No, they shouldn't "hold your hand", so to speak. But they should be designed so as to minimize their negative effects, especially languages such as PHP which are used primarily in networked settings by individuals who often lack a solid engineering background.
It's a bit early to suggest that it was an automated attack. While that is of course a possibility, there has been very little actual information from the SpreakFirefox people. Until they disclose far more information about this attack to the public (which may not happen if they are pursuing this matter via the authorities), it is a false reassurance to suggest that it was only automated and that no data was maliciously stolen.
"Troll" is the online equivalent of labels such as "terrorist" or "Nazi". Any time that somebody accuses somebody else of being a "troll", they are usually the one partaking in true trollery.
Much like any time that a politician in the real world accuses some other group or individual of being "terrorists" or supporting "terrorism", it is the politican who is usually the most prolific user of terror and fear for political means.
I keep hearing about how products like PHP-Nuke, phpBB and now Drupal are quite vulnerable and easily cracked or exploited. Is this caused by inherent flaws within PHP, or is it because of improper installations? If it is because of improper installations, is that because it is extremely difficult or time consuming to properly secure a PHP installation?
I have been considering moving some sites to a PHP-based system for some time now, but after hearing stuff like this I just don't know about PHP anymore.
"It doesn't look like the attacker accessed any personal data on the site, but to be safe, we're encouraging all of our users to log in and change their passwords."
Why should I trust their competency now? They let their server be compromised by a very well-known, well-publicized, and fixed/patch-available vulnerability. How can I be sure that the operators of the attacked site are capable of properly analyzing the attack? I mean, if they can't even keep up to date with the latest patches, then how can the even be remotely capable of giving an intelligent assessment of the intrusion?
But I digress. Does anybody have a list of other well-known sites administered by these same individuals? I want to make sure that if I'm using any of those sites that my data is safe (or removed from such sites).
You are correct. It still is a very interesting fact that SCO engineers are using the PC operating system software of a direct competitior to their PC operating system software for their internal operations.
The fact that SCO, an PC operating systems developer, was using a PC operating system from a rival developer for their daily business tasks is the very unusual part. The fact that they were using Windows 98, rather than a more developer-friendly and stable Windows NT-based system, is only secondary.
And SCO is/was not a video game developer. They were a PC operating systems developer, using the PC operating system developed by a rival, rather than their own system, for their everyday business tasks.
Lately there has a been a resurgence of classic sci-fi shows, such as this and Dr Who. While it is great to see younger audiences exposed to such fantastic television programming, I have to wonder what effect this will have on new sci-fi shows. Will we just keep rehashing the old (but classig and very good) series, or will new ideas and new series be able to develop? Will enough resources be spent by the networks and studios to promote the creation of new series, rather than just cloning the previous ones?
I take it you are Nicholas Roard, GNUstep developer.
I personally do not reject vertical menus. The vast majority of non-developers do. In this particular instance it was suggested that GNUstep on Linux could be used as a replacement for Mac OS X for the average Windows user. I am putting that myth to sleep.
While your arguments hold true for a developer, it does not hold true for your typical Mac OS X user today. Aunt Beatrice would struggle to get the horizontal menus she's used to under her Mac, even if it does only take one line in a terminal.
GNUstep on Linux is not yet a Mac OS X or Windows replacement for the typical user, as suggested by the earlier poster. That is my point.
No, the email in question was clearly from Michael Davidson, and not from some consultant. Below are the headers, so you can see for yourself.
Date: Tue, 13 Aug 2002 13:26:51 -0700 From: Michael Davidson Organization: Caldera International X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en To: Reg Broughton Subject: Re: Patents and IP Investigation [1]
Again, Mr. Davidson was a SCO engineer, not a consultant.
In the Aug. 13, 2002, e-mail, engineer Michael Davidson said "At the end, we had found absolutely nothing ie (sic) no evidence of any copyright infringement whatsoever." [2]
Do/Did you develop the Solaris, AIX, HP-UX and Linux kernels themselves professionally, for Sun, IBM and HP?
Sure, I'd expect any random multiplatform developer such as yourself to be using a combination of systems. I would not expect a UNIX and Linux programmer at an operating systems company such as SCO to use a Windows 98 machine while internally discussing matters having to do with SCO's UNIX operating system and its relation to Linux.
Bernie Ebbers orchestrated an $11 billion fraud. While McBride has bumfucked some people over, that is for sure, it is nowhere near the scale of what Ebbers had done. What makes you think that McBride will receive a punishment that will make what Ebbers got "look like a slap on the wrist"?
I still find it very interesting that the SCO developer in question sent the email from a computer running Windows 98.
It contains the email header "X-Mailer: Mozilla 4.6 [en] (Win98; I)".
Now, it would make sense for secretaries and perhaps other execs to be using Windows 98, but not one of their UNIX and Linux developers. Even if he wasn't using UnixWare or OpenServer as his workstation OS, he should very well have been using OpenLinux.
And remember, the email was sent in 2002. This is well after the release of Windows 2000. Even the use of Windows 2000 or Windows NT would be somewhat understandable. But Windows 98? That strikes me as very unsual.
UnixWare is still usable as a workstation/development operating system. Like I mention in another post, the person sending the email was most likely a developer. And I would expect the developer of a UNIX operating system to be a UNIX user himself. If he was not running UnixWare, then he should very well have at least been using OpenLinux.
Indeed, it is troublesome that they were using Windows 98 in 2002. That is well after Windows 2000 was released.
There is no DRM solution that makes sense. The whole idea is capitalistically flawed. I do not want my rights regulated nor managed by Microsoft or some other corporation. Any true American, who truly stands for what the founding fathers believed, would not support DRM. Pure and simple, it is against freedom.
In a truly free society, you do have the ability to control what is done with the content you create. That is, up until the time you distribute it. At that point others have the freedom to use it as the see fit. Of course, copyright has been introduced to alleviate such freedom.
But the main point is that one shouldn't resort to picking the lesser evil of several completely awful DRM schemes. That never benefits anyone. Look at how it works with the politics of many nations such as America and England. People aren't choosing the best candidate, they are choosing the least awful one. That just isn't the way to do things.
GNUstep is an amicable project. What they are trying to achieve is great for the community, no doubt. But it is not anywhere near useful for the average user. Unless some miracles happen, it won't be usable as a Mac OS X -> Linux transition desktop.
Now, there are some people who are going to say, "But I can already check my email with GNUMail!", and to them I say, "Yes." But the fact remains that the NeXT-style vertical menus are too powerful for the average user. Apple realized that, and ditched them. While it is claimed that horizontal menus can be used when using bundles, it is far beyond the capabilities of your typical user to make such a change.
While it would be fantastic if GNUstep and Linux were able to replace Mac OS X for most people, that just isn't the case, unfortunately. They'll still be stuck dealing with crippled Longhorn.
Pkgsrc has merged the collective efforts of all of the major BSDs. No longer do they duplicate the package maintenance efforts for each project. That has been a great improvement, as time is now better spent on other development activities.
The problem is not their ability to evaluate talent. The problem is that there is a limited number of programmers out there who can develop very secure software. Such programmers already have very well-paying jobs. Unless you offer some extreme benefits, you probably can't hire somebody talented at a lower salary than they are currently receiving.
Slashdot Mirror
No, they shouldn't "hold your hand", so to speak. But they should be designed so as to minimize their negative effects, especially languages such as PHP which are used primarily in networked settings by individuals who often lack a solid engineering background.
But does PHP actively do anything to limit the ability of insecure applications to be built upon it?
It's a bit early to suggest that it was an automated attack. While that is of course a possibility, there has been very little actual information from the SpreakFirefox people. Until they disclose far more information about this attack to the public (which may not happen if they are pursuing this matter via the authorities), it is a false reassurance to suggest that it was only automated and that no data was maliciously stolen.
Why are you pissing and moaning about the people who are pissing and moaning about you?
"Troll" is the online equivalent of labels such as "terrorist" or "Nazi". Any time that somebody accuses somebody else of being a "troll", they are usually the one partaking in true trollery.
Much like any time that a politician in the real world accuses some other group or individual of being "terrorists" or supporting "terrorism", it is the politican who is usually the most prolific user of terror and fear for political means.
I keep hearing about how products like PHP-Nuke, phpBB and now Drupal are quite vulnerable and easily cracked or exploited. Is this caused by inherent flaws within PHP, or is it because of improper installations? If it is because of improper installations, is that because it is extremely difficult or time consuming to properly secure a PHP installation?
I have been considering moving some sites to a PHP-based system for some time now, but after hearing stuff like this I just don't know about PHP anymore.
"It doesn't look like the attacker accessed any personal data on the site, but to be safe, we're encouraging all of our users to log in and change their passwords."
Why should I trust their competency now? They let their server be compromised by a very well-known, well-publicized, and fixed/patch-available vulnerability. How can I be sure that the operators of the attacked site are capable of properly analyzing the attack? I mean, if they can't even keep up to date with the latest patches, then how can the even be remotely capable of giving an intelligent assessment of the intrusion?
But I digress. Does anybody have a list of other well-known sites administered by these same individuals? I want to make sure that if I'm using any of those sites that my data is safe (or removed from such sites).
You are correct. It still is a very interesting fact that SCO engineers are using the PC operating system software of a direct competitior to their PC operating system software for their internal operations.
The fact that SCO, an PC operating systems developer, was using a PC operating system from a rival developer for their daily business tasks is the very unusual part. The fact that they were using Windows 98, rather than a more developer-friendly and stable Windows NT-based system, is only secondary.
And SCO is/was not a video game developer. They were a PC operating systems developer, using the PC operating system developed by a rival, rather than their own system, for their everyday business tasks.
Were engineers such as yourself using DOS or Windows internally at Sun while you were partaking in such Solaris kernel development?
I was just reading that SpreadFirefox.com was cracked. Apparently they were using Drupal.
Lately there has a been a resurgence of classic sci-fi shows, such as this and Dr Who. While it is great to see younger audiences exposed to such fantastic television programming, I have to wonder what effect this will have on new sci-fi shows. Will we just keep rehashing the old (but classig and very good) series, or will new ideas and new series be able to develop? Will enough resources be spent by the networks and studios to promote the creation of new series, rather than just cloning the previous ones?
I take it you are Nicholas Roard, GNUstep developer.
I personally do not reject vertical menus. The vast majority of non-developers do. In this particular instance it was suggested that GNUstep on Linux could be used as a replacement for Mac OS X for the average Windows user. I am putting that myth to sleep.
While your arguments hold true for a developer, it does not hold true for your typical Mac OS X user today. Aunt Beatrice would struggle to get the horizontal menus she's used to under her Mac, even if it does only take one line in a terminal.
GNUstep on Linux is not yet a Mac OS X or Windows replacement for the typical user, as suggested by the earlier poster. That is my point.
No, the email in question was clearly from Michael Davidson, and not from some consultant. Below are the headers, so you can see for yourself.
1 44923365
Date: Tue, 13 Aug 2002 13:26:51 -0700
From: Michael Davidson
Organization: Caldera International
X-Mailer: Mozilla 4.6 [en] (Win98; I)
X-Accept-Language: en
To: Reg Broughton
Subject: Re: Patents and IP Investigation
[1]
Again, Mr. Davidson was a SCO engineer, not a consultant.
In the Aug. 13, 2002, e-mail, engineer Michael Davidson said "At the end, we had found absolutely nothing ie (sic) no evidence of any copyright infringement whatsoever."
[2]
References:
[1] http://www.groklaw.net/article.php?story=20050714
[2] http://news.zdnet.com/2100-3513_22-5789132.html
Do/Did you develop the Solaris, AIX, HP-UX and Linux kernels themselves professionally, for Sun, IBM and HP?
Sure, I'd expect any random multiplatform developer such as yourself to be using a combination of systems. I would not expect a UNIX and Linux programmer at an operating systems company such as SCO to use a Windows 98 machine while internally discussing matters having to do with SCO's UNIX operating system and its relation to Linux.
Bernie Ebbers orchestrated an $11 billion fraud. While McBride has bumfucked some people over, that is for sure, it is nowhere near the scale of what Ebbers had done. What makes you think that McBride will receive a punishment that will make what Ebbers got "look like a slap on the wrist"?
I still find it very interesting that the SCO developer in question sent the email from a computer running Windows 98.
It contains the email header "X-Mailer: Mozilla 4.6 [en] (Win98; I)".
Now, it would make sense for secretaries and perhaps other execs to be using Windows 98, but not one of their UNIX and Linux developers. Even if he wasn't using UnixWare or OpenServer as his workstation OS, he should very well have been using OpenLinux.
And remember, the email was sent in 2002. This is well after the release of Windows 2000. Even the use of Windows 2000 or Windows NT would be somewhat understandable. But Windows 98? That strikes me as very unsual.
Copyrights are non-digital DRM. They fall prey to the same problems as DRM.
UnixWare is still usable as a workstation/development operating system. Like I mention in another post, the person sending the email was most likely a developer. And I would expect the developer of a UNIX operating system to be a UNIX user himself. If he was not running UnixWare, then he should very well have at least been using OpenLinux.
Indeed, it is troublesome that they were using Windows 98 in 2002. That is well after Windows 2000 was released.
There is no DRM solution that makes sense. The whole idea is capitalistically flawed. I do not want my rights regulated nor managed by Microsoft or some other corporation. Any true American, who truly stands for what the founding fathers believed, would not support DRM. Pure and simple, it is against freedom.
In a truly free society, you do have the ability to control what is done with the content you create. That is, up until the time you distribute it. At that point others have the freedom to use it as the see fit. Of course, copyright has been introduced to alleviate such freedom.
But the main point is that one shouldn't resort to picking the lesser evil of several completely awful DRM schemes. That never benefits anyone. Look at how it works with the politics of many nations such as America and England. People aren't choosing the best candidate, they are choosing the least awful one. That just isn't the way to do things.
GNUstep is an amicable project. What they are trying to achieve is great for the community, no doubt. But it is not anywhere near useful for the average user. Unless some miracles happen, it won't be usable as a Mac OS X -> Linux transition desktop.
Now, there are some people who are going to say, "But I can already check my email with GNUMail!", and to them I say, "Yes." But the fact remains that the NeXT-style vertical menus are too powerful for the average user. Apple realized that, and ditched them. While it is claimed that horizontal menus can be used when using bundles, it is far beyond the capabilities of your typical user to make such a change.
While it would be fantastic if GNUstep and Linux were able to replace Mac OS X for most people, that just isn't the case, unfortunately. They'll still be stuck dealing with crippled Longhorn.
Is he one of those Conservatives that you have in Canada? The ones who put gay bashing above their parliamentary duties?
Pkgsrc has merged the collective efforts of all of the major BSDs. No longer do they duplicate the package maintenance efforts for each project. That has been a great improvement, as time is now better spent on other development activities.
The problem is not their ability to evaluate talent. The problem is that there is a limited number of programmers out there who can develop very secure software. Such programmers already have very well-paying jobs. Unless you offer some extreme benefits, you probably can't hire somebody talented at a lower salary than they are currently receiving.