But SCO's McBride said that there are two companies he has no
intention of going after: Hewlett-Packard Co. and Sun Microsystems Inc.
"We have no problems with Sun and HP with regards to infringement as
both have honored the conditions of their Unix license contracts and
operated within these," he said.
I don't remember SCO mentioning anything about HP before
this. Perhaps they are the Fortune 500 company that paid for
licenses?
That's simply wrong. QWERTY was designed to speed typing up by spacing out the most used keys to different sides of the keyboard.
That is quite untrue. There have been many studies of touch typing over the years, and they have lead to a few simple guidelines for fast typing, such as:
Place the most common characters on the home row, so your fingers rest on top of them for quick access.
Your hands should alternate heavily, so one can position itself while the other is typing.
QWERTY does not follow either of these rules. Most keypresses are on the UPPER row, and a lot of words can be typed with only one hand (eg. minimum). Dvorak's layout ensures your hands stay on the home row, and its grouping of vowels makes it impossible to type one word with one hand only.
Changing the keyboard layout helps, because the Dvorak layout was designed for typing English words, while QWERTY was not. It takes less effort to keep up the same WPM, and less effort means you can type for longer, or place less strain on your hands.
Dvorak has a much better defense than "the Navy wouldn't do that." Discover Magazine ran an article that convinced me to switch; read it here.
The stack/executable bits are there, it's just not that obvious in the feature list. Here's a sample from the news page:
grsecurity 1.9.9f has been released. Changes include RANDEXEC for alpha, sparc, sparc64, and parisc. It also includes KERNEXEC for i386, which implements non-executable and read-only KERNEL pages. To use the feature, you must build a monolithic kernel (that is, CONFIG_MODULES = n). KERNEXEC also makes the IDT, GDT, and syscall table read-only. In addition, stack/mmap randomization has been added for PowerPC, multiple administrators are allowed in the ACL system, and a fix for the ptrace patch discussed on LKML has been included.
The exploit doesn't seem to work on every kernel. I've tried two, Gentoo's 2.4.19 and a lightly patched 2.4.20, and only the latter was exploitable.
My best guess is that Grsecurity prevented it from working, or at least changed enough things to stop the standard exploit. It might be worth looking into, to prevent future bugs like this.
I'd just like to point out that Nintendo of Canada is touring across Canada with a couple of GameCubes. Oddly enough, the only place I've seen it advertised is on their own website; on the plus side, it should make for some short lines.HJ Hornbeck
I'm surprised noone here has caught on to a huge advantage of one-way hash password systems, like MD5sum: they allow far more than 8 characters to be used. For instance, I used to be a big fan of Ren and Stimpy, so an ideal password for me would be "You're coveting my ice-cream bar!". It's too long for a password dictionary, too obscure since few people know I was a fan, has too many ways to misspell or alter it, yet I'll never forget it.Of course, it's a pain to type in at 3am. It's a poor choice if the system locks down your account after a few missed attempts, or limits you to 8 characters. But when it's feasable this type of password gives the security of a randomly-generated one and is as easy to remember as a self-chosen single word.
Slashdot Mirror
From the article:
I don't remember SCO mentioning anything about HP before this. Perhaps they are the Fortune 500 company that paid for licenses?
HJ Hornbeck
That is quite untrue. There have been many studies of touch typing over the years, and they have lead to a few simple guidelines for fast typing, such as:
QWERTY does not follow either of these rules. Most keypresses are on the UPPER row, and a lot of words can be typed with only one hand (eg. minimum). Dvorak's layout ensures your hands stay on the home row, and its grouping of vowels makes it impossible to type one word with one hand only.
There's no need to trust me, though. You could always ask the current world record holder for typing, or read up on a Discover Magazine article that goes into much more detail.
HJ Hornbeck
Er, the convincing Discover Magazine article is actually
here, their search page is a bit wonked. The article is called "The Curse of QWERTY".
HJ Hornbeck
Changing the keyboard layout helps, because the Dvorak layout was designed for typing English words, while QWERTY was not. It takes less effort to keep up the same WPM, and less effort means you can type for longer, or place less strain on your hands.
Dvorak has a much better defense than "the Navy wouldn't do that." Discover Magazine ran an article that convinced me to switch; read it here.
HJ Hornbeck
The stack/executable bits are there, it's just not that obvious in the feature list. Here's a sample from the news page:
HJ HornbeckThe exploit doesn't seem to work on every kernel. I've tried two, Gentoo's 2.4.19 and a lightly patched 2.4.20, and only the latter was exploitable.
My best guess is that Grsecurity prevented it from working, or at least changed enough things to stop the standard exploit. It might be worth looking into, to prevent future bugs like this.
HJ Hornbeck
I'd just like to point out that Nintendo of Canada is touring across Canada with a couple of GameCubes. Oddly enough, the only place I've seen it advertised is on their own website; on the plus side, it should make for some short lines.HJ Hornbeck
HJ Hornbeck