But to simplify, the crux of his argument seems to be that in order to read ancient works from the Chinese/Japanese/etc, they need about 40,000 to 50,000 characters each.
But in reality, the average Japanese person would use less than 10,000 characters. In fact, probably much less.
Besides -- it is mostly a moot point until you can show me a keyboard capable of entering 50,000 unique symbols efficiently.
His solution seems to be allocating 32-bits of storage per character, rather than the 16-bit Unicode standard we have now.
For the forseeable future, it would seem that Latin-esque alphabets have the upper hand. It just makes more sense, especially in terms of programming and protocols. Do we really need web servers that understand how to read "GET / HTTP/1.1" in thirty different character sets?
You nailed it. AMD wants the 760MP to be as rock-solid stable as anything Intel produces, if not more. If the AMD's first venture into the server marketplace is riddled with incompatibilities and reliability problems, then they won't be able to make another run at it for years, if not more.
That's also why they didn't trust VIA to produce the chipset for this market -- they have proven too unreliable in the past with various PCI issues.
nVidia is shaping up to be the king for the Home/workstation market, and AMD's chipset should hit the server market.
Say.... I wonder if nVidia will ever produce an MP-chipset... -- russ
Plus the fact that when you buy Microsoft, you get lots of features that are guaranteed to work together and meshed in a nice, easy to use package. Microsoft offers end-to-end solutions with little overhead -- something that none of the Open Source distros can come close to claiming yet.
As far as features go, the ones that ensured we wouldn't be adopting Linux are: ACLs, Directory Services, and ease of use. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Those graphs are very misleading, because they lump NT4 in with Windows 2000. It is widely known that NT4 had serious issues, which isn't surprising, since it was designed prior to the real internet explosion -- IIS was originally an add-on.
In contrast, Windows 2000 is much more secure and infinitely more stable out of the box than NT4. Of course there are some issues that need to be patched, but that's life.
Bottom line: don't try to mislead people by pretending that those numbers are for Windows 2000; most are a result of widely-known NT4 holes that admins haven't bothered to patch. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
You may continue to insist that Japan was more than ready and willing to surrender under the right conditions, but to say they only wanted the Emporer to keep his throne is ridiculous. Japan wanted to set their own terms of surrender. In war, the victor sets the terms, not the other way around. We weren't prepared to pacify anyone else. It had been tried by most of the rest of Europe in regards to Hitler, and we saw the effects of that policy.
Japan had to fall, or surrender unconditionally. That was the only way to ensure peace, and discourage other nations from going after their own rages of conquest. The fall of Japan left two options: full-scale invasion, or the nuclear bombs. Given the loss of life and damage to Japan a full-scale invasion would have brought, the bombs were a better alternative.
Whether or not you agree with what I've just said, and you still cling to the notion that the US is a big bad evil throughout all of history, drunken on its own bloodlust, it doesn't really matter. The truth is that the US was considering two options, Invasion or Bombing; no others were acceptable to the administration. I'm glad they chose the bombs.
Perhaps if you, in all your vast intelligence, had been there, you could have caved in to the Japanese demands. Maybe the world would have been a better place. Maybe, just maybe, Russia would have never found the nuclear bomb on their own if we hadn't developed it first. Maybe, maybe, maybe. It is all too easy to sit back in the comfort of your chair, typing on your PC, in a time of great peace and say "ahhh! This is where they went wrong! If only they had done this, we would have been rid of such evil!", as if you are actually entertaining the notion that over 50 years later you can understand all the complexities and intricate interactions that make up reality, in order to predict a different outcome.
Gimme a break and spare us all your self-righteousness.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
With the limited battery and processing power onboard these keyboards and mice, you can't really expect them to perform much complex encoding and decoding.
That said, some basic protection would be in order. Encryption is difficult when you are talking about a few characters per second, but definitely possible. Tuning each receiver to each device at ship time might also be possible, but could prove not to be cost effective. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
What if I take GPL'ed code and create a COM component out of it. I releast the full source.
3 months later, I decide to start writing a closed-source app and I find the component would be useful.
Should my application now be covered under the GPL?
In cases like this, I think the courts must consider if MOST of the app's functionality is relying on the component, or just a small part. If it is a large part, then the program can be considered a derivative of a GPL'ed work, rather than a regular program take advantage of a small GPL'ed library.
Of course if they ship a binary that doesn't include ANY GPL'ed code in it, but the user is required to download the GPL'ed library to make the program work, tough beans. Otherwise, any program making use of any GPL'ed library on any Linux system must be GPL'ed, or it is in violation of the license. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Microsoft solved these problems by splitting all compressed files into 64k chunks -- the compression is done, one 64k chunk at a time. When a file is read, it is decompressed. If only part of a file is written back to disk, a chunk is compressed. If it is too large to fit in the space previously occupied, it just finds a space on the volume large enough (estimated) to hold the rest of the file, and stores that chunk there. If one chunk must be relocated, it starts relocating all the rest of the chunks (two file fragments are better than 10.)
Novell takes the scheduled approach -- files are always written uncompressed. Later, at a specified time, the system looks for "compressable" files and compresses them. In this way, only decompression is performed on the fly. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
This is the same old "Netscape Engineers suck!" backwards-text thing that was hashed (and rehashed) quite some time ago. It turns out that the string is just junk text in the file. It isn't a password, backdoor, or anything else.
Take a look at what Bugtraq's owner had to say at the time (Bugtraq originally reported this issue.)
It seems that someone testing the box entered the string and got into the Frontpage web w/ no password.... as it is pointed out below, that is because the security on the box wasn't set properly.... they could have typed in "MicrosoftSucks!" and gotten in.
======= BEGIN MESSAGE =========
Ok, here's a breaking update.
Latest reports say that there is
NO VULNERABILITY IN DVWSSR.DLL
Yup, that's right, different again from what I said earlier, and even more different than what I said yesterday to WSJ.
Please accept that I have followed the story published elsewhere and tried to keep you abreast of everything I knew. Also appreciate that the amount of time given to verify and research the claims made by others has been extremely short. I've had probably 30 interviews today by orgs pressing for information on the story as the feeding frenzy occurs after the first one goes to press (WSJ in this case).
MS have had people working on this thing like madmen, trying to verify the claims and investigate all of the possible pieces of code that may be affected. As that research progressed, different observations were made and so the story came out in various stages (with varying levels of "correctness"). Had they been given a reasonable amount of time to respond, nobody would have been in a tizzy about anything (i.e. the press would not have cared to run this story anywhere).
Decide for yourself whether we were better served by (more) immediate disclosure or not. I've stood where I stand for a reason, despite the loathing of others for my stance...
In the end, it turns out that unless you actually have permissions for the file you are requesting, you'll get an error message when you follow the procedures outlined by RFP in his RFP2K02 advisory.
That said, understand that sites that allow connections by Front Page may very well provide you with source asp if you request it. BUT THAT WILL HAPPEN with or without the.dll. Without proper and full permissions applied across virtual servers on a given box, site leakage or manipulation by others will always be possible in myriad ways.
From what I've heard/seen/been told, permissions on the test servers must have either been non-existent, incorrectly applied, or permissioned the user across multiple virtual sites (i.e. incorrectly applied).
I had someone claim that they could get into an FP98 site using "Netscapeengineersareweenies!" as a userID and no password...making them think it was a backdoor userID. Fact is they could get into the same sites using "TomDickandHarry" as a userID too. If the permissions aren't set correctly, anything is possible.
This info may change again before its finalized. It may well be that there is some way to use this.dll in a way that's not intended...it just doesn't appear to be this one. On a box where multiple sites have not been individually permissions, or permissions are lax or non-existent...anyone permissioned to execute the.dll in the first place would have the ability to simply open the other sites and manipulate them directly (i.e. no need to do this junk with the dvwssr.dll)
Finally, to my point out the string not being a password. Elias Levy of SecurityFocus.com and Mark Edwards of NTSecurity.net have both correctly pointed out that using the term password to apply to that string is not beyond the realm of understanding. The client component mtd2lv.dll and the server component dvwssr.dll both need to know this value, and use it correctly, for communications to work. If you try and talk directly to dvwssr.dll and don't obfuscate your communication with the correct "key", it won't understand you. Of course if you don't already have permissions, knowing this value gets you nothing...hence my observation that its not a password. Whatever it is, it appears to be meaningless junk text used as data.
===== END MESSAGE ======
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
You can't compare the two. Microsoft is a closed system. They don't provide you the "hooks" you need for full integration. This provides them with a competitive advantage in ALL software written for their operating system that no company that produces Windows applications can hope to match.
Actually, that is NOT TRUE. There are no "secret" APIs hidden in Win32 that somehow give Microsoft a huge edge. All the information you need to integrate your own applications is right there in the SDK -- most companies just never take the time to do it. Just take a look at Windowblinds -- if that isn't integration, then I don't know what is!
With the exception of the MS HTML engine being somewhat integrated with the Explorer shell, nothing that Microsoft has done cannot be accomplished by independent developers. Don't blame Microsoft just because you are too lazy or busy to learn how. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Actually I am working on getting Bender to run on ActivePerl and talk to a MS SQL database (or rather, the ODBC perl DBD). It is no easy task, let me tell you.
I originally wanted to write a module to allow it to talk to MS SQL directly, but... well... both it and Sybase use an obscure tabular data format that I really don't have the patience to master right now.
I really wish Microsoft would releast more than ODBC modules for SQL Server. If they really want to compete with Oracle, they've got to. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
"If the person who setup the webserver was in ANY way competent, do you think they would be using IIS?"
Better go tell Dell, Microsoft, eBay, NASDAQ, Intel, etc. that they don't have a clue.
Setting up IIS securely takes work, just as doing so on a Linux box does. The problem is that many so-called "WinNT/2K Admins" are clueless. They click Install, and see that they can get to their web page. They then assume everything is OK.
A "real" admin would get on the various security lists, go through the MS checklists, apply the high-security template, and download the scripts that Microsoft used to help secure their own W2K webservers. The admin would also stop by the MS security site at LEAST once per month, if not more. They even have a security Tool that can baby-step you through the configuration if the registry scares you.
Don't blame Ford when you had your keys to a 3 yr old and they wreck the car....
Of course in this particular case, Microsoft should have performed better testing, but still...
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Servers on which the mapping for the Internet Printing ISAPI extension has been removed are not at risk from this vulnerability. The process for removing the mapping is discussed in the IIS 5.0 Security Checklist. The High Security template provided in the checklist removes the mapping, as does the Windows 2000 Internet Security Tool unless the user explicitly chose to retain Internet Printing
So in effect, if the admin who setup the webserver is in ANY way competent, he should have already been over the checklist and applied the template, both of which discuss removing this extension. If he's lazy and only used the SecTool, that would still do the job.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
The BSD ip stack is why NT has had a mutlithreaded TCP/IP stack since the early days, and always seems to best Linux on pure network throughput tests. Microsoft licensed it some time ago. In fact, if you check around the executables, you can still find the BSD/Berkly copyright signature on a few older ones.
ex: FTP.EXE v5.0, W2K: Line 308, Col 36 (assuming wrapped 70 cpl):
"Copyright (c) 1983 The Regents of the University of California"
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Why bother to put together 8,000 Linux boxes, when one could obtain high-powered 64-bit computers to accomplish the same task?
You can always go with Tru64, W2K Datacenter, AIX, et al.
It would be interesting to figure out how much high-powered hardware would be required to replace those 8,000 boxen and the software to run it, and see if it comes out less or more than running the 8k separate Linux boxes. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
The password change is a well-known bug in the Novell client that they refuse to fix. Novell has suspended pretty much all work on their client software. Netware is dying, jump now while you can.
Your HP situation highlights 99% of Windows 2000 BSODs: faulty drivers. If you only use HCL-approved hardware and signed drivers, you aren't going to get any BSODs, unless you have faulty hardware.
I believe that the ISS is using NT4.0, in which case I'm not surprised. While somewhat stable, it pales in comparison to Windows 2000. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
http://www.boneville.net/slashdot/sdmi-attack.ht m
Download, mirror, link... rinse & repeat. Don't let the scum of humanity dictate the rules. I would encourage anyone and everyone: Anytime any corporation threatens to sue in order to supress information, ensure by copying and distributing it that the information they are attempting to supress stays free forever. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Did the moderators not bother to click the link and see that it goes to a GOATSE.CX-esque picture? Somebody mod that down please... the post is a junk post to trick people into clicking the link.
I fear that no one reads the moderator guidelines anymore. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
"It's kind of a natural flow of events," McNealy said. "The MPAA is sending a message it is not to be trifled with."
WHO THE HELL PUT THEM IN CHARGE? What do you mean, "not to be trifled with"? Of course we can trifle with them! It is because of them we exist!
When did Copyright change, from a tool to enable authors to profit from their works for a few years, into a club that corporations can use to kill individuals and that has prevented anything from entering the public domain since the early 1900s.
With the flow of information increasing so rapidly, Copyright protection shouldn't extend more than 10 years at the most. 15 years for patents.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Here is the relevant section, which seems to be much more acceptable. I say "job well done" to those who made a lot of noise over this, and for Microsoft in admitting their error and correcting it.
MICROSOFT'S RIGHT TO USE FEEDBACK OR SUGGESTIONS YOU SUBMIT
By submitting any feedback or suggestions to Microsoft concerning the Passport Web Site or the Passport Service, you warrant and represent that you own or otherwise control the rights necessary to do so and you are granting Microsoft and its affiliated companies permission to:
Use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such feedback or suggestions; and
Sublicense to third parties the unrestricted right to exercise any of the foregoing rights granted with respect to the feedback or suggestions.
The foregoing grants shall include the right to exploit any proprietary rights in such feedback or suggestions, including but not limited to rights under copyright, trademark, service mark or patent laws under any relevant jurisdiction. No compensation will be paid with respect to Microsoft's use of the materials contained within such feedback or suggestions.
Microsoft is under no obligation to post or use any materials you may provide and may remove such materials at any time in Microsoft's sole discretion.
This section is inapplicable to any personally identifiable information that you provide in connection with your registration for the Passport Service(s). For terms and conditions governing use of such information and for more information on how the Passport Service works, please refer to the Passport Privacy Statement at http://www.passport.com/Consumer/PrivacyPolicy.asp . This privacy statement is controlling and overrides any conflicting language contained in these Terms of Use concerning use of such information.
This section also is inapplicable to any documents, information, or other data that you upload, transmit or otherwise submit to or through any Passport-Enabled Properties. Please refer to the terms and conditions for such Passport-Enabled Properties to determine the rights of the web site or service provider to such documents, information and/or data.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Ladies and Gents, before you get your panties all in a wad, please note that this is an APRIL FOOLS joke.
Come on... it is sooooo easy to spot too! If a file were compressed to 0% of its size, you would have no file. Thus, the compression scheme would be lossy.... it would LOSE the entire file! It could also be therefore constant time, since it can just assume each file is lost before doing any work. Come to think of it, this sounds sortta like del (or rm, depending on what OS and/or shell you like)
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
There are a great number of software packages out there to track licenses..... for example, Tally Systems has an inventory solution that will tell how how many copies of each piece of software are installed on your network.
Novell's ZENWorks is supposed to do that, but the inventory functions are pure S***.
Microsoft's SMS will do it as well, among the many things it also does.
If you need Remote Control, Software distribution, Inventory, etc... and you are on a Windows network, go with SMS.
If you just need Inventory, go with Tally Systems.
Hope this helps those out there in the IT world that cannot afford to use Open Source software for everything, and still need to keep track of licenses. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Just when I was starting to think that/. wasn't being biased against Microsoft, and was actually engaging in fair reporting, CmdrTaco comes in and ensures that this is not the case. Thanks again!
:)
Seriously though, why should we be feeling sorry for these people? So they didn't bother to document how many licenses they have and how many desktops they have running which software.... how exactly is that some sort of Microsoft problem?
It would appear that CmdrTaco is attempting to scare people by giving the impression that Microsoft runs around with a club trying to beat people over the head for more money (that may or may not be the case.)
I know that we keep exact records of how many licenses we have for each piece of software, and how many of those licenses are currently in use. Microsoft could walk in tomorrow and we can present the proof that we have x copies installed and we own y licenses, end of story. Any IT/PC support department worth their salt would be doing the same.
Cost is another issue entirely. Sure, the initial price for a Linux system is little to nothing, but when you factor in other issues that corporations face every day, the Linux value isn't quite the deal it once appeared to be.
First of all, there is no MS Access equivalent. That would mean we'd have to switch over all these little programs that have maybe 10 users to another system. There really isn't any RAD programming system for Linux (Klyx ain't there yet.), so that means a lot of time and effort for something pretty small.
There is also the cost of retraining all of our users and staff. We would have to try and track down and support lots of Linux apps for various tasks, if they even exist. If not, we'd have to write and support our own from scratch. I would also say anywhere from 20% to 50% of the peripherals and components in the systems we have out there don't have any Linux support whatsoever, which means replacing a lot of hardware.
The lack of any standard Directory Services client also hurts. The only real options without spending an insane amount of money are NDS and AD, neither of which have Linux clients.
Oh, and any time any person on the company wants a software application, we would have to go scour the net to try and find a Linux-compatible one, or try and write out own.
When you compare all that to the cost of Windows 2000 (less than $10,000 for 7 copies of server and 1000 user CALs under our select contract), and it really doesn't make sense to switch.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
The Tablet PC is NOT a Palm or WinCE device. Microsoft has demo'ed these units at several of its conferences, and they are a full-fledged PC running Windows 2000 or XP, with a touch-screen LCD. Basically, imagine breaking the screen off your notebook, turning it over to lay flat and upwards, making it touchscreen, and then as thin as a paper notebook and you'd have the Tablet PC. The large benefit Microsoft hopes to gain from this deal is in terms of power consumption and lowered heat output.
The software for these devices is also very interesting. You can handwrite notes, and the software can spell-check, in handwriting! Also, you can doodle pictures, which are then automatically converted to images, which can them be resized and placed elsewhere. If you happen to be reading a book, you can drag the text down to create blank space in order to write your own personal notes. When you walk into your home (assuming you have wireless access on your PC as well), your documents and settings are syncronized with your desktop PC automatically; no having to put the Tablet in a cradle and manually run a program. It all just 'happens.' This is also part of the.NET strategy: Suppose you want to edit a document on your Tablet PC while you are in New York, but the document is still on your home PC? No problem... the Tablet PC can dial out through whatever Internet access you have, connect to your home PC, and download the document, all without any user intervention. The possibilities are endless, since it is a full PC after all. One might even be able to get Linux running on it, only sans the neato software. -------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Slashdot Mirror
The guy obviously has an anti-western mindset.
But to simplify, the crux of his argument seems to be that in order to read ancient works from the Chinese/Japanese/etc, they need about 40,000 to 50,000 characters each.
But in reality, the average Japanese person would use less than 10,000 characters. In fact, probably much less.
Besides -- it is mostly a moot point until you can show me a keyboard capable of entering 50,000 unique symbols efficiently.
His solution seems to be allocating 32-bits of storage per character, rather than the 16-bit Unicode standard we have now.
For the forseeable future, it would seem that Latin-esque alphabets have the upper hand. It just makes more sense, especially in terms of programming and protocols. Do we really need web servers that understand how to read "GET / HTTP/1.1" in thirty different character sets?
-- russ
You nailed it. AMD wants the 760MP to be as rock-solid stable as anything Intel produces, if not more. If the AMD's first venture into the server marketplace is riddled with incompatibilities and reliability problems, then they won't be able to make another run at it for years, if not more.
That's also why they didn't trust VIA to produce the chipset for this market -- they have proven too unreliable in the past with various PCI issues.
nVidia is shaping up to be the king for the Home/workstation market, and AMD's chipset should hit the server market.
Say.... I wonder if nVidia will ever produce an MP-chipset...
-- russ
Plus the fact that when you buy Microsoft, you get lots of features that are guaranteed to work together and meshed in a nice, easy to use package. Microsoft offers end-to-end solutions with little overhead -- something that none of the Open Source distros can come close to claiming yet.
As far as features go, the ones that ensured we wouldn't be adopting Linux are: ACLs, Directory Services, and ease of use.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Those graphs are very misleading, because they lump NT4 in with Windows 2000. It is widely known that NT4 had serious issues, which isn't surprising, since it was designed prior to the real internet explosion -- IIS was originally an add-on.
In contrast, Windows 2000 is much more secure and infinitely more stable out of the box than NT4. Of course there are some issues that need to be patched, but that's life.
Bottom line: don't try to mislead people by pretending that those numbers are for Windows 2000; most are a result of widely-known NT4 holes that admins haven't bothered to patch.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
You may continue to insist that Japan was more than ready and willing to surrender under the right conditions, but to say they only wanted the Emporer to keep his throne is ridiculous. Japan wanted to set their own terms of surrender. In war, the victor sets the terms, not the other way around. We weren't prepared to pacify anyone else. It had been tried by most of the rest of Europe in regards to Hitler, and we saw the effects of that policy.
Japan had to fall, or surrender unconditionally. That was the only way to ensure peace, and discourage other nations from going after their own rages of conquest. The fall of Japan left two options: full-scale invasion, or the nuclear bombs. Given the loss of life and damage to Japan a full-scale invasion would have brought, the bombs were a better alternative.
Whether or not you agree with what I've just said, and you still cling to the notion that the US is a big bad evil throughout all of history, drunken on its own bloodlust, it doesn't really matter. The truth is that the US was considering two options, Invasion or Bombing; no others were acceptable to the administration. I'm glad they chose the bombs.
Perhaps if you, in all your vast intelligence, had been there, you could have caved in to the Japanese demands. Maybe the world would have been a better place. Maybe, just maybe, Russia would have never found the nuclear bomb on their own if we hadn't developed it first. Maybe, maybe, maybe. It is all too easy to sit back in the comfort of your chair, typing on your PC, in a time of great peace and say "ahhh! This is where they went wrong! If only they had done this, we would have been rid of such evil!", as if you are actually entertaining the notion that over 50 years later you can understand all the complexities and intricate interactions that make up reality, in order to predict a different outcome.
Gimme a break and spare us all your self-righteousness.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
With the limited battery and processing power onboard these keyboards and mice, you can't really expect them to perform much complex encoding and decoding.
That said, some basic protection would be in order. Encryption is difficult when you are talking about a few characters per second, but definitely possible. Tuning each receiver to each device at ship time might also be possible, but could prove not to be cost effective.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
What if I take GPL'ed code and create a COM component out of it. I releast the full source.
3 months later, I decide to start writing a closed-source app and I find the component would be useful.
Should my application now be covered under the GPL?
In cases like this, I think the courts must consider if MOST of the app's functionality is relying on the component, or just a small part. If it is a large part, then the program can be considered a derivative of a GPL'ed work, rather than a regular program take advantage of a small GPL'ed library.
Of course if they ship a binary that doesn't include ANY GPL'ed code in it, but the user is required to download the GPL'ed library to make the program work, tough beans. Otherwise, any program making use of any GPL'ed library on any Linux system must be GPL'ed, or it is in violation of the license.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Microsoft solved these problems by splitting all compressed files into 64k chunks -- the compression is done, one 64k chunk at a time. When a file is read, it is decompressed. If only part of a file is written back to disk, a chunk is compressed. If it is too large to fit in the space previously occupied, it just finds a space on the volume large enough (estimated) to hold the rest of the file, and stores that chunk there. If one chunk must be relocated, it starts relocating all the rest of the chunks (two file fragments are better than 10.)
Novell takes the scheduled approach -- files are always written uncompressed. Later, at a specified time, the system looks for "compressable" files and compresses them. In this way, only decompression is performed on the fly.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
This is the same old "Netscape Engineers suck!" backwards-text thing that was hashed (and rehashed) quite some time ago. It turns out that the string is just junk text in the file. It isn't a password, backdoor, or anything else.
.dll. Without proper and full permissions applied across virtual servers on a given box, site leakage or manipulation by others will always be possible in myriad ways.
.dll in a way that's not intended...it just doesn't appear to be this one. On a box where multiple sites have not been individually permissions, or permissions are lax or non-existent...anyone permissioned to execute the .dll in the first place would have the ability to simply open the other sites and manipulate them directly (i.e. no need to do this junk with the dvwssr.dll)
Take a look at what Bugtraq's owner had to say at the time (Bugtraq originally reported this issue.)
It seems that someone testing the box entered the string and got into the Frontpage web w/ no password.... as it is pointed out below, that is because the security on the box wasn't set properly.... they could have typed in "MicrosoftSucks!" and gotten in.
======= BEGIN MESSAGE =========
Ok, here's a breaking update.
Latest reports say that there is
NO VULNERABILITY IN DVWSSR.DLL
Yup, that's right, different again from what I said earlier, and even more different than what I said yesterday to WSJ.
Please accept that I have followed the story published elsewhere and tried to keep you abreast of everything I knew. Also appreciate that the amount of time given to verify and research the claims made by others has been extremely short. I've had probably 30 interviews today by orgs pressing for information on the story as the feeding frenzy occurs after the first one goes to press (WSJ in this case).
MS have had people working on this thing like madmen, trying to verify the claims and investigate all of the possible pieces of code that may be affected. As that research progressed, different observations were made and so the story came out in various stages (with varying levels of "correctness"). Had they been given a reasonable amount of time to respond, nobody would have been in a tizzy about anything (i.e. the press would not have cared to run this story anywhere).
Decide for yourself whether we were better served by (more) immediate disclosure or not. I've stood where I stand for a reason, despite the loathing of others for my stance...
In the end, it turns out that unless you actually have permissions for the file you are requesting, you'll get an error message when you follow the procedures outlined by RFP in his RFP2K02 advisory.
That said, understand that sites that allow connections by Front Page may very well provide you with source asp if you request it. BUT THAT WILL HAPPEN with or without the
From what I've heard/seen/been told, permissions on the test servers must have either been non-existent, incorrectly applied, or permissioned the user across multiple virtual sites (i.e. incorrectly applied).
I had someone claim that they could get into an FP98 site using "Netscapeengineersareweenies!" as a userID and no password...making them think it was a backdoor userID. Fact is they could get into the same sites using "TomDickandHarry" as a userID too. If the permissions aren't set correctly, anything is possible.
This info may change again before its finalized. It may well be that there is some way to use this
Finally, to my point out the string not being a password. Elias Levy of SecurityFocus.com and Mark Edwards of NTSecurity.net have both correctly pointed out that using the term password to apply to that string is not beyond the realm of understanding. The client component mtd2lv.dll and the server component dvwssr.dll both need to know this value, and use it correctly, for communications to work. If you try and talk directly to dvwssr.dll and don't obfuscate your communication with the correct "key", it won't understand you. Of course if you don't already have permissions, knowing this value gets you nothing...hence my observation that its not a password. Whatever it is, it appears to be meaningless junk text used as data.
===== END MESSAGE ======
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
You can't compare the two. Microsoft is a closed system. They don't provide you the "hooks" you need for full integration. This provides them with a competitive advantage in ALL software written for their operating system that no company that produces Windows applications can hope to match.
Actually, that is NOT TRUE. There are no "secret" APIs hidden in Win32 that somehow give Microsoft a huge edge. All the information you need to integrate your own applications is right there in the SDK -- most companies just never take the time to do it. Just take a look at Windowblinds -- if that isn't integration, then I don't know what is!
With the exception of the MS HTML engine being somewhat integrated with the Explorer shell, nothing that Microsoft has done cannot be accomplished by independent developers. Don't blame Microsoft just because you are too lazy or busy to learn how.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Actually I am working on getting Bender to run on ActivePerl and talk to a MS SQL database (or rather, the ODBC perl DBD). It is no easy task, let me tell you.
I originally wanted to write a module to allow it to talk to MS SQL directly, but... well... both it and Sybase use an obscure tabular data format that I really don't have the patience to master right now.
I really wish Microsoft would releast more than ODBC modules for SQL Server. If they really want to compete with Oracle, they've got to.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
I can imagine Orville Wright saying the same thing...
"If I die, I die", he scoffed. "I'd rather die trying this than spend the next 40 years making bicycles, bitter that I never made the attempt."
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
"If the person who setup the webserver was in ANY way competent, do you think they would be using IIS?"
Better go tell Dell, Microsoft, eBay, NASDAQ, Intel, etc. that they don't have a clue.
Setting up IIS securely takes work, just as doing so on a Linux box does. The problem is that many so-called "WinNT/2K Admins" are clueless. They click Install, and see that they can get to their web page. They then assume everything is OK.
A "real" admin would get on the various security lists, go through the MS checklists, apply the high-security template, and download the scripts that Microsoft used to help secure their own W2K webservers. The admin would also stop by the MS security site at LEAST once per month, if not more. They even have a security Tool that can baby-step you through the configuration if the registry scares you.
Don't blame Ford when you had your keys to a 3 yr old and they wreck the car....
Of course in this particular case, Microsoft should have performed better testing, but still...
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
So in effect, if the admin who setup the webserver is in ANY way competent, he should have already been over the checklist and applied the template, both of which discuss removing this extension. If he's lazy and only used the SecTool, that would still do the job.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
The BSD ip stack is why NT has had a mutlithreaded TCP/IP stack since the early days, and always seems to best Linux on pure network throughput tests. Microsoft licensed it some time ago. In fact, if you check around the executables, you can still find the BSD/Berkly copyright signature on a few older ones.
ex: FTP.EXE v5.0, W2K: Line 308, Col 36 (assuming wrapped 70 cpl):
"Copyright (c) 1983 The Regents of the University of California"
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Why bother to put together 8,000 Linux boxes, when one could obtain high-powered 64-bit computers to accomplish the same task?
You can always go with Tru64, W2K Datacenter, AIX, et al.
It would be interesting to figure out how much high-powered hardware would be required to replace those 8,000 boxen and the software to run it, and see if it comes out less or more than running the 8k separate Linux boxes.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
The password change is a well-known bug in the Novell client that they refuse to fix. Novell has suspended pretty much all work on their client software. Netware is dying, jump now while you can.
Your HP situation highlights 99% of Windows 2000 BSODs: faulty drivers. If you only use HCL-approved hardware and signed drivers, you aren't going to get any BSODs, unless you have faulty hardware.
I believe that the ISS is using NT4.0, in which case I'm not surprised. While somewhat stable, it pales in comparison to Windows 2000.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Read the paper that the RIAA, SDMI, and our government say is illegal.
h tm
t m
http://www.theregister.co.uk/extra/sdmi-attack.
http://www.boneville.net/slashdot/sdmi-attack.h
Download, mirror, link... rinse & repeat. Don't let the scum of humanity dictate the rules. I would encourage anyone and everyone: Anytime any corporation threatens to sue in order to supress information, ensure by copying and distributing it that the information they are attempting to supress stays free forever.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Did the moderators not bother to click the link and see that it goes to a GOATSE.CX-esque picture? Somebody mod that down please... the post is a junk post to trick people into clicking the link.
I fear that no one reads the moderator guidelines anymore.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
If you read the article, it says:
"It's kind of a natural flow of events," McNealy said. "The MPAA is sending a message it is not to be trifled with."
WHO THE HELL PUT THEM IN CHARGE? What do you mean, "not to be trifled with"? Of course we can trifle with them! It is because of them we exist!
When did Copyright change, from a tool to enable authors to profit from their works for a few years, into a club that corporations can use to kill individuals and that has prevented anything from entering the public domain since the early 1900s.
With the flow of information increasing so rapidly, Copyright protection shouldn't extend more than 10 years at the most. 15 years for patents.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
MICROSOFT'S RIGHT TO USE FEEDBACK OR SUGGESTIONS YOU SUBMIT
By submitting any feedback or suggestions to Microsoft concerning the Passport Web Site or the Passport Service, you warrant and represent that you own or otherwise control the rights necessary to do so and you are granting Microsoft and its affiliated companies permission to:
Use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such feedback or suggestions; and
Sublicense to third parties the unrestricted right to exercise any of the foregoing rights granted with respect to the feedback or suggestions.
The foregoing grants shall include the right to exploit any proprietary rights in such feedback or suggestions, including but not limited to rights under copyright, trademark, service mark or patent laws under any relevant jurisdiction. No compensation will be paid with respect to Microsoft's use of the materials contained within such feedback or suggestions.
Microsoft is under no obligation to post or use any materials you may provide and may remove such materials at any time in Microsoft's sole discretion.
p . This privacy statement is controlling and overrides any conflicting language contained in these Terms of Use concerning use of such information.
This section is inapplicable to any personally identifiable information that you provide in connection with your registration for the Passport Service(s). For terms and conditions governing use of such information and for more information on how the Passport Service works, please refer to the Passport Privacy Statement at http://www.passport.com/Consumer/PrivacyPolicy.as
This section also is inapplicable to any documents, information, or other data that you upload, transmit or otherwise submit to or through any Passport-Enabled Properties. Please refer to the terms and conditions for such Passport-Enabled Properties to determine the rights of the web site or service provider to such documents, information and/or data.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Ladies and Gents, before you get your panties all in a wad, please note that this is an APRIL FOOLS joke.
Come on... it is sooooo easy to spot too! If a file were compressed to 0% of its size, you would have no file. Thus, the compression scheme would be lossy.... it would LOSE the entire file! It could also be therefore constant time, since it can just assume each file is lost before doing any work. Come to think of it, this sounds sortta like del (or rm, depending on what OS and/or shell you like)
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
There are a great number of software packages out there to track licenses..... for example, Tally Systems has an inventory solution that will tell how how many copies of each piece of software are installed on your network.
Novell's ZENWorks is supposed to do that, but the inventory functions are pure S***.
Microsoft's SMS will do it as well, among the many things it also does.
If you need Remote Control, Software distribution, Inventory, etc... and you are on a Windows network, go with SMS.
If you just need Inventory, go with Tally Systems.
Hope this helps those out there in the IT world that cannot afford to use Open Source software for everything, and still need to keep track of licenses.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Just when I was starting to think that /. wasn't being biased against Microsoft, and was actually engaging in fair reporting, CmdrTaco comes in and ensures that this is not the case. Thanks again!
:)
Seriously though, why should we be feeling sorry for these people? So they didn't bother to document how many licenses they have and how many desktops they have running which software.... how exactly is that some sort of Microsoft problem?
It would appear that CmdrTaco is attempting to scare people by giving the impression that Microsoft runs around with a club trying to beat people over the head for more money (that may or may not be the case.)
I know that we keep exact records of how many licenses we have for each piece of software, and how many of those licenses are currently in use. Microsoft could walk in tomorrow and we can present the proof that we have x copies installed and we own y licenses, end of story. Any IT/PC support department worth their salt would be doing the same.
Cost is another issue entirely. Sure, the initial price for a Linux system is little to nothing, but when you factor in other issues that corporations face every day, the Linux value isn't quite the deal it once appeared to be.
First of all, there is no MS Access equivalent. That would mean we'd have to switch over all these little programs that have maybe 10 users to another system. There really isn't any RAD programming system for Linux (Klyx ain't there yet.), so that means a lot of time and effort for something pretty small.
There is also the cost of retraining all of our users and staff. We would have to try and track down and support lots of Linux apps for various tasks, if they even exist. If not, we'd have to write and support our own from scratch. I would also say anywhere from 20% to 50% of the peripherals and components in the systems we have out there don't have any Linux support whatsoever, which means replacing a lot of hardware.
The lack of any standard Directory Services client also hurts. The only real options without spending an insane amount of money are NDS and AD, neither of which have Linux clients.
Oh, and any time any person on the company wants a software application, we would have to go scour the net to try and find a Linux-compatible one, or try and write out own.
When you compare all that to the cost of Windows 2000 (less than $10,000 for 7 copies of server and 1000 user CALs under our select contract), and it really doesn't make sense to switch.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
The Tablet PC is NOT a Palm or WinCE device. Microsoft has demo'ed these units at several of its conferences, and they are a full-fledged PC running Windows 2000 or XP, with a touch-screen LCD. Basically, imagine breaking the screen off your notebook, turning it over to lay flat and upwards, making it touchscreen, and then as thin as a paper notebook and you'd have the Tablet PC. The large benefit Microsoft hopes to gain from this deal is in terms of power consumption and lowered heat output.
.NET strategy: Suppose you want to edit a document on your Tablet PC while you are in New York, but the document is still on your home PC? No problem... the Tablet PC can dial out through whatever Internet access you have, connect to your home PC, and download the document, all without any user intervention. The possibilities are endless, since it is a full PC after all. One might even be able to get Linux running on it, only sans the neato software.
The software for these devices is also very interesting. You can handwrite notes, and the software can spell-check, in handwriting! Also, you can doodle pictures, which are then automatically converted to images, which can them be resized and placed elsewhere. If you happen to be reading a book, you can drag the text down to create blank space in order to write your own personal notes. When you walk into your home (assuming you have wireless access on your PC as well), your documents and settings are syncronized with your desktop PC automatically; no having to put the Tablet in a cradle and manually run a program. It all just 'happens.' This is also part of the
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"