Not to bash Java or Sun or anyone; indeed, I find it applaudable that they point that out. But I wonder if such a clause shouldn't be attached to all Microsoft software as well?
It is. Nuclear power plants are *specifically mentioned* in it.
Some people are just too thick headed to pay attention to it.
Mod parent up - this is exactly how a number of our PCs got hit - user took laptop home, connected to the net, and then brought it back in to work, and bam...
Currently working on enforcing a policy where all laptops that dial up to anywhere have firewalling on their DUN connection, however, given that joe user can currently just set up another connection if he wants/needs (current IT policy), thats not totally foolproof either.
This also makes it interesting for people who have just bought copies of Windows XP, doesn't it:D A mate in retail has had to fix about 20-30 PCs that were sold literally days before this worm hit, and of course had pre-packaged Windows XP SP1, which is vulnerable.
Will be even worse now that there's PCs on the shelf that are vulnerable, the worm is rampant, and the only way joe user can patch it is to hook up to the net.... also for those people who are just hooking up (there's still plenty out there)...
I'm willing to hang the idiots who authorized using Windows for applications where life and limb are on the line. I'm willing to hang the virus writer too.
Whilst I can see your points - to be fair, in MS's license agreement, it explicitly states that Windows is not to be used in the control of life support equipment, nuclear plants, or other situations where failure will cause a hazard with the risk of injury of death.
All the more reason to hang the idiots who deployed it, but the blame in this case is NOT will bill gates.
Hopefully this sort of thing is a bit of a wake up call for people that there are better alternatives out there, and that computer security is NOT something to be lax about.
Anybody not see the parallels? SCO has launched an unprovoked sneak attach against the sleeping giant, (IBM) and the Linux community. And this war will end the same way, with the legal equivalent of an atomic bomb delivered to SCO.
Yep, and I've actually been using the words "Sleeping giant" in my SCO discussions with friends;)
There are certain companies you just DON'T fuck with, unless you're one of the other companies in that league.
IBM, Microsoft, and Sony are 3 of those companies...
For those who didn't read it yet, go have a gander at the countersuit being lodged by IBM.
Regardless of the validity and strength of SCO's claims, they're fucked, due to patent violation, breach of the GPL, etc.
As to the rest of us - well, I think SCO tried to pull a swifty and people baulked. The fact that only ONE idiot has payed them for a license (and there's been publicity to that effect) indicates to me that 1) people don't care/believe SCO, and 2) once they find out that no one is paying, those who do care will stop taking them seriously.
All they've achieved is woken up IBM, who's going to prevent them from being able to sell any of their SCO products (their other supposed source of income) due to patent violation.
Just because 3rd party code is responsible for half of all Windows crashes doesn't necessarily mean Windows is responsible for the other half. Bad drivers could be at fault, bad hardware, or perhaps user error.
User error should not cause system crashes.
If they do, its still a design fault because:
The OS was not clear enough in warning the user/instructing the user NOT to make "user errors"
The operating system fails to filter user input correctly.
You mean like Windows update automatically notifying the user to download and install the patch, right?
Shit.... a couple of my USERS even managed to save themselves.
If you're a *sysadmin* and got hit because you simply didn't think there was any holes in Windows for you to take care of, you need a good beating about the head with a cluestick.
Of course being aware of a vulnerability and having methods in place of closing it are 2 different things, but the information is out there, and its pretty in your face. Especially if you're signed up to CERT, securityfocus, etc...
And the funny thing is.... this one isn't even very malicious - it simply makes XP machines reboot (from a user's perspective) and provides a back door (which is effectively useless to an outside attacker in a firewalled environment).
Just wait till next week, when one with a destructive payload is released...
I'm actually glad this particular worm hit, and not something much nastier - think of it as warning shot, if you will...
Your first argument, while essentially correct, is still flawed. It assumes that everyone who uses a PC has any idea what they're doing and as such, deserve any punishment for not using your OS of choice. Similarly, they MUST adapt to your OS of choice, or else they will be punished in the long run. Both of which are morally acceptable since these are just annoying people you don't actually know, who are supporting a company you just happen to hate.
No - I made no assumptions with regards to PC knowledge.
The code is generally written by unpaid people who write it how they want it to function. Why should they bend to the needs of other people? Especially users too ignorant to follow simple on-screen prompts to keep their system updated?
No one is forcing end users to switch to anything. They're not punished because they refuse to use my OS of choice, they're punished because they're too lazy to read the Windows update messages XP has turned on by default, or stupid enough to turn it off and ignore the consequences.
Why? How about for starters, that linux users have demonstrated an utter hatred for Windows users for the last 10+ years. Consider as well that up until a few years ago, the idea of making linux user friendly to coax over Windows users was comedic, even blasphemous by their standards.
Because, the people involved started coding this project for their own use, because they *DON'T LIKE* the "ease of use" (eg: clippy) that windows is handicapped with.
In case you didn't realise, Linus (or FreeBSD core, etc) never started their projects with the goal of taking over the world. They built them for their own use, to escape a lot of the "friendliness" of Windows. There's a saying - "unix is user friendly, its just picky about its friends"....
How many Windows exploits and/or virii are actually created on Windows machines? How many of them can you guess were created on Linux boxes?
Given that the microsoft foundation classes, visual basic, visual C, the actual services to exploit, etc are not available for Linux, I would say relatively few of them.
As for another argument, when Joe Sixpack finds his computer crashing and rebooting constantly, and is essentially dumping worms onto other systems, what do you think will help both Joe Sixpack (who doesn't have months to relearn another OS) to stop the problem, and to lighten the subsequent load on other systems?
(a) Telling Joe Sixpack how to patch his system right away.
(b) Telling Joe Sixpack to switch to Linux, telling him he's a loser for using Windows, and braying about your OS' respective superiority?
I'll give you a hint, it ain't (b).
Short term gain for long term pain. Yes, a) will help him, and there's no need for the superiority complex.
However, given Windows' atrocious track record with regards to security, and the user's obvious disregard for keeping their system up to date, unless there is a good reason to stick with it (mission critical app), "move to " is now often sound advice.
*To use the tired car analogy, if one doesn't like Ford vehicles, does that give them the right to run around slashing the tires of, or cutting the brake lines of every Ford they see on the street (in hopes that Ford will be driven out of business for faulty brake lines)? And yet, that is what the worm and virus authors want to do. It ain't about improving Windows or changing the laws, it's about trying to topple Microsoft and ruining as many of their user's computers as possible.
Whilst I see the point you're trying to make, a better analogy would be siphoning letting the tyres down of every ford you see, or syphoning the fuel.
This worm, along with virtually every other initial "proof of concept" type worm is fairly benign.
If the author wanted to, he could have made this worm FAR MORE malicious. Instead of simply propogating, and crashing the RPC service in the process, he could have designed it to delete every file it could find on all network shares, format disks, etc.
Its the people who still don't patch their machines properly AFTER this wave who are going to get hit *hard* - I don't think we've seen the last of this at all - this one was tame.
It would be FAR more effective in terms of PR to drive SCO into the ground over this one.
SCO clearly has nothing of any use to IBM (SCO's products are, to put it bluntly, a joke), but IBM has a huge opportunity here to come out as the "good guys" by proving the GPL in court, standing up for their customers, etc...
Nope, I think SCO is fucked, bigtime:)
I for one am glad about it too - way back in 1996 I remember SCO's FUD about linux - sending out emails to Linux users about trying out a "real" os:) (openserver *laugh*)
Read the countersuit by IBM - particularly from "First Defense" onwards.
SCO is so fucked.
In particular, with regards to IBM's claims of patent infringement - IBM suggests that so long as SCO continues to sell any of their products, they're now knowingly infringing on IBM's patents (which I believe entitles them to punitive damages).
So, if the legal wrangling doesn't fuck them, the lack of any products to sell will.
[blockquote]
If all of you windoze users would just switch over to a mac the world would be a much happier place. **Hugs Mac**
[/blockquote]
Right....
Hate to burst your bubble there, but in the real world, you have to interact with people running MS software.
For all its faults, Windows is still the most convenient way of doing this.
Macintoshes have their share of problems in any case (yes, even OS/X) - they're just not popular enough to be worth exploiting to cause havoc at the moment.
Whilst I don't usually agree with US-isms, I think that it should be "flavor".
My reasoning?
Most hardware seems to be US made, and in addition, the deletion of x million "u" letters from the code will probably save a couple of kilobytes of space:D
smash.
It's a well known fact that MS has benefitted from the BSD Internet Protocol stack as well as other BSD code.
Because it is closed source, who can say if your free software project's code isn't in there, GPL or not!!
Screw you, Bill, for spreading this FUD.
GJC
Duh.
Thats the whole point of the BSD license - enabling people (as in *anyone*) to include tested and workable code in their products. Their packaging has statements to the effect that yes, it does include software by the BSD guys in it.
I think a lot of the GPL wannabe fanboy zealots need to get over themselves a little bit, realise that there are other far more open and technically equal (or in some cases, superior) options for Microsoft to use in their code (such as any of the BSDs, or any of the countless other BSD style licensed projects out there), and refrain from making the same sort of libellous accusations that they're accusing SCO of.
I agree, the SCO fiasco is a feeble attempt to inflate their stock price - but they're only doing the same sort of thing people like the above poster have been doing for years - every other day some GPL zealot is accusing Microsoft of stealing GPL code - where's the proof?
It simply makes no sense for them to put their asses on the line from a legal perspective when there's simply no need for it.
Actually, I think the difficulty of use of open source software is a little over-rated.
Most of my users can barely use Windows anyway - any administration tasks are the responsibility of the IT people - which is no harder in Linux/BSD/etc than in Windows - often easier.
There are open standards to support most of a businesses needs (LaTex (Klyx, etc)), HTML, Postgresql, Mozilla, etc.
Any custom applications will need to be written by someone paid for by the government anyway - why not base them on an open platform?
Granted, its slightly more difficult (thought by no means impossible) to accomplish all this as a small business (you have to interact with the rest of the world - deal with word documents, etc), but a government is big enough to say "either send us stuff in compatible format, or don't deal with us".
Its a case of short term expense, for long term freedom of choice, and control over your standard operating enviornment.
Some people are just too thick headed to pay attention to it.
smash.
Currently working on enforcing a policy where all laptops that dial up to anywhere have firewalling on their DUN connection, however, given that joe user can currently just set up another connection if he wants/needs (current IT policy), thats not totally foolproof either.
This also makes it interesting for people who have just bought copies of Windows XP, doesn't it :D A mate in retail has had to fix about 20-30 PCs that were sold literally days before this worm hit, and of course had pre-packaged Windows XP SP1, which is vulnerable.
Will be even worse now that there's PCs on the shelf that are vulnerable, the worm is rampant, and the only way joe user can patch it is to hook up to the net.... also for those people who are just hooking up (there's still plenty out there)...
smash.
Whilst I can see your points - to be fair, in MS's license agreement, it explicitly states that Windows is not to be used in the control of life support equipment, nuclear plants, or other situations where failure will cause a hazard with the risk of injury of death.
All the more reason to hang the idiots who deployed it, but the blame in this case is NOT will bill gates.
Hopefully this sort of thing is a bit of a wake up call for people that there are better alternatives out there, and that computer security is NOT something to be lax about.
smash.
Various MS-centric websites have and do block access to 3rd party clients...
Not saying this won't be different, but I wouldn't put it past them...
smash.
Movies are bombing these days because they're generally shit.
smash.
Because they're still selling Openserver, etc after IBM has lodged their countersuit, the patent infringments may carry punitive damages (triple).
IANAL, etc - just what I interpreted from IBM's counterclaim document...
smash.
There are certain companies you just DON'T fuck with, unless you're one of the other companies in that league.
IBM, Microsoft, and Sony are 3 of those companies...
smash.
For those who didn't read it yet, go have a gander at the countersuit being lodged by IBM.
Regardless of the validity and strength of SCO's claims, they're fucked, due to patent violation, breach of the GPL, etc.
As to the rest of us - well, I think SCO tried to pull a swifty and people baulked. The fact that only ONE idiot has payed them for a license (and there's been publicity to that effect) indicates to me that 1) people don't care/believe SCO, and 2) once they find out that no one is paying, those who do care will stop taking them seriously.
All they've achieved is woken up IBM, who's going to prevent them from being able to sell any of their SCO products (their other supposed source of income) due to patent violation.
Life is good :D
smash.
If they do, its still a design fault because:
- The OS was not clear enough in warning the user/instructing the user NOT to make "user errors"
-
The operating system fails to filter user input correctly.
smash.Shit.... a couple of my USERS even managed to save themselves.
If you're a *sysadmin* and got hit because you simply didn't think there was any holes in Windows for you to take care of, you need a good beating about the head with a cluestick.
Of course being aware of a vulnerability and having methods in place of closing it are 2 different things, but the information is out there, and its pretty in your face. Especially if you're signed up to CERT, securityfocus, etc...
smash.
Looks like there's a few strains floating around already ;)
smash.
Just wait till next week, when one with a destructive payload is released...
I'm actually glad this particular worm hit, and not something much nastier - think of it as warning shot, if you will...
smash.
My "OS of choice" is irrelevant here...
smash.
The code is generally written by unpaid people who write it how they want it to function. Why should they bend to the needs of other people? Especially users too ignorant to follow simple on-screen prompts to keep their system updated?
No one is forcing end users to switch to anything. They're not punished because they refuse to use my OS of choice, they're punished because they're too lazy to read the Windows update messages XP has turned on by default, or stupid enough to turn it off and ignore the consequences.
smash.
In case you didn't realise, Linus (or FreeBSD core, etc) never started their projects with the goal of taking over the world. They built them for their own use, to escape a lot of the "friendliness" of Windows. There's a saying - "unix is user friendly, its just picky about its friends"....
Given that the microsoft foundation classes, visual basic, visual C, the actual services to exploit, etc are not available for Linux, I would say relatively few of them. Short term gain for long term pain. Yes, a) will help him, and there's no need for the superiority complex.However, given Windows' atrocious track record with regards to security, and the user's obvious disregard for keeping their system up to date, unless there is a good reason to stick with it (mission critical app), "move to " is now often sound advice.
smash.
Bleh... early morning is todays excuse :D
smash.
This worm, along with virtually every other initial "proof of concept" type worm is fairly benign.
If the author wanted to, he could have made this worm FAR MORE malicious. Instead of simply propogating, and crashing the RPC service in the process, he could have designed it to delete every file it could find on all network shares, format disks, etc.
Its the people who still don't patch their machines properly AFTER this wave who are going to get hit *hard* - I don't think we've seen the last of this at all - this one was tame.
smash.
It would be FAR more effective in terms of PR to drive SCO into the ground over this one.
SCO clearly has nothing of any use to IBM (SCO's products are, to put it bluntly, a joke), but IBM has a huge opportunity here to come out as the "good guys" by proving the GPL in court, standing up for their customers, etc...
Nope, I think SCO is fucked, bigtime :)
I for one am glad about it too - way back in 1996 I remember SCO's FUD about linux - sending out emails to Linux users about trying out a "real" os :) (openserver *laugh*)
smash.
SCO is so fucked.
In particular, with regards to IBM's claims of patent infringement - IBM suggests that so long as SCO continues to sell any of their products, they're now knowingly infringing on IBM's patents (which I believe entitles them to punitive damages).
So, if the legal wrangling doesn't fuck them, the lack of any products to sell will.
smash.
Hate to burst your bubble there, but in the real world, you have to interact with people running MS software.
For all its faults, Windows is still the most convenient way of doing this.
Macintoshes have their share of problems in any case (yes, even OS/X) - they're just not popular enough to be worth exploiting to cause havoc at the moment.
smash.
Whilst I don't usually agree with US-isms, I think that it should be "flavor". My reasoning? Most hardware seems to be US made, and in addition, the deletion of x million "u" letters from the code will probably save a couple of kilobytes of space :D
smash.
Its half of their yearly revenue these days...
smash.
Thats the whole point of the BSD license - enabling people (as in *anyone*) to include tested and workable code in their products. Their packaging has statements to the effect that yes, it does include software by the BSD guys in it.
I think a lot of the GPL wannabe fanboy zealots need to get over themselves a little bit, realise that there are other far more open and technically equal (or in some cases, superior) options for Microsoft to use in their code (such as any of the BSDs, or any of the countless other BSD style licensed projects out there), and refrain from making the same sort of libellous accusations that they're accusing SCO of.
I agree, the SCO fiasco is a feeble attempt to inflate their stock price - but they're only doing the same sort of thing people like the above poster have been doing for years - every other day some GPL zealot is accusing Microsoft of stealing GPL code - where's the proof?
It simply makes no sense for them to put their asses on the line from a legal perspective when there's simply no need for it.
smash.
smash.
Most of my users can barely use Windows anyway - any administration tasks are the responsibility of the IT people - which is no harder in Linux/BSD/etc than in Windows - often easier.
There are open standards to support most of a businesses needs (LaTex (Klyx, etc)), HTML, Postgresql, Mozilla, etc.
Any custom applications will need to be written by someone paid for by the government anyway - why not base them on an open platform?
Granted, its slightly more difficult (thought by no means impossible) to accomplish all this as a small business (you have to interact with the rest of the world - deal with word documents, etc), but a government is big enough to say "either send us stuff in compatible format, or don't deal with us".
Its a case of short term expense, for long term freedom of choice, and control over your standard operating enviornment.
smash.