Slashdot Mirror


User: _Sprocket_

_Sprocket_'s activity in the archive.

Stories
0
Comments
5,182
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,182

  1. Re:Not MOSTLY from Microsoft and Sun... on SCO Claims $15,300,000 From SCOsource · · Score: 5, Interesting


    Are y'all sure that Sun did give SCO $$$ recently ?


    Usually the glib responce is "RTFA" - in this case its RTF10K. To quote:

    We initiated the SCOsource effort to review the status of these existing licensing and sublicensing agreements and to identify others in the industry that may be currently using our intellectual property without obtaining the necessary licenses. This effort resulted in the execution of two license agreements during the April 30, 2003 quarter. The first of these licenses was with Sun Microsystems, Inc. ("Sun"), a long-time licensee of the UNIX source code and a major participant in the UNIX industry, and was a "clean-up" license to cover items that were outside the scope of Sun's initial UNIX license.

    ...

    The license agreement with Sun provides for an additional $2,500,000 to be paid to us by November 2003.

    ...

    In connection with the payment of $2,500,000 to us by Sun during the quarter ended July 31, 2003, we granted a warrant to Sun to purchase up to 12,500 shares of our common stock, for a period of five years, at a price of $1.83 per share. This warrant was valued at $150,000 using the Black-Scholes option-pricing model and reduced our licensing revenue for the quarter ended July 31, 2003 by that amount.

    The other licensee mentioned was Microsoft. There's your proof that the mystery license went to Sun. Unless, of course, you believe SCO lied in their filing.
  2. Re:The Cost on Register.com Loses Class action Lawsuit · · Score: 1

    Actually, I completely disagree with almost everything I stated in that post. Call it a lame joke. Or a troll. But the entire post was intended to be laced with cynisism.

    But I do agree with your point... and perhapse an implication that I might have made. That is, one is not likely to get the best deal if one doesn't know what one is doing. Making educated choices is important.

    Which doesn't mean register.com gets carte blanche to take advantage of their customer base. Which is a another point we also seem to agree on.

    Now... this does not mean Register.com shouldn't be charging premium fees. If people want to pay those fees, more power to Register.com. And if Register.com gets those fees because they hand-hold their inexperienced customers then that is a service that justifies their fee. Great.

    But then - this case isn't about premium fees.

  3. Perspective on Microsoft Identifies, Patches Another Critical RPC Hole · · Score: 4, Informative


    Seems impressive that such a severe exploit has been in popular operating systems for many years - when was NT 4 released? 97?


    Let's do some comparisons.

    The last big Linux worm out in the wild was slapper. Slapper took advantage of a vulnerability in OpenSSL which was reported on 30 Jul 02. All previous versions of OpenSSL to that date are vulnerable. This includes the SSLeay library on which OpenSSL was based (as a side note - anything based on SSLeay code could also be vulnerable).

    According to this version file it looks like SSLeay was first published 01 Apr 95. So using the same rough assumptions on the age of the vulnerable code base, both the Microsoft RPC and OpenSSL buffer overflow vulnerabilities were present for discovery and exploitation in the wild for seven years.

    Of course, this is very rough. But it does add a bit of perspective.


    If linux had 90+% of the desktop how long would it take for its remote exploits to be taken advantage of?


    About how long it takes for them to be exploited now. This Linux marketshare argument tends to ignore the fact that there is already a healthy installation base of Linux servers and systems... and have been for years. And it ignores that Linux does, in fact, have its own history of exploits, worms, rootkits, and other assorted tales. This is not virgin territory to Linux. And the question is not "if".

    I've mentioned before that the issue with worms and Windows versus Linux/Unix systems has more to do with architecture and management than market share. Although they are arguably related.

    Linux and Unix environments just do not provide the fertile ground worms need to thrive. They have existed... gone through their brief growth... and then died. At least, they do now (nod to the infamous Morris worm). Part of that could be the Unix architecture - the ability to reliably patch and control a system. But a large portion of that is simply because the vast majority of these systems are properly managed.

    If / when Linux gains more desktop marketshare, it is almost a given that it will present a more fertile target for malicious code. A lot of Linux architecture tends to lend itself to a less attractive virus haven than the current Windows standard. But desktops just don't get the same attention servers do. And there are, and will likely continue to be, vulnerabilities in the Linux world - no matter how quickly they are fixed. Popular desktops with the occasional exploit and a lack of attention to update them; a more fertile ground for malware.

    Keep in mind, though, that this is not just an issue of desktops. Servers still count and are also affected by the likes of Nachi and Blaster (much to the suprise and chagrin of some of our admins).
  4. Re:The Cost on Register.com Loses Class action Lawsuit · · Score: 1


    Register.com domains are costly because of the support given. Guys that don't even realize what a domain is or how it is used tend to be the client base for RCOM. As for the issue with the coming soon page I think the fella was doing a money grab.


    Darned right. Because if you don't know about the technology you're trying to use, you deserve whatever you get. Even if a service advertises itself as catering to your uneducated needs. What you're really doing is giving someone carte blache to take advantage of you.

    If its one thing we've leared from AOL, its that there is a price for being new and ignorant. And that price is firmly set in the form of popups and tracking advertisements.

    Its only fair that Register.com also use their "coming soon" page to follow this internet-time honored tradition. Heck - its almost a requirement considering their customer base.

    And of course, any funds made from the ignorance of their customers is not in any form a "money grab". That term is solely reserved for those upity few who realize they have been taken advantage of.
  5. Defining "innovation". on Register.com Loses Class action Lawsuit · · Score: 1

    The word "innovation" is being used in all kinds of interesting ways these days. In this case, it can be defined as "the ability to push advertising technology to include popups/unders and web bugs."

    Take a look for yourself (thanks spydir31).

  6. Re:Stupid lawsuits by the few... on Register.com Loses Class action Lawsuit · · Score: 1


    The coffee dispenser at my office is usually up around 205 degrees, yet I don't see people running around with third degree burns...


    They probably also use decent coffee cups. I seem to remember that part of the issue was the cups McDonalds used.
  7. Re:This was a stupid lawsuit. on Register.com Loses Class action Lawsuit · · Score: 1


    Why? Do you wear clothes with labels on the outside? Drive a car with a dealer badge or license plate frame? Why not get paid for those as well?


    I know some dealerships (if not all) will honor a customer's request to not attach a dealer badge. I seem to remember a nominal fee for this but I'm sure if varies with dealership (what dealer is going to anger a customer and risk a sale over a badge).

    Having said that - it is a dealership badge. It is not a bumpersticker for Exxon gas stations. It doesn't also include side panel decals for McDonalds, window tints advertising Doritos snack chips, and a flashing rooftop sign suggesting Taco Bell for your next meal. And a horn that exclaims "make 7-up yours!"

    Register.com would have been in a much better position if they had simply pointed to a page that noted the domain had been registered with register.com. Kind of like a dealership badge.
  8. Responsible Industry and IP on SCO's Open Letter to Open Source Community · · Score: 1


    This code was "developed" under the watchful eye of responsible capitalists, yet copyright infringement happened anyway.


    This is a subtle point that probably escapes those who this letter is directed towards. That is to say, business types not technologists. And certainly not the Open Source community.

    It might help the business community to draw a few more blatent parallels. We can look at the software industry directly. One major leader in that industry, the well known if not respected Microsoft, has a history of running afoul of other's IP.

    I don't bring up Microsoft to bash them. Rather, if an industry leader with the amount of resources Microsoft has at its disposal can't keep itself clear of infringing IP... what makes McBride think any other apsect of the industry - Open Source or not - has any guarentee of being infringement free?

    Critics may point out that Microsoft's transgressions may not have been accidental. And that only further highlights the futility of McBride's point.

    But maybe it is the software industry. Maybe they're not old enough to have gotten a handle on how to operate. We could take a look at a simular industry that can track its liniage in centuries rather than decades; publishers of books and newspapers.

    Unfortunately we can quickly find problems with traditional published materials. Newspapers and journalists came under increased scrutiny with the much-publicized plagarism (amoung other things) charge against reporter Jayson Blair of the venerable New York Times. And book publishing has long been marred by plagerism - Alex Haley's well-known Roots: The Saga of an American Family is a prime example.

    Does that make the publishing industry any less appropriate for mainstream business than the software industry... to include Open Source software? Hardly. The publishing industry has lasted for centuries. The software industry has been growing for the last few decades. And Open Source is yet just another part of this overall history of publishing creative works.

    Sure - plagarism and "IP theft" will continue to be an issue within these aspects of the publishing industry. But just because the issue exists does not mean the industry itself is suddenly invalid.

    Or that business should pass it by.
  9. Re:Face it, Linux is popular enough. on Microsoft Issues Five New Security Warnings · · Score: 1


    However, the truth is, there is no public declaration of Linux vulnerabilities when found. We don't see much about those discovered because Linux still isn't that popular.


    A couple interesting things have happened over the years with the general media. First, IT technology is showing up as an issue more and more often as it now touches more and more lives (or at least, people seem more interested in it). Microsoft vulnerabilities are being reported more often as it affects the desktops of more and more people. And popular media are now properly reporting these vulnerabilities as Microsoft vulnerabilities - not simply a "computer virus".

    Sure - we're not hearing about the latest Linux vulnerability outside the most hard-core tech press. Even the Slappper worm didn't gain CNN's attention. But then again - it didn't do much damage.

    That's not to say the latest *nix vulnerability is not publically known. There are plenty of specialized sources to find this information. Open to the public - virus writer or not.

    The difference here is that *nix worms have fairly short runs. Their target systems tend to be fairly well managed and updated quick enough that whatever fertile ground exists for these things quickly dries up.

    For one reason or another, things are different in the Windows world.


    If Linux popularity does approach the levels needed to be noticed by the good virus writers who will take resposibility for notifying the public that they need a particular patch. Who will accept accountability for the problem? Worse, who is going to go through the myraid choices we have in releases and providers?


    There have been Linux worms. They've made their runs and lived out their short lives. The community (both commercial and volunteer) reacted. Those who deal with the particular bit of vulnerable software issued patches (which in turn are issued as part of various distro updates). Appropriate notifications were made. Admins / users did their updates. All this has been done before.

    What makes you think the next one will be any different?

    One side comment - it is rare that a bit of malware is ever considered "good". Virus writers tend to be ridiculed for their code quality. And the worms or viruses themselves are rarely doing anything particularly amazing or new.

    These problems are less about "good virus writers" and more about bad software ecology.
  10. Re:Doesn't make any sense.. on Microsoft Issues Five New Security Warnings · · Score: 1


    Two security companies and a publisher (and a regular joe). I'll bet if Foundstone and eEye turned *alot* of their resources on the linux os/apps or Sun os/apps, we'd see alot more reports. The reports wouldn't be nearly as visible since Microsoft actually bothers to go out of their way to annouce them.


    You've got a good point in that Microsoft is not alone in bugs and patches. But I can't agree with the idea that nobody is looking at various *nix flaws. Let's take a look at two good examples.

    Remember the Slapper worm? It took advantage of a vulnerability in OpenSSL. This was discovered through a security review under DARPA.

    A more recent example was a vulnerability in sendmail published March 03. This one came from the work of ISS.

    These are just two examples. There are plenty of other vulnerabilities found in the *nix world accredited to various individuals and large organizations. In short, *nix gets looked at just as hard as Microsoft does.

  11. Re:Why is the Stock Price still going up? on SCO Invoices For Unix Licenses Get Closer · · Score: 2, Interesting


    If you look outside the jaded slashdot somebody is investing a lot of faith in SCOX.


    Sure. But faith is not proof. It simply means someone believes in something. Faith can be misplaced. And it can be abused.

    That's not to say one can't make a profit from faith. So who would be profiting? Tim Rushing has an interesting idea.


    Despite my linux allegiance, I tend to trust people spending the cash more than those trolling the message boards.


    Just because you're able to spend money doesn't mean you actually know anything. I believe there is an entire industry roughly based on this concept out of Nevada... primarily Las Vegas.
  12. Re:I'm sueing too. on SCO Invoices For Unix Licenses Get Closer · · Score: 1

    Concerning the Computer World article...

    Its only fair that all sides of an issue get a voice. Although the article tittle "Users and resellers say SCO's news is good news" would be a bit more accurate if it read "SCO proves 'a sucker born every minute'."

  13. Re:Call Me a Cynical Businessman, But... on Finally A Major-Brand Desktop With Linux, Not Windows · · Score: 2, Interesting


    There hasn't been a great clamor in the consumer sector for *nix boxes. Those in the know sculpt their own (or buy Apple, of course).


    A very good point. But as it has been pointed out elsewhere in this discussion, the article notes that this line is aimed at business.

    There is an increasing, albeit still a niche, interest in Linux on the desktop in that sector. We've seen the articles. And I've worked at a couple large organizations (corporate and government) that are either working on or already deployed an officially supported desktop Linux base.

    On the other hand, I suppose this could very well be a chance to push back at Microsoft and strike a better deal. Certainly for OEMs. However, in my two examples, the deployment of Linux desktops has been less about replacing Microsoft and more about serving a demand from the organization's users.

    Creating a "Linux compatible" desktop doesn't require too much effort these days. But there is the occasional hardware vendor that should be avoided for a Linux desktop. HP seems to be doing the footwork for business users in providing a desktop that will accept the blessed standard Linux desktop load - whatever that may be. With the usual guarantees and hardware support one tends to look for in a large hardware supplier.
  14. Re:The reason why on Postfix: A Secure and Easy-to-Use MTA · · Score: 1


    Apparently, you miss a lot of vulnerabilities. Blaster was patched already. As for SoBig, that's a user-transmitted worm. If everyone used Linux and an e-mail client, guess what? Stupid users would still run the attachments. Sorry to POP that bubble.


    No - I've seen those. I'm not claiming that Microsoft is the only one that gets exploits. But lets call a spade a spade. This recent spat of worms and viruses live entirely in Windows. They are, in fact, Microsoft vulnerabilities and Microsoft worms.

    Sure - even with Linux you're going to have "stupid users". Its just that they will have to be more motivated to hang themselves. Even the nice GUI Linux email clients have taken sane approuches to handling data (to include HTML email).



    Or it could have had something to do with dates. Namely, the Sendmail exploit mentioned was published on March 3. This article has a Aug 21 date.

    Interesting that Slashdot ignores it for so long.


    You may be suprised to find that Slashdot covered this vulnerability on March 3rd. The day it was published. This is the same vulnerability being mentioned here. In August. In an article about Postfix.

    Hardly ignored. Or covered up.

    Oh. And, of course, there is no Sendmail worm wrecking havock with the Internet and private networks.
  15. Re:The reason why on Postfix: A Secure and Easy-to-Use MTA · · Score: 1


    This article was really about a hole in sendmail.


    No it isn't. Two introductory paragraphs talk about sendmail holes, and its inglorious history. Then the vast majority of the article talks about Postfix configuration.

    Sendmail vulernabilities are the hooks, not the subject.


    However, with all the so-called "Microsoft holes" Slashdot has been reporting non-stop about, they needed to immediately offer a working alternative so they can say, "It's not that big a deal; here are well-known alternatives," and play down the hypocrisy a bit.


    Sorry. I missed the Unix (Solaris, *BSD, OSX, Linux, etc) variations of SoBig, Blaster, Nachi, etc. I had no idea these recent worms attacked more than Microsoft infrastructure.


    Meanwhile, there are just as many alternatives to Outlook, but that doesn't stop people from declaring Windows unsafe (never mind that SoBig is a user-transmitted worm).


    Yet, Outlook is what is being commonly used and exploited. Sure - there are alternatives (as long as they don't make the same mistakes Microsoft did... or use the same bits of technology). Its a shame that, for one reason or another, they aren't more commonly used.

    Of course, its not all about Outlook. There's been more going on in the last few weeks than SoBig. Or is there a variation of Blaster or Nachi that propogates via email?


    They were just trying to play down the seriousness of it. "You should have been using postfix!"


    Or it could have had something to do with dates. Namely, the Sendmail exploit mentioned was published on March 3. This article has a Aug 21 date.

    But then - there's that really annoying Sendmail worm that hit everyone just after the Blaster/Nachie and SoBig combo caused so much ruckas. Thank gawd Slashdot and O'Reilly were there to cover it up with a well-timed article on installing and configuring Postfix.
  16. Re:There's more to it than just that... on Sun Mad Hatter Linux Desktop Revealed · · Score: 1


    It almost sounds like you're arguing thin clients for their own sake. My point is that the licensing fees (oh, and I forgot to mention Sun SPARC servers) for a thin-client environment may be higher than the support cost of a fat-client environment.


    It might be. Perhapse that is why they aren't more common. Desktops aren't my concern so I haven't taken a hard look at the numbers.

    But the technology is nice. If you can handle the price.

    One minor point - your shopping list is a bit too heavy. True, one needs to include back-end Sun servers to drive the thin clients. But then, Solaris isn't a licensing option in itself. It comes with the hardware. Strike that line item.

    Of course, Windows and Citrix licensing isn't cheap. In fact, its pretty hefty for what you get.

    So the issue is... what exactly do you spend on support? I know my employers in the last handfull of years have put out a pretty impressive amount of money to support their desktop environments. A large part of that involves the logistics of managing scattered fat-client workstations. I can see how thin-clients might be attractive. Even if the technology was expensive to deploy.

    Now. Whether the bottom lines all zero out... dunno. But then... where I work now... I don't think anybody really knows what is going to show on that bottom line at any given time. :)
  17. Re:There's more to it than just that... on Sun Mad Hatter Linux Desktop Revealed · · Score: 1


    So then you have to pay for Windows, Citrix, Solaris, and the Sun Rays. Might as well have bought Windows desktops at that point.


    Depends on what you're after. If you want an effective thinclient architecture and you need to run Windows apps - there's your solution.

    If you're after cheap up-front costs, then the standard fleet of desktops might work better. But then, you're giving up (or not buying in) on the idea of thinclient / network workstations.

    Also keep in mind that the costs of desktop maintenance vary on the size of the installation. A small business might find that stand-alone desktops and the occasional contract techie works fine. I'm used to looking at environments with over 12k workstations. Individual workstation cost is nothing compared to the cost and logistics of maintaining that number of workstations.
  18. Re:There's more to it than just that... on Sun Mad Hatter Linux Desktop Revealed · · Score: 3, Interesting


    Over at LinuxWorld, Sun was demonstrating the Mad Hatter desktop. However, it wasn't just Mad Hatter on a single computer, rather it was set up on dummy terminals connected to a network computer, with a login simply being a smart card inserted into a reader within the terminal.


    Sun has been doing this for quite a few years now. Their thin-client line is called Sun Ray. I've seen the Sun Ray 150 model demo'd in several places and used by a crew that runs the terminal room for a series of infosec conferences. Very nice.

    Whats even more interesting is when you plug in a Citrix server and have access to Windows apps from your Unix desktop.
  19. Re:Is political speech spam? on Is the Dean Campaign Spamming? · · Score: 1


    If we did not have any spam, the kinds listed above, would anyone complain about emails from persons running for public office?

    I think one of the most important jobs a citizen has is to review the candidates running for office and pick the best one. To that end, I do not think an email here or there about something important is a bad thing.


    A hundred unwanted messages littered throughout my inbox impacts me the same no matter if the "important" message involves a product, candidate, or issue.

    If I want to review a candidate or issue, I will look in to it. Web pages are welcomed and make it easier for me to investigate on my own schedule. I do not need the information force-fed and competing for my attention.
  20. Re:It's not an excuse, it's the truth. on Microsoft Code at Fault for Half of all Windows Crashes · · Score: 1


    And that is why the NT series (including 2K) SUCKED at running games


    Actually, in my experience (highly subjective), 2K makes a rather decent gaming platform. If you can find the applicable drivers.

    As has been already pointed out, the issue with where video drivers lived changed between NT3.51 and NT4. Which only added to NT4's problems. But it did improve perceived performance.
  21. Doing Something on Hardware Manufacturers Gouging Customers · · Score: 2, Informative

    The dot-bomb burst was especially nasty for Cisco. Sure, it was the beginning of an economic slump. And that meant customers were more likely to hold on to their funds "just in case" than shell out for networking gear - even if they could afford too. But it went further than that.

    All these failed dot-coms meant there was a very large supply of premium Cisco network kit available for pennies on the dollar. Sales of this used gear directly competed against new sales. Not only was Cisco facing customers not willing to spend, but those who would be willing to spend would not neccissarily mean the sales Cisco desperately needed in these hard times.

    The added twist to all this was that a good amount of that gear being auctioned off and competing directly with Cisco for hardware sales had been financed by Cisco. That's right. The used equipment that was competing with Cisco for sales hadn't actually made Cisco any real money to begin with.

    I suspect there were individuals within Cisco challenged to "do something" about this situation.

    Of course, it's a shame that Cisco is doing this. It may keep some strategists their jobs. It might act as a bulwark against loss of desperately needed sales. But it will cost Cisco good will of their customer base. And with the loss of good will, Cisco will eventually lose sales.

  22. Who held shares? on SCO Calls IBM Countersuit "Unsubstantiated Allegations" · · Score: 1


    The goal of almost any business is to maximes shareholders' value, not provide job security or anything else.


    Great. Maybe you can ask the employees of Enron who had their retirement investments tied up in Enron stock about that "shareholder value". Sure - they don't have jobs... but that's OK. They walked away with a huge sum for their wise investment, right?

    Also keep in mind that Enron executives urged employees to continue investing in Enron stock right up the imposion of the company. This despite numerous indicators that the company was on the brink of collapse.
  23. Re:Yes, but what about this post? on Microsoft to do for Usenet what it did for Email & The Web? · · Score: 1


    On /. the posting is too fast and furious and hypertextlike for either top of bottom posting. That's why the default is to just leave the previous discussion out.


    Of course, it is also fairly common to see people formatting their posts to emulate this kind of feature. Like this.

    It might also be worth mentioning that other common web forum software systems include the ability to quote. And they tend to follow this "bottom post" format.
  24. Unauthorized Content on My Pal Mickey -- Interactive Theme Park Doll · · Score: 2, Interesting


    The only way to get the toy to say something not intended is to somehow capture and retransmit the IR data, or to create your own circuit that reponds to the transmitters. A group has been created to figure out the system at http://groups.yahoo.com/group/re_palmickey


    Just think. Someone manages to reverse engineer the network being used and publishes specs that enable anyone with the desire to plug in to this network with their favorite PDA. Then someone maps out the locations of various signals one will encounter. The next step would be customized content.

    Maybe it'll be a hidden Mickey guide. Or maybe a guide of more morbid fare.

    What would Disney do?
  25. Trade and Paranoia on My Pal Mickey -- Interactive Theme Park Doll · · Score: 1


    Seriously, does it really matter if they're tracking you, and if they end up using that information to change or plan new theme parks? Quite frankly, isn't that exactly what we should want?


    Is it a big deal? Perhaps not. But I'll give you two reasons to be wary of this device. One involving self-worth and a bit of greed. A second involving rights and "Black Helicopter" theory.

    The first issue is that of a fair trade. If the anonymous Mouse agent can be believed - these devices will be providing a gold-mine of data... and perhaps a major edge to Disney's theme park business. And Disney customers are paying $50 each for the privilege of providing this valuable information. Surely Disney should be providing the devices for free with the intent to trade theme park information for the ability to track real-time customer preferences.

    The second issue is a bit more caution than existing issue. It all depends on exactly what is being tracked and recorded. If Disney's tracking network can tell that a device is in a particular location fine. Once the network identifies a specific device (that is to say, the device has a unique ID) then it starts to become a concern.

    Its almost a given that these things have unique identifiers.

    So why the concern? Databases. Cross correlation. The ability to take two (or many more) seemingly disparate pieces of information and discover additional information that hasn't been tracked, logged, or is otherwise unavailable to the entity doing the analysis.

    At one point, this was not much of a concern. Storage and processing time was expensive and best left to handling more important things than the minutia of the average consumer. But times are changing. Storage is cheap. And so is processing power. And marketers are eager to get their hands on any kind of data edge they can (and so are other entities - from government officials to con-men).

    Its a bit paranoid. But not entirely unjustified. We already have rather simple cases like Doubleclick to show how data can be linked in unexpected (and previously denied) ways.

    Does that make My Pal Mickey an agent of database evil? Perhaps not. But it could be a symptom of a fast-approaching problem.