This points to my first question:
What sort of CPU are they using for this thing?
The solutions open to us may differ, slightly, depending on whether they are using a dedicated/ custom DSP chip or a general purpose CPU. Then we've got questions like (P)ROM vs. EEPROM.
The PR sheet didn't give any of these kinds of data. Is anybody able to contact the manufacturer for this info?
If we can get a combination of people with close links to the manufacturer and people with a good history, perhaps it would be possible to arrange the loan of a few units for people to hack on? The hackers would get some interesting toys to use for some interesting project, and the company would get access to the resulting open software. I think that it could be a pretty good win-win situation.
I did a run with pipespeed2.cpp on Windows and specified a 256 MB buffer size. Windows obliged by swelling the buffer size to hold 256 MB of data before the ReadFile() was issued.
I think it was a troll... Funny as all get-out, but a troll nontheless. -- and I would have liked to seen the Windows performance at (say) a 64k block size.
If the file is owned by root and the setuid bit is set, then executing it will get root priveledges. However: the classic code may (probably does) abdicate it's root privs whenever it runs a piece of user code.
The fact that the program is setuid isn't a gaping security hole. It just has the potential to be a gaping securit hole, if it's written by someone from Microsoft.
Relative to the months of creative work and irreplacable personal data that can be lost, getting the local geek to spend a few hours reinstalling software is indeed trivial.
He didn't say that getting the local geek to spend hours reinstalling software would be easy, or that the geek wouldn't figure he had much more interesting things to spend his time and energy on... Just that it would pale in comparison to recovering all of the lost work and communications (presuming that there wasn't a reasonable backup process in place -- now that's something you should assign a geek to spend a few hours on!).
Uhm, isn't getting an 802.11b free-network up around ground zero the kind of thing that us slashdot types could do to help with the rescue effort? (note that 'freenet' is apparently trademarked).
I note that the ricochet network is only guaranteed to the end of October. It shouldn't be that difficult to get a free network up and running to cover the site by then (even if it has to be powered by car batteries!).
It was back in 1979, on MTS (Michigan Terminal System) at the University of Alberta, where I'd bought a computer account while in High School. Previous to that, we'd had an in-hous messaging system (simply called 'mail).
Mail was pretty simple. Everybody who wanted to use it, created a file 'mail' in their home directory which was permitted append-only others. (You think ACLs are a new idea?). The mail program took your message, added a header, and appended it to the end of the recipient's mail box. (much like UNIX mail does, except that the destination mailboxes were decentralized).
The first multi-system mail had interesting routing features. I remember a message from Edmonton to Calgary (180 miles south of Edmonton) went south to the states, through New York and California before arriving in Calgary via Utah.
Not long afterwards I got introduced to Unix, and the Usenet. Needless to say I was hooked. I was soon expounding the values of email to everybody who would listen. -- trying to get them to understand why it was, in so many ways, better than fax, for most written communications.
It was almost a crusade -- trying to get as many people as possible onto email. Even back then, I was into remote administration -- running boxes from home over a 300 baud modem with a homemade terminsl program. I still remember one person replying to one of my emails:
Is your system clock completely out of whack, or is that really when you sent that email?
Beyond the fact that a threatened life sentence isn't gonna stop a terrorist who's willing to blow him/herself into tiny pieces to get to you, consider this:
So you have a backdoor to all encryption: in 2005, Osama Bin Laden II has managed to crack the back door -- but he doesn't tell anybody, because that would undercut public confidence in the cryptosystem. Instead what he does, is eavesdrop on 'secure' conversations, and mess up financial transactions for the next year or 3.... until people realize what's going on, and trash the back doors
At that point, we're back were we started from -- except for the fact that we've had a few years of badly compromised commerce and communications.
Doesn't work. As far as I remember the news reports, the tickets were mostly bought a while before the attack, and they were bought over a period of a few days. If there was such a trigger event, it was something else.
The last two big worms had patches available before they started spreading...
If you've ever read hitchhikers guide to the galaxy, there's a scene (repeated in variation) where Arthur Dent (and then, in the variation, Earth) gets informed that the plans of immanent distruction have been on public display for a long time:
In a locked cabinet in a dark room in the abandoned depths of the basement with a sign on the door saying "man eating tiger -- stay out!".
The plans for Earth's destruction were on display on Alpha Centari
In any case, the Microsoft patches were available, but not on their push list, and I'm seeing reports that Microsoft weenies were describing attempts to download the fix(es) as "unnecessary".
The larger question, as well, is one of Microsoft
not having security very high on their list of priorities. Given a choice between a whiz-bang feature, or a secure system, they seem to go for whe whiz-bang, and hope (wrongly - time and again) that hackers won't notice yet-another gaping hole.
The problem that Microsoft users face with respect to security is not just that MS windows is a common system. It's that Windows is a common system built like swiss cheese. If Linux and Unix were designed and maintained with the lax attitude towards security that Microsoft products display, we'd have more Linux worms than a dead gnu carcas.
The in-band nature of the Hello packets, loss of which causes the 'flapping' is not an accident or an error. It is a feature. If you lose the hello packets, then chances are that you're losing other packets as well. This means that this branch of the network is overloaded and you should try another path.
Lost packets cause retries -- which cause even more traffic. If your problem is overload, you are far better to try another path than to lose packets and generate (overall) more packets through retries on the shorter path.. If all inbound paths to a network are overloaded, then the whole network is overloaded, anyways. You might as well just drop the packet, and give the overloaded routers that 30 second flap time to catch up to the backlog.
If you took those packets out of band, then you'd be needing another method to measure packet loss... This would require more CPU and/or more packets (bandwith) -- thus making the whole problem even worse.
My first thought would be to call them 'surge worms', based on the explosiveness of their propagation.
Worms, by their nature, have a surge propogation distribution. Sometimes, if the propogation is slow, the surge gets eaten by the noise of system trafic. In cases like the two worms caught in this study, the worms propogated fast enough and were active enough that they were able to affect overall internet communication as a side effect.
The "internet" worm, also known as the Morris worm, affected a lot of machines, including a VAX that I was administering at the time. The class of machines that it affected included much of the backbone of the Internet at that time, thus it was actually accurate to call it an internet worm.
VAXen were the norm on the backbone. Suns were just starting to break into the backbone. I still remember some of the the machines on the net, like decvax ucbvax and (the mythical) moscvax (used in an April fools joke -- the fact that people would automatically take moscvax to mean a vax located in Moscow would indicate the state of The Internet back then).
These days, the backbone of the internet is a bit more diverse, so it would be a lot harder to describe a worm as an internet worm., unless it was very multi-platform.
Up until the Morris worm, people cared about security, but it was generally believed that you could trust other machines on the net... At that time, to get your site on the net, you had to have someone who was already on the net vouch for you and back you. As such, you could generally trust the administrator of each machine you were talking to.
This was, however, the time of the ascendency of the PC. These machines were owned by the user. Now you not only had to trust the network administrator, you had to trust each and every user with a PC. Even after plugging the holes exploited by the Morris worm, people were starting to deal with the fact that you could no longer presume (or even hope!) that a packet from a low port number could be trusted to come from a secure program. It really was the dawn of a new age in the internet world -- not entirely unlike what seems to be happening in North America in the wake of the WTC attacks.
The morris worm also opened up people's eyes to the problem ofbuffer overflows. This was the first really widespread exploit of buffer overflows. After the worm came out, people started going through code, weeding out potential buffer overflows. It's not that people didn't care about security. There was, instead, a certain presumption of trust that -- these days -- would be considered naive. The Morris (internet) worm woke people up to the naivete of those presumptions.
No. It doesn't describe a flaw/backdoor. The article uses BGP logs of a specific (and known) feature of BGP to track wha's happening when. The MS worms hit that feature in an uncommon way that can exacerbate the problem, but the source if the problem is the Microsoft worm.
Besides: If someone blows up your house with a bomb, they usually call it a bomb attack, not a house attack.
I can give you a list of worms that attack Microsoft products, but only Nimda and CodeRedII have displayed this behaviour. Hence the need for proper classification.
Not true. It simply happens that those were the two viruses that hit during the period what was being studied. If Code Red 1 had hit in the same period, it's might have had a similar effect). (though slightly less pronounced).
Their classification is worms. Their more specific classification is Microsoft worms.
MS worms are going to continue to plague us -- both because MS Windows is so common, and because MS Windows is so much easier to exploit.
Calling it a Microsoft worm is really a distortion, and it's the kind of thing that can damage the credibility of the author.
Separately, they are the Nimda work and the Code red II. Together, one of the things that they have in common is that they're Microsoft based. Chances are, in the future, that most of the worms that are going to have this sort of effect are going to be Microsoft based.
I can think of two (OK, three) reasons why:
1) There are lots of MS machines out there that are just RIPE for infection.
2) Microsoft has (throught negligence and/or design), set things up such that the default configuration of these machines is to be very insecure. 3)Even if someone were to come up with a worm that could breach each and every Linux box out there, it would not, at this time, have the kind of volume effect on things that these MS worms have had.
They are Microsoft viruses. The description is succinct and accurate. There are also likely to be more of them. It also puts some PR pressure on Micro$oft. The PR department is the one department that seems most in charge of Microsoft. If we're lucky, they will respond to it by starting to pay some real attention to security for their software.
I think you missed the point of what I was saying. The problem that the original article talked about was BGP traffic getting dropped due to load. If that's happening, you can't add routes, you can't modify routes, you can't withdraw routes.
Er, um, NO.
BGP is designed for multi-pathed networks -- You have to have at least two paths into your network to be allowed to use bgp. This also means (usually) that you have at least two routers.
If your router is so saturated that it's dropping BGP packets, this means that it's also dropping other packets. This is considered bad. Under normal circumstances, 'flapping' your route for a short period (the document indicates that BGP has a 30 second minumum)
will cause some of those packets to take the 'back' route, and will (hopefully) cause enough of a strain relief on the overloaded router for it to catch up to the (normally transient) overload.
The result of these worm attacks is that this presumption doesn't hold too well. everyody, everywhere (more or less) is experiencing overload. Quite often the traffic is internally generated, so it's quite possible that many/all of your bgp routers/routs are at or near overload. Under these conditions, flapping one router may cause your back path to overload and, in turn flap too.
Giving a higher than normal priority to BGP packets might increase the survivability of the network under a virulent worm attack, but it would also break the inherent load-limiting effect of flapping, and generally break the network worse under normal ovarload conditions. Given how uncommon these worm attacks have been (so far), It's probably better to keep the flap effect in place.
______
The article doesn't describe the flapping effect as bad. It simply uses logs of this well known and (I believe) normally benefecial effect as a way of measuring what's going on, and determining why it's happening.
As was said in the article. Some people originally thought that the outages were delayed effects of major (localized) traumas to the net. That this isn't the case, actually indicates that BGP is working pretty well for the normal case.
It would be nice to find a solution that can help the network to survive another worm-initiated overload, but if it's at the cost of more general stability of the network then I doubt that it would be worth it.
Putting enough smarts into the protocol to realize when a flap-dance is taking place because of worm-type general network overloads would add more CPU load to the protocol. This might cause more cpu-overload problems, over time, than it would solve. Another solution might be to have meta-routing machines that watch the logs of BGP packets, and initiate modifications to the BGP protocol parameters to handle the change. I don't know, for sure, how much work that would be, and if it could be done within the current confines of BGP. If it requires modifications to BGP, then it could be a long time in the pipe.
(I've currently only broken 1 of the aboves. Getting closer.)
Well, how many of the above do you want to break, and how long do you think it'll take you to do it?
(I've spent too long working with PHBs).
The next best thing would be to get an addon to seti@home....
Tell them that you're looking for the readme.flying-saucer text, but you'll put up with a usable version of Windows.
Re:It all seemed so clear the first time through..
on
Brian West Update
·
· Score: 2
Without this bit of hacking the councilors would've gotten away scot-free. Because of it two resigned and the rest were soundly defeated six months later in elections. The employee managed to conceal his identity and no sane person would try to convict the press member of a crime.
In the eyes of the law, cracking is cracking.
In this case it was a government computer. It would only take one instance of a reporter getting a hard life sentance for using computer information to expose criminal politicians. After that, there would be a serious damper on the idea of any sort of press investigation of crooked politicians.
On forcing '95 developers to also develop to NT...
I don't remember that happening, especially since NT4 didn't arrive for another year. I do recall a move in the MS logo program around '98 which required the software to work both on 9x and NT.
This is precisely what I was talking about. To be able to put the '95 logo on your box, you had to be able to run under NT, as well. This meant more work for what was (then) a server platform with a miniscule portion of the market. For some companies (especially smaller ones), it took enough extra resources, that they needed to pull people who were doing porting to other OSs (with *real* market share).
The idea was to get applications to run on NT. That would allow people to do desktop work on a lightly loaded server box, and encourage a move from UNIX servers to NT. It worked.
It gave them a foothold in the IT space that they would never have gotten otherwise.
I always considered this more of a Sherman Act violation than the crap that they pulled with Netscape.
----
As for the ancient distrust of IBM, they were the big monopoly before Microsoft. In fact, Microsoft got their monopoly because IBM used their OS on the IBM PC. As one friend of mine (who sold Radio Shack PCs at the time) said:
That box only has 3 things going for it: IB and M. It's gonna be enough to bury us in the long run.
Back then, many people saw Microsoft as the soft underbelly of IBM -- allowing users to get out of the guts of the IS monopoly that smothered innovation, ate competetors, and made life an unnecessary hell for users who really saw no other option (sound familiar?). Now Microsoft is seen, by many, as the same sort of block bully that we originally wanted protection from.
This is why many people like the idea of Open Source. It keeps the ultimate control of the basic software in the hands of the people. As long as a company provides a reasonable level of service, they will continue to get customers, but if they start hoarding and gouging, we have the ability to walk away and do our own support (either singly, or as a group).
Let's just say that the fight for (and against) freedom is a moving target.
But just the idea makes me drool. Or just the ability to say. Oh I use my RAM as a place to swap memory for large programs.
I actually ran into this as a problem about 10 years ago. In 1992, we bought a machine from IBM that we nicknamed 'brutus'. The idea behind brutus was pretty simple: we bought the machine, and with just about every dollar we had left for the project we bought memory.
Brutus ended up with 380 Meg of ram (this was back in 1992, when most people were really happy to have 8 meg of ram and a 200 meg hard disk). It also had a single 800meg hard disk. This is where the trouble began. After loading AIX and all of the upgrades, etc, we had about 100 meg left for swap space. Unfortunately, AIX needs swap space for backing store before it will allocate memory, so we had a mondo-expensive box with about 200meg of ram that we couldn't get to.
We cobbled together enough money for a second 800meg drive, and while we were waiting (months) for it to be delivered, our IBM rep assured us that the extra memory wasn't completely wasted.
"The system will use it as a disk cache."
I pulled the extra memory boards and swapped them into a bunch of other (smaller) boxes while we waited for the extra backing store.
You may wonder what we wanted 380 meg of RAM for back then... It was a graphics lab, and some of the grad students were doing research on volume visualization. 380 meg allowed you to play with a 512x512x512 cube in ram (8 bits per voxel, 2 copies).
If you really want HA -- no problem. For an extra $4mil, I'll send you a second box, and throw in a couple of engineers to make sure it all goes together smoothly....
Given how much you can shuck and trash without powering down the whole machine, a second box is going to be for the people who really need the 'five nines' availability. Other than an extreme power failure or WTC-style disaster, it's hard to think of a situation that would require shutting down all 6 power supplies at the same time.
Slashdot Mirror
What sort of CPU are they using for this thing? The solutions open to us may differ, slightly, depending on whether they are using a dedicated/ custom DSP chip or a general purpose CPU. Then we've got questions like (P)ROM vs. EEPROM. The PR sheet didn't give any of these kinds of data. Is anybody able to contact the manufacturer for this info?
If we can get a combination of people with close links to the manufacturer and people with a good history, perhaps it would be possible to arrange the loan of a few units for people to hack on? The hackers would get some interesting toys to use for some interesting project, and the company would get access to the resulting open software. I think that it could be a pretty good win-win situation.
CColonBackSlashDot.org
Linux might struggle when put in an ultra-secure setting. Windows, on the other hand, wouldn't make it past the background check.
I think it was a troll... Funny as all get-out, but a troll nontheless. -- and I would have liked to seen the Windows performance at (say) a 64k block size.
Oh well...
The fact that the program is setuid isn't a gaping security hole. It just has the potential to be a gaping securit hole, if it's written by someone from Microsoft.
He didn't say that getting the local geek to spend hours reinstalling software would be easy, or that the geek wouldn't figure he had much more interesting things to spend his time and energy on... Just that it would pale in comparison to recovering all of the lost work and communications (presuming that there wasn't a reasonable backup process in place -- now that's something you should assign a geek to spend a few hours on!).
I note that the ricochet network is only guaranteed to the end of October. It shouldn't be that difficult to get a free network up and running to cover the site by then (even if it has to be powered by car batteries!).
Mail was pretty simple. Everybody who wanted to use it, created a file 'mail' in their home directory which was permitted append-only others. (You think ACLs are a new idea?). The mail program took your message, added a header, and appended it to the end of the recipient's mail box. (much like UNIX mail does, except that the destination mailboxes were decentralized).
The first multi-system mail had interesting routing features. I remember a message from Edmonton to Calgary (180 miles south of Edmonton) went south to the states, through New York and California before arriving in Calgary via Utah.
Not long afterwards I got introduced to Unix, and the Usenet. Needless to say I was hooked. I was soon expounding the values of email to everybody who would listen. -- trying to get them to understand why it was, in so many ways, better than fax, for most written communications.
It was almost a crusade -- trying to get as many people as possible onto email. Even back then, I was into remote administration -- running boxes from home over a 300 baud modem with a homemade terminsl program. I still remember one person replying to one of my emails:
The clock was accurate.So you have a backdoor to all encryption: in 2005, Osama Bin Laden II has managed to crack the back door -- but he doesn't tell anybody, because that would undercut public confidence in the cryptosystem. Instead what he does, is eavesdrop on 'secure' conversations, and mess up financial transactions for the next year or 3.... until people realize what's going on, and trash the back doors
At that point, we're back were we started from -- except for the fact that we've had a few years of badly compromised commerce and communications.
Doesn't work. As far as I remember the news reports, the tickets were mostly bought a while before the attack, and they were bought over a period of a few days. If there was such a trigger event, it was something else.
If you've ever read hitchhikers guide to the galaxy, there's a scene (repeated in variation) where Arthur Dent (and then, in the variation, Earth) gets informed that the plans of immanent distruction have been on public display for a long time:
In a locked cabinet in a dark room in the abandoned depths of the basement with a sign on the door saying "man eating tiger -- stay out!".
The plans for Earth's destruction were on display on Alpha Centari
In any case, the Microsoft patches were available, but not on their push list, and I'm seeing reports that Microsoft weenies were describing attempts to download the fix(es) as "unnecessary".
The larger question, as well, is one of Microsoft not having security very high on their list of priorities. Given a choice between a whiz-bang feature, or a secure system, they seem to go for whe whiz-bang, and hope (wrongly - time and again) that hackers won't notice yet-another gaping hole.
The problem that Microsoft users face with respect to security is not just that MS windows is a common system. It's that Windows is a common system built like swiss cheese. If Linux and Unix were designed and maintained with the lax attitude towards security that Microsoft products display, we'd have more Linux worms than a dead gnu carcas.
Lost packets cause retries -- which cause even more traffic. If your problem is overload, you are far better to try another path than to lose packets and generate (overall) more packets through retries on the shorter path.. If all inbound paths to a network are overloaded, then the whole network is overloaded, anyways. You might as well just drop the packet, and give the overloaded routers that 30 second flap time to catch up to the backlog.
If you took those packets out of band, then you'd be needing another method to measure packet loss... This would require more CPU and/or more packets (bandwith) -- thus making the whole problem even worse.
Worms, by their nature, have a surge propogation distribution. Sometimes, if the propogation is slow, the surge gets eaten by the noise of system trafic. In cases like the two worms caught in this study, the worms propogated fast enough and were active enough that they were able to affect overall internet communication as a side effect.
VAXen were the norm on the backbone. Suns were just starting to break into the backbone. I still remember some of the the machines on the net, like decvax ucbvax and (the mythical) moscvax (used in an April fools joke -- the fact that people would automatically take moscvax to mean a vax located in Moscow would indicate the state of The Internet back then). These days, the backbone of the internet is a bit more diverse, so it would be a lot harder to describe a worm as an internet worm., unless it was very multi-platform.
Up until the Morris worm, people cared about security, but it was generally believed that you could trust other machines on the net... At that time, to get your site on the net, you had to have someone who was already on the net vouch for you and back you. As such, you could generally trust the administrator of each machine you were talking to.
This was, however, the time of the ascendency of the PC. These machines were owned by the user. Now you not only had to trust the network administrator, you had to trust each and every user with a PC. Even after plugging the holes exploited by the Morris worm, people were starting to deal with the fact that you could no longer presume (or even hope!) that a packet from a low port number could be trusted to come from a secure program. It really was the dawn of a new age in the internet world -- not entirely unlike what seems to be happening in North America in the wake of the WTC attacks.
The morris worm also opened up people's eyes to the problem ofbuffer overflows. This was the first really widespread exploit of buffer overflows. After the worm came out, people started going through code, weeding out potential buffer overflows. It's not that people didn't care about security. There was, instead, a certain presumption of trust that -- these days -- would be considered naive. The Morris (internet) worm woke people up to the naivete of those presumptions.
Besides: If someone blows up your house with a bomb, they usually call it a bomb attack, not a house attack.
Not true. It simply happens that those were the two viruses that hit during the period what was being studied. If Code Red 1 had hit in the same period, it's might have had a similar effect). (though slightly less pronounced).
Their classification is worms. Their more specific classification is Microsoft worms. MS worms are going to continue to plague us -- both because MS Windows is so common, and because MS Windows is so much easier to exploit.
Separately, they are the Nimda work and the Code red II. Together, one of the things that they have in common is that they're Microsoft based. Chances are, in the future, that most of the worms that are going to have this sort of effect are going to be Microsoft based.
I can think of two (OK, three) reasons why:
1) There are lots of MS machines out there that are just RIPE for infection.
2) Microsoft has (throught negligence and/or design), set things up such that the default configuration of these machines is to be very insecure.
3)Even if someone were to come up with a worm that could breach each and every Linux box out there, it would not, at this time, have the kind of volume effect on things that these MS worms have had.
They are Microsoft viruses. The description is succinct and accurate. There are also likely to be more of them. It also puts some PR pressure on Micro$oft. The PR department is the one department that seems most in charge of Microsoft. If we're lucky, they will respond to it by starting to pay some real attention to security for their software.
Er, um, NO.
BGP is designed for multi-pathed networks -- You have to have at least two paths into your network to be allowed to use bgp. This also means (usually) that you have at least two routers.
If your router is so saturated that it's dropping BGP packets, this means that it's also dropping other packets. This is considered bad. Under normal circumstances, 'flapping' your route for a short period (the document indicates that BGP has a 30 second minumum) will cause some of those packets to take the 'back' route, and will (hopefully) cause enough of a strain relief on the overloaded router for it to catch up to the (normally transient) overload.
The result of these worm attacks is that this presumption doesn't hold too well. everyody, everywhere (more or less) is experiencing overload. Quite often the traffic is internally generated, so it's quite possible that many/all of your bgp routers/routs are at or near overload. Under these conditions, flapping one router may cause your back path to overload and, in turn flap too.
Giving a higher than normal priority to BGP packets might increase the survivability of the network under a virulent worm attack, but it would also break the inherent load-limiting effect of flapping, and generally break the network worse under normal ovarload conditions. Given how uncommon these worm attacks have been (so far), It's probably better to keep the flap effect in place.
______
The article doesn't describe the flapping effect as bad. It simply uses logs of this well known and (I believe) normally benefecial effect as a way of measuring what's going on, and determining why it's happening.
As was said in the article. Some people originally thought that the outages were delayed effects of major (localized) traumas to the net. That this isn't the case, actually indicates that BGP is working pretty well for the normal case.
It would be nice to find a solution that can help the network to survive another worm-initiated overload, but if it's at the cost of more general stability of the network then I doubt that it would be worth it.
Putting enough smarts into the protocol to realize when a flap-dance is taking place because of worm-type general network overloads would add more CPU load to the protocol. This might cause more cpu-overload problems, over time, than it would solve. Another solution might be to have meta-routing machines that watch the logs of BGP packets, and initiate modifications to the BGP protocol parameters to handle the change. I don't know, for sure, how much work that would be, and if it could be done within the current confines of BGP. If it requires modifications to BGP, then it could be a long time in the pipe.
(I've currently only broken 1 of the aboves. Getting closer.)
Well, how many of the above do you want to break, and how long do you think it'll take you to do it?
(I've spent too long working with PHBs).
The next best thing would be to get an addon to seti@home....
Tell them that you're looking for the readme.flying-saucer text, but you'll put up with a usable version of Windows.
In the eyes of the law, cracking is cracking.
In this case it was a government computer. It would only take one instance of a reporter getting a hard life sentance for using computer information to expose criminal politicians. After that, there would be a serious damper on the idea of any sort of press investigation of crooked politicians.
I don't remember that happening, especially since NT4 didn't arrive for another year. I do recall a move in the MS logo program around '98 which required the software to work both on 9x and NT.
This is precisely what I was talking about. To be able to put the '95 logo on your box, you had to be able to run under NT, as well. This meant more work for what was (then) a server platform with a miniscule portion of the market. For some companies (especially smaller ones), it took enough extra resources, that they needed to pull people who were doing porting to other OSs (with *real* market share).
The idea was to get applications to run on NT. That would allow people to do desktop work on a lightly loaded server box, and encourage a move from UNIX servers to NT. It worked. It gave them a foothold in the IT space that they would never have gotten otherwise.
I always considered this more of a Sherman Act violation than the crap that they pulled with Netscape.
----
As for the ancient distrust of IBM, they were the big monopoly before Microsoft. In fact, Microsoft got their monopoly because IBM used their OS on the IBM PC. As one friend of mine (who sold Radio Shack PCs at the time) said:
That box only has 3 things going for it: I B and M. It's gonna be enough to bury us in the long run.
Back then, many people saw Microsoft as the soft underbelly of IBM -- allowing users to get out of the guts of the IS monopoly that smothered innovation, ate competetors, and made life an unnecessary hell for users who really saw no other option (sound familiar?). Now Microsoft is seen, by many, as the same sort of block bully that we originally wanted protection from.
This is why many people like the idea of Open Source. It keeps the ultimate control of the basic software in the hands of the people. As long as a company provides a reasonable level of service, they will continue to get customers, but if they start hoarding and gouging, we have the ability to walk away and do our own support (either singly, or as a group).
Let's just say that the fight for (and against) freedom is a moving target.
I actually ran into this as a problem about 10 years ago. In 1992, we bought a machine from IBM that we nicknamed 'brutus'. The idea behind brutus was pretty simple: we bought the machine, and with just about every dollar we had left for the project we bought memory.
Brutus ended up with 380 Meg of ram (this was back in 1992, when most people were really happy to have 8 meg of ram and a 200 meg hard disk). It also had a single 800meg hard disk. This is where the trouble began. After loading AIX and all of the upgrades, etc, we had about 100 meg left for swap space. Unfortunately, AIX needs swap space for backing store before it will allocate memory, so we had a mondo-expensive box with about 200meg of ram that we couldn't get to.
We cobbled together enough money for a second 800meg drive, and while we were waiting (months) for it to be delivered, our IBM rep assured us that the extra memory wasn't completely wasted.
"The system will use it as a disk cache."
I pulled the extra memory boards and swapped them into a bunch of other (smaller) boxes while we waited for the extra backing store.
You may wonder what we wanted 380 meg of RAM for back then... It was a graphics lab, and some of the grad students were doing research on volume visualization. 380 meg allowed you to play with a 512x512x512 cube in ram (8 bits per voxel, 2 copies).
Given how much you can shuck and trash without powering down the whole machine, a second box is going to be for the people who really need the 'five nines' availability. Other than an extreme power failure or WTC-style disaster, it's hard to think of a situation that would require shutting down all 6 power supplies at the same time.