This has got to be worth a second or two off pit stop times. All the pit crew has to do is tell the bolts to undo themselves as the car comes to a halt and they can proceed directly to changing the tyres. Of course, there are probably going to be a few amusing incidents when they trigger the release too soon as well...:)
That's not the point. Of course there will be other kernel exploits in the future, and some of them might even be, or have already been, inserted deliberately. You can come up with as many theories as you like as to why, from someone testing the system and intending to come clean if successful to an intelligence agency trying to gain a backdoor. Equally, you could level the same accusations at closed source too; who is to say that remote Windows exploit "foo" wasn't inserted deliberately by some coder in exchange for a pile of used notes?
The Linux Kernel, and indeed most core open source projects, have code vetting measures in place to prevent this kind of thing, as do most closed source companies of course. In the case of the Kernel exploit the attempt was detected and remedied before the code got into the wild and only a few users of the CVS kernel were ever at risk. Sure, it's not guaranteed, but it has been proven to work and on a timescale that is very impressive. It took Microsoft longer than that just to decide that their recent much publicised Windows code theft had even happened for example.
I don't think that the argument made in the article that OSS is open to abuse this way is invalid, attempts have and will certainly continue to be made. However, I do think that the article using this point as a validation that the closed source approach is better than the open one is invalid; there is simply no difference.
From the previous paragraph, I think it's clear that both closed and open source methods can only make a best effort to prevent deliberate exploit; the aggressor only needs to get lucky once after all. The OSS community has shown several times that its security works within a reasonable timeframe: the Debian server compromise, the attempted trojaning of SSH and so on. As far as the closed source community goes though, information on compromises, like their code, is somewhat scarce.
Who needs a mole at Green Hills Software or Microsoft? The kind of software we are talking about here is highly proprietary stuff that you are not going to be able to get mail order from your local retailer. A better bet would be to target any third party libraries the vendors are using; almost no one would write their own IP stack when they can by one for a few dollars. Sooner or later you are going to get one that might have been bought from a legitimate company in the US, but was actually coded by easily bribable coders in the third world.
If anything, I'd say the risk of getting exploits deliberately planted in code without detection are far greater in closed source applications than in OSS projects. Another lame attempt at FUD from the people behind AdTI..
Um, this was already tried last November. Not only was the exploit very subtle indeed but it was still detected and removed within 24 hours. This is about as effective a piece of FUD as AdTI's last effort, and it looks like they were so embarrassed by that one they are resorting to a new name. I'm guessing we won't be hearing from "Green Hills Software" again once they've been publically ridiculed either...
So, are the artists getting any money from the disbursement of their product?
Not a chance in hell. One of the many breakdowns of where the money goes from record sales in the wake of Courtney Love's now infamous anti-RIAA tirade was fairly clear on that. All of the percentages are based on sales, specifically excluding "good will" copies, which are issued at the whim of the RIAA but the artists indirectly get to pay for.
Given the way they have just shown their contempt of the ruling by following the letter of the law and ignoring the spirit I expect they will do the same thing for the contracts too. In fact, I wouldn't be at all surprised if these CDs are classed as "good will" copies too and the artists essentially get sent the bill. I just hope that they build a monument to the RIAA at some point so I can go and piss on it.
Not only that, but the tale of "SCO" is actually fairly confusing since the Santa Cruz *Operation* that was on the committee is a) still around, and b) isn't responsible for any of these lawsuits! One of the projects I did for a previous employer was to rip out thirty or so SCO UNIX boxes scattered across the UK and replace them with solidstate terminal servers hooked up via leased lines to our two Sequent boxes at HQ. Our SCO rep was less than happy with this, understandably enough since we were overdue for an upgrade and coming up on maintainance renewals - but that's when everyone junks an old system, right? Anyway, this was all at the time that the SCO/Caldera/Tarantella shenanigans were going on so we got the whole sordid tale...
The Santa Cruz Operation that was on the committee that specified ELF 1.2 with IBM, Novell, et al is still around and trading under the name Tarantella, and was indeed incorporated in Santa Cruz. The current SCO Group that has initiated all the lawsuits was also around trading under the name "Caldera Systems" at the same time. When SCO became Tarantella, Caldera acquired their rights to the "SCO" trademarks - the tree logo, the term "SCO", and their UNIX business/partnership with Novell.
I think it's going to be a no-brainer for IBM to blow the ELF claims out of the water. All they need is four bits of paper: SCO's incorporation, Caldera's incorporation, Caldera's acquiring of the "SCO" trademark and Caldera's official name change to The SCO Group. Line up the dates and it's all over; even if the current SCO had acquired the old SCO outright, they still can't arbitrarily revoke decisions made by their acquisition's directors. Aside from that being dangerously close to being a bait and switch, there is also the issue of the amount of time that passed from Caldera acquiring SCO. One of the reasons that the RIAA goes after copyright infringers with so much gusto is because they have to; if you fail to adequately defend your copyright then you are risking losing that copyright altogether. If SCO thinks it owns ELF, then why has it taken them so long to bring the matter up?
The answer of course is simple; SCO doesn't want the copyrights to ELF, although it probably wouldn't say no to them. What SCO wants is another delay in the case in order acquire more time to spread FUD and perform yet more legal shenannigans. Unfortunately no matter how good IBM's lawyers are they are going to get some of it at least.
Nor will there be, and quite possibly never will be again with the price in the region of $4.25 and the long term outlook of SCO being none to bright. It's against NASDAQ regulations to short stocks valued at less than $5 you see.
Alternatively you could also flip that on its head and proactively add new accounts as required, which is what I do. So, if the scumbags at "Foo Corp." decide to sell my email address, I simply delete the "foo@mydomain" entry from my aliases file and both the spammer and Foo Corp. just get a User unknown from the MTA. It avoids all the pain of having a catch-all address and as a bonus it makes sorting email into folders a snip because "To:" is always unique and relevent!
That's just me and YMMV of course, but there is no way I'd enable it given those results, and that's without one of my domains being Joe-jobbed. The last time that happened there would be another two digits before that "842", and all of those emails would have gone into the catch-all account.
How did this spammer, or any other spammer, directly hurt Microsoft?
Well Microsoft does get to pay Hotmail's bandwith bills, email storage costs, and employ people to deal with abuse reports? Don't forget that they also get to deal with all the spam that is undeliverable, bounced, or dropped by user's filters etc. Per individual spam, Microsoft may well be paying less than a recipient, but there is definitely a very real price tag attached.
Unfortunately however, under CAN-SPAM, only ISPs and not end-users can use the legislation to go after spammers through the courts. As the owner and operator of Hotmail that would naturally include Microsoft. Of course, the statement that the actions has "netted them $54 million" means the courts have awarded them that much, they will actually see far less of it than that.
It would certainly be nice if Microsoft (and others in a similar position) would make at least a token contribution to the anti-spam groups out there. Spamhaus operates almost entirely on contibutions and sponsorships, Spamcop has a legal defence fund, Spam Assassin is now under the auspices of the Apache Foundation... the list goes on.
So have I, so I forwarded a couple of the messages to ICSTIS and they stopped practically overnight. Best of all, as this article shows, ICSTIS has teeth and isn't afraid to bite and name names afterward. Note that in additional to the UKP 75,000 fines, all six companies were banned from operating in the UK. Combine that with this upcoming operating guideline and hopefully SMS spam in the UK might not even get off the ground.
I think it's firmly in the "extra cheese" category, but that's not the point. It's a new approach that should be more palatable to the environmentalists than other tidal power schemes because it's invisible, and shouldn't harm any wildlife. OK, maybe that's not an issue in the East River, but it might be in other rivers in the world should this be a success and be adopted elsewhere.
The only problem is that because the source is tidal, the availability of the power cycles around the clock once per orbit of the moon. Depending on the tides, the power may or may not be available during periods of peak demand, so you still need either an alternative source of power or a means of storing the power until it's needed.
So, just who exactly is his target audience. Who, other than a terrorist organization or government able to order the official version would want a missile?
Anyone who needs an unmanned flying vehicle, whether remote controlled or pre-programmed, that uses similar principles to a cruise missile. There are several uses for such a thing besides the obvious destructive ones; a surveillance vehicle like the Predator, for example. It needn't be used by the military either - with a camera in the nose and a search grid flight program you could use it for Search and Rescue operations.
I'd suggest offering his skills to one of the teams competing for the X-Prize or something similar, but since most of those are based in the US I don't think he'd be allowed in the country.
6: The Romulan equivalent of "Agent K" steps up with a small electronic device - "look this way..." *FLASH*.
It's not like Berman has ever come up with anything really original, is it? But I suspect that they'll just never have any humans or Romulans in the the same scene because the Vulcans insist on handling all of the the negotiations because the humans are *so* not ready to deal with something like this on their own.
On the otherhand, it could be the death knell for many kinds of easy exploit beloved of script kiddies everywhere. The same script kiddies that hang out extensively on IRC and haven't a clue how to root a box without a point and click tool to do it for them. If you were in their boat, wouldn't you be telling anyone who would listen that it sucks and not to install it? I mean, they might, like, actually have to *learn* how to hack a box themselves or find some other way of pissing in the pool... And we all know how the clueless noobs like to spread bogus security information and click on the nice patch that total stranger sent with the information.
Conspiracy theories aside, there is nothing unusual in a country outsourcing the management of its ccTLD, although usually the outsourcing goes from the 2nd/3rd world to the 1st instead of the other way around. Libya's.ly ccTLD is run by a company based in the UK for example. Plus, we have the blatent commercialisation of ccTLD domains like ".tv" that happen to have meaning in one language or another. Usually the government of the country concerned will retain some modicum of control and first dibs on second level domains, but this is not always the case.
Other than that the only problem I can see is that you need about AU$2000 worth of video card, and at least AU$1000 worth of Xeon to use it.
Look on the bright side; most Xeon systems already have the second PSU that you are going to need to power the extra card and turbofan based cooling system.
I think this is just like the straw that broke IIS's back on the server side. Big holes, no solutions...
In the interests of accuracy, there *is* a patch for the IIS exploit which has been around for a while; it's IE that has the unpatched vulnerability. What is particularly shameful about this is that the patch to secure IIS, MS04-011, has been around for a while are should have been installed to prevent infection by Sasser and its brethren. "Named and shamed" doesn't even begin to describe what I'd like to see happen to the companies whose IIS servers are responsible for the spread of this one...
Thinking about it, there's actually a *third* reference. Taking that slang literally, could also be construed as a reference to the fetishist/extreme sector of the pornographic entertainment industry. You probably don't want an explaination there...
Firstly, there is a "sport" known as Dwarf Tossing, which can be thought of as a shot putt, only using a real live dwarf as the shot. Naturally the politically correctness crowd are trying to get it banned... Gimli makes a reference to it during Peter Jackson's "Two Towers"; it's in the scene where Aragorn throws him from one side of a ravine to the other at Helms Deep.
Secondly, "Bunch of Tossers" is also British slang (not sure about the US) for a group of masturbating males, generally used in a context like "SCO? That bunch of tossers?"
Slashdot Mirror
This has got to be worth a second or two off pit stop times. All the pit crew has to do is tell the bolts to undo themselves as the car comes to a halt and they can proceed directly to changing the tyres. Of course, there are probably going to be a few amusing incidents when they trigger the release too soon as well... :)
The Linux Kernel, and indeed most core open source projects, have code vetting measures in place to prevent this kind of thing, as do most closed source companies of course. In the case of the Kernel exploit the attempt was detected and remedied before the code got into the wild and only a few users of the CVS kernel were ever at risk. Sure, it's not guaranteed, but it has been proven to work and on a timescale that is very impressive. It took Microsoft longer than that just to decide that their recent much publicised Windows code theft had even happened for example.
I don't think that the argument made in the article that OSS is open to abuse this way is invalid, attempts have and will certainly continue to be made. However, I do think that the article using this point as a validation that the closed source approach is better than the open one is invalid; there is simply no difference. From the previous paragraph, I think it's clear that both closed and open source methods can only make a best effort to prevent deliberate exploit; the aggressor only needs to get lucky once after all. The OSS community has shown several times that its security works within a reasonable timeframe: the Debian server compromise, the attempted trojaning of SSH and so on. As far as the closed source community goes though, information on compromises, like their code, is somewhat scarce.
If anything, I'd say the risk of getting exploits deliberately planted in code without detection are far greater in closed source applications than in OSS projects. Another lame attempt at FUD from the people behind AdTI..
Um, this was already tried last November. Not only was the exploit very subtle indeed but it was still detected and removed within 24 hours. This is about as effective a piece of FUD as AdTI's last effort, and it looks like they were so embarrassed by that one they are resorting to a new name. I'm guessing we won't be hearing from "Green Hills Software" again once they've been publically ridiculed either...
Not a chance in hell. One of the many breakdowns of where the money goes from record sales in the wake of Courtney Love's now infamous anti-RIAA tirade was fairly clear on that. All of the percentages are based on sales, specifically excluding "good will" copies, which are issued at the whim of the RIAA but the artists indirectly get to pay for.
Given the way they have just shown their contempt of the ruling by following the letter of the law and ignoring the spirit I expect they will do the same thing for the contracts too. In fact, I wouldn't be at all surprised if these CDs are classed as "good will" copies too and the artists essentially get sent the bill. I just hope that they build a monument to the RIAA at some point so I can go and piss on it.
The Santa Cruz Operation that was on the committee that specified ELF 1.2 with IBM, Novell, et al is still around and trading under the name Tarantella, and was indeed incorporated in Santa Cruz. The current SCO Group that has initiated all the lawsuits was also around trading under the name "Caldera Systems" at the same time. When SCO became Tarantella, Caldera acquired their rights to the "SCO" trademarks - the tree logo, the term "SCO", and their UNIX business/partnership with Novell.
I think it's going to be a no-brainer for IBM to blow the ELF claims out of the water. All they need is four bits of paper: SCO's incorporation, Caldera's incorporation, Caldera's acquiring of the "SCO" trademark and Caldera's official name change to The SCO Group. Line up the dates and it's all over; even if the current SCO had acquired the old SCO outright, they still can't arbitrarily revoke decisions made by their acquisition's directors. Aside from that being dangerously close to being a bait and switch, there is also the issue of the amount of time that passed from Caldera acquiring SCO. One of the reasons that the RIAA goes after copyright infringers with so much gusto is because they have to; if you fail to adequately defend your copyright then you are risking losing that copyright altogether. If SCO thinks it owns ELF, then why has it taken them so long to bring the matter up?
The answer of course is simple; SCO doesn't want the copyrights to ELF, although it probably wouldn't say no to them. What SCO wants is another delay in the case in order acquire more time to spread FUD and perform yet more legal shenannigans. Unfortunately no matter how good IBM's lawyers are they are going to get some of it at least.
Nor will there be, and quite possibly never will be again with the price in the region of $4.25 and the long term outlook of SCO being none to bright. It's against NASDAQ regulations to short stocks valued at less than $5 you see.
Ask any you shall receive! Click here.
Alternatively you could also flip that on its head and proactively add new accounts as required, which is what I do. So, if the scumbags at "Foo Corp." decide to sell my email address, I simply delete the "foo@mydomain" entry from my aliases file and both the spammer and Foo Corp. just get a User unknown from the MTA. It avoids all the pain of having a catch-all address and as a bonus it makes sorting email into folders a snip because "To:" is always unique and relevent!
So, you're saying that Darl McBride might still have career opportunities after SCO? Damn.
Then again, SCO isn't a major corporation and was already scrabbling in the industry detritus when he took over, so there's still hope.
Well Microsoft does get to pay Hotmail's bandwith bills, email storage costs, and employ people to deal with abuse reports? Don't forget that they also get to deal with all the spam that is undeliverable, bounced, or dropped by user's filters etc. Per individual spam, Microsoft may well be paying less than a recipient, but there is definitely a very real price tag attached.
Unfortunately however, under CAN-SPAM, only ISPs and not end-users can use the legislation to go after spammers through the courts. As the owner and operator of Hotmail that would naturally include Microsoft. Of course, the statement that the actions has "netted them $54 million" means the courts have awarded them that much, they will actually see far less of it than that.
It would certainly be nice if Microsoft (and others in a similar position) would make at least a token contribution to the anti-spam groups out there. Spamhaus operates almost entirely on contibutions and sponsorships, Spamcop has a legal defence fund, Spam Assassin is now under the auspices of the Apache Foundation... the list goes on.
So have I, so I forwarded a couple of the messages to ICSTIS and they stopped practically overnight. Best of all, as this article shows, ICSTIS has teeth and isn't afraid to bite and name names afterward. Note that in additional to the UKP 75,000 fines, all six companies were banned from operating in the UK. Combine that with this upcoming operating guideline and hopefully SMS spam in the UK might not even get off the ground.
The only problem is that because the source is tidal, the availability of the power cycles around the clock once per orbit of the moon. Depending on the tides, the power may or may not be available during periods of peak demand, so you still need either an alternative source of power or a means of storing the power until it's needed.
Anyone who needs an unmanned flying vehicle, whether remote controlled or pre-programmed, that uses similar principles to a cruise missile. There are several uses for such a thing besides the obvious destructive ones; a surveillance vehicle like the Predator, for example. It needn't be used by the military either - with a camera in the nose and a search grid flight program you could use it for Search and Rescue operations.
I'd suggest offering his skills to one of the teams competing for the X-Prize or something similar, but since most of those are based in the US I don't think he'd be allowed in the country.
It's not like Berman has ever come up with anything really original, is it? But I suspect that they'll just never have any humans or Romulans in the the same scene because the Vulcans insist on handling all of the the negotiations because the humans are *so* not ready to deal with something like this on their own.
Shame on you; it's from Hitchhiker's Guide to the Galaxy, specifically Eccentrica Gallumbits, the triple-breasted whore of Eroticon VI.
On the otherhand, it could be the death knell for many kinds of easy exploit beloved of script kiddies everywhere. The same script kiddies that hang out extensively on IRC and haven't a clue how to root a box without a point and click tool to do it for them. If you were in their boat, wouldn't you be telling anyone who would listen that it sucks and not to install it? I mean, they might, like, actually have to *learn* how to hack a box themselves or find some other way of pissing in the pool... And we all know how the clueless noobs like to spread bogus security information and click on the nice patch that total stranger sent with the information.
Conspiracy theories aside, there is nothing unusual in a country outsourcing the management of its ccTLD, although usually the outsourcing goes from the 2nd/3rd world to the 1st instead of the other way around. Libya's .ly ccTLD is run by a company based in the UK for example. Plus, we have the blatent commercialisation of ccTLD domains like ".tv" that happen to have meaning in one language or another. Usually the government of the country concerned will retain some modicum of control and first dibs on second level domains, but this is not always the case.
Look on the bright side; most Xeon systems already have the second PSU that you are going to need to power the extra card and turbofan based cooling system.
In the interests of accuracy, there *is* a patch for the IIS exploit which has been around for a while; it's IE that has the unpatched vulnerability. What is particularly shameful about this is that the patch to secure IIS, MS04-011, has been around for a while are should have been installed to prevent infection by Sasser and its brethren. "Named and shamed" doesn't even begin to describe what I'd like to see happen to the companies whose IIS servers are responsible for the spread of this one...
Thinking about it, there's actually a *third* reference. Taking that slang literally, could also be construed as a reference to the fetishist/extreme sector of the pornographic entertainment industry. You probably don't want an explaination there...
Firstly, there is a "sport" known as Dwarf Tossing, which can be thought of as a shot putt, only using a real live dwarf as the shot. Naturally the politically correctness crowd are trying to get it banned... Gimli makes a reference to it during Peter Jackson's "Two Towers"; it's in the scene where Aragorn throws him from one side of a ravine to the other at Helms Deep.
Secondly, "Bunch of Tossers" is also British slang (not sure about the US) for a group of masturbating males, generally used in a context like "SCO? That bunch of tossers?"
Of course there are companies dedicated to Dwarf related entertainment, but they are a bunch of tossers.
If you talk to your PC's chipset then I rather think that you may have some problems of your own...