You can see the bsd sources in cvsweb easily enough, 'etc/rc' is the primary initscript, '/etc/init.d/* in most linux +/etc/inittab (which defines runlevels and at the core level is the more significant difference between the two initsystems. For instance Slackware uses sysvinit, yet adopts initscripts in/etc/rc.d and doesn't use the symlinks + chkconfig ala RH etc (look for Linux Standard Base on google, which lays out sysV-like approach for compliance).
You need to seriously refresh your knowledge of UNIX history. SunOS and IRIX sprang originally from BSD
I said *Solaris* I know sunos was bsd-derived. Using Solaris it was always clear that it was a SysV system. for starters, with BSD/sunos compat builton see:
http://www.swcp.com/pcaskey/sunos-solaris.html &
http://www.unt.edu/UNT/departments/CC/Benchmarks/j ulaug95/solaris.htm
You're right about IRIX, I've had to occaisionally use IRIX since their v5 and always found it to be SysV-flavor/ugly, and assumed it had a sysV origin. I stand corrected:-).
what exactly is the difference between SysV init and the alternative (I'm guessing BSD init?)?
Yup, 'simpleinit' is another flavor which tries to improve on both (and must be failing because I know of only one linux dist that uses it).
SysV init basically adopts SXX* KXX* symlinks in/etc/rc?.d/ to various service scripts (/etc/init.d/) to achieve an orderly Start/Kill logic for any given runlevel.
BSD's use simpler scripts which are easier to hand-maintain & customize.
Yeah, I'm really not clear on this. Sun and HP both have made statements about their licenses being 'paid up' not 'per-seat'. All this means is that IBM forks over some $$ on each user-license they ship with AIX. (And I know from experience you can change the # of user logins on an AIX box at the cmdline, IBM says you're not supposed to, you're supposed to pay extra before changing that #).
Anyhow, paid-up or per-seat I sincerely doubt that even for $82M the license terms would have cleared Sun or HP from the issue of this suit, which is the accusation that AT&T/SCO code is being incorporated into Linux/GPL.
Now I can't see how SCO/Novell/AT&T would have written licensing contracts which permitted disclosure / general release of the code or trade secrets to SUN/HP. Yes, the continuing per-seat nature of IBM's agreement makes it easier for SCO to tactically make a threat to *stop IBM from shipping AIX*.
All of which seems like just so much noise. Solaris has been SystemV based from the git-go is my understanding, tho Sun has been saying for awhile now that it's completely free of any AT&T code. Even moreso HPUX and SGI IRIX began as pure SysV, and I don't think either has made a big effort to do a complete rewrite.
The amusing thing (as I've pointed out in prior comments) is that the source of the AIX *kernel* isn't in the least based on SysV. It's Mach which in turn is derived from BSD. Also nearly all of the AIX system utilities are BSD-flavored by default, ususally with SysV flavors available. AIX has recently adopted SysV-style init (a sad thing) but that's motivated with wanting to be aligned with the way most Linux systems are run.
Furthermore as many commentators have pointed out, AIX is one of the most heavily customized *nixes being sold today. Specifically, the VM design is markedly different, and the hardware interface is virtualized through an OO database.
So for my money SCO has nowhere to hang their (rather nebulous) accusations, and while I'm sure the fud-pushers will be all over this for awhile that kind of tactic usually involves an eventual backlash.
this is Trade Secret and Licence case. The word "patent" is not mentioned
True, I mentioned it because I've read that SCO holds some relevant patents.
But legally, there was never a cleanroom, and AIX was born from a UNIX license -- and that means contracts with SCO
Cleanroom implementations are nearly always used for reverse-engineering *patent* IP. Although I imagine some Copyright/License situations might warrant it, I've never heard of one. BSD has been (nearly) cleaned of AT&T code, Samba and Wine have been reverse-engineered, all without cleanroom / multiple team approaches. (MS and others have started to write license conditions that make reverse-engineering more difficult but I don't think that applies here).
From the complaint:
19. IBM has branded its version or "flavor" of the UNIX software as "AIX." All references hereinafter to AIX are so defined. AIX is a modification of AT&T/SCO's licensed UNIX
49. Prior to the events complained of in this action, SCO was the undisputed global leader in the design and distribution of UNIX-based operating systems on Intel-based processing platforms.
Project Monterey
51. Prior to this time, IBM had not developed any expertise to run UNIX on an Intel chip.
65. Pursuant to the AT&T / IBM UNIX Agreements, the parties agreed, inter alia, to the following terms and conditions:
a) IBM recognizes the proprietary nature of the Software Products (defined to mean the UNIX Software Code) and the need to protect against its unrestricted disclosure (Side Letter, 9);
b) IBM may not transfer or dispose of the UNIX Software Code in whole or in part (AT&T / IBM Software Agreement 7.10);
c) IBM is required to hold all UNIX Software Code subject to the AT&T / IBM Agreements in confidence (Software Agreement 7.06(a) as amended by Side Letter 9); and
d) IBM may not use the UNIX Software Code directly for others or allow any use of the UNIX Software Code by others (Software Agreement 2.05).
[some handwaving about specific elements, e.g. jfs]
[assertion that IBM encouraged linux developers to reverse-engineer SCO's valuable(sic} interfaces in breach of their agreement above]
Of course if SCO wanted to go after Irix or HP-UX they'd have something of a case, as both those Unices simply began as SysV with minor mods. Again, not so for AIX, nearly all the core utilities are BSD-flavored (yes there is a dfference) and as discussed already the kernel is Mach.
And how does this enter into the claims? SCO Your honor, IBM pays us x$ per year to license Unix (TM) IBM That license covers a variety of uses, for instance, access to the Unix Trademark, SCO cannot claim damages for technology which we license but do not implement.
What I saw in the FA was and IP-based lawsuit. The license is a matter of commercial and contract law. The use of code and technology is a matter of copyright and patent law.
I sincerly doubt there is very much SYSV (monolithic kernel) code in AIX (microkernel) as a kernel or related userspace utilities. Because most of the interesting technology is in the *kernel* I think this is main point. As I already indicated, AIX is based on Mach, but with a *lot* of modifications in the core. Other examples of what IBM technology has found its way into Linux:
JFS -- the first *nix journaled filesystem and the Linux version is branched from the OS/2 flavor of JFS, in any case developed inside IBM.
LVM -- as near as I can tell the Linux LVM was implemented outside of IBM, and in anycase it's not AT&T/SysV derived.
ProPolice -- oss-derived techniques applied to the GCC compiler (not a Linux issue)
you neglect that some of that code was derived from the original UNIX codebase, no matter how many ringers it's been through.
Actually that was the *point* and I stand by it. The AIX kernel is *not* AT&T derived. I suggest you look over the Linux and *BSD kernels and look at the task of merging them. *Why* would IBM have done that? Aside from being stupid in terms of technology, it would create the very sort of potential license problems SCO thinks it can raise. There may well be some AT&T code there, but SCO is going to have to show that it's used in ways that violate their contract.
I imagine IBM spent a fair amount of code building a SYSV interface onto the kernel which they developed from Mach(BSD-derived). Again I doubt that will have been done using anything from the AT&T code. Whether there are infringements on SCO's patent base is another matter.
SCO's statements quoted in the article suggest that [unless ibm worked in a clean room] their Linux efforts *must be contaminated* by their exposure to SYSV.
From the Article:
Eunice, who has been involved in Unix for years, questioned the accuracy of some of the history contained in the SCO suit. For example, the suit says that "AIX is a modification of (SCO's) licensed Unix that is designed to run on IBM's processor," but Eunice said IBM was unhappy with the performance of Unix kept only the interfaces higher-level software used to communicate with it.
"The AIX kernel...was not principally based on the Unix source code. It was based on their (IBM's) own development," Eunice said.
I guess these allegations have only to do with what IBM has been adding to the GNU/Linux code. Will it be possible to prove that there was no contamination, especially if the former AIX team was working on Linux software? I remember, maybe a year and a half ago, there was an interview on/. with AIX team working on GNU/Linux, does anyone else remember? This is going to be a tough battle
No I don't think it will be. AIX (as a kernel) is based on CMU/Mach, and the internals are all *very* much written at IBM. (the same kernel has been under the hood of AS/400 for half a decade now).
I can't imagine that they won't bury SCO in court. Their premise at least as regards the kernel (and Linux is a kernel not an OS, right?!;-)) -- has no basis in fact, there is no line you can draw from SYSV->AIX->Linux.
That was my 2nd thought "what are they thinking? the counter suit could bury them"
My first thougth was "what idiot suit at SCO thinks they can make a case for AIX being SYSV-derived?"
The logic(sic) they are asserting seems to be: AIX is based on SYSV that SCO acquired from AT&T, and that IBM's moved those ideas into Linux.
Nice fantasy. AIX is based on the Mach microkernel from CMU, which in turn is BSD-derived. Even at that it is very much re-implemented, using such intersting magic as an O-O system configuration database, and the first widely available journalling filesystem for a *nix.
People think of AIX as being SYSV because it implements a SYSV *interface*. IBM is all about standards and AIX achieved System-V (and later versions) standard compliance *and* BSD compliance wherever that did not conflict.
So no, SCO hasn't got a leg to stand on on this aspect. I wish them luck they are toing to need it.
Yes that's the way it is with some ISPs. Of course when you get rooted, many will eventually shut you down under acceptable use policy.
I'd like to see the same sort of blacklisting as applies to the smtp rbl/dnsbl. IP's which propagate attack traffic are blacklisted and denied access to services of participating hosts.
The simplest way to do this would be to just do it at the application layer, deny services on port:80, giving offending IP's the url of the blacklist site. It would have to be limited to TCP - based attacks, to eliminate address spoofing. Unlike open-relay problems, attack sources are not independently verifiable, so data would have to come from trusted sites/monitoring tools.
More sophisticated approaches could effectively cut such systems right off the net, send an 'admin-prohibited' ICMP or implement a distributed Tarpit, the range of technical solutions are more than adequate.
This could also be used to blacklist ISP's who refuse to police AUP's on their users.I think this would be a simple & effective way to put the onus on system owners (and in some cases ISP's) to get their act together.
Society requires all kinds of equipment and property be correctly maintained, be it your home, auto, boat or airplaine if it's not maintained and people get hurt as a result you're liable.
It's just a matter of time before the same sort of standards are generally required of systems connected to the 'Net. As a community we can choose to take the necessary steps on our own, or we can wait for the government to regulate it.
I certainly don't think the government solution will be one I want to deal with.
Why am I not surprised that it would be chrisd intoning:
AquaPharm Bio-Discovery... 'is keeping the identity of its MRSA-killing bacteria a closely guarded secret, and taken out patents...' Oh well."
Sure, both the patent and medical regulatory agencies (FDA in particular) have their flaws. for my $0.02 there are far more wierdness in the medical industry (where I have 20 years engineering experience) than in the software industry (which is far less entrenched *at this point*).
It takes most of a *decade* to get a prescription drug approved for marketing. Since much of this research is performed by US companies, and the US market is willing to spend *tons* of money keeping people with unhealthy life-styles alive, it needs to be done to meet FDA regulations. (This is the agency which, a generation later is still justifying its existence on the basis of a beaurocratic snafu which kept Thalidomide from being sold in the US).
Furthermore the vast majority of active medical drug treatments are 'discovered' natural agents (hence the name of the company in question <doh>!). There's nothing special or new about the drug companies researching/patenting biochemical compounds.
If people want something to actually be concerned about, maybe think on sub-saharan Africa who's population is being decimated (in the modern sense) by HIV, or the continuing loss of the very biodiversity which enables this kind of research.
But it's much easier to cherish your gas guzzling / ugly / high pollution SUV or sit back and play with all the toys you can get at ThinkGeek && bitch about all those 'rich fuckers' abusing the patent process or 'killing people' by working in medical research than to actually effect change.
As pointed out above, a primary reason that patents exist is to prevent technology from being held in 'trade secret'. In patent, you get a *temporary* monopoly in exchange for disclosing the art necessary to practice your invention.
Lots of things would be different without patent law, see all the/. handwaving about how bad it is. However, consider how much that is disclosed in patents would otherwise be trade-secret? I think the anti-IP/patent crew usually fails to consider that trade-secret (e.g. closed source) is a fundamental form of IP.
In fact the restrictions & freedoms of patent law are very much like the GPL, one of whose intents is to ensure that source code remain available. In exchange for placing a restriction on the distribution, the author is enforces that the art of his or her work remains open.
I don't expect this will be a popular thought among the denizens of/. which is so heavily populated with people who thing free==GPL. The Perl Artistic license or the BSD license provide freedom without restriction, compare this with those the (anti-patent) GPL.
proprietary: GPL: BSD
tradesecret: patent: public domain
Last I'd like to point out that GPL is *forever*, while patents expire. Once expired, patent IP becomes public domain. GPL can change at the author's discretion, however in the (intended) complex situation of packages with dozens or hundreds of significant authors, it seems unlikely for most systems to do so.
After a patent expires *anyone* is allowed to practice the art, and to do so without further disclosure or license. Again, GPL is forever, that's not good or bad but it does have consequences.
mySQL... would be a good replacement for a lightweight database like access, but I hardly think that it has what it takes (yet) to replace an MS-SQL
Depends entirely on what you need, in terms of *speed* and *terrabyte* capacity, mysql was designed to be replace Oracle which is a helluva lot faster (not to mention more scale-able) than SQL-server. *Access* ??? that's a single-user application which some shops use to deploy multi user applications using SMB file locking -- very ugly, and not comparable.
Let's remember that just 4 years ago MS was pushing hard to get big-iron shops to commit to backending SAP-R3 with <cough> SQL-Server while trying to explain that 'you can work around the lack of row-level locking'.
Now *before* all the 'leet(sic) pgsql fans bounce in to suggest the mysql is inadequate... Sure if you need TP and *complete* SQL language then mysql isn't the right choice. It remains a great solution for both performance and capacity where those attributes aren't needed.
Also, the numbers are 'negative' - if you're lucky you can measure attacks (successful and not), but you can't directly measure the value of the 'safe' systems.
For instance I know a fellow at a large financial institution who put 5 people in prison in 2001. These aren't kiddies or Mitnicks, these are people who've actively targetted this business and tried to break in. Naturally the security geeks mostly lose sleep over the ones they fear they didn't catch / observe.
Kiddies, worms, and all the forms of low-level noise that are part of the modern net aren't the problem. If you're successfully hit by a worm then basically you don't care enough to bother to put defenses in place because the worms usually follow the vulnerability disclosures by months, not hours or days.
If you have assets that are worth protecting then the first step in securing is to assess the cost of being rooted, and determining a cost-effective approach to mitigating attacks.
Usually this means 'defense in depth', e.g. planning and ensuring that an attacker's reconnasance will set off the alarms allowing you to mitigate before an *effective* attack is started.
My $0.02, anyone relying on a *firewall* to protect their assets has already lost the game. A serious perimiter defense probably includes a carefully secured firewall, network IDS, and host/configuration IDS/configuration management, just for starters. As with all engineering tasks, care in design directly translates to both the effectiveness and the cost-effectiveness of the results.
This book sounds like a positive step in communicating the knowlege of how this is done.
Can't you people puhleze consider doing basic checking on the drivel you choose to post here? This is just embarassing, coming from people who purport to be 'Nerds'.
/. seems to have degenerated to the lowest common denominator between hack journalism(sic) and tech(sic) fluffery.
I've stopped taking the time to M2, why bother when the base quality of this feed has dropped this low. You-all want to enhance quality on this site? Consider an M-system for the original posts/editors.
Aside from throwing a tantrum and jumping Netscape to go run a nightclub he's perhaps best known for having written 'xscreensaver'. On his blog he brags at length about it's elegant / modular design whilst bashing the design of X11, and declaiming any possibility that his vaunted code could ever be responsible for problems.
Now I've used xlock for a freaking decade on Unix/Linux/BSD and I've yet to have an x-session crash because of it. By comparison I've never run a video card/Xserver version which some module of xscreensaver wouldn't crash. Now I'm accustomed to running my x-sessions for upwards of 6 months. Yes, this has always been marginally more stable on vendor-Unix than Linux.
So along comes jwz armed with his superior(sic) screensaver which has a couple of modules that will happily crash every linux X-server I've ever used -- what's up with this? My best guess is he's got a hair across his butt about not liking the X architecture and he's stuck in code that he knows will hit on known bugs.
Now this just antisocial imo. GUI's are the achilles heel of every os I've ever run, they do lots of memory copies, pointer ops and try to deal with async input from multiple sources.
And then go look at his Linux gripes on his blog -- 2weeks to get X to display at bettter than 640x480??! I'm sorry but this just indicate the brightest bulb on the tree. Neither am I and I managed to get linux +x up in '96 in a couple of days, and since then I've run linux or *BSD on a dozen different systems. I agree with him that vendor-unix is more stable and better behaved as a gui -- big surprise -- the vendor has complete control of devices and has a reasonable shot at doing solid regression testing. Obviously OSS can't achieve that.
Who can companies trust if they're afraid that this kind of thing can happen? How can they prevent it?
The article noted a 1.25 million dollar / 20 yr prison term possible sentences.
Malicious leaving employees are hardly new (and usually *even less* creative than this idiot). Obviously single points of failure, whether they're hadware, software or human are undesirable in complex systems. That's why secure/survivable systems adopt redundancy and defense-in-depth postures.
If these were in any way 'mission critical' systems at Paine Weber I dare say they're running redundant. In addition to the change-control proceedures mentioned above it would certainly be possible to separate admin/authentication roles on each side of the redundant systems, allowing no one admin to bring down the whole show.
And of course effective / secure backups remain as the usual last line of defense.
Yes tapes and drives fail. However the effective
claimed life of good media is 30 years. If you really needed better, of course there's optical
media (crystaline / stable writeable media's been available for a long time also).
In nearly a decade of using 8mm tape I've written a few gig nightly to 2 drives I'm approaching 100 TB of data written and nearly 100% successful restore operations. I have exactly one instance
of data-loss in that time and many instances where
the rotation scheme saved someone from a poorly
timed deletion or other accident / error.
Total failures, 4 dead tapes, 1 drive refurbished.
I don't have a controlled environment or especially perfect storage conditions, yet I've had no problem reading data that's 8-10 years old.
Just pulled the july 8, 1995 tape and read it just fine (nothing older than that happens to be onsite just now).
Sure, it's a pain when something breaks, but honestly I put more time into working out the methods to not be surprised than I've ever lost due to lost data i.e. we don't rely on any one tape ofr anything critical.
Perhaps more importantly planned backups have saved entire systems when the o/s got wedged, and
if ( - it's not happened yet) a system gets rooted we can restore known-state with
minimal disruption.
Ohh and btw I've seen the spindle bearings of out-of-service hard-drives freeze when left off for extended periods -- those are not odds I like at all.
magnetization from one layer will transfer to the next.... oxide will also start flaking off after a while and the carrier will become brittle.
Write-thru is only a problem with quik-format / fixed head tapes. These became substantially unreliable as tape media became stronger (using PET/mylar backing) allowing the distance from one oxide layer to the next to become smaller.
DAT/dds, 8mm and other current tape media use a far thinner oxide layer allowing higher density at the price of lower gauss values. They work because the helical scan / rotating head increases the velocity sufficiently to allow use of the weaker signal.
Lower gauss values also effectively eliminates write-thru. I've read (many) decade-old 8mm tapes
and in a decade of using this medea I've only seen a couple of tape failures.
The first rule of sales is that you have to convince the prospect that your product matters. This holds true whether you're selling encyclopedias door-to-door or whether you're trying to convince your boss to fund the purchase of new server equipment!
Gee and I thought the first rule of sales was sell *your* product (or self-promote on/.) whether you know the geeks have gotten the details right or not.
Such as advertising solid web hosting service, when your own servers are running known-vulnerable apache, ssl and ssh?
If it's my network and my bandwidth I have every right to do with it as I please.
Subject to your ISP's acceptable use policy. The concept of acceptable use is much like speed limits; completely ignore them and eventually other isp's will shut you off.
About speed limits, first that depends a whole lot on where you are, on either coast of the US, yes folks typically exceed the posted limit by 10-15 mph, otoh in AZ/MX nearly all traffic travels 10-15 mph under the (70mph) limit, while in the
midwest I've found that people pretty much mark the posted limits.
However, you're not allowed on the road at all without maintaining your vehicle to safety and
emissions standards, and (except in a few states)
getting tagged at 90MPH+ earns both a stiff fine and a nasty hike in insurance rates.
I for one have darned little patience for irresponsible morons running insecure networks / systems that are a haven for script kiddies. So while the particular name on the problem today is
terrorism, I pretty much welcome actual enforcement of some minimum standards of competence.
Because tracking an attacker who's grabbed onto
an open AP is effectively *far* more difficult
than other avenues, sorry but I think moves in
this direction are probably a pretty good idea.
But then if it were up to me MCSE's wouldn't be allowed anywhere near a live 'net connection;-).
sylpheed (I prefer this because it uses MH format, allowing me to stay with mh on my unix(tm) system
when I'm out of the office / bandwidth-limited.
evolution people I respect swear by it, reported to act a lot like outlook// without the viri.
Usenet:
Really where have you been? I haven't seen a gui mail reader in years that didn't include nntp capability (again I use sylpheed). Mozilla has
a newsreader and there are dozens of gui *nix readers available.
Palm:
Jpilot, Evolution has palm channels all setup for a more complete interface if you want it, Sylpheed can do this also. I
routinely sync on the irda port of my laptop on linux, on Openbsd I have to use the cable, no problems.
Irc:
xchat, hands down better than mirc
Office apps.
Ahh well you got me there. I still curse the masses who can't seem to send a 15 line meeting agenda witout resorting to a word attachement. I use emacs / troff for text formatting and doc preparation (and my work looks a helluva lot more professional with less effort then my peers put into coaxing msword's wysiwyg. For those projects
that actually require more complex documents, I have Frame Maker, but that's expensive and Unix(tm) I don't know how/if it runs on linux.
Otoh, Openoffice has a fine rep with folks I know who use it.
Multimedia.
Mplayer and xine have both worked flawlessly for me. I miss realaudio and some other 'rich' web experiences (ho hum).
if the sniffer is trojanized, then
it could possible hide such "activities".
I actually read the article and it however seems that it was not the case here...
phew:-)
From the article:
Gencode.c is modified to force libpcap to ignore
packets to/from the backdoor program, hiding the
backdoor program's traffic.
MD5 checks work nicely. Sure pgp in theory is better but since md5's are cached locally, and
a helluva lot faster to check the chances that
they will actually be used and verified are seemingly quite good.
Which is to say in practice MD5 has caught rather
a lot of these problems, and in quite timely manner.
As irrelevant as various source-distributions
(e.g. lunar,
source-mage and Gentoo)
are at present in other respects, they make a nice
'canary' in the coal mine:-).
SuaSponte: Latin for "of one's own accord; voluntarily." Used when the court addresses an issue without the litigants having presented the issue for consideration. Most frequently used when the court determines that jurisdiction is not proper even though both parties have agreed to appear in the court.
"Jurisdiction is retaine by this Court such that the Court may act sua sponte to issue further orders or directions, includint but not limited to orders or directions relating to the construction or carrying out of this Final Judgement..."
Basically this says to me the judge has observed
that MS has a record of working very hard to leverage ambiguity in prior judgements, coupled with the known slow pace of DOJ to evade restrictions.
Kollar-Kotelly as I read it has said here: "This court will be seeing that this history does not repeat itself. And all parties have 1 week to sign on.
MSFT doesn't provide any of the krb4 implementation
so this and other krb4 problems won't be an issue.
Krb5 was recently found to have a flaw in the
xdr_array function, the last kerberos bug I know of
before that was the kerberized telnet daemon -- same bug that was in standard telnetd, the 'ayt' sequence
I think. Again, no telnet, no flaw.
Those are the only two flaws I can think of in krb5 in the past 3 years, but yes there were more in the krb4 implementation.
I guess when you weren't looking (a day before the MIT patch was issued) OpenBSD posted this patch
to kadmind.
Obsd uses Heimdal, and seemingly the krb4 compatiblity is built into the kadmind daemon. Only MIT-based sites running the kadmind4 daemon are affected, while seemingly all heimdal KDC's running kadmind were. In any case the code flaw in both cases has a similar patch / fix.
Slashdot Mirror
You can see the bsd sources in cvsweb easily enough, 'etc/rc' is the primary initscript, '/etc/init.d/* in most linux + /etc/inittab (which defines runlevels and at the core level is the more significant difference between the two initsystems. For instance Slackware uses sysvinit, yet adopts initscripts in /etc/rc.d and doesn't use the symlinks + chkconfig ala RH etc (look for Linux Standard Base on google, which lays out sysV-like approach for compliance).
I said *Solaris* I know sunos was bsd-derived. Using Solaris it was always clear that it was a SysV system. for starters, with BSD/sunos compat builton see:j ulaug95/solaris.htm
http://www.swcp.com/pcaskey/sunos-solaris.html & http://www.unt.edu/UNT/departments/CC/Benchmarks/
You're right about IRIX, I've had to occaisionally use IRIX since their v5 and always found it to be SysV-flavor/ugly, and assumed it had a sysV origin. I stand corrected :-).
Yup, 'simpleinit' is another flavor which tries to improve on both (and must be failing because I know of only one linux dist that uses it).
SysV init basically adopts SXX* KXX* symlinks in /etc/rc?.d/ to various service scripts (/etc/init.d/) to achieve an orderly Start/Kill logic for any given runlevel.
BSD's use simpler scripts which are easier to hand-maintain & customize.
Anyhow, paid-up or per-seat I sincerely doubt that even for $82M the license terms would have cleared Sun or HP from the issue of this suit, which is the accusation that AT&T/SCO code is being incorporated into Linux/GPL.
Now I can't see how SCO/Novell/AT&T would have written licensing contracts which permitted disclosure / general release of the code or trade secrets to SUN/HP. Yes, the continuing per-seat nature of IBM's agreement makes it easier for SCO to tactically make a threat to *stop IBM from shipping AIX*.
All of which seems like just so much noise. Solaris has been SystemV based from the git-go is my understanding, tho Sun has been saying for awhile now that it's completely free of any AT&T code. Even moreso HPUX and SGI IRIX began as pure SysV, and I don't think either has made a big effort to do a complete rewrite.
The amusing thing (as I've pointed out in prior comments) is that the source of the AIX *kernel* isn't in the least based on SysV. It's Mach which in turn is derived from BSD. Also nearly all of the AIX system utilities are BSD-flavored by default, ususally with SysV flavors available. AIX has recently adopted SysV-style init (a sad thing) but that's motivated with wanting to be aligned with the way most Linux systems are run.
Furthermore as many commentators have pointed out, AIX is one of the most heavily customized *nixes being sold today. Specifically, the VM design is markedly different, and the hardware interface is virtualized through an OO database.
So for my money SCO has nowhere to hang their (rather nebulous) accusations, and while I'm sure the fud-pushers will be all over this for awhile that kind of tactic usually involves an eventual backlash.
True, I mentioned it because I've read that SCO holds some relevant patents.
But legally, there was never a cleanroom, and AIX was born from a UNIX license -- and that means contracts with SCO
Cleanroom implementations are nearly always used for reverse-engineering *patent* IP. Although I imagine some Copyright/License situations might warrant it, I've never heard of one. BSD has been (nearly) cleaned of AT&T code, Samba and Wine have been reverse-engineered, all without cleanroom / multiple team approaches. (MS and others have started to write license conditions that make reverse-engineering more difficult but I don't think that applies here).
From the complaint:
19. IBM has branded its version or "flavor" of the UNIX software as "AIX." All references hereinafter to AIX are so defined. AIX is a modification of AT&T/SCO's licensed UNIX
49. Prior to the events complained of in this action, SCO was the undisputed global leader in the design and distribution of UNIX-based operating systems on Intel-based processing platforms.
Project Monterey
51. Prior to this time, IBM had not developed any expertise to run UNIX on an Intel chip.
65. Pursuant to the AT&T / IBM UNIX Agreements, the parties agreed, inter alia, to the following terms and conditions:
a) IBM recognizes the proprietary nature of the Software Products (defined to mean the UNIX Software Code) and the need to protect against its unrestricted disclosure (Side Letter, 9);
b) IBM may not transfer or dispose of the UNIX Software Code in whole or in part (AT&T / IBM Software Agreement 7.10);
c) IBM is required to hold all UNIX Software Code subject to the AT&T / IBM Agreements in confidence (Software Agreement 7.06(a) as amended by Side Letter 9); and
d) IBM may not use the UNIX Software Code directly for others or allow any use of the UNIX Software Code by others (Software Agreement 2.05).
[some handwaving about specific elements, e.g. jfs]
[assertion that IBM encouraged linux developers to reverse-engineer SCO's valuable(sic} interfaces in breach of their agreement above]
Of course if SCO wanted to go after Irix or HP-UX they'd have something of a case, as both those Unices simply began as SysV with minor mods. Again, not so for AIX, nearly all the core utilities are BSD-flavored (yes there is a dfference) and as discussed already the kernel is Mach.
And how does this enter into the claims?
SCO Your honor, IBM pays us x$ per year to license Unix (TM)
IBM That license covers a variety of uses, for instance, access to the Unix Trademark, SCO cannot claim damages for technology which we license but do not implement.
What I saw in the FA was and IP-based lawsuit. The license is a matter of commercial and contract law. The use of code and technology is a matter of copyright and patent law.
I sincerly doubt there is very much SYSV (monolithic kernel) code in AIX (microkernel) as a kernel or related userspace utilities. Because most of the interesting technology is in the *kernel* I think this is main point. As I already indicated, AIX is based on Mach, but with a *lot* of modifications in the core. Other examples of what IBM technology has found its way into Linux:
JFS -- the first *nix journaled filesystem and the Linux version is branched from the OS/2 flavor of JFS, in any case developed inside IBM.
LVM -- as near as I can tell the Linux LVM was implemented outside of IBM, and in anycase it's not AT&T/SysV derived.
ProPolice -- oss-derived techniques applied to the GCC compiler (not a Linux issue)
you neglect that some of that code was derived from the original UNIX codebase, no matter how many ringers it's been through.
Actually that was the *point* and I stand by it. The AIX kernel is *not* AT&T derived. I suggest you look over the Linux and *BSD kernels and look at the task of merging them. *Why* would IBM have done that? Aside from being stupid in terms of technology, it would create the very sort of potential license problems SCO thinks it can raise. There may well be some AT&T code there, but SCO is going to have to show that it's used in ways that violate their contract.
I imagine IBM spent a fair amount of code building a SYSV interface onto the kernel which they developed from Mach(BSD-derived). Again I doubt that will have been done using anything from the AT&T code. Whether there are infringements on SCO's patent base is another matter.
SCO's statements quoted in the article suggest that [unless ibm worked in a clean room] their Linux efforts *must be contaminated* by their exposure to SYSV.
From the Article: Eunice, who has been involved in Unix for years, questioned the accuracy of some of the history contained in the SCO suit. For example, the suit says that "AIX is a modification of (SCO's) licensed Unix that is designed to run on IBM's processor," but Eunice said IBM was unhappy with the performance of Unix kept only the interfaces higher-level software used to communicate with it.
"The AIX kernel...was not principally based on the Unix source code. It was based on their (IBM's) own development," Eunice said.
No I don't think it will be. AIX (as a kernel) is based on CMU/Mach, and the internals are all *very* much written at IBM. (the same kernel has been under the hood of AS/400 for half a decade now).
I can't imagine that they won't bury SCO in court. Their premise at least as regards the kernel (and Linux is a kernel not an OS, right?! ;-)) -- has no basis in fact, there is no line you can draw from SYSV->AIX->Linux.
My first thougth was "what idiot suit at SCO thinks they can make a case for AIX being SYSV-derived?"
The logic(sic) they are asserting seems to be: AIX is based on SYSV that SCO acquired from AT&T, and that IBM's moved those ideas into Linux.
Nice fantasy. AIX is based on the Mach microkernel from CMU, which in turn is BSD-derived. Even at that it is very much re-implemented, using such intersting magic as an O-O system configuration database, and the first widely available journalling filesystem for a *nix.
People think of AIX as being SYSV because it implements a SYSV *interface*. IBM is all about standards and AIX achieved System-V (and later versions) standard compliance *and* BSD compliance wherever that did not conflict.
So no, SCO hasn't got a leg to stand on on this aspect. I wish them luck they are toing to need it.
I'd like to see the same sort of blacklisting as applies to the smtp rbl/dnsbl. IP's which propagate attack traffic are blacklisted and denied access to services of participating hosts.
The simplest way to do this would be to just do it at the application layer, deny services on port :80, giving offending IP's the url of the blacklist site. It would have to be limited to TCP - based attacks, to eliminate address spoofing. Unlike open-relay problems, attack sources are not independently verifiable, so data would have to come from trusted sites/monitoring tools.
More sophisticated approaches could effectively cut such systems right off the net, send an 'admin-prohibited' ICMP or implement a distributed Tarpit, the range of technical solutions are more than adequate.
This could also be used to blacklist ISP's who refuse to police AUP's on their users.I think this would be a simple & effective way to put the onus on system owners (and in some cases ISP's) to get their act together.
Society requires all kinds of equipment and property be correctly maintained, be it your home, auto, boat or airplaine if it's not maintained and people get hurt as a result you're liable.
It's just a matter of time before the same sort of standards are generally required of systems connected to the 'Net. As a community we can choose to take the necessary steps on our own, or we can wait for the government to regulate it.
I certainly don't think the government solution will be one I want to deal with.
AquaPharm Bio-Discovery ... 'is keeping the identity of its MRSA-killing bacteria a closely guarded secret, and taken out patents ...' Oh well."
Sure, both the patent and medical regulatory agencies (FDA in particular) have their flaws. for my $0.02 there are far more wierdness in the medical industry (where I have 20 years engineering experience) than in the software industry (which is far less entrenched *at this point*).
It takes most of a *decade* to get a prescription drug approved for marketing. Since much of this research is performed by US companies, and the US market is willing to spend *tons* of money keeping people with unhealthy life-styles alive, it needs to be done to meet FDA regulations. (This is the agency which, a generation later is still justifying its existence on the basis of a beaurocratic snafu which kept Thalidomide from being sold in the US).
Furthermore the vast majority of active medical drug treatments are 'discovered' natural agents (hence the name of the company in question <doh>!). There's nothing special or new about the drug companies researching/patenting biochemical compounds.
If people want something to actually be concerned about, maybe think on sub-saharan Africa who's population is being decimated (in the modern sense) by HIV, or the continuing loss of the very biodiversity which enables this kind of research.
But it's much easier to cherish your gas guzzling / ugly / high pollution SUV or sit back and play with all the toys you can get at ThinkGeek && bitch about all those 'rich fuckers' abusing the patent process or 'killing people' by working in medical research than to actually effect change.
Lots of things would be different without patent law, see all the /. handwaving about how bad it is. However, consider how much that is disclosed in patents would otherwise be trade-secret? I think the anti-IP/patent crew usually fails to consider that trade-secret (e.g. closed source) is a fundamental form of IP.
In fact the restrictions & freedoms of patent law are very much like the GPL, one of whose intents is to ensure that source code remain available. In exchange for placing a restriction on the distribution, the author is enforces that the art of his or her work remains open.
I don't expect this will be a popular thought among the denizens of /. which is so heavily populated with people who thing free==GPL. The Perl Artistic license or the BSD license provide freedom without restriction, compare this with those the (anti-patent) GPL.
proprietary: GPL: BSD
tradesecret: patent: public domain
Last I'd like to point out that GPL is *forever*, while patents expire. Once expired, patent IP becomes public domain. GPL can change at the author's discretion, however in the (intended) complex situation of packages with dozens or hundreds of significant authors, it seems unlikely for most systems to do so.
After a patent expires *anyone* is allowed to practice the art, and to do so without further disclosure or license. Again, GPL is forever, that's not good or bad but it does have consequences.
Depends entirely on what you need, in terms of *speed* and *terrabyte* capacity, mysql was designed to be replace Oracle which is a helluva lot faster (not to mention more scale-able) than SQL-server. *Access* ??? that's a single-user application which some shops use to deploy multi user applications using SMB file locking -- very ugly, and not comparable.
Let's remember that just 4 years ago MS was pushing hard to get big-iron shops to commit to backending SAP-R3 with <cough> SQL-Server while trying to explain that 'you can work around the lack of row-level locking'.
Now *before* all the 'leet(sic) pgsql fans bounce in to suggest the mysql is inadequate ... Sure if you need TP and *complete* SQL language then mysql isn't the right choice. It remains a great solution for both performance and capacity where those attributes aren't needed.
For instance I know a fellow at a large financial institution who put 5 people in prison in 2001. These aren't kiddies or Mitnicks, these are people who've actively targetted this business and tried to break in. Naturally the security geeks mostly lose sleep over the ones they fear they didn't catch / observe.
Kiddies, worms, and all the forms of low-level noise that are part of the modern net aren't the problem. If you're successfully hit by a worm then basically you don't care enough to bother to put defenses in place because the worms usually follow the vulnerability disclosures by months, not hours or days.
If you have assets that are worth protecting then the first step in securing is to assess the cost of being rooted, and determining a cost-effective approach to mitigating attacks.
Usually this means 'defense in depth', e.g. planning and ensuring that an attacker's reconnasance will set off the alarms allowing you to mitigate before an *effective* attack is started.
My $0.02, anyone relying on a *firewall* to protect their assets has already lost the game. A serious perimiter defense probably includes a carefully secured firewall, network IDS, and host/configuration IDS/configuration management, just for starters. As with all engineering tasks, care in design directly translates to both the effectiveness and the cost-effectiveness of the results.
This book sounds like a positive step in communicating the knowlege of how this is done.
I've stopped taking the time to M2, why bother when the base quality of this feed has dropped this low. You-all want to enhance quality on this site? Consider an M-system for the original posts/editors.
Aside from throwing a tantrum and jumping Netscape to go run a nightclub he's perhaps best known for having written 'xscreensaver'. On his blog he brags at length about it's elegant / modular design whilst bashing the design of X11, and declaiming any possibility that his vaunted code could ever be responsible for problems.
Now I've used xlock for a freaking decade on Unix/Linux/BSD and I've yet to have an x-session crash because of it. By comparison I've never run a video card/Xserver version which some module of xscreensaver wouldn't crash. Now I'm accustomed to running my x-sessions for upwards of 6 months. Yes, this has always been marginally more stable on vendor-Unix than Linux.
So along comes jwz armed with his superior(sic) screensaver which has a couple of modules that will happily crash every linux X-server I've ever used -- what's up with this? My best guess is he's got a hair across his butt about not liking the X architecture and he's stuck in code that he knows will hit on known bugs.
Now this just antisocial imo. GUI's are the achilles heel of every os I've ever run, they do lots of memory copies, pointer ops and try to deal with async input from multiple sources.
And then go look at his Linux gripes on his blog -- 2weeks to get X to display at bettter than 640x480??! I'm sorry but this just indicate the brightest bulb on the tree. Neither am I and I managed to get linux +x up in '96 in a couple of days, and since then I've run linux or *BSD on a dozen different systems. I agree with him that vendor-unix is more stable and better behaved as a gui -- big surprise -- the vendor has complete control of devices and has a reasonable shot at doing solid regression testing. Obviously OSS can't achieve that.
Malicious leaving employees are hardly new (and usually *even less* creative than this idiot). Obviously single points of failure, whether they're hadware, software or human are undesirable in complex systems. That's why secure/survivable systems adopt redundancy and defense-in-depth postures.
If these were in any way 'mission critical' systems at Paine Weber I dare say they're running redundant. In addition to the change-control proceedures mentioned above it would certainly be possible to separate admin/authentication roles on each side of the redundant systems, allowing no one admin to bring down the whole show.
And of course effective / secure backups remain as the usual last line of defense.
In nearly a decade of using 8mm tape I've written a few gig nightly to 2 drives I'm approaching 100 TB of data written and nearly 100% successful restore operations. I have exactly one instance of data-loss in that time and many instances where the rotation scheme saved someone from a poorly timed deletion or other accident / error.
Total failures, 4 dead tapes, 1 drive refurbished. I don't have a controlled environment or especially perfect storage conditions, yet I've had no problem reading data that's 8-10 years old.
Just pulled the july 8, 1995 tape and read it just fine (nothing older than that happens to be onsite just now).
Sure, it's a pain when something breaks, but honestly I put more time into working out the methods to not be surprised than I've ever lost due to lost data i.e. we don't rely on any one tape ofr anything critical.
Perhaps more importantly planned backups have saved entire systems when the o/s got wedged, and if ( - it's not happened yet) a system gets rooted we can restore known-state with minimal disruption.
Ohh and btw I've seen the spindle bearings of out-of-service hard-drives freeze when left off for extended periods -- those are not odds I like at all.
Write-thru is only a problem with quik-format / fixed head tapes. These became substantially unreliable as tape media became stronger (using PET/mylar backing) allowing the distance from one oxide layer to the next to become smaller.
DAT/dds, 8mm and other current tape media use a far thinner oxide layer allowing higher density at the price of lower gauss values. They work because the helical scan / rotating head increases the velocity sufficiently to allow use of the weaker signal.
Lower gauss values also effectively eliminates write-thru. I've read (many) decade-old 8mm tapes and in a decade of using this medea I've only seen a couple of tape failures.
Gee and I thought the first rule of sales was sell *your* product (or self-promote on /.) whether you know the geeks have gotten the details right or not.
Such as advertising solid web hosting service, when your own servers are running known-vulnerable apache, ssl and ssh?
Subject to your ISP's acceptable use policy. The concept of acceptable use is much like speed limits; completely ignore them and eventually other isp's will shut you off.
About speed limits, first that depends a whole lot on where you are, on either coast of the US, yes folks typically exceed the posted limit by 10-15 mph, otoh in AZ/MX nearly all traffic travels 10-15 mph under the (70mph) limit, while in the midwest I've found that people pretty much mark the posted limits.
However, you're not allowed on the road at all without maintaining your vehicle to safety and emissions standards, and (except in a few states) getting tagged at 90MPH+ earns both a stiff fine and a nasty hike in insurance rates.
I for one have darned little patience for irresponsible morons running insecure networks / systems that are a haven for script kiddies. So while the particular name on the problem today is terrorism, I pretty much welcome actual enforcement of some minimum standards of competence.
Because tracking an attacker who's grabbed onto an open AP is effectively *far* more difficult than other avenues, sorry but I think moves in this direction are probably a pretty good idea.
But then if it were up to me MCSE's wouldn't be allowed anywhere near a live 'net connection ;-).
sylpheed (I prefer this because it uses MH format, allowing me to stay with mh on my unix(tm) system when I'm out of the office / bandwidth-limited.
evolution people I respect swear by it, reported to act a lot like outlook // without the viri.
Usenet:
Really where have you been? I haven't seen a gui mail reader in years that didn't include nntp capability (again I use sylpheed). Mozilla has a newsreader and there are dozens of gui *nix readers available.
Palm: Jpilot, Evolution has palm channels all setup for a more complete interface if you want it, Sylpheed can do this also. I routinely sync on the irda port of my laptop on linux, on Openbsd I have to use the cable, no problems.
Irc:
xchat, hands down better than mirc
Office apps.
Ahh well you got me there. I still curse the masses who can't seem to send a 15 line meeting agenda witout resorting to a word attachement. I use emacs / troff for text formatting and doc preparation (and my work looks a helluva lot more professional with less effort then my peers put into coaxing msword's wysiwyg. For those projects that actually require more complex documents, I have Frame Maker, but that's expensive and Unix(tm) I don't know how/if it runs on linux.
Otoh, Openoffice has a fine rep with folks I know who use it.
Multimedia.
Mplayer and xine have both worked flawlessly for me. I miss realaudio and some other 'rich' web experiences (ho hum).
Messaging
Gaim, there are others.
cameras/cf readers
works for me, just a device mount on usb
MD5 checks work nicely. Sure pgp in theory is better but since md5's are cached locally, and a helluva lot faster to check the chances that they will actually be used and verified are seemingly quite good.
Which is to say in practice MD5 has caught rather a lot of these problems, and in quite timely manner.
As irrelevant as various source-distributions (e.g. lunar, source-mage and Gentoo) are at present in other respects, they make a nice 'canary' in the coal mine :-).
Basically this says to me the judge has observed that MS has a record of working very hard to leverage ambiguity in prior judgements, coupled with the known slow pace of DOJ to evade restrictions.
Kollar-Kotelly as I read it has said here: "This court will be seeing that this history does not repeat itself. And all parties have 1 week to sign on.
go Judge!
Krb5 was recently found to have a flaw in the xdr_array function, the last kerberos bug I know of before that was the kerberized telnet daemon -- same bug that was in standard telnetd, the 'ayt' sequence I think. Again, no telnet, no flaw.
Those are the only two flaws I can think of in krb5 in the past 3 years, but yes there were more in the krb4 implementation.
Obsd uses Heimdal, and seemingly the krb4 compatiblity is built into the kadmind daemon. Only MIT-based sites running the kadmind4 daemon are affected, while seemingly all heimdal KDC's running kadmind were. In any case the code flaw in both cases has a similar patch / fix.