On Behalf of SCO, I must ask you to cease and desist with your attempts to cease and desist others.
Your cease and desist letters appear to have remarkable simularties with the proprietry and copyrighted cease and desist letters we produce.
We are willing to reveal exact line numbers and phrases in common to any interested third parties under the terms of an NDA.
If you do not cease, SCO will be forced to take legal action against you. To avoid all legal entanglements you may license our IP at a low price of $699 per single page cease and desist, or $1400 for double paged letters.
Stick a mail proxy between the internet and Exchange, that way he still gets to keep using Exchange, and you have a simple proxying machine that can do arbitary scanning and filtering.
You can scan all incoming mail with spamassissin and clamav before it reaches exchange, bounce or drop bad mail and forward "passed" mail into the Exchange server
You could also hookup a challenge response script there too.
I do the same thing for a company mail server running Lotus Notes.
That would be a management plan that I'm currently unaware of.
I would imagine a swiftish migration either to a supported Linux distribution, or possibly Solaris.
Implementing it now? The biggest challenge would be going round all our customers removing the currently working SCO installations and installing a new OS + reinstalling our apps.
In short it would be a nightmare to manage when the systems are in use 24x7.
(Disclaimer I once wrote an emacs mode for subversion, but have never used it in anger).
CVS works more in the "stamping" way you suggest.
When you create a project you import all the files that you care about, the sources the test scripts, and any documentation that you care about.
After that you checkout a clean copy from your new repository and have a blast working on it.
When you have implemented a new feature, or made a new change you then run 'cvs commit'.
The commit process examines the local files for any changes from the copies in the repository (ie the last stamp) and then saves them - after running an editor to ask for some description of the changes.
Alternatively you can trash all the work you've just done and revert to the previous checkpoint - or any other point in the history of each file.
At any time you can run 'cvs diff' to see what has changed in your local copy but you must manage the committing yourself. All the source control systems I've used have been like this.
In practice it works well as you only checkout once then you make regular commits based upon the code you're working on. eg commit after a new feature, or a bug fix.
One thing worth noting is that 'cvs diff' will just tell you that a binary file has changed, without showing the details, so a cvs diff isn't very useful on an excel spreadsheet.
Frankly I cannot believe that exploits are harder to find or write than they used to be.
I've been auditing Debian source code for a few months now and I'm still finding trivial bugs that have security impact.
Sure it's much easier for me to do this as I have the source code available, but I bet that people skilled in assembly language armed with a good decompiler would have a similar score against binary targets.
I've even been writing tools to allow this kind of binary scanning (again for Linux and Debian especially) so it could well be the case that people with little assembly language could be doing it.
for every sysadmin who is trying to protect "his" system (while performing other tasks) there are numerous script kiddies who are trying to break into his system;
It's also worth saying that that each sysadmin has to make sure that each of his boxes is fully patched, and all the software, infrastructure and daily maintainence of them is carried out.
A kiddie only has to find one flaw to penetrate a system - maybe even in a system the admin didn't know about, or which is looked after by somebody else.
Yes I agree, it did cross my mind at one point that I could solve the problem if transience which you highlight by dumping the data into a database.
That would allow full text searching, meaning that even if you lost the original source you could still get the text of the pages you were looking for.
I think the reason I didn't get round to it was that I didn't have the space on the proxying machine - that's not a problem now.
I have had the difficulty you mention several times in the past, and vowed to do soemthing about it.
What I did was write a simple perl proxy server that sits between my browser and the internet.
Every page that you view is passed through the proxy and it records some details, right now it just records "date + time", "URL", and "page title".
These are stored in a simple CSV format which can be searched with grep.
I had planned on writing a little HTTP server to go along with the proxy so I could sidebar it, and allow online searching - however I didn't get round to it.
If there's any interest I could post the code, but to be honest it's sufficiently trivial that it wouldn't take a Perl coder more than an hour to duplicate.
If either of those are too evil to use then I don't mind, after all I'm happy to give the software away for free and it's a bit cheeky asking for stuff really!
I was assuming in the first question the download was related to a webserver - having just a raw directory index, or hierarchy.
In that case, as you say, the streaming is pretty much identical.
The real difference is with my project, and others like it, you can create playlists, control downsampling on the fly, see a list of the most recent tracks served, have a realtime list of currently streaming files and more.
For me personally I use the GUI a lot due to having a large archive of music - and the single killer feature is the ability to search.
I can instantly create a playlist filled with songs by a single artist, or of a particular genre.
The code is extensible, and the GUI is themable, so there are many more interesting things that can be done - for example one think I've been thinking of writing for a while is a time-filler. Type in a time and have it return a random playlist which lasts just that amount of time.
A simple means of filling 30 minutes whilst working for example.
Other options and features are available, but I hope I've cleared it up a little bit anyway..
There are two real reasons for streaming media like this.
Most MP3/Audio players support streaming, so that your track starts playing without the whole file having to be downloaded.
You don't end up cluttering the local machine with the complete downloaded tracks.
Applications like mine also make it nice and simple to download a large collection of songs, for example every track with the word "Girl" in the title - doing that manually by downloading each individual track would be a bit more painful.
Really each to their own.. you don't need to stream, I just find that it works well for me.
Edna was the thing that originally got me hooked on the idea of streaming files.
I used to love using it, but I found it missed a few obvious things such as searching, and sorting.
You can see that my project bears a clear resemblence to Edna, only more featureful and more recently updated - last time I used edna was when it was stuck in the 0.4 days.
Only a month or two ago I bought a group of three Dell servers, each came with RedHat pre-installed.
So they are still offering it in the UK, from memory it only cost an extra 50 pounds per machine for RedHat 8/9 (cant remember it got replaced with Debian).
Given the tiny amount of money it cost compared to the machines themselves I went for the Linux install partly to send the message that this was useful, and partly so I could be sure that all the hardware was Linux-able.
It would be interesting to learn how the compromise had occurred.
I'm guessing that all the important services would have been up to date (ssh/rsync/apache/etc) - so that leaves a password/ssh keycompromise, or some scripting flaw..
I hope we find out once the cleanup has been completed.
I admit ignorance, but I know that one of the reasons for converting to IPv6 is the shortage of IP addresses.
Every now and again we hear that we're just about to run out due to historically crazy giveaways of addresses, then we hear that this isn't the case.
Anyway, if an entire nation, or large group of people move over to IPv6 does this mean that the IPv4 addressed they previously held would become free, and available back in the pool for allocation?
So to gain lots of addresses all we need is say China to move to IPv6, or a country like Germany?
I maybe be misunderstanding, but I thought that this is how the IPv6 tunnels worked - all IPv6 stuff on a LAN gets tunnelled via one external x.x.x.x IP address.
With Chinas great firewall surely this means they could have a few external IPv4 addresses that are proxying things over to the internal IPv6 country?
Feel free to hit me with a cluestick if I'm confused...
Slashdot Mirror
Dear David Boies
On Behalf of SCO, I must ask you to cease and desist with your attempts to cease and desist others.
Your cease and desist letters appear to have remarkable simularties with the proprietry and copyrighted cease and desist letters we produce.
We are willing to reveal exact line numbers and phrases in common to any interested third parties under the terms of an NDA.
If you do not cease, SCO will be forced to take legal action against you. To avoid all legal entanglements you may license our IP at a low price of $699 per single page cease and desist, or $1400 for double paged letters.
Sincerly,
Steve Kemp
Stick a mail proxy between the internet and Exchange, that way he still gets to keep using Exchange, and you have a simple proxying machine that can do arbitary scanning and filtering.
You can scan all incoming mail with spamassissin and clamav before it reaches exchange, bounce or drop bad mail and forward "passed" mail into the Exchange server
You could also hookup a challenge response script there too.
I do the same thing for a company mail server running Lotus Notes.
That would be a management plan that I'm currently unaware of.
I would imagine a swiftish migration either to a supported Linux distribution, or possibly Solaris.
Implementing it now? The biggest challenge would be going round all our customers removing the currently working SCO installations and installing a new OS + reinstalling our apps.
In short it would be a nightmare to manage when the systems are in use 24x7.
The best thing is that they have killed any chances of anyone buying SCO products again.
Sadly not true, I'm working for a company that is in the process of setting up a new SCO installation on behalf of a customer.
Sure SCO Unixware isn't cutting edge, or something that I think is very popular, but we use it and it's the platform a few products run on.
Course in my server room it our SCO boxes sit next to our Debian boxes .. but that's another story.
Right now there's been little inside talk of the SCO case, but I'm guessing a migration to Linux might not be out of the question..
(Disclaimer I once wrote an emacs mode for subversion, but have never used it in anger).
CVS works more in the "stamping" way you suggest.When you create a project you import all the files that you care about, the sources the test scripts, and any documentation that you care about.
After that you checkout a clean copy from your new repository and have a blast working on it.
When you have implemented a new feature, or made a new change you then run 'cvs commit'.
The commit process examines the local files for any changes from the copies in the repository (ie the last stamp) and then saves them - after running an editor to ask for some description of the changes.
Alternatively you can trash all the work you've just done and revert to the previous checkpoint - or any other point in the history of each file.
At any time you can run 'cvs diff' to see what has changed in your local copy but you must manage the committing yourself. All the source control systems I've used have been like this.
In practice it works well as you only checkout once then you make regular commits based upon the code you're working on. eg commit after a new feature, or a bug fix.
One thing worth noting is that 'cvs diff' will just tell you that a binary file has changed, without showing the details, so a cvs diff isn't very useful on an excel spreadsheet.
I hope that helped.
Frankly I cannot believe that exploits are harder to find or write than they used to be.
I've been auditing Debian source code for a few months now and I'm still finding trivial bugs that have security impact.
Sure it's much easier for me to do this as I have the source code available, but I bet that people skilled in assembly language armed with a good decompiler would have a similar score against binary targets.
I've even been writing tools to allow this kind of binary scanning (again for Linux and Debian especially) so it could well be the case that people with little assembly language could be doing it.
It's also worth saying that that each sysadmin has to make sure that each of his boxes is fully patched, and all the software, infrastructure and daily maintainence of them is carried out.
A kiddie only has to find one flaw to penetrate a system - maybe even in a system the admin didn't know about, or which is looked after by somebody else.
What's up with you? Who needs a bullet?
A knife can be just as effective as a bullet for killing only one person...
The IP is 127.0.0.2
As a bit of self-promotion, since it was already mentioned:
apt-get install gnump3dIt's included in Debian's unstable distribution and will have you up and streaming in a matter of minutes.
I wrote that software, cheers for the pimping! As a small note though you should use either the GNU Address, or the gnump3d.org domain.
Since it became part of the GNU Project everything was migrated away from SourceForge.
I don't have access to a Mac OS X machine to test it on - if you have a fix then mail it to me and it will be included.
That's the best I can I'm afraid. Unless I get a pretty shiny laptop of my own ..
Not bad .. I may be getting the hang of this advertising lark ;)
Yes I agree, it did cross my mind at one point that I could solve the problem if transience which you highlight by dumping the data into a database.
That would allow full text searching, meaning that even if you lost the original source you could still get the text of the pages you were looking for.
I think the reason I didn't get round to it was that I didn't have the space on the proxying machine - that's not a problem now.
Me!
Well kinda.
I have had the difficulty you mention several times in the past, and vowed to do soemthing about it.
What I did was write a simple perl proxy server that sits between my browser and the internet.
Every page that you view is passed through the proxy and it records some details, right now it just records "date + time", "URL", and "page title".
These are stored in a simple CSV format which can be searched with grep.
I had planned on writing a little HTTP server to go along with the proxy so I could sidebar it, and allow online searching - however I didn't get round to it.
If there's any interest I could post the code, but to be honest it's sufficiently trivial that it wouldn't take a Perl coder more than an hour to duplicate.
No postal address no .. I just use the wishlist, or a paypal donation address.
If either of those are too evil to use then I don't mind, after all I'm happy to give the software away for free and it's a bit cheeky asking for stuff really!
I was assuming in the first question the download was related to a webserver - having just a raw directory index, or hierarchy.
In that case, as you say, the streaming is pretty much identical.
The real difference is with my project, and others like it, you can create playlists, control downsampling on the fly, see a list of the most recent tracks served, have a realtime list of currently streaming files and more.
For me personally I use the GUI a lot due to having a large archive of music - and the single killer feature is the ability to search.
I can instantly create a playlist filled with songs by a single artist, or of a particular genre.
The code is extensible, and the GUI is themable, so there are many more interesting things that can be done - for example one think I've been thinking of writing for a while is a time-filler. Type in a time and have it return a random playlist which lasts just that amount of time.
A simple means of filling 30 minutes whilst working for example.
Other options and features are available, but I hope I've cleared it up a little bit anyway..
There are two real reasons for streaming media like this.
Applications like mine also make it nice and simple to download a large collection of songs, for example every track with the word "Girl" in the title - doing that manually by downloading each individual track would be a bit more painful.
Really each to their own .. you don't need to stream, I just find that it works well for me.
Does that mean I get supplicants showering me with gifts?
Seriously, thanks. It's nice to see people using the software and enjoying it.
Edna was the thing that originally got me hooked on the idea of streaming files.
I used to love using it, but I found it missed a few obvious things such as searching, and sorting.
You can see that my project bears a clear resemblence to Edna, only more featureful and more recently updated - last time I used edna was when it was stuck in the 0.4 days.
I'm glad you like it .. I released v2.7 yesterday!
I am biased as I wrote it, but there was a new release of GNUMP3d yesterday.
THis allows you to stream MP3/OGG Vorbis/MPG/WMV files across a network via a browser interface.
You can search, sort, downsample and generally have a blast.
Check it out?
Only a month or two ago I bought a group of three Dell servers, each came with RedHat pre-installed.
So they are still offering it in the UK, from memory it only cost an extra 50 pounds per machine for RedHat 8/9 (cant remember it got replaced with Debian).
Given the tiny amount of money it cost compared to the machines themselves I went for the Linux install partly to send the message that this was useful, and partly so I could be sure that all the hardware was Linux-able.
It would be interesting to learn how the compromise had occurred.
I'm guessing that all the important services would have been up to date (ssh/rsync/apache/etc) - so that leaves a password/ssh keycompromise, or some scripting flaw..
I hope we find out once the cleanup has been completed.
I admit ignorance, but I know that one of the reasons for converting to IPv6 is the shortage of IP addresses.
Every now and again we hear that we're just about to run out due to historically crazy giveaways of addresses, then we hear that this isn't the case.
Anyway, if an entire nation, or large group of people move over to IPv6 does this mean that the IPv4 addressed they previously held would become free, and available back in the pool for allocation?
So to gain lots of addresses all we need is say China to move to IPv6, or a country like Germany?
I maybe be misunderstanding, but I thought that this is how the IPv6 tunnels worked - all IPv6 stuff on a LAN gets tunnelled via one external x.x.x.x IP address.
With Chinas great firewall surely this means they could have a few external IPv4 addresses that are proxying things over to the internal IPv6 country?
Feel free to hit me with a cluestick if I'm confused...