Forgot your password?
typodupeerror
Slashback

Slashback: Quiesence, Jazz, RAND 182

Posted by timothy
from the blacksburg-field-office dept.
Welcome to Slashback for 20011018 -- read below for an update on Code Red (is Red Dead?), RAND patents in Web standards (some semi-good news on that front), the sad death of some MIDI software, and an upgrade for Thailand.

Please write your elected W3C representative. haplo21112 writes "The W3C has posted a next-steps comment on the mailing list for the Patent Policy Frame Work proposal.

It announces among other things that two Open Source People have been added to the working group as Invited experts, Eben Moglen (General Counsel, Free Software Foundation) and Bruce Perens (Co-Founder of the Open Source Initiative). They have also announced a home page for the Working Group at: http://www.w3.org/2001/ppwg/

Especially interesting is the Second Objection noted on the page from IBM, where basically they are revealed as one of the drivers of the proposal. They grumble about RF and pretty much say they would vastly prefer RAND."

You'd like to think so, eh? ColaMan writes: "Is CodeRed finally dead? I've had a counter on my webserver (yay apache!) that tracks attempts, but since the start of the month only 1 lone attempt has been logged on our permanent IP dialup connection (and that was just overnight). This compares to 2490 attempts for August and 931 for September. Nimda still seems to be plodding along though - I've had 159 unique ip's so far this month and 466 for September. Knowing that my IP address is in some bandwidth-forsaken backwater of the internet, I was wondering how things were going CodeRed-wise in the Real Internet?"

I forget -- does the M stand for "Microsoft," or "Macintosh"? An Anonymous Coward writes: "Remember this story from last Tuesday asking about audio applications on linux? Today the Jazz++ mailinglist declared jazz++ dead (find the message here). While not the perfect midi sequencer, jazz++ is robust and GPL'd. Since jazz++ only appeared twice in the postings (each moderated at +1 ...) related to the earlier story, it would seem this fine product has low visibility among the /. crowd. The only viable GNU/Linux midi solution died the same week ./ had a call for audio solutions on Linux. Gotta love irony..."

From Bundesrat to Bangkok Germany may be considering it, but Thailand is doing them one better. TheMMaster writes "According to this article on newsbytes, the Thai government will switch to open-source software, linux on the desktop, StarOffice. This is a nice example of OSS, and probably why a lot of people contribute, to help people (OK and for fun)"

As usual, the actual developers float high above the flames on their behalf. Yep, KDE is 5 years old -- and fm6 writes: "A nice contrast to the usual GNOME-versus-KDE flamage: the users of news.gnome.org wish KDE a happy 5th birthday." Remember, the flame wars you see about these two projects have little to do with the fact that both have already created killer desktops, and are continuing to do so faster than human beings should be allowed to travel.

This discussion has been archived. No new comments can be posted.

Slashback: Quiesence, Jazz, RAND

Comments Filter:
  • Funny... (Score:3, Offtopic)

    by Anonymous Coward on Thursday October 18, 2001 @08:04PM (#2449765)
    The w3 patent policy list, now that the rucus from the patent proposal has died down, is full of repeated spam messages.

  • Congrats KDE (Score:1, Insightful)

    by Jasa (125516)
    Well 5 years and KDE is going strong. Keep up the good work!
  • Face the facts (Score:1, Redundant)

    by Anonymous Coward
    It's time to face the facts. Code Red is dying...
  • jazz++ dead? (Score:5, Insightful)

    by smunt (458722) on Thursday October 18, 2001 @08:11PM (#2449793) Journal
    So why is this rubust and successfull, gpl'ed program dead? Just because it won't link against new libraries doesn't make it dead.

    And it's ofcourse GPL, which means that you can reuse parts of it in other software.
    • So why is this rubust and successfull, gpl'ed program dead

      Actually, the message asked if the program was on its' deathbead, since there were certain changes in libraries that threaten to make it unbuildable on modern systems.

      So it is not dead yet.

      And somebody with spare time could turn around and patch it as a summer project or something.

    • Re:jazz++ dead? (Score:3, Insightful)

      by tshak (173364)
      Because musicians (generally) use MAC's. Some are starting to use Win2K/XP as well. Musicians need a stable and simple GUI, first and formost.
    • Re:jazz++ dead? (Score:2, Interesting)

      by suitti (447395)
      The Demudi Linux (Debian) based music distribution is just getting going. Judging by the mailing list, it appears that there are enough people to get the project to move forward. MIDI won't be the first priority for the group (though, an individual might have that priority, who knows?), but it will be a priority soon. This isn't the commercial world. Projects with essentially zero overhead can survive hibernation.

      In the early 80's, I asked around if anyone needed certain types of graphic support. One guy said, "Don't bother with it, no one is doing it." My attitude at the time was that no one was doing it because they couldn't. When I provided support, it became extremely popular.

      At the moment, I don't know anyone doing MIDI stuff on Linux. When it becomes easier, as I expect with Demudi, it will be much more common.

  • Code Red (Score:5, Informative)

    by ogesII (255147) on Thursday October 18, 2001 @08:12PM (#2449795)
    Over the last 3 days my site has been receiving one Code Red hit per day. The interesting this is that the original 'N' padding is being used again similar to CR1. Prior to this I hadn't had a hit since Sep. 30th.

    Nimda is still going like made but at a much reduced pace. 8 unique hosts 423 hits today. I sure wish it would give up after the first GET and it realizes I'm not running IIS. I'm about to start dynamically updating my IPTables
    • Re:Code Red (Score:5, Informative)

      by jsveiga (465473) on Thursday October 18, 2001 @08:44PM (#2449895)
      Code Red II killed (sterilized?) himself on September 30.

      I've submitted an "ask Slashdot" by October 4 asking everybody to check their logs, but I was rejected.

      Because Code Red I doesn't have the suicide code, it may show up again (CR2 had displaced it, but now it may come back. This is why you get NNNNNN again).

      Although it stopped spawning, it does leave the backdoor installed. Unfortunately it does not "announce" it anymore.

      Just when I was having fun... I hope CR1 gets back in the top parade.
    • Code Red is definitely still out there. So far today, 485 unique hosts have hit just one of the servers I'm monitoring. The pace is much lower now, though.
    • I'm happy to report I got my very first Sircam in the inbox today...
    • Re:Code Red (Score:2, Interesting)

      by flonker (526111)

      I coded up a quick & simple project for Win32 [theperlguru.com] that listens on port 80 for signs of Code Red 1 & 2, and Nimda. In the two weeks I was running it, I got one CR2 unique IP, and hundreds Nimda unique IPs on a DSL line. Most recently, on a T1, I saw the count go down from 30 to 20 Unique IPs for Nimda overnight, but I didn't see *any* CR2 hits.

      (As a side note, I wasn't using the warn feature on the T1, but on DSL, about 50% of those warned, fixed their systems.)

      Oh yeah, source code is included, but little to no documentation.

  • Happy B-Day KDE! (Score:5, Insightful)

    by coupland (160334) <dchase@NOSPam.hotmail.com> on Thursday October 18, 2001 @08:13PM (#2449796) Journal
    I've gotta wish KDE a happy birthday -- it was my first Linux GUI and arguably my favourite. The "winds of change" have prompted me to switch to GNOME and while I have to admit I adore Ximian/GNOME I'll always have a soft spot in my heart for KDE. Isn't it great to see how alive and well competition in the Linux scene is? Thank God for KDE (and GNOME) because they've made each other a tonne better simply by their existence.
    • by smunt (458722)
      > Isn't it great to see how alive and well competition in the Linux scene is?

      Don't forget cooperation.
    • Jesus, your first linux GUI was KDE? Mine was mc.
      • > Jesus, your first linux GUI was KDE? Mine was mc.

        Well, if we're in a "who's more old-school" comparison, I *did* run nc (the program that mc was written to emulate) on DOS 3.2... Mind you I'm sure there are a few CP/M nuts about who've got me beaten handily...
    • I really don't think about KDE too much since I do what I want to comfortably with Gnome, but KDE helped me ease into Linux when I was a newbie. Gnome had just come out and it was still awkward. KDE was ready, and while not overly comfy, let me get comfortable enough so that I didn't have to boot into an MS OS to do everything.

      Thanks KDE. Happy Birthday.
    • I agree that having options is a good thing, and I support both projects (one computer runs Mandrake/KDE, the other runs KRUD [tummy.com]/Gnome).

      Of course, you can also switch between them fairly painlessly on the same box. Yet another reason I love linux...

  • Killer desktops? (Score:1, Insightful)

    by Anonymous Coward

    Remember, the flame wars you see about these two projects have little to do with the fact that both have already created killer desktops

    This has got to be a joke. Both of them have done a good job of creating Windows-like desktops. The Mac and OS/2 users are still laughing their asses off, though. Neither Gnome or KDE is even in the neighborhood of "killer desktops."

    • And ofcourse a good job on interapplication communication.
  • Code Red (Score:3, Redundant)

    by JackAsh (80274) on Thursday October 18, 2001 @08:17PM (#2449809)
    Code Red is dead baby, Zed is I mean Code Red is dead. Actually, I run the intrusion detection system at my company, and I can say that CodeRed v2 is all but gone (the decompile did say it would die in October - http://www.incidents.org/react/code_redII.php 3/4 down the page, "Infection Process"), however CodeRed v1 still knocks occasionally (we get 2 to 3 hits a day). Nimda is something else, it keeps hitting at about 10~20 per day.

    Jack Ash
  • my nimda stats (Score:5, Interesting)

    by cr@ckwhore (165454) on Thursday October 18, 2001 @08:19PM (#2449816) Homepage
    I've got a small apache server running on the "dirty front lines" of the internet... right in the middle of the 2nd largest cable network in the US, where every tom, dick and harry goes nuts with p2p, porn, spam, and of course, IIS without having a clue about anything significant.

    Anyway, my current NIMDA stats: 55,522 hits in the access_log, and they've only slowed down noticeably within the past week. 196 so far today, and today isn't over yet.

    I've successfully been able to shut down some of these machines remotely by randomly picking IPs from the log, checking for either open SMB shares or win2k remote administration. With either of those, especially since these sysops are usually the height of insecurity, its been quite easy to contribute my part of NIMDA disinfection.
    • Re:my nimda stats (Score:3, Insightful)

      by GregWebb (26123)
      Sorry to be a spoilsport, but...

      That would very definitely be illegal under UK law. You and the likely recipents of your aid being in the US means that's not something to worry about, but my personal morality is similar to UK law on this point.

      Basically, the Computer Misuse Act means that you can't use a computer system without permission, even if you've logged in. If a username and password for some interesting but off-limits computer dropped into my lap, I couldn't use it without first obtaining permission. Or, if I found an open share, I couldn't connect to it and perform an action over it.

      You're trying to perform a civic duty by removing an infected machine from the internet. But you're also changing the configuration of a machine in a way that you can't guarantee won't harm the machine, and which will guarantee that you can't then get back in to check if the update was successful and correct any problems.

      Maybe the greater public service should override this? Maybe, but one of the first worms to do damage was an autoupdate worm which had a bug in it. Someone meant well, believed they were doing good but caused trouble and demonstrated why worms and autoupdating aren't such hot ideas. Including an 'I was only trying to help' defence makes it rather hard to prosecute many proper viruses and worms - perhaps Outlook viruses are only trying to help by demonstrating exactly what can be done with Outlook to push people onto more secure mailers, and any destructive or disruptive payload is simply a motivation tool?

      If I'm getting portscanned particularly often by a certain IP address, I'll normally forward a firewall log of the events to whichever ISP the traceroute finds. If I find out the offender's e-mail address, they'll get a mail from me. In this case I'd normally mail the ISP and let them deal with informing their user - who is, after all, causing problems for the ISP so it's in their interest to do something about it. I suppose I might bend the law a little by leaving a short text file on their system explaining the problem and how to fix it. Breaking the law, yes, but with no destructive possibility at all.

      But I'd never run a patch for them, and I'm very glad that it's illegal to do that in this country.
  • by trilucid (515316) <pparadis@havensystems.net> on Thursday October 18, 2001 @08:19PM (#2449817) Homepage Journal

    to those on the Gnome side who were gracious enough to be this polite regarding KDE's birthday :). We've all seen a lot of battle damage on both "sides of the fence" when it comes to the desktop wars, and I for one am glad to see (maybe just momentary) a truce.

    It kinda makes one wonder, though, how much energy and how many good ideas are wasted by all the lobbing of insults in the general community. This is a fact of life when it comes to closed-source applications apparently, but in the world of open source it's just dumb. Elitism and smugness hinder progress.

    Now, if only the database trolls could take a lesson on this one... sometimes the wars between the various open source factions (mySQL, PostgreSQL, etc) can be worse than anything seen between KDE/Gnome (at least in my opinion).

    As to what's better, all I can say is that I use *both* Gnome and KDE (well, KDE a bit more than Gnome these days), and *both* mySQL and PostgreSQL personally (more mySQL than the others, blah blah).

    It's all progress, folks. Let's keep it that way :).

    • tribalism is a human instinct and a strong one. what could be more inspiring than the hatred of one's foe? what else would make you code for 48 hours straight?

      okay. there are other reasons. the intellectual exercise, obsessive disorders, bragging rights. sure. competition is still something that drives people to code.
    • I for one am glad to see (maybe just momentary) a truce.

      There's nothing wrong with a healthy sense of competition but the attitude of people in any large group will go the gamut of really laid-back/ moderate to vicious predatory/territorial. It's nice to see that people at the heart of the two groups are being pleasant to each other and recognizing the value that the two projects give each other.

      Perhaps this will encourage the more radical elements of both camps to be more pleasant.

  • Happy Birthday KDE, from a GNOME User...

    I am one of those people - and there are probably way more of us than not - who (although it does eat up quite a bit of drive space) has both QT and GTK+ libraries and associated files on the computer. Although I always use GNOME (and i think KDE is a bit, well, ugly) I am happy that:

    • I am not forced into one window manager or desktop environment (yeah free software!
    • and that both GNOME and KDE have taskbar tabs that let you easily find the other's apps (set as default on many distro's - great for newbies...)
    • I actually run both at the same time! On the left monitor, there's gnome; on the right, there's kde.

      It's actually not by design, but necessity (probably due to my not-so-hot configuring skills): Gnome wouldn't work on my second monitor. KDE set up two desktops, but (if I remember correctly) didn't run a window manager on the other desktop - so I couldn't move the windows around. I couldn't run ximena (misspelled) because I've got two different resolutions and the "dead space" was too awkward.

      So, my solution is to start gnome (which runs on the primary monitor only), and then start kde on the second monitor only. It works out pretty well, but I'm not sure how much running both sets of libraries is affecting me (not that I notice any slowness).
  • by DNS-and-BIND (461968) on Thursday October 18, 2001 @08:25PM (#2449832) Homepage
    I can't be too sad that a MIDI program died...I hate MIDI music. I especially hate web pages that play .mid files...it's one of my most-hated web designer screwups, right up there along with the tag and directing people whose User-Agent does not match "MSIE" to a "sorry, use Microsoft" error page.

    One of my Chinese co-workers has a collection of MIDI tunes he likes to play from time to time. I'm telling you, you haven't lived until you've listened to "Raindrops Keep Fallin' On Your Head" as a MIDI tune, 20 times in the course of one day.

    • Re:die MIDI die (Score:5, Insightful)

      by Freedryk (117435) on Thursday October 18, 2001 @08:33PM (#2449856)
      Some of us actually use midi to make interesting music (if you consider techno to be interesting music), since it is the primary way to control hardware synthesizers and samplers. The lack of good midi/audio support in linux is actually the main reason I don't have linux on my home computer. If this program is dead, it's just one more reason for me to stay with Windows...
      • I tried and tried to make my Roland SCC-1 sound card work well in linux, but failed. This simple isa MPU-401 compatible card uses the mpu401 module. No matter which program i try, playmidi, jazz or whatever thing that uses the /dev/sequencer device, it simply can't play the files right. Further investigation has revealed that the mpu401 module lacks the "intelligent mode" that _true_ mpu401 devices can employ, which could be a cause. The only way i could "barely" make this card sound decent "under linux", was using dos software running in dosemu and letting direct access to the card (ie, avoiding the kernel module and letting use irq/addresses directly).

        Of course this card sounds perfect using true dos or windows. Everything from a 286 up to the latest AMD can make this board play midi files just fine. Linux can't. For some reason, notes get lost/muted in the way (or lag). It may be a latency issue; i guess its the braindead module kernel that nobody cared to improve anymore.

        I have hopes for the kernel low latency and preemptive patches, maybe that could help.

        Oh, and ALSA assumes you can't have an mpu401 device stand alone...

        Well now i'm playing with Freebsd, who knows, maybe it works here...
        • Intelligent mode was created solely to handle slow 8088 computers that couldn't keep up with MIDI's timing demands. It has limitations of its own that make it undesireable if it can be avoided.

          The problem with Linux is that it doesn't have a true multimedia subsystem that handles timing issues. OS/2 has something like this, and its MPU-401 driver is rock-solid and has dead-on timing. Check it out.

    • Funny man! You don't know what midi is, and I'm not going to explain it here.

      Well I can tell you the disadvantage of it: Latancy
    • Re:die MIDI die (Score:5, Interesting)

      by AirLace (86148) on Thursday October 18, 2001 @08:55PM (#2449937)
      The article was referring to MIDI used in the context of an intermediary protocol between music hardware and sequencing software. It's the only open and documented interface for musical information interchange between devices and so should be promoted by the community, before the proprietary formats manage to get a foothold. I sympathise with what you say about MIDI songs being played on computers, but you should recognise that that's not what MIDI is all about.
    • Re:die MIDI die (Score:3, Informative)

      by awful (227543)
      MIDI is a standard for getting electronic instruments (hardware e.g. samplers, synths, sequencers, sound modules, drum machines etcetera) to talk to each other.

      MIDI is one of the best things to happen to music in years - a couple of decades ago the manufacturers all sat down and agreed to standards, so that you can buy a Roland synth, drive it with a Yamaha sequencer, and hook up a Korg sampler, and make music. The file sizes are tiny, but powerful.


      If you think MIDI is just the rinky dink tunes you sometimes hear on websites/PC's, you are probably confusing their/your poor hardware (soundcard) with MIDI.

    • Re:die MIDI die (Score:1, Insightful)

      by Anonymous Coward
      Poorly sequenced midi files playing out of a cheap sound card are not what is cool about MIDI.

      wiring together powerful musical equipment for 6 different vendors is pretty damn cool. Its quite likely that some songs you like involved some use of MIDI at some point in their production.

      If you want to bitch, you can complain about the absolutely horrible bandwidth the MIDI wire protocol provides. 10BaseT is cheap enough now that we should just switch to MIDI over ethernet.
    • I hate MIDI music.

      It actually sounds semi-decent if you have a good synthesizer. I know Yamaha [yamaha.com] makes a good software synth (or at least they did back in 1998 when Compaq bundled it with my Piss^H^H^Hresario (I assume it was there to make up for the motorized-eject disk drive, preinstalled AOL/MSN software, and lack of real power/reset buttons, but, of course, such atrocities are unforgivable.)), but I can't find it on their site.

      • It was called XG, I think. I had a copy, they used to came as bonus with the good old yamaha OPL3 (or OLP3?) cards. Cool stuff, especially for a 1996- proggie.

    • MIDI is a most important tool for composers
      Yeah i know if you use a sound card in a comp the sound stinls.But that's not what it's for either.Normally the sequencer is but a part of the whole.Samplers,keyboards and up to date drum machines are plugged in and produce very realistic sound.Enough for the composer to
      make a classic symphony at home and to know what it sounds before he's with the whole orchestra for the first repetition.
      A m shame such an important tool wasn't known Then should the community be more verbose and go ..." new cool app ...check it out .. "
    • If you truely hate MIDI music, then you probably hate about 75-95% of popular music produced these days. MIDI is what's used to run drum machines, synths, etc. Even for live music, it may be used to run secondary sound sources from the keyboard. (or other instrument).

      Any time you see two instruments talking to each other, chances are it's midi.

      MIDI is likely to be with us for a long time. It's kinda like FORTRAN -- old and chunky but sturdy. Everybody uses it and it does almost everything you could want... about the only place where it falls down is where you have large numbers of machines and/or very wide chords with fast fingering.

    • If your only experience with MIDI involves a sound card on a PC, then please don't pretend to have an opinion on the technology. You clearly have no idea.
  • by paulbd (118132) on Thursday October 18, 2001 @08:35PM (#2449864) Homepage
    MusE is a more powerful, more appealing, more actively developed MIDI editor and sequencer than Jazz or Jazz++ ever was. And besides, Jazz is not dead. The message is simply one user expressing their concerns, which although they may be realistic, are not definitive.
  • by Glytch (4881) on Thursday October 18, 2001 @08:35PM (#2449865)

    I got my first Sircam email today.

    I don't know whether to be happy that I've been spared thus far, or sad that I don't seem to be worth the bother of putting in an address book.

    It was just some German person's Werewolf campaign character sheet, too. How dull. I was hoping for government secrets.

  • I just have to chime in and wish the KDE project a happy birthday. I've been using KDE since 1998, and it's still my favourite general-purpose desktop. Not to seem like flame-bait, but I've never liked GNOME, whether Helix-code or not. Soce of the applications are killer (I do like Evolution) but the desktop lacks a lot of the polish one takes from granted from MS and Apple. At any road, I just want to say that I switched from fvwm to KDE and I've never looked back. Happy Birthday, K, and hopefully many, many more to come.
  • The 'M' (Score:4, Informative)

    by sheetsda (230887) <doug,sheets&gmail,com> on Thursday October 18, 2001 @08:38PM (#2449875)
    I forget -- does the M stand for "Microsoft," or "Macintosh"?

    Maybe I'm misunderstanding this question, but the M in MIDI stands for "Musical". Musical Instrument Digital Interface [acronymfinder.com].

  • Oh, how fast the days have flown by. Microsoft, Microsoft, Microsoft. My thoughts are with you on this lonely day. What has the world come to when there aren't any automatic viruses floating around on buggy Windows systems? Maybe we'll get lucky and WinXP will have some colossal hole. For now, however, my lonely IP has nobody tracerouting it, scanning for open ports, or even sending it petty pings.
  • by Shoeboy (16224) on Thursday October 18, 2001 @08:43PM (#2449892) Homepage
    We should all keep in mind this simple truth: Code Red is dying.

    You don't need to be Kreskin to predict Code Red's future. The hand writing is on the wall: Code Red faces a bleak future. In fact there won't be any future at all for Code Red because Code Red is dying. Things are looking very bad for Code Red. As many of us are already aware, Code Red continues to lose market share. Red ink flows like a river of blood.

    Let's keep to the facts and look at the numbers.

    Famed Code Red using hacker mafiaboy states that there are 7000 machines that are victims of Code Red. How many users of Nimda are there? Let's see. The number of Code Red versus Nimda posts on Usenet is roughly in ratio of 1 to 4. Therefore there are about 7000*5 = 35000 Nimda users. Code Red on Linux posts on Usenet are about half of the volume of Code Red on Windows posts. Therefore there are about 700 victims of Code Red on Linux. A recent article put Code Red on *BSD at about .008 percent of the virus infection market. Therefore there are (7000/100)*.008 = .56 Code Red on FreeBSD machines. This is the result of one guy working in his spare time to port Code Red and consistent with the number of Code Red on FreeBSD Usenet posts.

    Due to the troubles of Sircam, abysmal infection rates and so on, Sircam is getting out of the virus business and becomming a flight simulator. Code Red is still dying and the corpse of Code Red will soon be turned over to another charnel house.

    All major surveys show that Code Red has steadily declined in market share. Code Red is very sick and its long term survival prospects are very dim. If Code Red is to survive at all it will be among virus hobbyists, dabblers, and dilettantes. Code Red continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, Code Red is dead.

    --Shoeboy
  • by selan (234261) on Thursday October 18, 2001 @09:14PM (#2449980) Journal
    Well, all those NT servers had to have been rebooted at least once by now :) !
  • The Thai language has 77 letters (or 76?), and requires complicated marks that go above the letters. So, all word processing software must be modified anyway. Thailand is a good country to begin with Open Source software.


    What should be the Response to Violence? [hevanet.com]
  • dead OpenSource? (Score:2, Insightful)

    by stew77 (412272)
    OpenSource programs don't die!
    They just fade away.
  • by Jetifi (188285) on Thursday October 18, 2001 @09:21PM (#2449992) Homepage

    ...comparatively speaking. For those of you who didn't read it [w3.org], one of their objections is that while anyone involved in making the standard might potentially be forced to declare RF licensing, someone who keeps quiet during the standard's formulation but owns a patent on essential parts of the standard, can license under RAND or whatever else, as they didn't take part in the process.

    While that is a problem, it doesn't negate the idea of RF. There were three other objections - but they're half legalese, and IANAL... :-)

    • I found the legalese to be particularly challenging (maybe I'm just really tired?).

      If someone could translate the rest of it for the legal laymen among us, that would be wonderful. It seems to me that IBM is very sincere in their support for open source (for example, IBM HTTP Server is based on Apache, and Apache SOAP is based on IBM's SOAP4J), and from what I've read about RAND, it means that open-source can't play.

      So, I'm very interested to understand what is motivating their stance.

      Can anyone help?
  • by Cryptimus (243846) on Thursday October 18, 2001 @09:27PM (#2450003) Homepage

    Code Red deliberately self terminates on October 1st 2001.

    There's a check inside the code that essentially sends the server into an endless reboot loop if the month is greater than 9 or the year is greater than 2001.

    This pretty much ensures you either fix your server or stay offline.

    I guess even a worm writer wants to use the 'Net. Building self-termination into a worm seems like an oddly moral thing to do, however closer examination will probably reveal the author was concerned about the worm making the net completely unusable.

    And that would never do.

    • Pretty much dead, actually. [armor-e.com] Except for these 9 weirdos with their clocks set wrong.

    • Or? (Score:3, Interesting)

      by blang (450736)
      I guess even a worm writer wants to use the 'Net. Building self-termination into a worm seems like an oddly moral thing to do, however closer
      examination will probably reveal the author was concerned about the worm making the net completely unusable.


      Or as someone else pointed out, it's to stop the infected host from broadcasting "My owner is a moron, please FIX ME!". If the worm writers main goal was to gather an arsenal of computer slaves, then a wormicide would be the thing to do. When the worm stops spreading the security gurus go away, the press stops spreading panic, and the script kiddies can quietly move in and gorge themself on an unprecedented number of slaves. Now why they'd want to run their advanced skript-kiddie-software on such a lame OS beats me, but then again, I probably don't like their music either.
  • by hyrdra (260687) on Thursday October 18, 2001 @09:29PM (#2450015) Homepage Journal
    The activity light is still on rock solid, and there's nothing wrong with the modem. No, I don't have any of the worms because I'm using a broadband firewall.

    At my last count, I receive around 500 attempts by these worms each day, usually by other cable users. Before I got a firewall, loading up my Apache log file crashed notepad. My favorite past time has become tracerouting the IPs to see what nearby city they're in. I live in Columbus, Ohio and can easily discern those from nearby towns and locations throughout the city (e.g. pos1-2-colswest or pos4-0-dublin).

    I then like to load up Telnet and go searching for root.exe on these computers. When dumped into a root cmd, a carefully placed command copies a file from a share on my computer to the other machine. The file, of course, is an MS update patch or lately one of the clean utilities posted around the net. Another command runs the program and when finished the system is reboot and no longer bothers me.

    Now there's an idea...fixing worm systems through their own security holes. I even wrote a little script to automatically attempt to 'fix' an attacking system. Don't just bitch when the same IP keeps pounding you...do something about it!! There's plenty of info out there, and you can get most of the info from the attacking HTTP GET strings.
    • Now there's an idea...fixing worm systems through their own security holes. I even wrote a little script to automatically attempt to 'fix' an attacking system. Don't just bitch when the same IP keeps pounding you...do something about it!! There's plenty of info out there, and you can get most of the info from the attacking HTTP GET strings.

      Perhaps you could share this script? If you want to do it but you are bashful about the quality of your code please share it anyway! We all write quick fixes sometimes.

      (note the last two sentences were included because some people are way too silly and always feel the need to clean things up before they could possible share code, you might not be like that but just in case...)
    • by Anonymous Coward
      don't do it.
      as much as you may be in the right, all it takes is one honeypot for you to get busted.
      there is no "Good Samaritan" law for the net.
      you're asking to get busted for criminal trespass.

      If you do feel obligated to "clean" infected hosts, do it from an infected host - not your machine.
    • The activity light is still on rock solid, and there's nothing wrong with the modem. No, I don't have any of the worms because I'm using a broadband firewall.

      A firewall will not isolate you from these worms.

      The light may be due to Nimda, which is still going, or it may just be your ISP broadcasting unnecessary traffic to you (as some cable providers have been known to do).

      At my last count, I receive around 500 attempts by these worms each day, usually by other cable users. Before I got a firewall, loading up my Apache log file crashed notepad.

      Notepad? You're using Windows? No wonder it crashed.

      My favorite past time has become tracerouting the IPs to see what nearby city they're in.

      Sounds like somebody needs a social life! That's the most interesting thing you can think of to do with your time?
    • And go straight to jail when the owner complains about your intrusion! Brilliant!

      A better idea is to pick up the phone or email the idiot...maybe the email could be automated.
  • The death of jazz++ saddens me.

    As a professional musician I need to use windows because that is where all the best sequencing/recording/processing technology is (yes, windows is far superior to mac for digital audio). Nevertheless, as a computer scientist...I HATE WINDOWS! And a lack of music applications is what is really holding me down from solely booting linux.

    There was /. article months ago about how computer graphics for movies were being moved to Linux render farms. This meant that Hollywood was going Linux. Well, why can't the same thing happen for recording industry (also hollywood/LA)? There is a huge demand for it. Believe me, I wouldn't pay god knows how much for ProTools if I could just download a free linux equivalent, which would probably run faster anyway.

    If the recording industry moved to Linux, they wouldn't just be saving tons of money for software (their only costs would be hardware). They might also adopt a new outlook on the "free world". A combination of the two might shut up the RIAA.
    • shredds typed: There was /. article months ago about how computer graphics for movies were being moved to Linux render farms. This meant that Hollywood was going Linux. Well, why can't the same thing happen for recording industry (also hollywood/LA)? There is a huge demand for it. Believe me, I wouldn't pay god knows how much for ProTools if I could just download a free linux equivalent, which would probably run faster anyway.

      If the recording industry moved to Linux, they wouldn't just be saving tons of money for software (their only costs would be hardware). They might also adopt a new outlook on the "free world". A combination of the two might shut up the RIAA.

      The RIAA is exactly why the industry will never move away from Windows. Microsoft is all but guaranteeing that music piracy will dry up if the major players switch to Windows Media encodings exclusively, and each new release of Windows has another restriction on how and what media can be made or played. The recording industry inherently doesn't want to 'shut up' the RIAA since it only does exactly what they tell it to.

    • by Anonymous Coward

      There was /. article months ago about how computer graphics for movies were being moved to Linux render farms. This meant that Hollywood was going Linux. Well, why can't the same thing happen for recording industry
      The OS of renderfarm computers isn't so important as renderfarm computers aren't used by people, Hollywood artists work on whatever computer runs the best application of the day and the data from that application is then farmed out to the number crunching machines which the artists never need to see or touch.

      I assume (I don't know, but with DSPs and audio being such a small amount of data it seems logical) the recording industry has people actually operating the computers it uses, and doesn't have any need for distributed batch processing. This makes the criterior for the recording industry choosing an OS not really comparable to that of the Movie Industry choosing a render farm OS.
    • You might not realise this, but Windows is only used by the majority of audio people in the amateur space.

      Once you move into the professional space its almost totally Mac based (and VERY expensive :().
    • As a professional musician I need to use windows because that is where all the best sequencing/recording/processing technology is (yes, windows is far superior to mac for digital audio).

      That's very strange, and contrary to everything I've heard from people who work in that industry. Are you saying Windows in superior to Mac for digital audio because of the applications available, or the hardware, or the operating system itself? I know that many apps that were formerly Mac-only have now been ported to additionally run on Windows, but what's not available for the Mac? As for hardware, the same hardware should work with either platform; all you need is drivers, and any company selling professional audio peripherals without Mac drivers is pretty stupid. Finally, the OS. Windows. I don't think I have to explain why Windows sucks ass.
  • I've been hit with over 78000 Nimda attacks, and about 16000 attacks between Code Red (1 and 2).

    I use a utility I wrote to keep track of all the attacks on my Apache server. It's called WormScan, and you can find it here [freshmeat.net]. It's written in Java, is licensed under the GPL, and only needs a couple of minutes to scan through your logs (depending on size and number of attacks, of course). Lots and lots of features, and extremely flexible. It generates detailed reports which can help you get a look at what's going on.
  • Gimme a URL to download code to install this code red counter. I want to keep track of it too. I look through my logs occasionally and I'm always seeing failed attempts for files like ../../../../sys.com and C:/blah i assume this code red trying to worm it's way onto my linux box.

    Joseph Elwell.
    • This does the trick for me - you will have to change where the counter files goes, but that's about it.

      #!/bin/sh
      grep default.ida /home/apache/logs/access_log | wc -l > /home/apache/htdocs/coderedcount
      grep "winnt" /home/apache/logs/access_log | awk '{print $1}' | sort | uniq | wc -l > /home/apache/htdocs/nimbdacount

      Enjoy the show :-)

  • We just released Rosegarden 4 [sourceforge.net] v0.1.
  • Yea, they're a good band, saw them play here a bunch of times.. jazzy versions of greatful dead songs..pretty damn cool.................
    whats the commotion?

    oh

    i get it
  • If my past trips to Thailand are any indication, not too many people there are purchasing M'soft licences anyway..

  • While not the perfect midi sequencer, jazz++ is robust and GPL'd. Since jazz++ only appeared twice in the postings (each moderated at +1 ...) related to the earlier story, it would seem this fine product has low visibility among the /. crowd. The only viable GNU/Linux midi solution died the same week ./ had a call for audio solutions on Linux. Gotta love irony..."

    So long as there's one copy of the source in the wild, GPL software never dies. I downloaded the CVS for safekeeping, and when I've got time I'll work on it.

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten

Working...