The Internet is vast, everything is out there for free somewhere. Those with less time on there hands, or less enthusiam for finding it will pay a fee... everybody else will lumber on regardless.
1) High exposure for an IP led case will hopefully lead to better regulation and legislation around IP management.
2) We need to see the GPL tested in court, we need to see what protection it extends to end users and we need to see what protection it extends to developers.
IP Law is a mess, the GPL is an unknown quantity... until both of these things happen we're just swimming around in an ocean.
funny, everybody cheered when a small group of competitors used the Government to attack Microsoft... now the tables are turning why all the upset and concern?
Principally he is right though... Linux will never and can never get EAL4, with a decent protection profile, as it currently stands. You would have to go back and document the development process for each and every component in the OS. Accounting for the activity of all the contributing developers.
On the brighter side... there is talk of changing the CC process to better suit the OSS world.
not off the shelf, products that gain higher ratings tend to be bespoke developments for very secure systems... thinks missile guidance and command & control.
1) CC != Security, CC == Trust. EAL2 is close to the lowest level of evaluation and if my recollection of the eval levels is correct (it's been a while), EAL2 basically says that somebody somewhere might be able to find the documentation behind all the code if they went looking for it. Win 2k got EAL4 which is a full code and documentation review.
2) When you put a product into CC you define a protection profile, the weight and value of the evaluation is based upon the complexity of that profile. It would be useful to see the profile for this eval. It is possible (in theory at least) to get a product through CC by defining a profile that outlines what happens when you click on the "Red Hat". The more you exclude the more quickly you get through the process, but conversely the less interesting the evaluation is to government.
3) For those of you that feel this steals a march over WinXP, be aware that WinXP is in evaluation and the protection profiles that it is being evaluated under are public. Microsoft are doing a far more extensive job with XP than IBM did with Linux. When a Government procurement organisation comes to buy product, even for systems classified as SECRET, the fact that a product is in evaluation is generally enough, this is certainly true outside of the US.
Don't get me wrong, this is a great start and will certainly spread a lot of marketing fud but it does not mean a great deal to the government community. If anything it will raise a series of questions about why Microsoft's so called 'in secure' product can achieve EAL4 when the Open Source Linux offering can only scratch through EAL2.
I've done a lot of work with the EC over the last 10 years or so... the existence of the "beast of Brussels" would be a surprise for many reasons, not least of which several people would have had to have reached consensus to build the thing.
"For ever[y] *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam."
I'm quite sure that this is true... however I feel that the "people like you" comment is a little unfair. I would have thought that the more people that go through the process that I have over the last few weeks the better.
I now understand a LOT more about SMTP, I understand a lot more about spam and I undestand a lot more about the tools that exist on the internet to help me combat the issue... I also understand how I can interpret the log files from my server and extract information that I can use to contribute to combating the issue.
In your position I would probably make the same decision... it would be great to have a "test me" site that I could run my server through though that would allow me to participate with the larger community.
While I accept that as a novice I made some mistakes... I regret seeing my ability interact with many hosts on the internet crippled because of the actions of others.
"for any business enterprise"
This is purely home use... only me an my wife using it for email. I'm within the bounds of my contract.
As for the other comments, I was expecting some, I openly admit that I threw the box up with little or no understanding of the technology.
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice.
As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays.
AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against.
There must be scope for a simple "Setting up your own mail server" FAQ.
In my mind this is exactally where the community needs to evolve. You're absolutly correct, when you're buying a LOB application the cost of the OS really does not count for all that much... the cost balance is in the application. It is all well and good having a free OS like Linux but until the development community moves up the stack and starts to address business process issues we're not really solving anybodies problems.
... I would guess that very few call centers are computer or product support. Think of all the banks, government agencies, insurance companies, airlines etc.
Pick any website on the internet that is not computer related, look for a phone number and call it.
I bet you $1 that the person on the end is not sat alone in their office waiting for your call.
Slashdot Mirror
... only a small proportion will pay.
The Internet is vast, everything is out there for free somewhere. Those with less time on there hands, or less enthusiam for finding it will pay a fee... everybody else will lumber on regardless.
1) High exposure for an IP led case will hopefully lead to better regulation and legislation around IP management.
2) We need to see the GPL tested in court, we need to see what protection it extends to end users and we need to see what protection it extends to developers.
IP Law is a mess, the GPL is an unknown quantity... until both of these things happen we're just swimming around in an ocean.
Good job SCO.
er, SCO is claiming rights to that bug ridden code. Mind your language.
... I have a strong desire to sue SCO, SuSE, Red Hat and anybody else for wasting my precious /. reading time with endless pointless stories.
Bingo! People always had a choice. Oddly many people chose not to recognize or exercise it.
until we're through a court case the difference is not clear, regardless of what you would like to believe.
funny, everybody cheered when a small group of competitors used the Government to attack Microsoft... now the tables are turning why all the upset and concern?
if you had have bought SCO stock at the start of all this you would be around 500% better of now.
Don't under estimate the power and strength of capitalism.
The terms CC and "security" should never be used in the same sentence, CC is not about security it is about trust.
Principally he is right though... Linux will never and can never get EAL4, with a decent protection profile, as it currently stands. You would have to go back and document the development process for each and every component in the OS. Accounting for the activity of all the contributing developers. On the brighter side... there is talk of changing the CC process to better suit the OSS world.
it's all about the protection profile... Government recognizes this, marketeers tend not to.
not off the shelf, products that gain higher ratings tend to be bespoke developments for very secure systems... thinks missile guidance and command & control.
1) CC != Security, CC == Trust. EAL2 is close to the lowest level of evaluation and if my recollection of the eval levels is correct (it's been a while), EAL2 basically says that somebody somewhere might be able to find the documentation behind all the code if they went looking for it. Win 2k got EAL4 which is a full code and documentation review.
2) When you put a product into CC you define a protection profile, the weight and value of the evaluation is based upon the complexity of that profile. It would be useful to see the profile for this eval. It is possible (in theory at least) to get a product through CC by defining a profile that outlines what happens when you click on the "Red Hat". The more you exclude the more quickly you get through the process, but conversely the less interesting the evaluation is to government.
3) For those of you that feel this steals a march over WinXP, be aware that WinXP is in evaluation and the protection profiles that it is being evaluated under are public. Microsoft are doing a far more extensive job with XP than IBM did with Linux. When a Government procurement organisation comes to buy product, even for systems classified as SECRET, the fact that a product is in evaluation is generally enough, this is certainly true outside of the US.
Don't get me wrong, this is a great start and will certainly spread a lot of marketing fud but it does not mean a great deal to the government community. If anything it will raise a series of questions about why Microsoft's so called 'in secure' product can achieve EAL4 when the Open Source Linux offering can only scratch through EAL2.
Tread carefully.
I've done a lot of work with the EC over the last 10 years or so... the existence of the "beast of Brussels" would be a surprise for many reasons, not least of which several people would have had to have reached consensus to build the thing.
Totally impossible.
sadly ORDB have little or no influence on organisations like AOL who just block all dynamically allocated addresses.
"For ever[y] *legitimate* email message that comes from a dial-up IP address, I (honestly) get 10,000 + that are spam." I'm quite sure that this is true... however I feel that the "people like you" comment is a little unfair. I would have thought that the more people that go through the process that I have over the last few weeks the better. I now understand a LOT more about SMTP, I understand a lot more about spam and I undestand a lot more about the tools that exist on the internet to help me combat the issue... I also understand how I can interpret the log files from my server and extract information that I can use to contribute to combating the issue. In your position I would probably make the same decision... it would be great to have a "test me" site that I could run my server through though that would allow me to participate with the larger community. While I accept that as a novice I made some mistakes... I regret seeing my ability interact with many hosts on the internet crippled because of the actions of others.
"for any business enterprise" This is purely home use... only me an my wife using it for email. I'm within the bounds of my contract. As for the other comments, I was expecting some, I openly admit that I threw the box up with little or no understanding of the technology.
I run an SMTP server off my comcast cable connection... I've pretty much been learning as I go. Five weeks ago I began as a total novice, not knowing what an open relay was I spent 5 days with no authentication and as a result I was kind enough to forward some 22k messages offering investment advice. As I've learned a little more about the process... I've found ORDB and MAPS to be pretty useful and successful when it comes to blocking open relays. AOL annoys me the most, they block ranges of addresses that are dynamically allocated by ISPs and as a result I can't mail any AOL users. That's probably no big deal, I just feel descriminated against. There must be scope for a simple "Setting up your own mail server" FAQ.
The ability to play with the UI using just a pen does not equal a Tablet PC.
In my mind this is exactally where the community needs to evolve. You're absolutly correct, when you're buying a LOB application the cost of the OS really does not count for all that much... the cost balance is in the application. It is all well and good having a free OS like Linux but until the development community moves up the stack and starts to address business process issues we're not really solving anybodies problems.
... I would guess that very few call centers are computer or product support. Think of all the banks, government agencies, insurance companies, airlines etc. Pick any website on the internet that is not computer related, look for a phone number and call it. I bet you $1 that the person on the end is not sat alone in their office waiting for your call.
was I hacked, or is my wife some sort of virus?
Personally, I quite like my Nigerian porn dialer.
read the article, it does not mention Microsoft.
sometimes they just struggle to contain the hatred.