Assuming the obvious, that you carry what you do because you like the stuff and you don't want to ditch it, then you need something that can go from "casual dress" to "casual play".
I carry about the same load in a "photographers" or "safari" style vest. If you wear Dockers or similar style dress khakis and get one in Khaki or Black it even looks stylishly nice with a tie.
Scott has a high end "evest" with zip-off arms that is rather pricy. I like one by Trail Designs that is much less expensive, especially if you get it from someplace like CAMPMOR.COM.
And yes, it even has inside pockets sized for pens, pencils, and a leatherman.
The nice thing about the vest is if you use inside pockets for your wallet, etc. you don't need to worry about pickpockets, just button up the front and velcro the pocket.
Do they realize the market for this is saturated? It's called soccer moms in rush hour on cellphones. They already have no cognizance of their surroundings!
If you read the report the issue is not LINUX-OS vs. WINDOWS-OS, it's app development on top of the two platforms. That automatically neutralizes the LINUX-OS advantages in terms of OS cost and stability.
The issue is the app development, which SUN has totally screwed up since JAVA was introduced. This should be read not as a dis on LINUX but on SUN. Let's face it, Scott McNeely has been desparately trying to change SUN from a hardware company (overpriced, but I did love that SPARC) to software with JAVA. Unfortunately just as the hardware was overpriced compared to equivalent INTEL solutions SUN jacked up JAVA to unreasonable levels aby charging for development tools that Microsoft was giving away for practically nothing (downloading DOES cost money, although very little). I hate to say it but basicly except for the religious JAVA shops anyone that looks at the costs are going to come back with the same figures as in this article, no matter who picks up the tab.
Don't blaim microsoft for doing the obvious, SUN just missed the boat with their packaging. Java enterprise servers will only go over when it's reasonable to write apps for them. Don't blaim SUN too much though, after all, there are still companies trying to sell DEC VT100 emulators for PCs (they don't get it either).
Does anyone other than I sense the irony in the fact that shortly after a great story on the Church of Scientology losing in court a case which they based on the illegal distribution of copywrited material we have this one? Those who have seen the scientology material without going through the progressive levels of brainwashing (and commisurate outgoing of money) probably agree it's worth less than the latest Brittiny Spears clones' or formula boy band CD.
Take a minute and read through the two stories, the comparisons will leave you ROFL.
The problem with CD sales is they're just not worth buying. I've been buying CD's since they replaced LPs and probably have around 200+ now, but each year I buy fewer because there are fewer available.
Even my kids (16 & 13) have figured that out. They discovered that SOME artists still write and sing their own songs like Third Day, David Ruis, and Jennifer Knapp. They've fallen in love with "oldie albums" like "Desperado" (the Eagles), "Dark Side Of The Moon" (Pink Floyd), and "Out Of The Blue" (Electric Light Orchestra). These kids are supposed to be the RIAAs market and even they can tell the difference between talented musicians and sexed up mouseketeers!
I'm with you, I still have the spacestation mobile from Electric Light Orchestras' "Out Of The Blue" album. I bought the LP for the mobile, but fell in love with "Concerto for a Rainy Day".
If you don't use a PDA you're really killing yourself. I started with a PSION ORGANIZOR back in the '80s, went to a Apple Newton Messagepad (using the keyboard) and now use a Pocket PC made by Toshiba.
The thing all 3 have in common is that they use a common data file format for all data, allowing you to use the "find" command to search all of your emails, addresses, appointments, notes, etc. at the same time.
In addition, except for the NEWTON, they fit just fine in your pocket.
If I remember correctly the later settlement was due to additions in a later version of MS-DOS that Paterson claimed were his and were not included in the original QDOS purchase.
Microsoft finally had to enter the world of the "big boys". Sometimes it doesn't matter whether you're right or not, as long as the guy doesn't ask for more than the trial will cost it's cheaper to settle.
FYI, when IBM was coming out with it's original PC it bought the hardware design from a company in Seattle (that's right, IBM DID NOT design the original PC 8088 and 8086 systems). They decided they could get someone to do it better than the original designers and started hunting for an OS. Microsoft in those days was known mostly for programming languages, custom apps (like the apps on the tandy 100, the first laptop) and (of all things) FLIGHT SIMULATOR! They bought the original QDOS from Tim Paterson for $50,000.
In those days the 800lb gorilla on OSs was CP/M from Digital Research Incorporated. DRI gave IBM the run around and the deal failed, so IBM asked microsoft to do a custom OS that worked like CP/M but didn't violate patents (that's why the prompt became C: instead of C/).
How did MS get DOS? They took a risk and bought something that "sortaworked". I know, I had QDOS and MS-DOS 1.0, DOS lived because (wow) it worked, QDOS (almost) worked.
DOS was bought and paid for, that was how they got it.
The reason you're in this fix is I gather that your company has no policy on IT response. This means your boss is probably spending a lot of what little money you have on things that are making nimrods happy and doing nothing else to get the company where it needs to be.
Get a policy written, in place, published, and live by it.
It should define what is critical to the companys' success as a critical system (payroll and accounting, for example). These become your priority responses. It should also designate a chargeback to the department that asks for projects. If a salesmans' manager wants a color laserprinter in each office instead of sharing a single inkjet on the net, that managers' budget should pay for it, not yours (when he sees the projected bill it'll wake up even a PHB). It sounds like the departments in your company are using you for a "candy store" to raid for stuff that won't be held against them in their budgetary reviews. Your budget should only be for non-departmental items like network items.
In addition, you should be using a system that tracks work by user and department, write one in access or buy one (I like TRACKIT!, but it ain't cheap). Charge each item to each department, repair parts, new systems, your salary portion in hours it took to fix the problem (that IS a cost to the company). At budgeting time pull up the reports by department and user and find out who your problem children are. Your companies president SHOULD want to know who's draining off the dough, (or he's just staying long enough to sell his options and run before the deck falls).
Write the document you live by, document the work you did, charge the people that want it.
Your priorities should be the companies success, which I hope is your managers' priority. HE needs to make that clear to the rest of the company or HE will look bad when you work your butt off and get nowhere.
Actually, I don't. But three things do make me withhold full judgement against them.
1. Linux is extremely compatible with unix on the source level, and sometimes the binary.
2. Even though the code is "vetted" through some extremely capable coordinators like Linus, no one can have a level of source code that would enable them to recognize every bit of copywrited code from all distributions ever made (that would be an unreasonable expectation).
3. In the wee hours of the night some unknown coder working on a patch for himself may have "cribbed" a process from a company he worked for or from a source file he had and somehow that wound up getting into the source stream for a distribution kernal, either intentionally or not.
In other words, yes, I think it's not impossible that some unknown person may have messed it up for the rest of us.
Anyway, it's in court, we'll find out when the records released and we can publicly talk about the code without signing NDAs.
I'm going to guess it'll be delayed until the SCO code is publicly released so any problems can get cleaned up. Possibly in October we'll get a "gold level" release that would be the final kernal minus SCO fixes, that way if SCO loses it can just be rebranded without losing any worktime and if SCO wins the claim can always be made that as soon as the problem was shown it was fixed and never made it into the "final" kernal. Linus has been accused of being arrogant at times (mostly by folks with rejected code) but never accused of being stupid.
So what's the big deal? Most of the Phd candidates have little to no interest in computer technology, don't want to learn a new system simply to be "cool", and have a keen understanding of the need to get their dissertation past their committee. If they can't do that then everything else they do is worthless.
On the other side of that is the cardinal rule of doctoral candidates: make your profs happy! If they're using Word, use Word; if they're using WordPerfect, use Wordperfect; if they want freakin' wax on a stone tablet BUY CANDLES! The last thing they want to do is try to explain why they can't do something EXACTLY AND PRECISELY the way a prof wants because they're using a 99.999% compatible system.
I suspect your compatriots may be less competant on the technical side than you, but they might give you tips on the political side of life.
By the way, when I got mine I wrote mine on an APPLE IIc just so I could turn in one copy in applewriter and four copies typewritten (on two different shades of white paper), not printed (I used a BROTHER typewriter with an interface module) (different profs). I had 5 happy profs, another stripe on my cowl, and a lot of extra money from the folks with the newer IBM XTs after their first few submissions were rejected and I redid their papers on that ancient little suitcase I got out of a used computer shop. Actually paid for a new system I wanted, a COMPAQ 386 I had seen on the cover of BYTE magazine (I still can't believe that thing was called a "blazing server".)
NOTE: I occasionally do system security audits, this problem is one of my favorite targets.
Just because you use a sendmail replacement (qmail, etc.) does not mean you've eliminated your vulnerability. Most distributions install SENDMAIL by default set to accept local input only. This is necessary for configuration, but also leaves it open to anyone that can launch a local process. If sendmail is used temporarily until it is replaced then it may be left open to external input also.
If you use a replacement for sendmail then you should remove sendmail from the system. If you cannot remove it due to dependencies by other code then you should insure it is up to date and patched, even if you're not using it for mail routing as it is still vulnerable.
The worst systems I've seen are older production systems where SENDMAIL has been replaced and left on the system (either due to negligence or necessity) and not maintained "since it's not used anymore". (and you just wouldn't believe how many sysops out there that don't know what's really running on systems set up be predecessors and that they make some very bad assumptions about, like, we don't use SENDMAIL, so it's not on the box)
Any binary on your system, especially this one, needs to be maintained or you're asking for trouble. And worse, if you haven't documented what's on the system you'll really be out in left field not even knowing what to patch!
The timing on this is incredible. The most stable kernal we've got that isn't under the SCO shadow is now effectively frozen, thereby preventing any potential code polution. Cox may have just provided the instant way out if SCO wins. I wonder if this is accidental or sheer genious?
Good luck Alan with the MBA, maybe you'll get paid what you're worth (finally).
Nope, trolls post anonymously, I'll take the credit and the heat for what I post.
And I still stick to my contention that NDAs are one of the foundations of our existence in dealers in intellectual property. Integrety includes sticking to things even when we DON'T agree with it (and this isn't murder or rape, if SCO is wrong they'll lose, either in court or in the inevitable appeal, and if they DO lose the court costs will sink them like a rock, unlike IBM).
If we want open source to be trusted we have to remember we're coming to the public (who wouldn't understand HOW to read source) with a great big smile saying "just trust me". Fortunatly the ones that would get scared off are reading the "anime" threads and probably not (hopefully) this stuff (except for CIOs that do purchases of things like *.nix).
Read the CNET article link in the other reply. It could be this was from a previous release, but as far as I know this is the only time this code was made public.
I just find it amusing that in the same discussion integrety in code is assumed and integrety in people seems lacking. It's a scary contradiction.
This is amazing! The crowd that loves to flame on microsoft and preach and proclaim you can't trust "the evil corporation" just because of who they are now dives headlong into proving the enemies assertions, that the LINUX system can't be trusted because you can't trust unknown coders.
The code being discussed was photograped and posted in violation of a non-disclosure agreement (one reason I'm NOT discussing its' content). NDAs are one of the foundations of software development and the *.nix community is happily proving it can't be trusted just because it smells blood on the enemy. Any major project is too big to insure 100% review. If we can't be trusted then neither can the code we offer.
I expect and HOPE Heisse is sued for the violation. I HOPE but do not expect the *.nix community will stop shooting itself in the foot and putting flesh on the naysayers FUD.
Get a grip people, you can only lose a trusted reputation once, you never get another chance.
I just saw the first political spin on this mess. Bill Richardson, the Former Energy Secretary, was on CNN saying we have a "third world power grid". What he didn't say and the CNN sycophant wouldn't bring up is that while he was in office the Clinton administration turned down every request to build new or upgrade existing power stations. The theory of the grid is that when one part of the grid needs power it can be shunted from areas with excess capacity. Just as in California (who also refused to build new capacity) THERE IS NO EXCESS CAPACITY! When one part is at capacity, they all are.
Quite frankly, we're a living in a tech world now. We need the power. Until we stop politically cowtowing to "eco-nuts", "consumer advocates". and other neo-luddites this is going to keep happening.
I think you still do, but honestly if they're not going to invest in an automated jukebox to back up the system, or mirror to a secured site, then having someone sitting in front of a CD-RW feeding 800MB disks to the monster all night would be fitting punishment for lack of foresight.
Besides, It fits well into the "LINUX is cheap and (mostly, almost) works" mentality.
I wonder if any of their sysops are currently rethinking the "trusted ftp" architecture? I suspect idealism just met the legendary brick wall of reality.
In another thread I post a message criticizing incompetant/lazy sysadmins and now this get noticed (after nearly a week).
Could someone pass on to them that CDR/RW drives get put on sale at CompUSA for around $20 on a fairly regular basis? If you rebate the CDrs you can practically get them for free. DO A BACKUP ONCE IN A WHILE, SOMEBODY WILL BREAK LOOSE FOR THAT MUCH IN POCKETCHANGE!
I know/. is the place to bash the microsofties, but don't let it get to your head. Remember, anything with the name Microsoft gets instant press, outside the techies the public thinks "apache" is the old movie name for a First Nations tribe.
I regularly do security audits of all kinds of systems. When I walk in to a microsoft shop I can immediately tell how it goes. If the sysop says "I don't trust the patches, I test them, but they're not deployed unless there's a REAL problem" It won't go well, those guys usually don't update virus files either. On the other hand if the sysop is using patch management practices he can often go out in real time and check the current status of a server, workstation, and active version of the virus definition file in realtime (they usually have good WRITTEN policies on unauthorized (untested) soft/hardware with sanctioned backup). I haven't found malware in any of the latter cases.
I've yet to find a good *.nix shop. They often have good processes and procedures that SHOULD avoid problems, but the truth is it's easier to sign a piece of paper that says sourcecode was patched and applied than to actually do it. Things look great on paper. Check the source or decompile sendmail (one of my favorite targets) and it's another story. I'm still finding the same hole T.Morris used years ago on active servers. The excuse is always the same, "that was the way it came, shouldn't that have been fixed in the distro by now?" (i.e. too lazy to look, just signed the paper). Many don't even check SANS or CERT regularly. At least windows will notify you when critical updates are available, and all you have to do to apply it is run the.exe. Even then you get guys like this story highlights:
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
(How did this guy get his position or experience? Even "end-users" successfully use critical update with relatively NO technical experience or fiscal responsibility.)
Any sysadmin that can't keep a system patched, or falsifies patch records should be punished up to and including dismissal as far as I'm concerned.
Incidently, just so you know my audit document is the CERT advisories on securing systems. If you want a great basic book try OReillys "Practical Unix and Internet Security"
Has anyone figured out yet that as far as I'm concerned the problem is NOT theoretical design differences in OSs as much as the incompetance of the people running them?
Boot from the CD if he wasn't wise enough to make the boot recovery floppy when Windows TOLD HIM TO.
Alternative, boot from Norton Systemwork CD to get to the Norton Tools if needed.
Be sure to go into safe mode and kill dcom before you attempt to patch.
Oh yeah, by the way, if/when they get out of this enable critical update.
Good luck kid.
Slashdot Mirror
Assuming the obvious, that you carry what you do because you like the stuff and you don't want to ditch it, then you need something that can go from "casual dress" to "casual play".
I carry about the same load in a "photographers" or "safari" style vest. If you wear Dockers or similar style dress khakis and get one in Khaki or Black it even looks stylishly nice with a tie.
Scott has a high end "evest" with zip-off arms that is rather pricy. I like one by Trail Designs that is much less expensive, especially if you get it from someplace like CAMPMOR.COM.
And yes, it even has inside pockets sized for pens, pencils, and a leatherman.
The nice thing about the vest is if you use inside pockets for your wallet, etc. you don't need to worry about pickpockets, just button up the front and velcro the pocket.
Do they realize the market for this is saturated? It's called soccer moms in rush hour on cellphones. They already have no cognizance of their surroundings!
If you read the report the issue is not LINUX-OS vs. WINDOWS-OS, it's app development on top of the two platforms. That automatically neutralizes the LINUX-OS advantages in terms of OS cost and stability.
The issue is the app development, which SUN has totally screwed up since JAVA was introduced. This should be read not as a dis on LINUX but on SUN. Let's face it, Scott McNeely has been desparately trying to change SUN from a hardware company (overpriced, but I did love that SPARC) to software with JAVA. Unfortunately just as the hardware was overpriced compared to equivalent INTEL solutions SUN jacked up JAVA to unreasonable levels aby charging for development tools that Microsoft was giving away for practically nothing (downloading DOES cost money, although very little). I hate to say it but basicly except for the religious JAVA shops anyone that looks at the costs are going to come back with the same figures as in this article, no matter who picks up the tab.
Don't blaim microsoft for doing the obvious, SUN just missed the boat with their packaging. Java enterprise servers will only go over when it's reasonable to write apps for them. Don't blaim SUN too much though, after all, there are still companies trying to sell DEC VT100 emulators for PCs (they don't get it either).
Does anyone other than I sense the irony in the fact that shortly after a great story on the Church of Scientology losing in court a case which they based on the illegal distribution of copywrited material we have this one? Those who have seen the scientology material without going through the progressive levels of brainwashing (and commisurate outgoing of money) probably agree it's worth less than the latest Brittiny Spears clones' or formula boy band CD.
Take a minute and read through the two stories, the comparisons will leave you ROFL.
The problem with CD sales is they're just not worth buying. I've been buying CD's since they replaced LPs and probably have around 200+ now, but each year I buy fewer because there are fewer available.
Even my kids (16 & 13) have figured that out. They discovered that SOME artists still write and sing their own songs like Third Day, David Ruis, and Jennifer Knapp. They've fallen in love with "oldie albums" like "Desperado" (the Eagles), "Dark Side Of The Moon" (Pink Floyd), and "Out Of The Blue" (Electric Light Orchestra). These kids are supposed to be the RIAAs market and even they can tell the difference between talented musicians and sexed up mouseketeers!
I'm with you, I still have the spacestation mobile from Electric Light Orchestras' "Out Of The Blue" album. I bought the LP for the mobile, but fell in love with "Concerto for a Rainy Day".
If you don't use a PDA you're really killing yourself. I started with a PSION ORGANIZOR back in the '80s, went to a Apple Newton Messagepad (using the keyboard) and now use a Pocket PC made by Toshiba.
The thing all 3 have in common is that they use a common data file format for all data, allowing you to use the "find" command to search all of your emails, addresses, appointments, notes, etc. at the same time.
In addition, except for the NEWTON, they fit just fine in your pocket.
If I remember correctly the later settlement was due to additions in a later version of MS-DOS that Paterson claimed were his and were not included in the original QDOS purchase.
Microsoft finally had to enter the world of the "big boys". Sometimes it doesn't matter whether you're right or not, as long as the guy doesn't ask for more than the trial will cost it's cheaper to settle.
P.S. Lawyers suck
FYI, when IBM was coming out with it's original PC it bought the hardware design from a company in Seattle (that's right, IBM DID NOT design the original PC 8088 and 8086 systems). They decided they could get someone to do it better than the original designers and started hunting for an OS. Microsoft in those days was known mostly for programming languages, custom apps (like the apps on the tandy 100, the first laptop) and (of all things) FLIGHT SIMULATOR! They bought the original QDOS from Tim Paterson for $50,000.
In those days the 800lb gorilla on OSs was CP/M from Digital Research Incorporated. DRI gave IBM the run around and the deal failed, so IBM asked microsoft to do a custom OS that worked like CP/M but didn't violate patents (that's why the prompt became C: instead of C/).
How did MS get DOS? They took a risk and bought something that "sortaworked". I know, I had QDOS and MS-DOS 1.0, DOS lived because (wow) it worked, QDOS (almost) worked.
DOS was bought and paid for, that was how they got it.
The reason you're in this fix is I gather that your company has no policy on IT response. This means your boss is probably spending a lot of what little money you have on things that are making nimrods happy and doing nothing else to get the company where it needs to be.
Get a policy written, in place, published, and live by it.
It should define what is critical to the companys' success as a critical system (payroll and accounting, for example). These become your priority responses. It should also designate a chargeback to the department that asks for projects. If a salesmans' manager wants a color laserprinter in each office instead of sharing a single inkjet on the net, that managers' budget should pay for it, not yours (when he sees the projected bill it'll wake up even a PHB). It sounds like the departments in your company are using you for a "candy store" to raid for stuff that won't be held against them in their budgetary reviews. Your budget should only be for non-departmental items like network items.
In addition, you should be using a system that tracks work by user and department, write one in access or buy one (I like TRACKIT!, but it ain't cheap). Charge each item to each department, repair parts, new systems, your salary portion in hours it took to fix the problem (that IS a cost to the company). At budgeting time pull up the reports by department and user and find out who your problem children are. Your companies president SHOULD want to know who's draining off the dough, (or he's just staying long enough to sell his options and run before the deck falls).
Write the document you live by, document the work you did, charge the people that want it.
Your priorities should be the companies success, which I hope is your managers' priority. HE needs to make that clear to the rest of the company or HE will look bad when you work your butt off and get nowhere.
Actually, I don't. But three things do make me withhold full judgement against them.
1. Linux is extremely compatible with unix on the source level, and sometimes the binary.
2. Even though the code is "vetted" through some extremely capable coordinators like Linus, no one can have a level of source code that would enable them to recognize every bit of copywrited code from all distributions ever made (that would be an unreasonable expectation).
3. In the wee hours of the night some unknown coder working on a patch for himself may have "cribbed" a process from a company he worked for or from a source file he had and somehow that wound up getting into the source stream for a distribution kernal, either intentionally or not.
In other words, yes, I think it's not impossible that some unknown person may have messed it up for the rest of us.
Anyway, it's in court, we'll find out when the records released and we can publicly talk about the code without signing NDAs.
I'm going to guess it'll be delayed until the SCO code is publicly released so any problems can get cleaned up. Possibly in October we'll get a "gold level" release that would be the final kernal minus SCO fixes, that way if SCO loses it can just be rebranded without losing any worktime and if SCO wins the claim can always be made that as soon as the problem was shown it was fixed and never made it into the "final" kernal. Linus has been accused of being arrogant at times (mostly by folks with rejected code) but never accused of being stupid.
So what's the big deal? Most of the Phd candidates have little to no interest in computer technology, don't want to learn a new system simply to be "cool", and have a keen understanding of the need to get their dissertation past their committee. If they can't do that then everything else they do is worthless.
On the other side of that is the cardinal rule of doctoral candidates: make your profs happy! If they're using Word, use Word; if they're using WordPerfect, use Wordperfect; if they want freakin' wax on a stone tablet BUY CANDLES! The last thing they want to do is try to explain why they can't do something EXACTLY AND PRECISELY the way a prof wants because they're using a 99.999% compatible system.
I suspect your compatriots may be less competant on the technical side than you, but they might give you tips on the political side of life.
By the way, when I got mine I wrote mine on an APPLE IIc just so I could turn in one copy in applewriter and four copies typewritten (on two different shades of white paper), not printed (I used a BROTHER typewriter with an interface module) (different profs). I had 5 happy profs, another stripe on my cowl, and a lot of extra money from the folks with the newer IBM XTs after their first few submissions were rejected and I redid their papers on that ancient little suitcase I got out of a used computer shop. Actually paid for a new system I wanted, a COMPAQ 386 I had seen on the cover of BYTE magazine (I still can't believe that thing was called a "blazing server".)
NOTE: I occasionally do system security audits, this problem is one of my favorite targets.
Just because you use a sendmail replacement (qmail, etc.) does not mean you've eliminated your vulnerability. Most distributions install SENDMAIL by default set to accept local input only. This is necessary for configuration, but also leaves it open to anyone that can launch a local process. If sendmail is used temporarily until it is replaced then it may be left open to external input also.
If you use a replacement for sendmail then you should remove sendmail from the system. If you cannot remove it due to dependencies by other code then you should insure it is up to date and patched, even if you're not using it for mail routing as it is still vulnerable.
The worst systems I've seen are older production systems where SENDMAIL has been replaced and left on the system (either due to negligence or necessity) and not maintained "since it's not used anymore". (and you just wouldn't believe how many sysops out there that don't know what's really running on systems set up be predecessors and that they make some very bad assumptions about, like, we don't use SENDMAIL, so it's not on the box)
Any binary on your system, especially this one, needs to be maintained or you're asking for trouble. And worse, if you haven't documented what's on the system you'll really be out in left field not even knowing what to patch!
I was referring to the 2.2 kernel
The timing on this is incredible. The most stable kernal we've got that isn't under the SCO shadow is now effectively frozen, thereby preventing any potential code polution. Cox may have just provided the instant way out if SCO wins. I wonder if this is accidental or sheer genious?
Good luck Alan with the MBA, maybe you'll get paid what you're worth (finally).
Nope, trolls post anonymously, I'll take the credit and the heat for what I post.
And I still stick to my contention that NDAs are one of the foundations of our existence in dealers in intellectual property. Integrety includes sticking to things even when we DON'T agree with it (and this isn't murder or rape, if SCO is wrong they'll lose, either in court or in the inevitable appeal, and if they DO lose the court costs will sink them like a rock, unlike IBM).
If we want open source to be trusted we have to remember we're coming to the public (who wouldn't understand HOW to read source) with a great big smile saying "just trust me". Fortunatly the ones that would get scared off are reading the "anime" threads and probably not (hopefully) this stuff (except for CIOs that do purchases of things like *.nix).
Read the CNET article link in the other reply. It could be this was from a previous release, but as far as I know this is the only time this code was made public.
I just find it amusing that in the same discussion integrety in code is assumed and integrety in people seems lacking. It's a scary contradiction.
This is amazing! The crowd that loves to flame on microsoft and preach and proclaim you can't trust "the evil corporation" just because of who they are now dives headlong into proving the enemies assertions, that the LINUX system can't be trusted because you can't trust unknown coders.
The code being discussed was photograped and posted in violation of a non-disclosure agreement (one reason I'm NOT discussing its' content). NDAs are one of the foundations of software development and the *.nix community is happily proving it can't be trusted just because it smells blood on the enemy. Any major project is too big to insure 100% review. If we can't be trusted then neither can the code we offer.
I expect and HOPE Heisse is sued for the violation. I HOPE but do not expect the *.nix community will stop shooting itself in the foot and putting flesh on the naysayers FUD.
Get a grip people, you can only lose a trusted reputation once, you never get another chance.
I just saw the first political spin on this mess. Bill Richardson, the Former Energy Secretary, was on CNN saying we have a "third world power grid". What he didn't say and the CNN sycophant wouldn't bring up is that while he was in office the Clinton administration turned down every request to build new or upgrade existing power stations. The theory of the grid is that when one part of the grid needs power it can be shunted from areas with excess capacity. Just as in California (who also refused to build new capacity) THERE IS NO EXCESS CAPACITY! When one part is at capacity, they all are.
Quite frankly, we're a living in a tech world now. We need the power. Until we stop politically cowtowing to "eco-nuts", "consumer advocates". and other neo-luddites this is going to keep happening.
I think you still do, but honestly if they're not going to invest in an automated jukebox to back up the system, or mirror to a secured site, then having someone sitting in front of a CD-RW feeding 800MB disks to the monster all night would be fitting punishment for lack of foresight.
Besides, It fits well into the "LINUX is cheap and (mostly, almost) works" mentality.
I wonder if any of their sysops are currently rethinking the "trusted ftp" architecture? I suspect idealism just met the legendary brick wall of reality.
In another thread I post a message criticizing incompetant/lazy sysadmins and now this get noticed (after nearly a week).
Could someone pass on to them that CDR/RW drives get put on sale at CompUSA for around $20 on a fairly regular basis? If you rebate the CDrs you can practically get them for free. DO A BACKUP ONCE IN A WHILE, SOMEBODY WILL BREAK LOOSE FOR THAT MUCH IN POCKETCHANGE!
If that's true your company isn't hiring sysadmins, you're maintenance programers and support staff for the vendors.
I'd maintain that resume, your policy writers are setting you up to take a hit for their failures. You have my sympathy.
I know /. is the place to bash the microsofties, but don't let it get to your head. Remember, anything with the name Microsoft gets instant press, outside the techies the public thinks "apache" is the old movie name for a First Nations tribe.
.exe. Even then you get guys like this story highlights:
I regularly do security audits of all kinds of systems. When I walk in to a microsoft shop I can immediately tell how it goes. If the sysop says "I don't trust the patches, I test them, but they're not deployed unless there's a REAL problem" It won't go well, those guys usually don't update virus files either. On the other hand if the sysop is using patch management practices he can often go out in real time and check the current status of a server, workstation, and active version of the virus definition file in realtime (they usually have good WRITTEN policies on unauthorized (untested) soft/hardware with sanctioned backup). I haven't found malware in any of the latter cases.
I've yet to find a good *.nix shop. They often have good processes and procedures that SHOULD avoid problems, but the truth is it's easier to sign a piece of paper that says sourcecode was patched and applied than to actually do it. Things look great on paper. Check the source or decompile sendmail (one of my favorite targets) and it's another story. I'm still finding the same hole T.Morris used years ago on active servers. The excuse is always the same, "that was the way it came, shouldn't that have been fixed in the distro by now?" (i.e. too lazy to look, just signed the paper). Many don't even check SANS or CERT regularly. At least windows will notify you when critical updates are available, and all you have to do to apply it is run the
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
(How did this guy get his position or experience? Even "end-users" successfully use critical update with relatively NO technical experience or fiscal responsibility.)
Any sysadmin that can't keep a system patched, or falsifies patch records should be punished up to and including dismissal as far as I'm concerned.
Incidently, just so you know my audit document is the CERT advisories on securing systems. If you want a great basic book try OReillys "Practical Unix and Internet Security"
Has anyone figured out yet that as far as I'm concerned the problem is NOT theoretical design differences in OSs as much as the incompetance of the people running them?
Boot from the CD if he wasn't wise enough to make the boot recovery floppy when Windows TOLD HIM TO. Alternative, boot from Norton Systemwork CD to get to the Norton Tools if needed. Be sure to go into safe mode and kill dcom before you attempt to patch. Oh yeah, by the way, if/when they get out of this enable critical update. Good luck kid.