But are you are working for OptinRealBig and self proclaimed "Spam King" Scott Richter who were recently sued to near oblivion by NY State Attorney Eliot Spitzer and Microsoft? Quite a coincidence that someone should be asking this just after it is announced on The Register that he is cleaning up his act and just got delisted from ROKSO. If so, good luck in your new job trying to get a leopard to change its spots, but my advice would be to keep one eye on how much legal scrutiny the company is under and what happens to ethics when that spotlight starts to fade.
If people can't clean their systems, they'll just have to loose all their email and digital pictures.
That thought has crossed my mind on several occasions when some bot on my local segment has been hammering my firewall and a quick NMAP reveals that, big surprise, NetBIOS and RPC are wide open. The price you pay for connecting via an ISP that doesn't treat their customers like idiots, even though some of them quite obviously are... So far, I've managed to resist the temptation, but boy, is it ever getting harder to do so!
Let's face it, mass mailing trojans have been mainstream news for sometime now, yet people *still* fall for them. And I don't mean emails that just require you to download them into a badly written email client, I mean the dumb kind where the recipient has to run the attachment sent to them by a total stranger themselves. Are they living under a rock, because even non-PC using members of my family have brought this issue up with me in conversation? Deleting all their email and digital pictures, and making it clear how and why it was done of course, may be the only way of giving them the whack up the back of the head with a clue by four they so desperately need.
If you are going down that road, then you would have to simply go ahead and do it, which makes you no different than the scum that put it there in the first place in the eyes of the law. Now, in theory, you could pop up a message that says "Your PC has been compromised... You need to do X, Y & Z." and be safe from the law. The snag is that most of the people whose PCs are members of botnets are probably the same ones who are used to seeing pop-ups of that form telling them to do and drop $30 on some shitty piece of software that just installs more malware.
Going after the controlling servers of the bot-net however, while it is definitely still a legal grey area, is less likely to get you a jail sentence and/or a fine. There are also viable approaches that wouldn't break the law at all, although they are probably not going to deliver results if the server is with certain "bullet proof hosting" providers who just don't care about abuse reports. In any case, it's still a game of Whack-a-Mole, only by going after the servers you are essentially playing with 10,000 mallets simultaneously...
According to the article it's just 2,000,000 miles from its star which give it an orbital velocity of roughly 75 miles per *second*. That's more velocity than it took to put the Pioneer and Voyager probes on orbits that could leave our solar system altogether!
Re:Gone....for the moment
on
PHRACK Final
·
· Score: 5, Interesting
I wonder what happened to Taran King and Knight Lightning
"Operation Sundevil", an attempt to crackdown on the Legion of Doom cracking and phreaking group, happened. Craig Neidorf (Knight Lightning), was indicted, subjected to search and seizures by the US Secret Service, brought to a jury trial and finally had all charges dropped by the prosecution. He's kept a pretty low profile ever since, or at least has been a lot more careful with covering his tracks. Taran King appears to have been spooked and dropped out of the scene around the same time, or is also being a lot more careful.
In any case, there doesn't seem to be much on the pair since the end of the crackdown started by Operation Sundevil in the early 1990's. Perhaps this "final" issue of Phrack should include a "Where are they now?" article on past editors and other once prominent members of the Phrack community. Then again, given the number of convictions that were successful, that's not very likely to make for a very upbeat article about hacking to go out on, is it?
Is it just me, or doesn't that sound contradictory.
Not really, it depends upon the implementation and how Microsoft sets the defaults. The remote administration part is almost certainly going to be apart from the main server as one of the modular components mentioned in the article. I suspect what we will see is that the IIS admin tool will be an MMC snap-in, and that it will be MMC that will gain the remote HTTPS accessibility, which would make it little different from a remote access enabled install of WebMin.
If they are taking security as seriously as they like to make out, then they will be designing the thing with the possibilty of a remote exploit in mind. That means, having remote access disabled by default, warning the user of the security implications when they try and enable remote access, and making it easy for the user to lock down the remote access by IP as well as HTTPS authentication. Asking for some IP ranges right after the remote access functionality is enabled would be good, or better yet restricting to the local IP anyway and *forcing* the user to enter additional IPs. This data could then be passed to the Windows Firewall as well as used as a "double check" by the MMC console, for an additional layer of protection.
Regardless of the method and security of any implementation, that doesn't stop the usual bunch of losers with out a clue on security enabling global remote access of course. Nor, I suspect, will it stop Microsoft taking a good deal of the blame if and when a load of IIS7 servers get rooted by some future worm that exploits the remote mangement feature because some lunatics enabled it with minimal security.
OK, it's no solution to the VoIP emergency call scenario, but most ISPs that have implemented this kind of denial of net access in a sensible manner don't actually cut the user off out right. The preferred solution is to move the problematic user onto a dedicated VLAN. From there it's a trivial matter to redirect any attempt to access to web to a information page that informs the user what has happened and what to do about it. Here in the UK this usually applies to people who are "over using" their DSL lines, at least until this initiative gathers some momentum, but the principle is the same.
Oops. Pasted the wrong link for Trusted Reviews; the correct direct link is here, and here's a link to Bit tech's review with a photo of the chip in question with its cover off, for those who get excited by such things...:)
what makes this different/better/faster/whatever than a proxy server?
Nothing really that I can see other than that it will always compress which is something that some sites do not have enabled, which should offer some speed ups and help reduce over all web traffic. I'd assume that this is tied into Google's cache used on the search engine, so if you request a page through the proxy for which the cached data is stale it will update that also, then re-index the data for the search engine. If so, this could be *very* useful for alleviating things like the Slashdot effect, although it would need to pull the graphics to be of any real use here. The problem with caching the graphics though, is that it's going to make it *really* difficult for Ad-Blockers to work out which files are ads and which are not...
Surely *some* of those 16,000 and change documents are going to be covered by Sarbanes Oxley's data retention requirements. Do Darl McBride and Ralph Yarro have some kind of sado-masochistic desire to be investigated by the SEC or something, because this sure sounds like a hunting license to me.
It's been done before, so why not? Intel used to sell "defective" 80486DX chips where the fault lay in the numeric processor as perfectly functional 80486SX chips. It only makes sense that the design be engineered so that defective cores can be disabled after fabrication and leave a functional chip.
If you are talking about a clean room, then it's part of the environmental control. In addition to the usual temperature, humidity and particulate matter controls, you also need to regulate static, ionisation and the lighting. The silicon wafers, the photomasks and other manufacturing devices are incredibly sensitive to all those things at varying stages of production. Basically the design of a chip is projected onto the silicon wafer in a manner kind of like projecting a photographic transparency onto a projection screen, except that the image from the photomask is made smaller rather than larger. The photomasks are quite sensitive to certain wavelengths of light, hence the special lighting requirements.
Besides, once you are cooped up inside one of those natty suits that you have to wear in modern chip fabrication environments, believe me when I say that the lighting is *not* a major concern... I'm certainly not complaining if I don't have to do any work in our clean room environment on a given day. OK, yes, it is *very* cool at first though!;)
Simple logistics; just as many tech companies congregated in Silicon Valley, a similar situation exists in Dresden. Going from chip design to the actual fabrication requires a considerable amount of support infrastructure much of which is done by external companies. For more complex devices it will typically take a few months at least from finalising the design to the first chips actually rolling out of the fab.
I know for a fact that not even Intel does everything in house, so it's highly unlikely that AMD does. Essentially there are just far too many different types of highly complex technologies and processes involved for one company to do it all. Having as much of that infrastructure located in the same general vicinity can save a lot of time, money and aggravation. Which is why we have manufacturing sites in both Silicon Valley and Dresden, amongst others...
Nikon, to the best of my understanding, is a camera manufacturer.
Well, technically, Nikon is more of a general "optical equipment" manufacturer than just a camera manufacturer. They might be best known to the man on the street for their cameras, and maybe scanners, but the bulk of their revenue comes from the sale industrial optical equipment. We have a couple of them in our cleanroom at work that cost over $1m each, and Leica too for fans of the brand.
So, yes, while this will probably convince some people to buy another brand of DSLR instead of a Nikon, I'm afraid the "Nikon is doomed" crowd are going to be in for a long wait...
Yeah, 24 hours should be more than enough to give reasonable caching without compromising your flexibility to do updates too much. I used to work at an ISP and rebuilt their DNS infrastructure from the ground up while I was there. I also wrote some scripts that made use of the "named-checkconf", "named-checkzone" and "rndc" commands so that when we made any changes to DNS, they were validated as being sane, then propogated to all our DNS servers instantly. No fuss, no muss; change the zonefile, update DNS, and the only cached data left was in the caches of clients that had queried our DNS, which was at most $TTL old.
Our standard TTL was 24 hours, although if we knew in advance that a change was coming we'd often drop that down to just one hour for either a specific record or the entire domain. A huge proportion of our customers (mainly SMEs and VISPs) were completely unaware that such a trick was possible, even though they were often running their own DNS.
Frankly, I'm not surprised by this news in the slightest. There were far too many system admins out there who didn't really understand what they were doing then, and the situation has only gotten progressively worse since. It's not just with DNS either, thanks to the growing proliferation of spam and malware, there are plenty of asinine things being done with SMTP and HTTP as well. Heaven help us all once the next generation of admins that have been taught their jobs by these idiots get to take hold of the reins all by themselves...
Perhaps some kind of "shopping basket" download system on the Mozilla update site would be a good way to go. Personally, I quite like the "Download Basket" that Microsoft uses on its Windows Update site when you do a manual update. Something like a standard shopping cart to choose the plugins that you are interested in, followed by a Windows Update style confirmation and install process would be ideal. If you could also save the baskets and reuse them on multiple PCs that would make widescale deployment of Firefox sooo much easier...
SCO asked for yet another delay in the case, the judge said they couldn't have one and the case would proceed as previously scheduled. They've also filed their quarterly financial report for Q1 2005 (the 10Q) bringing themselves back into NASDAQ regulation compliance, so they probably won't now get delisted and their SCOX ticker symbol will lose the red "E" soon.
That's it. Why this got a front page story I don't know, although it is a sign that this judge at least feels that SCO now has sufficient rope to hang themselves with, so there is that.
As an addendum, I'd suggest making that other registrar Verisign. While they are expensive and have quite loathesome business practices of their own, they *are* the ultimate power for the.com and.net gTLDs. That should give them a little more leverage than other registrar in extracting your domains from Jump Domain's grasp.
Once you've hopefully got all your domains moved over to Verisign you can then transfer them out to another, more cost effective and ethical registrar, at your convenience. While Verisign isn't the best at this, they have cleaned up their act considerably since their recent fiascos like sex.com, so you should be OK. You might have to pay a little over the odds for Verisign's services, but that's got to be preferrable to losing your domains altogether, hasn't it?
Oh, and on the subject of sex.com, you should at least talk to a lawyer about this. You've lost several domains through the negligence of Jump Domain, and the sex.com owner made a killing (on paper) from a similar situation. While you are probably not in the same territory as that, that case might be enough incentive to convince a lawyer to take the case for you in order to wet his beak in a potentially lucrative damages claim.
X-Rated? Are you kidding me? It's more likely going to be a cross between getting a first post on Slashdot and Google Whacking. Just before the Google segment starts the hordes with descend on Google and try and get their "amusing" search phrase up in lights. Who knows, there might even be a fortune file in the offing too...
Had they picked an open source platform it would be much less disruptive for their business.
How so? It's not like the VB6 DLLs that your infrastructure is dependent upon are going to go away. Sure, there are not going to be any more security patches, but equally there are probably not going to very more exploits either, if any. (Based on the premise that few crackers are looking for bugs in discontinued code - when was the last exploit specifically targetting Windows '9x for instance?) Besides, unless I'd had a third party write the application and had no access to the VB6 source, then I could still update the code to a newer version of VB, or even.Net, even though it might be a lot of work.
It's just as possible to get into exactly the same state with an open language as it is a closed one. If the developers all move on to other projects and the language whithers on the vine, unless you have the ability to update the language code on your own then you are in the same position as with the VB6 example. Development languages evolve, and sometimes that means that older code breaks; I've seen this with closed (VB), open (Perl) and "in-between" (Java) based code - open or closed makes no difference.
Yes, having access to the source is a better option, and it does leave more doors unlocked than the closed source alternative, but I don't think it's anywhere near as critical as you believe.
That got me too, and it's not in the original leaked Adobe press release, so no clues there. The only possible relationship between colour and perspective that I can think of would be if the light was changing toward the vanishing point. Perhaps it dynamically adds a gradient mask to the object being coloured so that you don't screw up the shadows?
Couple of points here. Firstly, "half a grand"? Adobe does offer upgrades you know - the RRP of Photoshop CS2 is $599 with upgrades at $199. Considering graphic artists will use Photoshop as much as a typical office worker will use their office suite, that's not such an unrealistic price for the non-free software model, is it? For a professional artist, or someone who doesn't want to spend all day processing digital photos, if those new features save time, then $199 is a drop in the ocean. True, a lot of people routinely upgrade whether they need the new features (and bugs) or not, but what's new there?
Secondly, it wasn't actually Adobe that went after Sklyarov - it was the US DoJ that really ran with it and caused all the fuss. While Adobe did make the initial complaint, they rapidly backed away from the matter when they realised that they were being made to look like idiots due to the simplicity of the "encryption" they had used. IIRC, Adobe even made a statement to the effect that Sklyarov should not be held personally responsible for the DMCA infringement.
And no, I don't work for Adobe, although I do use Photoshop CS because I have yet to find an alternative (free or otherwise) that lets me do what I want to do as quickly as CS can. Time is money, and if Photoshop CS2 will let me save enough of it each time I come home with a couple of hundred images to process, then I have no problem with giving them $199 for it.
This news hit the photography sites yesterday too. Since Adobe has now pulled the document, here is the text of the press release yanked from my browser cache with a little more info than BetaNews published:
SAN JOSE, Calif. -- April 4, 2005 -- Adobe Systems Incorporated today announced Adobe Photoshop CS2, a major upgrade to the professional industry standard for digital image editing and creation. Available as a stand-alone software application or as a key component of Adobe Creative Suite 2, also announced today (see separate press release), Photoshop CS2 software brings a new level of power, precision and control to the digital photography experience and to the overall creative process.
"Photoshop CS2 pushes the envelope with powerful features and simplified workflows that provide photographers and creative professionals the freedom to deliver stunning images," said Bryan Lamkin, senior vice president of Digital Imaging and Digital Video Products at Adobe. "In light of the four million digital SLRs expected to ship this year, more photographers than ever will be making Photoshop CS2 their digital darkroom of choice."
Photoshop CS2 integrates a new set of intuitive tools, including an enhanced Spot Healing Brush, for handling common photographic problems such as blemishes, red-eye, noise, blurring and lens distortion. Responding to requests from film, broadcast and video professionals, Photoshop CS2 now allows non-destructive editing and the creation and editing of 32-Bit High Dynamic Range (HDR) images, ideal for 3D rendering and advanced compositing.
The new Camera Raw 3.0 workflow allows settings for multiple raw files to be simultaneously modified. In addition batch processing of raw files, to JPEG, TIFF, DNG or PSD formats, can now be done in the background without launching the main Photoshop executable. Integrated, non-destructive cropping and straightening controls allow raw files to be easily prepared for final output.
Adobe Photoshop CS2 for Mac OS X version 10.2.8 through 10.3.8, Microsoft Windows 2000 with Service Pack 4 or Windows XP with Service Pack 1 or 2, will begin shipping in May to customers in the United States and Canada, and will be available through Adobe Authorized Resellers and the Adobe Store at www.adobe.com/store. International versions are expected to begin shipping in late May and early June. Adobe Photoshop CS2 will be available for an estimated street price of US$599 and licensed users of any previous version of Photoshop can upgrade for US$149.
Yes, they are court documents the *contents* of which are in the public domain, but that's not the point. Many of those documents have been manually transcribed, proof-read and reformatted into HTML or PDF documents by various volunteer members of the FOSS community, on their own time. Many of those documents are also provided for the good of all, free of charge and any form of licensing agreements/restrictions by their transcribers, so SCO probably hasn't actually infringed any laws, civil or otherwise.
However, for a company currently in court claiming that the fruits of its labours have been misappropriated to turn around and do exactly the same thing... Well, it's hardly in the best taste is it, even if they are so strapped for cash and/or resources that they don't have the ability to transcribe it themselves. Plus, I wouldn't be at all surprised if IBM's legal team finds a way to let the court know about this to show just how two faced SCO can be.
SCO shoot themselves in the foot. Again. We'll pass on the film at eleven, and proceed with the scheduled reality show re-run...
Slashdot Mirror
But are you are working for OptinRealBig and self proclaimed "Spam King" Scott Richter who were recently sued to near oblivion by NY State Attorney Eliot Spitzer and Microsoft? Quite a coincidence that someone should be asking this just after it is announced on The Register that he is cleaning up his act and just got delisted from ROKSO. If so, good luck in your new job trying to get a leopard to change its spots, but my advice would be to keep one eye on how much legal scrutiny the company is under and what happens to ethics when that spotlight starts to fade.
That thought has crossed my mind on several occasions when some bot on my local segment has been hammering my firewall and a quick NMAP reveals that, big surprise, NetBIOS and RPC are wide open. The price you pay for connecting via an ISP that doesn't treat their customers like idiots, even though some of them quite obviously are... So far, I've managed to resist the temptation, but boy, is it ever getting harder to do so!
Let's face it, mass mailing trojans have been mainstream news for sometime now, yet people *still* fall for them. And I don't mean emails that just require you to download them into a badly written email client, I mean the dumb kind where the recipient has to run the attachment sent to them by a total stranger themselves. Are they living under a rock, because even non-PC using members of my family have brought this issue up with me in conversation? Deleting all their email and digital pictures, and making it clear how and why it was done of course, may be the only way of giving them the whack up the back of the head with a clue by four they so desperately need.
Going after the controlling servers of the bot-net however, while it is definitely still a legal grey area, is less likely to get you a jail sentence and/or a fine. There are also viable approaches that wouldn't break the law at all, although they are probably not going to deliver results if the server is with certain "bullet proof hosting" providers who just don't care about abuse reports. In any case, it's still a game of Whack-a-Mole, only by going after the servers you are essentially playing with 10,000 mallets simultaneously...
According to the article it's just 2,000,000 miles from its star which give it an orbital velocity of roughly 75 miles per *second*. That's more velocity than it took to put the Pioneer and Voyager probes on orbits that could leave our solar system altogether!
"Operation Sundevil", an attempt to crackdown on the Legion of Doom cracking and phreaking group, happened. Craig Neidorf (Knight Lightning), was indicted, subjected to search and seizures by the US Secret Service, brought to a jury trial and finally had all charges dropped by the prosecution. He's kept a pretty low profile ever since, or at least has been a lot more careful with covering his tracks. Taran King appears to have been spooked and dropped out of the scene around the same time, or is also being a lot more careful.
In any case, there doesn't seem to be much on the pair since the end of the crackdown started by Operation Sundevil in the early 1990's. Perhaps this "final" issue of Phrack should include a "Where are they now?" article on past editors and other once prominent members of the Phrack community. Then again, given the number of convictions that were successful, that's not very likely to make for a very upbeat article about hacking to go out on, is it?
Not really, it depends upon the implementation and how Microsoft sets the defaults. The remote administration part is almost certainly going to be apart from the main server as one of the modular components mentioned in the article. I suspect what we will see is that the IIS admin tool will be an MMC snap-in, and that it will be MMC that will gain the remote HTTPS accessibility, which would make it little different from a remote access enabled install of WebMin.
If they are taking security as seriously as they like to make out, then they will be designing the thing with the possibilty of a remote exploit in mind. That means, having remote access disabled by default, warning the user of the security implications when they try and enable remote access, and making it easy for the user to lock down the remote access by IP as well as HTTPS authentication. Asking for some IP ranges right after the remote access functionality is enabled would be good, or better yet restricting to the local IP anyway and *forcing* the user to enter additional IPs. This data could then be passed to the Windows Firewall as well as used as a "double check" by the MMC console, for an additional layer of protection.
Regardless of the method and security of any implementation, that doesn't stop the usual bunch of losers with out a clue on security enabling global remote access of course. Nor, I suspect, will it stop Microsoft taking a good deal of the blame if and when a load of IIS7 servers get rooted by some future worm that exploits the remote mangement feature because some lunatics enabled it with minimal security.
OK, it's no solution to the VoIP emergency call scenario, but most ISPs that have implemented this kind of denial of net access in a sensible manner don't actually cut the user off out right. The preferred solution is to move the problematic user onto a dedicated VLAN. From there it's a trivial matter to redirect any attempt to access to web to a information page that informs the user what has happened and what to do about it. Here in the UK this usually applies to people who are "over using" their DSL lines, at least until this initiative gathers some momentum, but the principle is the same.
Oops. Pasted the wrong link for Trusted Reviews; the correct direct link is here, and here's a link to Bit tech's review with a photo of the chip in question with its cover off, for those who get excited by such things... :)
Trusted Reviews has its review up to, also being mirrored by The Register.
Nothing really that I can see other than that it will always compress which is something that some sites do not have enabled, which should offer some speed ups and help reduce over all web traffic. I'd assume that this is tied into Google's cache used on the search engine, so if you request a page through the proxy for which the cached data is stale it will update that also, then re-index the data for the search engine. If so, this could be *very* useful for alleviating things like the Slashdot effect, although it would need to pull the graphics to be of any real use here. The problem with caching the graphics though, is that it's going to make it *really* difficult for Ad-Blockers to work out which files are ads and which are not...
Surely *some* of those 16,000 and change documents are going to be covered by Sarbanes Oxley's data retention requirements. Do Darl McBride and Ralph Yarro have some kind of sado-masochistic desire to be investigated by the SEC or something, because this sure sounds like a hunting license to me.
It's been done before, so why not? Intel used to sell "defective" 80486DX chips where the fault lay in the numeric processor as perfectly functional 80486SX chips. It only makes sense that the design be engineered so that defective cores can be disabled after fabrication and leave a functional chip.
Besides, once you are cooped up inside one of those natty suits that you have to wear in modern chip fabrication environments, believe me when I say that the lighting is *not* a major concern... I'm certainly not complaining if I don't have to do any work in our clean room environment on a given day. OK, yes, it is *very* cool at first though! ;)
I know for a fact that not even Intel does everything in house, so it's highly unlikely that AMD does. Essentially there are just far too many different types of highly complex technologies and processes involved for one company to do it all. Having as much of that infrastructure located in the same general vicinity can save a lot of time, money and aggravation. Which is why we have manufacturing sites in both Silicon Valley and Dresden, amongst others...
Well, technically, Nikon is more of a general "optical equipment" manufacturer than just a camera manufacturer. They might be best known to the man on the street for their cameras, and maybe scanners, but the bulk of their revenue comes from the sale industrial optical equipment. We have a couple of them in our cleanroom at work that cost over $1m each, and Leica too for fans of the brand.
So, yes, while this will probably convince some people to buy another brand of DSLR instead of a Nikon, I'm afraid the "Nikon is doomed" crowd are going to be in for a long wait...
Our standard TTL was 24 hours, although if we knew in advance that a change was coming we'd often drop that down to just one hour for either a specific record or the entire domain. A huge proportion of our customers (mainly SMEs and VISPs) were completely unaware that such a trick was possible, even though they were often running their own DNS.
Frankly, I'm not surprised by this news in the slightest. There were far too many system admins out there who didn't really understand what they were doing then, and the situation has only gotten progressively worse since. It's not just with DNS either, thanks to the growing proliferation of spam and malware, there are plenty of asinine things being done with SMTP and HTTP as well. Heaven help us all once the next generation of admins that have been taught their jobs by these idiots get to take hold of the reins all by themselves...
Perhaps some kind of "shopping basket" download system on the Mozilla update site would be a good way to go. Personally, I quite like the "Download Basket" that Microsoft uses on its Windows Update site when you do a manual update. Something like a standard shopping cart to choose the plugins that you are interested in, followed by a Windows Update style confirmation and install process would be ideal. If you could also save the baskets and reuse them on multiple PCs that would make widescale deployment of Firefox sooo much easier...
That's it. Why this got a front page story I don't know, although it is a sign that this judge at least feels that SCO now has sufficient rope to hang themselves with, so there is that.
Once you've hopefully got all your domains moved over to Verisign you can then transfer them out to another, more cost effective and ethical registrar, at your convenience. While Verisign isn't the best at this, they have cleaned up their act considerably since their recent fiascos like sex.com, so you should be OK. You might have to pay a little over the odds for Verisign's services, but that's got to be preferrable to losing your domains altogether, hasn't it?
Oh, and on the subject of sex.com, you should at least talk to a lawyer about this. You've lost several domains through the negligence of Jump Domain, and the sex.com owner made a killing (on paper) from a similar situation. While you are probably not in the same territory as that, that case might be enough incentive to convince a lawyer to take the case for you in order to wet his beak in a potentially lucrative damages claim.
X-Rated? Are you kidding me? It's more likely going to be a cross between getting a first post on Slashdot and Google Whacking. Just before the Google segment starts the hordes with descend on Google and try and get their "amusing" search phrase up in lights. Who knows, there might even be a fortune file in the offing too...
How so? It's not like the VB6 DLLs that your infrastructure is dependent upon are going to go away. Sure, there are not going to be any more security patches, but equally there are probably not going to very more exploits either, if any. (Based on the premise that few crackers are looking for bugs in discontinued code - when was the last exploit specifically targetting Windows '9x for instance?) Besides, unless I'd had a third party write the application and had no access to the VB6 source, then I could still update the code to a newer version of VB, or even .Net, even though it might be a lot of work.
It's just as possible to get into exactly the same state with an open language as it is a closed one. If the developers all move on to other projects and the language whithers on the vine, unless you have the ability to update the language code on your own then you are in the same position as with the VB6 example. Development languages evolve, and sometimes that means that older code breaks; I've seen this with closed (VB), open (Perl) and "in-between" (Java) based code - open or closed makes no difference.
Yes, having access to the source is a better option, and it does leave more doors unlocked than the closed source alternative, but I don't think it's anywhere near as critical as you believe.
That got me too, and it's not in the original leaked Adobe press release, so no clues there. The only possible relationship between colour and perspective that I can think of would be if the light was changing toward the vanishing point. Perhaps it dynamically adds a gradient mask to the object being coloured so that you don't screw up the shadows?
Secondly, it wasn't actually Adobe that went after Sklyarov - it was the US DoJ that really ran with it and caused all the fuss. While Adobe did make the initial complaint, they rapidly backed away from the matter when they realised that they were being made to look like idiots due to the simplicity of the "encryption" they had used. IIRC, Adobe even made a statement to the effect that Sklyarov should not be held personally responsible for the DMCA infringement.
And no, I don't work for Adobe, although I do use Photoshop CS because I have yet to find an alternative (free or otherwise) that lets me do what I want to do as quickly as CS can. Time is money, and if Photoshop CS2 will let me save enough of it each time I come home with a couple of hundred images to process, then I have no problem with giving them $199 for it.
However, for a company currently in court claiming that the fruits of its labours have been misappropriated to turn around and do exactly the same thing... Well, it's hardly in the best taste is it, even if they are so strapped for cash and/or resources that they don't have the ability to transcribe it themselves. Plus, I wouldn't be at all surprised if IBM's legal team finds a way to let the court know about this to show just how two faced SCO can be.
SCO shoot themselves in the foot. Again. We'll pass on the film at eleven, and proceed with the scheduled reality show re-run...