The announcement also did NOT say Kodak was going to slow down or stop the production of film in any way. I suspect that corner of their business will continue to thrive in the US and Europe for quite some time yet.
before MS releases an OS with a pseudo-OSS license. Something that allows perusal of source code, but 'all your changes are belong to us' would seem plausible. Oh, and they will also still charge for it, probably somewhere in line with Sun's Java OS.
After all, they already own Virtual PC for Mac - suppose MS did the same trick as Apple - take BSD and use their tools and APIs to make most Windows software run on it. Of course, those parts would be just as proprietary as the GUI on OS X - just the way MS likes it.
Oh we do the Zamboni-chicken-de-icing election determinant method up here in Canada alright. We just don't do it unless the election is important enough, and choosing our nation's political leader clearly does not qualify. However, when choosing the next HOCKEY COACH, every Zamboni gets an engine tune-up and slaps on the Hi-flo exhaust the day before the big event.
For those unable to view Groklaw currently:
Security Experts Doubt SCO Was Attacked
Wednesday, December 10 2003 @ 04:37 PM EST
SCO has reported that they are experiencing an attack on their servers. Groklaw has been flooded with information that indicates their story doesn't add up.
The consensus of what I am hearing is: That it is probably not an attack. That their description of the "attack" makes no sense. And that if what they are saying were true, SCO would be admitting to gross negligence.
First, I'm being told that Linux has a very simple preventative built in. Linux comes with the ability to block ALL SYN attacks. End of story. All major firewalls can do so also. They run their web site on Linux. CISCO routers can protect against SYN attacks too, I have been told, if properly enabled. Why does SCO persist in having such problems?
I knew one of Groklaw's readers is a security professional in Australia, so I wrote to him and asked if he'd take a look and give me his opinion.
Steve McInerney describes himself like this: "I worked for six years as the Technical Security member of the IT Security team for Australia's Department of Defense. Also I did IT Security policy writing/advice. More recently I was one of the senior designers/firewall/security experts at a company that manages Australia's largest federal government-certified Internet gateway." He just sent me his opinion:
"SCO has released a press release stating that their web site www.sco.com has come under a Distributed Denial of Service Attack (DDoS), specifically a SYN flood.
"Before we show how silly this statement is, let's explain SCO's position. A 'SYN Flood' attack is an attack that attempts to stop a server from accepting new connections. It's quite an old attack now, and has been relegated to the 'That was interesting' basket of attacks.
'A very simple analogy of a SYN attack: You have two hands, you are thus able to shake hands with at most two people at any one time. A third person who wants to shake your hand has to wait. Either you or one of the first two people can stop shaking hands so as to be able to accept the third person's handshake.
"In this instance SCO are claiming that 'thousands' are doing something similar to their web server. This is, in and of itself, plausible. Unfortunately if we look closer there are a few problems with this claim of SCO's.
"As stated above, the attack is quite an old one. Patches to all Operating Systems that I'm aware of, do exist to stop this sort of attack. For instance, a CISCO document: http://www.cisco.com/warp/public/707/4.html describes the attack and provides ways to stop it. Note the lines: 'Employ vendor software patches to detect and circumvent the problem (if available).' This means, quite simply, that patches exist to mitigate this attack.
Why hasn't SCO applied them?
Further SCO States:
"'The flood of traffic by these illegitimate requests caused the company's ISP's Internet bandwidth to be consumed so the Web site was inaccessible to any other legitimate Web user.'
"Interesting. If their bandwidth is consumed, then any servers nearby will also be inaccessible. That is www.sco.com has the IP address of 216.250.128.12 and ftp.sco.com has the IP address of 216.250.128.13 so the two servers are side by side, probably even on the same physical network hub/switch. Note that there is no room for a broadcast, etc., address - these servers are on the same subnet - i.e., on the same network device (hub/switch).
"Unfortunately for SCO, from Australia, ftp.sco.com is highly responsive. No bandwidth problems there that I can see - even though www.sco.com is still unavailable.
"The evidence then, is that their bandwidth is fine.
"So what about just the SYN flood? Well, even with patches, to successfully conduct a SYN flood you would tend to chew up available bandwidth anyway, which we aren't seeing. So I have quite strong doubts about the accuracy of this information.
"I feel quite comfortable in stating that SCO are NOT suffering a DD
Your thoughts would be correct. However, had you read the article, you would have noted that multiple COMPUTER SECURITY EXPERTS were consulted for feedback on the issue.
The implied advantage is in tabulating the results. By printing the results you retain the advantages of the paper/pencil system, but the computer can do the heavy lifting when it comes to counting votes. You could even still have a manual count to verify the computer has the correct result as a redundancy measure, if the software was at all suspect. Not possible without a hard copy tho.
I wonder if the possible slashdotting of SCO's site due to people reading the letter would also be mis-construed as another DDOS attack by the linux community?
Ready or not, the internet is increasingly being used for critical infrastructure. At best, failures like the power outage should motivate governments and industry to bolster the internet up to where it needs to be for reliability standards.
On what basis? This thing is cleaner than any boat they could use to monitor these creatures, does not use military-grade sonar and is not the size of an aircraft carrier. In short, this is the ideal research vessel for these groups.
Why go to court over a tool that can potentially be used to quantify the ecological damage we are doing to the depths? I would think that Sierra and Greenpeace are very excited about the new monitoring potential of this device.
Sure the report 'gets it right' on most points, but the analyst still is hung up on the indemnification red-herring, and cites HP as an example of a vendor who offers a solution.
Indemnification offered by HP (or Sun) seems to be much more of a cynical marketing tactic than something companies should be asking for.
Re:Oh, for the love of God...
on
SCO News Roundup
·
· Score: 4, Insightful
Yes, IBM's lawyers are doing a great job so far in this litigation, but remember that it is NOT a foregone conclusion that SCO will lose. This is not the kind of issue I would want to be ignorant of and I feel it is our responsibility to keep reporting SCO's tripe and to consistently call it out for what it is, if only for a solid counterpoint to the analysts who continue to push SCO as a 'buy.'
This is an important case because it is one that we MUST win. Suppose we lose, and a new Open Source operating system gets written to replace the IP'd linux. How long will it take SCO et al to pursue it with similar litigation? How ready will coders be to place themselves in the line of legal-fire? We have companies like IBM and Red Hat doing the heavy lifting for us now - how likely are they to continue down this path should they lose this case?
Pretty bleak, and admittedly unlikely outcome. Yet pretty important stuff to most of us here. Hell, I know people who would walk away from computers in disgust should SCO win. Of course this is news, and of course it is reported on Slashdot! THIS is news that matters.
I find it hugely ironic that you suggest MS's purchase of Google would be good for diversity in search engine technologies. MS would use Google's strength to cement themselves in the front position of yet another technology, helping to maintain the already existing monopoly held in other areas.
>It costs more for retail version of the OS than buying it OEM.
There is nothing stopping a vendor from shipping an OEM version of Windows with the computer, if the consumer wanted to buy one. Think dual-boot. MS could even get crafty about it and put a desktop icon labeled "Remove alternate OS" and still be in compliance.
There is nothing preventing a user from purchasing Windows and installing it on these 'open source' computers. And think of it - if the government sets a mandate of using linux and OSS on all of their machines, why in hell would they consent to purchasing ANY computer that has MS pre-installed? That's like paying extra for the block-heater option on your car while living in Arizona. It's just not needed. Given MS's monopoly on the desktop spread EXACTLY in this manner (default OS on all new computers) legislation like this would at least ensure that computers in Vietnam would have an alternative beginning.
This behaviour has been punished in the past, as mentioned earlier, when the perpetrator is an individual, as opposed to a corporation. But now that a corp has gone and done this also, and has not been charged, does this become a weakening of the law? Would future 'white-hat' hacks be able to use AOL's actions to show legal precident? (ie. AOL did this on a much larger scale, your honour, and no charges were filed against them. Therefore, my client, Mr. White-Hat should receive the same treatment.)
Not sure how feasible this would be for you, but I would consider abandoning your email address. That's a lot of wasted bandwidth (ignored incoming mail).
Slashdot Mirror
That may have been the case, if SCO's stock was currently held by more than Caldera insiders.
The announcement also did NOT say Kodak was going to slow down or stop the production of film in any way. I suspect that corner of their business will continue to thrive in the US and Europe for quite some time yet.
before MS releases an OS with a pseudo-OSS license. Something that allows perusal of source code, but 'all your changes are belong to us' would seem plausible. Oh, and they will also still charge for it, probably somewhere in line with Sun's Java OS.
After all, they already own Virtual PC for Mac - suppose MS did the same trick as Apple - take BSD and use their tools and APIs to make most Windows software run on it. Of course, those parts would be just as proprietary as the GUI on OS X - just the way MS likes it.
Parent post is a truly funny post. Passed the wet monitor test. (ie. was drinking coffee while reading post - laughed and sprayed coffee on monitor.)
Oh we do the Zamboni-chicken-de-icing election determinant method up here in Canada alright. We just don't do it unless the election is important enough, and choosing our nation's political leader clearly does not qualify. However, when choosing the next HOCKEY COACH, every Zamboni gets an engine tune-up and slaps on the Hi-flo exhaust the day before the big event.
For those unable to view Groklaw currently: Security Experts Doubt SCO Was Attacked Wednesday, December 10 2003 @ 04:37 PM EST SCO has reported that they are experiencing an attack on their servers. Groklaw has been flooded with information that indicates their story doesn't add up. The consensus of what I am hearing is: That it is probably not an attack. That their description of the "attack" makes no sense. And that if what they are saying were true, SCO would be admitting to gross negligence. First, I'm being told that Linux has a very simple preventative built in. Linux comes with the ability to block ALL SYN attacks. End of story. All major firewalls can do so also. They run their web site on Linux. CISCO routers can protect against SYN attacks too, I have been told, if properly enabled. Why does SCO persist in having such problems? I knew one of Groklaw's readers is a security professional in Australia, so I wrote to him and asked if he'd take a look and give me his opinion. Steve McInerney describes himself like this: "I worked for six years as the Technical Security member of the IT Security team for Australia's Department of Defense. Also I did IT Security policy writing/advice. More recently I was one of the senior designers/firewall/security experts at a company that manages Australia's largest federal government-certified Internet gateway." He just sent me his opinion: "SCO has released a press release stating that their web site www.sco.com has come under a Distributed Denial of Service Attack (DDoS), specifically a SYN flood. "Before we show how silly this statement is, let's explain SCO's position. A 'SYN Flood' attack is an attack that attempts to stop a server from accepting new connections. It's quite an old attack now, and has been relegated to the 'That was interesting' basket of attacks. 'A very simple analogy of a SYN attack: You have two hands, you are thus able to shake hands with at most two people at any one time. A third person who wants to shake your hand has to wait. Either you or one of the first two people can stop shaking hands so as to be able to accept the third person's handshake. "In this instance SCO are claiming that 'thousands' are doing something similar to their web server. This is, in and of itself, plausible. Unfortunately if we look closer there are a few problems with this claim of SCO's. "As stated above, the attack is quite an old one. Patches to all Operating Systems that I'm aware of, do exist to stop this sort of attack. For instance, a CISCO document: http://www.cisco.com/warp/public/707/4.html describes the attack and provides ways to stop it. Note the lines: 'Employ vendor software patches to detect and circumvent the problem (if available).' This means, quite simply, that patches exist to mitigate this attack. Why hasn't SCO applied them? Further SCO States: "'The flood of traffic by these illegitimate requests caused the company's ISP's Internet bandwidth to be consumed so the Web site was inaccessible to any other legitimate Web user.' "Interesting. If their bandwidth is consumed, then any servers nearby will also be inaccessible. That is www.sco.com has the IP address of 216.250.128.12 and ftp.sco.com has the IP address of 216.250.128.13 so the two servers are side by side, probably even on the same physical network hub/switch. Note that there is no room for a broadcast, etc., address - these servers are on the same subnet - i.e., on the same network device (hub/switch). "Unfortunately for SCO, from Australia, ftp.sco.com is highly responsive. No bandwidth problems there that I can see - even though www.sco.com is still unavailable. "The evidence then, is that their bandwidth is fine. "So what about just the SYN flood? Well, even with patches, to successfully conduct a SYN flood you would tend to chew up available bandwidth anyway, which we aren't seeing. So I have quite strong doubts about the accuracy of this information. "I feel quite comfortable in stating that SCO are NOT suffering a DD
Your thoughts would be correct. However, had you read the article, you would have noted that multiple COMPUTER SECURITY EXPERTS were consulted for feedback on the issue.
Silly grasshopper.
The implied advantage is in tabulating the results. By printing the results you retain the advantages of the paper/pencil system, but the computer can do the heavy lifting when it comes to counting votes. You could even still have a manual count to verify the computer has the correct result as a redundancy measure, if the software was at all suspect. Not possible without a hard copy tho.
I wonder if the possible slashdotting of SCO's site due to people reading the letter would also be mis-construed as another DDOS attack by the linux community?
Ready or not, the internet is increasingly being used for critical infrastructure. At best, failures like the power outage should motivate governments and industry to bolster the internet up to where it needs to be for reliability standards.
On what basis? This thing is cleaner than any boat they could use to monitor these creatures, does not use military-grade sonar and is not the size of an aircraft carrier. In short, this is the ideal research vessel for these groups.
Why go to court over a tool that can potentially be used to quantify the ecological damage we are doing to the depths? I would think that Sierra and Greenpeace are very excited about the new monitoring potential of this device.
Moorage. Who can afford it these days?
If I had mod points to give, your post would be the winner. Made me laugh
Sure the report 'gets it right' on most points, but the analyst still is hung up on the indemnification red-herring, and cites HP as an example of a vendor who offers a solution.
Indemnification offered by HP (or Sun) seems to be much more of a cynical marketing tactic than something companies should be asking for.
Yes, IBM's lawyers are doing a great job so far in this litigation, but remember that it is NOT a foregone conclusion that SCO will lose. This is not the kind of issue I would want to be ignorant of and I feel it is our responsibility to keep reporting SCO's tripe and to consistently call it out for what it is, if only for a solid counterpoint to the analysts who continue to push SCO as a 'buy.'
This is an important case because it is one that we MUST win. Suppose we lose, and a new Open Source operating system gets written to replace the IP'd linux. How long will it take SCO et al to pursue it with similar litigation? How ready will coders be to place themselves in the line of legal-fire? We have companies like IBM and Red Hat doing the heavy lifting for us now - how likely are they to continue down this path should they lose this case?
Pretty bleak, and admittedly unlikely outcome. Yet pretty important stuff to most of us here. Hell, I know people who would walk away from computers in disgust should SCO win. Of course this is news, and of course it is reported on Slashdot! THIS is news that matters.
Whoa...you better ease up on the fire-water, pilgrim.
Not off topic? How about not relevant?
In a word, apathy.
You were worried about this article being slashdotted??
I find it hugely ironic that you suggest MS's purchase of Google would be good for diversity in search engine technologies. MS would use Google's strength to cement themselves in the front position of yet another technology, helping to maintain the already existing monopoly held in other areas.
>It costs more for retail version of the OS than buying it OEM.
There is nothing stopping a vendor from shipping an OEM version of Windows with the computer, if the consumer wanted to buy one. Think dual-boot. MS could even get crafty about it and put a desktop icon labeled "Remove alternate OS" and still be in compliance.
There is nothing preventing a user from purchasing Windows and installing it on these 'open source' computers. And think of it - if the government sets a mandate of using linux and OSS on all of their machines, why in hell would they consent to purchasing ANY computer that has MS pre-installed? That's like paying extra for the block-heater option on your car while living in Arizona. It's just not needed. Given MS's monopoly on the desktop spread EXACTLY in this manner (default OS on all new computers) legislation like this would at least ensure that computers in Vietnam would have an alternative beginning.
Yeah, but you get the idea.
This behaviour has been punished in the past, as mentioned earlier, when the perpetrator is an individual, as opposed to a corporation. But now that a corp has gone and done this also, and has not been charged, does this become a weakening of the law? Would future 'white-hat' hacks be able to use AOL's actions to show legal precident? (ie. AOL did this on a much larger scale, your honour, and no charges were filed against them. Therefore, my client, Mr. White-Hat should receive the same treatment.)
Not sure how feasible this would be for you, but I would consider abandoning your email address. That's a lot of wasted bandwidth (ignored incoming mail).