.
In April, I must migrate from "Red Hat Linux 9" to "something else" if I want to continue with the benefit of a distribution that publishes security updates. My paid RHN subscription runs out in March, by the way. I've been willing to pay $120/year (2 systems), but I'm certainly not willing to pay much more.
So what should "something else" be? Your remark about Windows is legendary by now, but Microsoft is not an option since I depend on the gnu environment and a lot of linux-based software.
Why should I choose Fedora? Debian certainly looks like the best choice, offering much longer maintainance than the 4-6 month release cycle and 2-3 months of bug fixes the Fedora claims. And Debian is well established and has a strong user base. Even Suse and Mandrake look like better choices than Fedora's extreemly short maintainance cycle. Each of these distributions considers me (even if I download free ISOs) as their "customer", whereas Red Hat's attitude appears to be that I'm a "hobbist" or "enthusiast" if I use Fedora.
So please answer with your best "sales pitch" for Fedora. This is your chance to sell it to me and thousands of other long-time Red Hat Linux users. Or if you (and Red Hat) really don't care if I switch/migrate to Debian instead of Fedora, please be honest and just say so.
It makes no difference to anybody except yourself what you want to use...
Alone, one person's decision makes very little difference.
But in aggerate, the decisions of millions (or the decisions made for them by OEMs and default settings), make a dramatic difference.
The "market share" is what drives hardware vendors to write drivers or release specs, and it influences software vendors to port their applications. It also makes a lot of people take interoperability seriously, such as making websites conform to standards.
Your choice, and my choice, and that of others in terms of "market share" does make a difference for everyone. Even for people who made different choices than we may have, it still makes a difference, as cross-platform development, conformance to standardards, and design for interoperability are usually a win for everybody involved.
as soon as they actually have to offer up their proof that copied code is in Linux, it won't stand up to analysis, their case will be rejected, and their stock will drop like a stone.
Maybe it'll go more like this:
Judge Kimball orders SCO to identify code & meathods during oral arguements on Dec 5th
Hemming and hawing, SCO delays, offers up a few more insincere vauge response
IBM objects, eventaully Kimball forces SCO to reply
Perns, Raymond and others immediately analyze the code, find most is not really proprietary or not actually copied
Media takes a dim view of SCO, stock starts to fall
Kernel developers design out alleged infringing code anyway
Media reports SCO will never collect royalties since probably-not-infringing code has been completely removed anyway
SCOX stock price falls under $1
Case continues, but everyone (but SCO) knows IBM will win. Countersuit still uncertain.
Execs quit (perhaps leave the country), SCO leadership changes hands
If SCO's case is dismissed, or they lose, or even if Kimball makes a cynical comment, SCO will collapse. Thereafter, there isn't going to be a SCO left for the IBM countersuit.
Oh yeah, it had something to do with comparing Redhat 9, which includes lots of software, to Windows 95, which includes Notepad+Paintbrush (presumably other unspecified apps with unspecified version/functionality installed), and their respective ability to run on a machine with 64 megs of ram.
Can't argue with that! Guess we'll all just have to accept his conclusion... what was that again? Oh yeah, it had something to do with sticking with Win2k for another couple of years. I wonder if that's win2k running on 64 megs of ram?
I'm running Redhat 7.2 and it works great. Has for about 2 years, thanks to Red Hat providing errate and updates.
In 2 years from now, you can be certain your current Fedora installation will not be working great. That is the important difference between Fedora and the legacy of (free) Red Hat Linux.
Are you going to upgrade Fedora in 4-6 months when the next release comes out? Or will it in 2-3 months after that when updates to the Fedora release you're running now are no longer provided? Or are you going to manually update programs or simply not update them as security advisories are made?
All that's happening here is that the free download, no support Red Hat is going to be called Fedora
No, that's not all. Please read the Fedora page from Redhat.
First, the $60 up2date subscription service appears to be going away.
Second, the Fedora pages state that updating to new versions will be the preferred path, rather than backporting security fixes. So the stability of Red Hat linux, where you could do RPM updates to fix bugs with minimal chance of breaking anything by switching to newer versions of packages does not appear to be a feature of Fedora.
Third, Fedora claims a 4-6 month release schedule, and a discontinuance of updates for previous releases within 2-3 months of the last release. So to everyone who's running RH 7.x and even RH 8, the ability to "not fix unless it's broken" does not appear to be avilable in Fedora.
Perhaps Fedora will change. But it seems unlikely, as these things are spelled out quite clearly on the website. Also, Redhat wants to "differentiate" their money-making enterprise versions from Fedora... and the stability (the ability to depend on updates that don't change much other than fix security bugs, and their availablity for a few years) of the old (free) Red Hat Linux is what made it valuable. Fedora lacks that.
The best ones allow you to make a zone transfer for yourself. This could be used with a P2P delivery method to distribute a DNSbl. Maybe it could have a push instead of a pull stream.
In transfer mode, you copy the entire MAPS RBLSM to some host of yours, using a network protocol such as DNS or BGP which allows you to be updated instantly whenever changes (and most importantly, deletions) occur. Because of the risk of damage to parties who are listed in the MAPS RBLSM, we require that you
sign and return a simple indemnification agreement before we will allow your host(s) to transfer the entire MAPS RBLSM. This agreement also contains a license whose only terms are that you not transfer the MAPS RBLSM to a third party who has not signed and returned (to us) a copy of the same agreement, and that you never subject any user to the effects of the MAPS RBLSM unless they have asked you to do so (either explicitly, or implicitly by purchasing internet related services from you).
It is critical for anti-spam blocklists to operate in real time. The lists are not "distributed" like software, movies or other media. The blocklist must be queried, and those queries must operate close to real-time. This is essential so that updates to the list can stop a spam run while it is still in progress. Also, operating in real-time is important to support removal from the list (and potential legal problems associated with being unable to remove someone promptly).
The GPL mindset is designed, at the very core, with the sole end goal of making the best computer program possible.
Even if you've missed the constant dogma of promoting freedom, you need look no further than the first two sentenses of the GPL's preampble:
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users.
What makes this a troll is the tension between "Free Software" and the "Open Source". Richard Stallman, for the last few years, as argued that the term "open source" is a deliberate attempt to discard the importance of freedom (the clear purpose of GNU, the FSF and the GPL) and instead emphasize the superior performance and development of software. On the other hand, OSS advocates like Eric Raymond intended to "rebrand" free software to "sell" it to businesses, primarily by chaning the name to something less ambigious (in English) and by emphasizing characteristics that commercial interests care about (mostly superior software and development methodology).
Copyright law says that I, as creator of my work, can control how it is used and by whom.
You may be right (IANAL either though I will link to some seemingly authorative sources), but I was under the impression that as the creator of a work (or holder of the copyright, should the author have assigned it to you), you gain certain
exclusive rights, meaning others are excluded from having those rights unless you grant them permission.
If you follow that link, "how it is used" is not listed among the 5 exclusive rights (3 if the work is art). There are other similar lists publiched, such as this similar one with 6 instead of 5 exclusive rights, though they are very similar.
Now, while having the exclusive right to create and distribute copies might seem to imply that you could, in theory, control who can receive a copy, in practice there is the First Sale Doctrine which allows anyone in possession of a copy to sell or give that copy to anyone else.
Now, some might argue that political climate of the late 90's (that brought the DMCA with zero resistance) and the recent lobbying of the RIAA and MPAA (which is meeting considerable resistance) has allows copyright owners to introduce technological restrictions that effectively restrict how their works are used and who can possess copies. But that sort of analysis is far beyond me.
Im really sick of seeing these "might get a crazy judge" posts, especially when they're mod'd to +5.
They are old white men who care about appeasing each other's financial interests and don't mind if all the geeks in the world want to rip their throats out. Plus, you have to remember that there's a good chance any random judge will have SCO or one of it's alliances somewhere in their investment portfolio.
So, at the risk of being redunant, here's the text of a message I posted a couple times, several MONTHS ago. This is not new information. Yet still, even now, most people have no idea about judge Kimball who is hearing the case. So here goes (again)....
On every SCO story, invariably someone posts a paranoid concern that
perhaps a clueless judge will be assigned to the case, and rule in
favor of SCO. These are often moderated to +5, which is
quite silly since
Judge
Dale A. Kimball has already be assigned to the case, and we can see
that he's got a reputation for being fair and capable of understanding
cases involving technology.
Groklaw has
very
extensive research on Kimball's history, which is nicely
summarized and easy to read. Every case has links to much more detail. The
overall appearance is that Kimball will probably do the right thing.
Probably most important is
the
Jacobsen vs Hughes
copyright case. Apart from considering much of the material
uncopyrightable historical facts, Judge Kimball was quite unimpressed
by the plaintif's failure to act in a timely manner to mitigate damages.
Quoting from that article:
"Had Jacobsen voiced his disapproval in 1996, Hughes would have had the
opportunity to take the offending material out of the books," Kimball wrote.
"For Jacobsen to wait until three volumes of the series had been published
before voicing his disapproval, when it is clear he had ample opportunity to
let Hughes know of his disapproval as early as 1996, results in extreme
prejudice to Hughes."
Obviously this bodes quite well for IBM and all Linux users. SCO of
course will claim they stopped distribution of linux, but this ruling
at least shows that Judge Kimball isn't likely to be be charmed with
the deplorable way SCO has conducted itself. Kimball's willingness to
consider the writing a separate work, even though a part of it was
loosely based on Jacobsen's also casts quite a shadow over SCO's
chances (assuming the unlikely worst case scenario that SCO has an ace up
its sleeve, rather than the bogus examples we've seen so far). It's
certainly a good sign that Kimball is unlikely to buy SCO expansive
theories about what constitutes a derivitive work.
While nothing is 100% certain going into the courtroom, it is a fact that
the Judge Kimball has been selected to hear this case. His history
shows he's competent, fair, and at least in Jacobsen vs Hughes, he doesn't
tollerate the sort of shenanigans SCO has been pulling!
.... what if they introduce a bill that allows anyone who receives a spam to launch an attack to disable the sender's computer, without any judicial oversight. But in the rare event of a misguided attack or collateral damage, the victim(s) could ask the attorney general for permission to sue their attacker.
Hell, the RIAA got such an absure bill introduced. Just imagine if anti-spammers had that kind of back-door infuence on the congressional process.
... a ruse to avoid admitting that NOBODY is going to have to pay the license fee to SCO. They can't admit this in the press, because their inflated stock price is based on hopes that SCO will eventually extract license fees. This way, they can keep up the public image to investors. But they're not going to send invoices to anyone (not even the Fortune 1000 companies) and they're not going to sell any licenses.
Why not? Because Red Hat stands a very good chance of raining on this whole parade. Red Hat claims the "actual contraversy" is SCO's public statements, SCO's 1500 threatening letters, and this licensing program. The license is pretty damning for SCO, since they're supposedly selling the rights to use SCO's (unspecified) IP and not be sued.
SCO can't afford to sell ANY licenses, because of the Red Hat suit. But they can't publically admit they won't sell licenses, because everyone who's big their valuation up believe they may have a shot at someday taxing all Linux installations. Reversing course would likely be seen as an admission they may not ever get licensing. So instead, they claim they're only going after the big fish... and of course they won't actually do it, just blow a lot of hot air (what they've been doing all along).
To the many individual who've called their bluff and attempted to buy licenses, bravo. SCO's options are shrinking ever smaller.
I'm bitching about the "obscurity" copy protection scheme. I wrote my "bitching" in English, if you care to attempt to read it.
Actually, your
bitching appears to have been regarding the lack of
explicit notice on Apple's site that you can rip the audio
CDs and that doing so would be "legal" fair use.
The phrase "security through obscurity" is widely known to refer to the practice of deploying a proprietary system where the effectiveness of the security measures can not be verified by all parties. Usually this applies to unpublished encryption ciphers and protocols which often have unknown weaknesses, but it can also apply to software that uses some unknown method to enforce security, where all third parties can not know exactly what it does and therefore they can not know how effective it is.
It is quite a stretch to apply this widely understood term to the lack of specific language on Apple's web page, namely explicit wording that the burned CD can be ripped and free legal advise regarding fair use in doing so. Apple does explain, quite well, that you are allowed to burn standard audio CDs that will work in all players. The various cdrom standards (the colored books) document this format. There really isn't anything obscure here, in a technical sense.
Because the CD can be ripped (effectively an easy way to circumvent the system) does not somehow make it obscure. Because Apple does not explicitly explain this method does not make it obscure. The fact that the burned CDs conform to the standards and lack DRM, in fact, makes it anything but obscure. The CDs conform to published standards and are fully compatible with players. It may not be "secure" in terms of preventing copying, but it certainly is anything but "obscure".
Now the DRM that is included in the AAC files downloaded may or may not be "security through obscurity". I simply do not know if Apple is using a known technique, or if they have published informatation about it, or if it is a secret method they developed. If indeed the DRM on the AAC files is secret (AAC is a published standard), then THAT could reasonably be called "security through obscurity".
But to call the permissive feature to burn unprotected CDs that conform to published standards "security through obscurity" is silly. It's definately not "obscurity". It probably isn't even "security" since standard CDs lack any copy prevention techniques.
Slashdot Mirror
I just gotta wonder if this is going to look for any response on certain ports like 135-139, or if Cisco is specificly going to check for a proprietary response from the products of Network Asc, Symantec and Trend Micro?
What it ought to do is a TCP fingerprint and look for any Microsoft Windows operating system.
Ever heard of Della Crose ??
So what should "something else" be? Your remark about Windows is legendary by now, but Microsoft is not an option since I depend on the gnu environment and a lot of linux-based software.
Why should I choose Fedora? Debian certainly looks like the best choice, offering much longer maintainance than the 4-6 month release cycle and 2-3 months of bug fixes the Fedora claims. And Debian is well established and has a strong user base. Even Suse and Mandrake look like better choices than Fedora's extreemly short maintainance cycle. Each of these distributions considers me (even if I download free ISOs) as their "customer", whereas Red Hat's attitude appears to be that I'm a "hobbist" or "enthusiast" if I use Fedora.
So please answer with your best "sales pitch" for Fedora. This is your chance to sell it to me and thousands of other long-time Red Hat Linux users. Or if you (and Red Hat) really don't care if I switch/migrate to Debian instead of Fedora, please be honest and just say so.
Why should I switch to Fedora, rather than Debian
Alone, one person's decision makes very little difference.
But in aggerate, the decisions of millions (or the decisions made for them by OEMs and default settings), make a dramatic difference.
The "market share" is what drives hardware vendors to write drivers or release specs, and it influences software vendors to port their applications. It also makes a lot of people take interoperability seriously, such as making websites conform to standards.
Your choice, and my choice, and that of others in terms of "market share" does make a difference for everyone. Even for people who made different choices than we may have, it still makes a difference, as cross-platform development, conformance to standardards, and design for interoperability are usually a win for everybody involved.
Maybe it'll go more like this:
It's hard to make a lot of noise when you're dead.
Why then, do that almost all use Microsoft Windows??
If SCO's case is dismissed, or they lose, or even if Kimball makes a cynical comment, SCO will collapse. Thereafter, there isn't going to be a SCO left for the IBM countersuit.
What Microsoft's PR needs is a scapegoat. $250k is a cheap sum to pay, if it works.
What point was that again?
Oh yeah, it had something to do with comparing Redhat 9, which includes lots of software, to Windows 95, which includes Notepad+Paintbrush (presumably other unspecified apps with unspecified version/functionality installed), and their respective ability to run on a machine with 64 megs of ram.
Can't argue with that! Guess we'll all just have to accept his conclusion... what was that again? Oh yeah, it had something to do with sticking with Win2k for another couple of years. I wonder if that's win2k running on 64 megs of ram?
There were numerous other gems in there too...
Can you say "forced upgrade"?
Errata and security updates provided continued only 2-3 months for previous releases... with a new release every 4-6 months. THAT is the big deal.
I'm running Redhat 7.2 and it works great. Has for about 2 years, thanks to Red Hat providing errate and updates.
In 2 years from now, you can be certain your current Fedora installation will not be working great. That is the important difference between Fedora and the legacy of (free) Red Hat Linux.
Are you going to upgrade Fedora in 4-6 months when the next release comes out? Or will it in 2-3 months after that when updates to the Fedora release you're running now are no longer provided? Or are you going to manually update programs or simply not update them as security advisories are made?
No, that's not all. Please read the Fedora page from Redhat.
First, the $60 up2date subscription service appears to be going away.
Second, the Fedora pages state that updating to new versions will be the preferred path, rather than backporting security fixes. So the stability of Red Hat linux, where you could do RPM updates to fix bugs with minimal chance of breaking anything by switching to newer versions of packages does not appear to be a feature of Fedora.
Third, Fedora claims a 4-6 month release schedule, and a discontinuance of updates for previous releases within 2-3 months of the last release. So to everyone who's running RH 7.x and even RH 8, the ability to "not fix unless it's broken" does not appear to be avilable in Fedora.
Perhaps Fedora will change. But it seems unlikely, as these things are spelled out quite clearly on the website. Also, Redhat wants to "differentiate" their money-making enterprise versions from Fedora... and the stability (the ability to depend on updates that don't change much other than fix security bugs, and their availablity for a few years) of the old (free) Red Hat Linux is what made it valuable. Fedora lacks that.
Will Gillette announce discontinuance of razors, since they really only make money on the blades?
Quoting from the MAPS RBL website, with some emphasis added:
I don't see how a p2p network will work.
It is critical for anti-spam blocklists to operate in real time. The lists are not "distributed" like software, movies or other media. The blocklist must be queried, and those queries must operate close to real-time. This is essential so that updates to the list can stop a spam run while it is still in progress. Also, operating in real-time is important to support removal from the list (and potential legal problems associated with being unable to remove someone promptly).
Are you suggesting that all temps should work fewer than 40 hours per week?
The GPL mindset is designed, at the very core, with the sole end goal of making the best computer program possible.
Even if you've missed the constant dogma of promoting freedom, you need look no further than the first two sentenses of the GPL's preampble:
What makes this a troll is the tension between "Free Software" and the "Open Source". Richard Stallman, for the last few years, as argued that the term "open source" is a deliberate attempt to discard the importance of freedom (the clear purpose of GNU, the FSF and the GPL) and instead emphasize the superior performance and development of software. On the other hand, OSS advocates like Eric Raymond intended to "rebrand" free software to "sell" it to businesses, primarily by chaning the name to something less ambigious (in English) and by emphasizing characteristics that commercial interests care about (mostly superior software and development methodology).
Many a bitter flame war has errupted over this.
You may be right (IANAL either though I will link to some seemingly authorative sources), but I was under the impression that as the creator of a work (or holder of the copyright, should the author have assigned it to you), you gain certain exclusive rights, meaning others are excluded from having those rights unless you grant them permission.
If you follow that link, "how it is used" is not listed among the 5 exclusive rights (3 if the work is art). There are other similar lists publiched, such as this similar one with 6 instead of 5 exclusive rights, though they are very similar.
Now, while having the exclusive right to create and distribute copies might seem to imply that you could, in theory, control who can receive a copy, in practice there is the First Sale Doctrine which allows anyone in possession of a copy to sell or give that copy to anyone else.
Now, some might argue that political climate of the late 90's (that brought the DMCA with zero resistance) and the recent lobbying of the RIAA and MPAA (which is meeting considerable resistance) has allows copyright owners to introduce technological restrictions that effectively restrict how their works are used and who can possess copies. But that sort of analysis is far beyond me.
They are old white men who care about appeasing each other's financial interests and don't mind if all the geeks in the world want to rip their throats out. Plus, you have to remember that there's a good chance any random judge will have SCO or one of it's alliances somewhere in their investment portfolio.
So, at the risk of being redunant, here's the text of a message I posted a couple times, several MONTHS ago. This is not new information. Yet still, even now, most people have no idea about judge Kimball who is hearing the case. So here goes (again)....
On every SCO story, invariably someone posts a paranoid concern that perhaps a clueless judge will be assigned to the case, and rule in favor of SCO. These are often moderated to +5, which is quite silly since Judge Dale A. Kimball has already be assigned to the case, and we can see that he's got a reputation for being fair and capable of understanding cases involving technology.
Groklaw has very extensive research on Kimball's history, which is nicely summarized and easy to read. Every case has links to much more detail. The overall appearance is that Kimball will probably do the right thing.
Probably most important is the Jacobsen vs Hughes copyright case. Apart from considering much of the material uncopyrightable historical facts, Judge Kimball was quite unimpressed by the plaintif's failure to act in a timely manner to mitigate damages. Quoting from that article:
Obviously this bodes quite well for IBM and all Linux users. SCO of course will claim they stopped distribution of linux, but this ruling at least shows that Judge Kimball isn't likely to be be charmed with the deplorable way SCO has conducted itself. Kimball's willingness to consider the writing a separate work, even though a part of it was loosely based on Jacobsen's also casts quite a shadow over SCO's chances (assuming the unlikely worst case scenario that SCO has an ace up its sleeve, rather than the bogus examples we've seen so far). It's certainly a good sign that Kimball is unlikely to buy SCO expansive theories about what constitutes a derivitive work.
While nothing is 100% certain going into the courtroom, it is a fact that the Judge Kimball has been selected to hear this case. His history shows he's competent, fair, and at least in Jacobsen vs Hughes, he doesn't tollerate the sort of shenanigans SCO has been pulling!
Hell, the RIAA got such an absure bill introduced. Just imagine if anti-spammers had that kind of back-door infuence on the congressional process.
Why not? Because Red Hat stands a very good chance of raining on this whole parade. Red Hat claims the "actual contraversy" is SCO's public statements, SCO's 1500 threatening letters, and this licensing program. The license is pretty damning for SCO, since they're supposedly selling the rights to use SCO's (unspecified) IP and not be sued.
SCO can't afford to sell ANY licenses, because of the Red Hat suit. But they can't publically admit they won't sell licenses, because everyone who's big their valuation up believe they may have a shot at someday taxing all Linux installations. Reversing course would likely be seen as an admission they may not ever get licensing. So instead, they claim they're only going after the big fish... and of course they won't actually do it, just blow a lot of hot air (what they've been doing all along).
To the many individual who've called their bluff and attempted to buy licenses, bravo. SCO's options are shrinking ever smaller.
Actually, your bitching appears to have been regarding the lack of explicit notice on Apple's site that you can rip the audio CDs and that doing so would be "legal" fair use.
The phrase "security through obscurity" is widely known to refer to the practice of deploying a proprietary system where the effectiveness of the security measures can not be verified by all parties. Usually this applies to unpublished encryption ciphers and protocols which often have unknown weaknesses, but it can also apply to software that uses some unknown method to enforce security, where all third parties can not know exactly what it does and therefore they can not know how effective it is.
It is quite a stretch to apply this widely understood term to the lack of specific language on Apple's web page, namely explicit wording that the burned CD can be ripped and free legal advise regarding fair use in doing so. Apple does explain, quite well, that you are allowed to burn standard audio CDs that will work in all players. The various cdrom standards (the colored books) document this format. There really isn't anything obscure here, in a technical sense.
Because the CD can be ripped (effectively an easy way to circumvent the system) does not somehow make it obscure. Because Apple does not explicitly explain this method does not make it obscure. The fact that the burned CDs conform to the standards and lack DRM, in fact, makes it anything but obscure. The CDs conform to published standards and are fully compatible with players. It may not be "secure" in terms of preventing copying, but it certainly is anything but "obscure".
Now the DRM that is included in the AAC files downloaded may or may not be "security through obscurity". I simply do not know if Apple is using a known technique, or if they have published informatation about it, or if it is a secret method they developed. If indeed the DRM on the AAC files is secret (AAC is a published standard), then THAT could reasonably be called "security through obscurity".
But to call the permissive feature to burn unprotected CDs that conform to published standards "security through obscurity" is silly. It's definately not "obscurity". It probably isn't even "security" since standard CDs lack any copy prevention techniques.
Replacing AAC->CD->MP3 with MP3->WAV->MP3 would be quite a feat, since Apple provides AAC and not MP3.