Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Slashback Microsoft

Slashback: Mars, Linksys, Torrent 344

Slashback tonight brings updates and followups on several recent Slashdot postings. Among other things, Linksys says they're not violating the GPL, and Tiger Direct says that Michael Robertson's claims about Microsoft targeting Lindows buyers are way off base. Speaking of which, Microsoft has decided it makes more sense to embrace schools than to alienate them with hard-nosed licensing policies on donated PCs. Also, a torrent file for the Red Hat 9 version of Ximian's latest desktop, and more. Read on for the details.

Fork carefully or be forked preemptively. BSD Forums writes "The leader of the open-source JBoss Java application server environment said that if the group of developers that left his organization attempts to splitâ"or "fork" as it's called in the industryâ"the JBoss code base, he would sue them. Marc Fleury, president of JBoss Group LLC, Atlanta, said he is prepared to take legal action if the group of developers who left the JBoss Group to form a new company, known as Core Developers Network LLC, attempts to diverge from the JBoss code base."

They can learn in the classroom, or outside it. MVP writes "Fridrik "frisk" Skulason, of F-Prot fame (you know, that good old DOS free for personal use antivirus, up-to-date & usable for windows), has a very acid reaction against the decision of University of Calgary to start teaching virus-writing classes (see previous Slashdot thread)."

Just let me control the textbooks ... After a few stories like this one, it may please some people to see at least a partial turnaround from Microsoft on computers donated to schools without Windows licenses. Patrick Cable II writes "I got an interesting letter from Microsoft today at work. Microsoft has started a "Fresh Start" program for educational instutions that basically makes it so schools who have had computers donated to them without licenses or media can get media and a letter stating the computer is licensed to use a Windows operating system (98 or 2000). More information can be found here. Anyone think they're trying to figure out a way to deal with the whole Linux thing?"

Software in the Public Interest has yet to respond with a lower licensing fee for Debian.

More fun than "The Winds of War." For fans of Kim Stanley Robinson, space exploration and colonization, space elevators et cetera, reader Unbeliever writes with new that Hurd will soon meet Mars. "No, not GNU/Hurd, but Gale Ann Hurd. Hurd just signed a deal with Sci-Fi to produce Kim Stanley Robinson's Red Mars as a Sci-Fi 6-hour miniseries. Red Mars is the first of the Robinson's Red/Green/Blue Mars Trilogy, an 'almost plausible sci-fi' future-history approach about Colonizing and Terraforming Mars. The trilogy looks at the technological, sociological, personal, and political challenges of terraforming a different planet. Also of interest to Slashdotters in general is Robinson's ideas on the growth of multi-national corporations into Meta-Nations, and their effects on world politics."

But doesn't that make it radio their way? In the recent Radio Your Way review, our reviewer said of the device that it had "[n]o off button! As far as I can tell, once you turn the device on there is no way to manually turn it off other than to wait for it to enter sleep mode after several minutes. Very annoying."

Another reader writes with this workaround: "In any mode, hold down the stop button (a little square under the play button) for 2-3 seconds to turn off the unit. This is listed in the manual, which you are right, is a very poorly done Korean effort."

Calm down that jerking knee, then apply ice. In response a post which raised the question of whether Linksys was in violation of the GPL by not distributing, nor offering links to, the source code for the software controlling their 802.11g base stations. A representative from Linksys-PR sent in this note about the "missing" source code:

Linksys is a strong proponent of both Linux and the Open Source movement. The code within our routers is using User Space code without linking dynamically or statically to any GPL (GNU GENERAL PUBLIC LICENSE) code. Any code which does not have a static or dynamic link to anything covered by the General Public License is not GPL'ed, and can be considered closed source.

We regret it took some time to respond to this posting. To assure timely responses to inquiries like this in the future, please use the following procedure which complies with the requirements of the General Public License:

1. Please put your request in writing or in an email addressed to info@Linksys.com
2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."
3. Technically, you are also supposed to provide us with a self-addressed stamped envelope, along with funds to cover the cost of providing the code to you. But Linksys will handle requests on a case-by-case basis. Thank you."

Straight from the Tiger's mouth. Tiger Direct Executive Vice President Richard Wallet wrote to contradict Michael Robertson's claims that Microsoft was targeting Tiger Direct customers who purchased Lindows systems to offer them steep discounts on Windows XP. Wallet writes:

"TigerDirect is not selling any version of Windows for $50. We are selling Microsoft Windows XP just like any other reseller and we are in compliance with all of Microsoft's licensing agreements, no better, no worse, and no different.

TigerDirect does sell low-cost systems with the Lindows operating system. TigerDirect also sells low-cost systems with Microsoft Windows XP. TigerDirect even sells systems with NO operating systems. The only parties who can tell us which products are or aren't worth selling are our customers. Neither Microsoft nor Lindows has a significant influence on what we buy and sell. We aim to serve our customers with the products they want at the very best values available and world-class customer service.

TigerDirect did in fact perform a survey of its customers as it does on a regular basis. Contrary to the author's claim, this survey was not only sent to Lindows buyers. It was sent to everybody who bought systems from TigerDirect during a specific time period. The purpose of the survey was to help us better serve the needs of our customers by getting a better understanding of what they're using the systems for, what they're running on them, and why they purchased what they did. The result of the survey is going to be to help us better align our PC product mix to increase sales."

Many monkeys make slick visuals. IamTheRealMike writes "Hi all, there is a BitTorrent of the XD2 RPMs for Red Hat 9 available, please be gentle with it. It comes as a directory that contains a readme and an ISO - make sure you read the readme first as there is a bug in the installer you need to know about. When all is done and you've read the instructions, just mount the ISO using the loopback device and point the installer at it. For all those who have been trying and failing to get it using the mirror network, this might provide a useful alternative."

This discussion has been archived. No new comments can be posted.

Slashback: Mars, Linksys, Torrent

Comments Filter:
  • by The Bungi ( 221687 ) <thebungi@gmail.com> on Thursday June 12, 2003 @08:03PM (#6186967) Homepage
    Marc Fleury, president of JBoss Group LLC, Atlanta, said he is prepared to take legal action

    JBoss is open source... doesn't the license protect the guys that walked out? Does this mean that Mr. Fleury will sue me as well if I do a JBoss knockoff?

    • I know nothing more of this than you do so I may be wrong but I think there probably was something in their employment contracts that would make this possible. It's pretty normal to have some sort of non-concurreny-clause (or what it's called in english) in a contract.
    • by ctid ( 449118 ) on Thursday June 12, 2003 @08:16PM (#6187044) Homepage
      He's prepared to take legal action if the guys who walked out fork the code and call the new product JBoss. I understand the Fleury's organization has trademarked "JBoss".

    • It really depends on what he sues them for. Depending on what their contract with his company was, this could just be a simple breach of contract issue.

      I know that my contract currently doesn't allow me to try recruiting my co-workers if I was to leave. Perhaps leaving together violated something similiar.
    • I'm sure what Mr Fleury means is that he owns the JBoss trademark (it is a trademark, see the little â in the logo?), just like Linus owns the Linux trademark.

      If the Core developer group forks the code, then they JBoss LLC would be within thier rights to prevent the Core Developer Network using the trademark.

      The CDN guys would have to come up with their own name for the app server.

      They should be able to do it sucessfully. And it would be another case of history repeating itself. JBoss used to b

    • I am not so sure.

      My take on it, and I don't pretend to know both sides:

      Some guy wants to be a partner after being at a company, for only 8 months, and only has what 6 customers?

      I would say the guy is out of his mind, has no business sense, is unreasonable, or has an ego the size of Bill Gates Estate.

      Let me tell you, that is one big ego.

      Partner in the classic sense, means you bring something to the table nobody else has contributed to the company, that adds a great deal of economic value to the company.
    • This is getting way overblown due to some bad reporting or some bad reading of the reports.

      The issue is not whether the guys that walked can fork the JBoss code -- it's [L]GPL, of course they can -- it's whether they can call the result JBoss.

      Assuming JBoss is a trademark (which I believe it is), then they can't, at least not without Fleury's permission. They can call it JPointyHeaded, or JDictator, or JSlavedriver, or even Fred, but not somebody else's trademark.
  • 1. Please put your request in writing or in an email addressed to info@Linksys.com

    I think that you forgot something, or the post office got way more efficient.
    • by Fzz ( 153115 ) on Thursday June 12, 2003 @08:23PM (#6187077)
      It's amazing what will get there, so long as the address is unique. I once addressed a postcard to:
      username@sun.com
      Sun Microsystems,
      California, USA
      I couldn't remember either how to spell my friend's surname, or her address, but could remember her email address. And it reached her in a couple of days.
      • My roommate once got a package addressed to her (misspelled) name at our city.. no address.. I was very impressed that it actually arrived and wasn't very much delayed. The USPS truely isn't that bad.. depending where you are. I have horror stories in some locales but a lot of places it does a great job.
        • The mail (Score:3, Interesting)

          by fm6 ( 162816 )

          The USPS truely isn't that bad..

          Actually, the current USPS does a very good job, all things considered. They have every right to resent the term "snail mail", though they're probably stuck with it.

          But it hasn't always been this way. Horror stories about lost mail and general screwups were legion. UPS wouldn't even be in business if the Parcel Post hadn't been a complete disaster for years and years.

          I'm old enough to remember when the USPS was the federal Post Office Department and the Postmaster-Gene

      • by dschl ( 57168 ) on Thursday June 12, 2003 @10:38PM (#6187662) Homepage

        My mother-in-law delivers mail in a small town of about 5,000 people. My favourite post-office story is from a few years ago, when they received an envelope with a child's handwriting on the outside. The envelope contained only two words on the outside - "Mom", and the name of the small town.

        The post office staff figured it out, and the mail went through. I think they used the postmark, which identified the city from which it was sent, and successfully guessed which divorced / separated woman had children living in that city.

        • A few years ago, in mid-January, my mother received a Christmas card - a bit late, but given that the only thing written on the envelope was her name, we forgave them.

          I suppose it helps that only a dozen people in the UK have our surname, but even so, it must be tempting to just chuck such items away.

  • by Wesley Felter ( 138342 ) <wesley@felter.org> on Thursday June 12, 2003 @08:06PM (#6186985) Homepage
    BitTorrent can distribute directories of files, so why add the extra obfuscation?
  • by m0nkyman ( 7101 ) on Thursday June 12, 2003 @08:11PM (#6187012) Homepage Journal
    What is XD2, or is this something that all the cool kids know about, and I don't, so you won't tell me, because I'm not one of the cool kids, and by the way here's my lunch money, please dont't hax0r my box, I didn't say nothing to you, please?
  • Sickening (Score:5, Funny)

    by Rosco P. Coltrane ( 209368 ) on Thursday June 12, 2003 @08:12PM (#6187015)
    Speaking of which, Microsoft has decided it makes more sense to embrace schools

    Kids beware, Microsoft now embraces schools. Learn to recognize Microsoft employees : they're the funny-looking people with long raincoats waiting for you outside the school.
    • by csguy314 ( 559705 )
      MSPusher: Psst... Hey kid. [opens trench-coat, displaying many install cd's] You want a copy of Microsoft Office?
      Innocent Youth: Ummm, I don't know. I hear that stuff can be dangerous.
      MSP: All the cool kids are using it. You want to be cool doncha?
      IY: Well...
      MSP: Tell you what, I'll give you this copy of Office for free. All you have to do is sign this license...
  • Didn't the last linksys article say that new drivers HAD been linked with the kernel? Which is correct?
  • by ninjaz ( 1202 ) on Thursday June 12, 2003 @08:13PM (#6187026)
    Quoth the article:

    "I did think about them forking," Fleury said. "If they fork JBoss, that's another problem. If there's a new JBoss, if they fork it
    and call it JBoss I would sue them. There is only one version that we control."

    So, a suit was only threatened in the case the forked version used the same name as the original (presumably on trademark grounds).

    • To be fair, Fleury was a little muddled about that point. Perhaps he was reluctant to come right out and admit that he has no legal hold on the Core people unless the infringe the JBoss trademark.

      It's interesting to note that the trademark currently belongs to Fleury personally. The USPTO trademark database [uspto.gov] he registered it a couple years ago. Before that, it belonged to a California company called Telkel, which appears to be defunct.

      Oh wait, Fleury registered the trademark in 2001, but cites "first use

  • by sbszine ( 633428 ) on Thursday June 12, 2003 @08:14PM (#6187031) Homepage Journal
    I've said this before (when the original article was posted), but I still suspect the JBoss split is related to their Sun certification troubles.

    There's an interesting ZDnet article here [zdnet.com.au] that talks about JBoss not being 100% kosher J2EE, and the main group's ongoing dispute with Sun. I think that the breakaway group intendeds to fork JBoss to make a more easily certified version, and this Slashback seems to support that somewhat.
    • The cert. hassles might have helped raise tempers. But leaving JBoss won't make it any easier for these guys to get their code certified. Well, maybe a little, if you assume the working relationship between Fleury and his developers went sour. Java certification is a pretty controversial area right now, and there's a lot to suggest that Sun's process is pretty arbitrary.

      The Slashdot story and the Blog buzz all say this is about a bunch of developers wanting their own JBoss fork. The Core Developers party [businessweek.com]

      • Well, according to Sun, the reason they won't certify JBoss is just that JBoss won't cough up the (reasonable) money for testing. Core Developers might be more inclined to pay if they create their own fork.

        Probably Sun will be the real winner as this encourages one fork or the other to give them some cash money. More bling bling gold chains for McNealy : )
        • Good point. But I doubt if Scott is going to rush to the jeweler. Sun has spent a fortune developing and promoting Java, and on failed Java-based businesses. It'll take a lot more than a few certification fees for the whole thing to show anything like a profit!
  • This is great news. I really enjoyed the whole trilogy. Maybe a bit slow to start with, but once you get into them it's a great read.

    Finally (I hope) a good Movie (well, miniseries) about the red planet. (mission to mars anyone? blergh)

    hmmm... A quick google reveals that Gale Ann Hurd also produced Virus, Armageddon along with the Hulk and T3 as the article says. Make what you will of that I guess...
    • I wonder if they can really do the Mars series justice in an 18 hour mini-series? The one thing that impressed me so much about the Mars books is the depth. Not only do you have the stories of the individual charectors, but also we have the politics of both planets and their codependence aswell as the scientific politics. It'll be fun to see, but with it coming from someone who made Armageddon I imagine that the mega-corp aspects and other political/social/scientific areas of the books will be dropped
  • One more thing (Score:5, Insightful)

    by The Bungi ( 221687 ) <thebungi@gmail.com> on Thursday June 12, 2003 @08:17PM (#6187051) Homepage
    Tiger Direct Executive Vice President Richard Wallet wrote to contradict Michael Robertson's claims

    Here's a revolutionary idea. Instead of posting hysterical flamebait stories to the front page, how about you do your homework before the fact? Is it so difficult to email the guy beforehand and ask him for the real story? You sit on submissions for days sometimes, so how problematic would this be?

    I know that posting another "M$ is doing evil" story contributes to the bottom line with all the ad impressions and whatnot, but taken as a whole your FUD is no better than Microsoft's. And that puts you on the same ethical bandwagon.

    • I've tried on numerous occasions to contact TigerDirect regarding gaping security holes in their site, and I've never received a response. Perhaps the only reliable way to get a response from them is to post a story on Slashdot.
  • by narfbot ( 515956 ) on Thursday June 12, 2003 @08:17PM (#6187053)
    According to guy who reported Linksys possibly not providing source code, his contact within Linksys finally responded and said the lack of source with the WRT54G was unintential [theaimsgroup.com]. His contact also said that previously they shipped their products with source code on a CD. I found this on the lkml shortly after the slashdot article.
    • by andersen ( 10283 ) on Thursday June 12, 2003 @10:19PM (#6187585) Homepage
      Thats fine. But as maintainer of BusyBox, which is being illegally shipped with their router without source in violation of the GPL, I had my lawyer send them a lease-compily-with-the-license letter on May 13th. Then did not respond. So I had my lawyer send them a letter letting them know we will sue them if they have not responded by June 16th. I don't care what their PR department says. I expect a proper response from their legal department or we will see them in court. I am tired of people trampling over the GPL and then giving a lame little "oops, sorry" when they get caught. When I walk into the local CompUSA, there is a isle filled with GPL violating routers. Until each of these routers includes a copy of the GPL'd sources, or includes a written offer to obtain the sources for the cost of the media, they will still be violating the GPL. They do not include the source with these routers. And they do not include a written offer for source. Therefore, they must offer source via their website to comply with the GPL. Anything less then that, and they are what microsft would term "software pirates" -- shipping software in violation of the software license agreement.
      • I couldn't agree more with you. It's both within your rights and something that more people should be doing. And regardless what the AC just before me said, busybox doesn't suck.

        It takes so little effort for them to comply with the GPL that they should be doing it anyhow, but maybe companies need a little incentive to start complying. How long does it take to put up a webpage linking to source for busybox v. whatever, stock kernel x, or whatever? Practically none. Think about all the time and money th
      • Platitudes about being friends of the OS movement aside -- The 'offer' that came from their PR group isn't even close to being within the bounds of what the GPL requires. If you read their response, they're demanding that I go into their binaries and figure out which pieces of GPL code they have in the machine, and then write them with a list.

        As a (pirate, at the moment) distributer of GPL software, it's their legal responsibility to inform us about which pieces of they're using so that we can then ask them for the source code. and given that they're the ones who violate the license, I figure that they should be the ones beending over backwards to make things easier for us not the other way 'round.

        Technically: having violated the GPL, on the code in their routers, they're now GPL limbo. They have lost all rights distribute the software, and must now do whatever it takes to satisfy the GPL copyright owners that they're not going to do this again.

        I take that back.

        They have to do whatever it takes to satisfy the GPL copyright owners period. Nominally, I would expect this to be something like payment of legal fees, putting a prominent notice on their website and distributing free source CD's via all of their distributors -- but there's no reason why it couldn't include a $500K 'administrative fee' as well.

        Of course, if they keep on stonewalling, some GPL owners could just refuse permission outright.

      • I agree with that. Keep at it. I was just showing that some progress has been made.
      • From the GPL, section 3:
        If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

        Unless they modified the source for your software, they don't have to distribute it. Would you prefer that Linksys start their own distribution site, possibly with outd
  • by Rosco P. Coltrane ( 209368 ) on Thursday June 12, 2003 @08:27PM (#6187093)
    2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."

    Well then, what if I ask Linksys to send me any GPL code they're using ? is that valid enough ? because mething they'd have to send it to me.

    As for asking what modules I want specifically, how would I know without reverse-engineering the product ?

    I know the GPL allows users of GPLed code to require people to ask for the source code of whatever GPL stuff they're using, but when Linksys tells you you have to ask in writing, including a self-addressed stamped envolope, I call that bad will. It would show good grace if they provided a link to the sources on their site, and it would cost them less than processing snail mail.

    So Linksys, put your money where your mouth is and show you're a real proponent of Linux and OSS. Right now, you look like freeloaders who want to make the process of getting your sources as painful as possible.
    • by Anonymous Coward
      Read the GPL. There is no requirement that the sources be made available except when requested and only to the one who requested it. AND the requesting party has to pay for shipping and handling. Linksys is being nice by providing the media for free.

      Linksys could in addition just send you the source on magnetic tape as per the GPL, but that wouldn't do you any good, would it, Linuxboy?

      What you think the GPL says and what is actually written are fairly divergent. Best you get to reading it if you want
    • He said they COULD require a request be submitted via mail and povide self addressed envelope and costs, but they choose not to and will honor requests on a case by case basis.
    • I think mailing them a request and a SASE is quite far from "painful as possible" to get the sources. Would you even look at the sources if they were available? Most people wouldn't, so to me it seems like they're well within reason not to include a source cd with every product they ship, or a section of their website devoted to it.

      Being a proponent of Linux and being a company that wants to leverage Linux's advantages are two different things.

      Though I will agree with another poster and say that they shou
    • Send them a polite e-mail requesting every piece of GPL software you can think of. And please post it and the response on /.
  • by Anonymous Coward on Thursday June 12, 2003 @08:36PM (#6187148)

    That makes sense, I always thought GNU/Hurd qualified as computer science-fiction

  • by renard ( 94190 ) on Thursday June 12, 2003 @08:36PM (#6187149)
    2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."

    Fair is fair; however, it is Linksys who is distributing the programs in binary form to begin with. They cannot simply provide a copy of the GPL in the documentation with their product and say that this covers "all GPL code distributed with this product" without themselves identifying what software the product contains which falls under the GPL. Here, check out the TiVO website [tivo.com] for an example of how it's done.

    -renard

    • Linksys should not require you to reverse-engineer their product to figure out which portions are GPL before they will comply with a request for the GPL portions of the code.

      This is clearly not acceptable.

      They need to tell you which portions are GPL so you can request them. Also, a SASE should be considered a distribution mechanism of unreasonable cost in time and effort to the person requesting the code. The Internet is ubiquitous, and practically every Linksys customer will have access to it. They should provide it for free download.

      If they're worried about everybody downloading it, they only need to require you to enter the serial number of one of their products. That would stop most random people who they didn't distribute a binary version to.

      • And further, after the module source is provided to a few people, it will likely be (legally) posted on various sites and newsgroups, and probably actually read, simply because they made it unusually difficult to get.

        Unless you had trouble with it, or were trying to add a feature/write a similar driver, would most people look at driver code? I know I haven't looked at many except V4L devices since I was working on one myself..
      • reverse-engineer their product

        Mounting a cramFS image is reverse-engineering these days? Have you been taking lessons from Adobe?

        Also, a SASE should be considered a distribution mechanism of unreasonable cost in time and effort to the person requesting the code.

        I seriously doubt it. Nothing in the GPL says the licensee has to provide the source in the way that is least costly, only that you use a medium customarily used for software exchange in a machine readable form. A CD through the mail is def
      • I agree with you that Linksys should tell people what GPL'd code they're using. Publishing programs made with GPL source requires publishing an offer for the source or the source itself.

        However, I disagree with you about an SASE being too onerous. The reason is that only one person really has to do it, then we can all leech off her server all night long. Or she can set up a bittorrent stream, or what have you.

  • by Anonymous Coward on Thursday June 12, 2003 @08:37PM (#6187155)
    The NY Times article on 'Thedeacon' had it all wrong, apparently because of a personal vendetta or simply bad journalism:

    http://forums.anarchy-online.com/showthread.php? s= ff915490517fe192403f903ca23ea861&threadid=143417&p erpage=20&pagenumber=1
  • Liability? (Score:5, Interesting)

    by McCart42 ( 207315 ) on Thursday June 12, 2003 @08:39PM (#6187159) Homepage
    Mr. Skulason brings up an interesting point [f-prot.com]:

    There is also the question of what if some student manages to smuggle a virus out of the lab and releases it. Does the University's liability insurance cover any potential damage the virus might cause.

    I was wondering this same thing myself...I would think the University would be partly liable in a court of law, though I don't really know if it should be. They are supplying the resources the student needs to create the virus, and educating them on how to do it. Now if they can show that they took every reasonable precaution to prevent it from getting out and the student still somehow snuck it out, then they might be OK--but consider the biological parallel: it's like showing someone how to make anthrax, giving them the means to do so, and then not having a secure lab environment, thus creating a hazard to the community.


    Like I said though, it ultimately comes down to the student's will to pull the trigger, but considering that the University is supplying the gun...it's shaky ground.

    • the University is supplying the gun

      Formula for Nitroglycerine:
      Glycerine
      Sulfuric Acid
      Nitric Acid.

      Mix slowly and carefully. Very VERY slowly and carefully.
      And keep it ice-cold. Very VERY ice-cold.
      The nitroglycerine will be an brownish oily liquid floating on top.

      Glycerine can be obtained from your local drugstore.
      You can get sulfuric acid from a car battery, but you'll probably have to distill it to higher concentraion.
      Nitric acid is harder to find, but not unobtainable. Worst case you can make it you
      • Well technically you educated me, but didn't provide me the means to produce the "gun", like the university is doing for these virus writers. And like I said, I don't necessarily agree with those who think the University should be held liable -- I'm just thinking about what might happen in a worst case.
    • >I would think the University would be partly liable in a court of law, though I don't really know if it should be

      Actually, I would think liability would have to stem from something. Usually negligence or recklessness, I don't think they would automatically be liable just because they created viruses. Unless the act or writing viruses or transporting them is illegal then the university would be pretty well protected if they had made proper and demonstratable/documented preperations not to let the viru
  • by Arker ( 91948 ) on Thursday June 12, 2003 @08:42PM (#6187171) Homepage

    ...and even though much of what he says is correct (most virus writers, particularly nowadays, are just script-kiddies and not particularly good programmers) I can't agree with his main point. There are very valid reasons to write viruses as learning experiments. And not just for people interested in working in security either - as pure CS there is a lot to be said for it.

    He gives the impression that all viruses are harmful, but that's simply not true and he must know that. Many viruses, including all the early ones, were pure CS experiments in artificial life. They had no 'payload', no destructive nature, they just try to survive and reproduce, the basics of biological life transplanted to the digital realm.

    Now writing a virus with a destructive payload and spreading it to other people's computers - that is clearly unethical, but I really doubt that's what they have planned in this class.

    • by mshomphe ( 106567 ) on Thursday June 12, 2003 @10:17PM (#6187578) Homepage Journal
      I think his main point was that virus writing is a trivial task. You can always take an existing virus and tweak it to do what you want. It's low tech and crude to write a virus.

      He was basically saying that explicitly teaching how to write virii was a bad idea:
      (1) It takes no skill,
      (2) you're horribly accountable for the actions of the students in your class,
      (3) and you'd be better off teaching more in-depth responses to virii. For example, why does a certain exploit work? What's vunerable,etc.

      I have to agree with him...

      • "He was basically saying that explicitly teaching how to write virii was a bad idea: (1) It takes no skill,"

        I have to disagree there. Awhile back, I was working on a benign project that involved fiddling with and understanding the low-level details of DOS executables. Some of the best online sources I found were virus-writing tutorials.

  • by heretic ( 5829 ) on Thursday June 12, 2003 @08:47PM (#6187207)

    As usual, the trade rag is unnecessarily alarmist and so is the referring /. blurb. The quote of interest is:



    "I did think about them forking," Fleury said. "If they fork JBoss, that's another problem. If there's a new JBoss, if they fork it and call it JBoss I would sue them. There is only one version that we control."



    Fleury's saying he would not sue over a mere fork, per se, but instead a violation of the JBoss trademark. In other words, if CDN forked the code but called it something other than JBoss, there would be nothing to sue about.

  • "The current approach of reacting to the viruses is simply not working."

    While this is true, it has more to do with flaws in human nature - as long as 97.3% (according to the research of Dr. Vesselin Bontchev) of people do not react in an optimal way to a virus infection, viruses will continue to spread. I fail to see how development of more viruses will help in that regard.

    I'm pretty tired of programmers who think people should adapt to machines instead of machines to people. So, people don't react in an optimal way to a virus infection. Perhaps someone will have some new ideas about how to create software that either makes the behavior change required easier and less annoying than not changing behavior, or makes it completely unecessary. Software is for people. People aren't for software.

    Most virus writers are simply not of that caliber...forgetting the "script kiddies" and those that only modify existing viruses, the remainder write so bad code that (assuming the code shows their true abilities) they would have a hard time getting a real programming job.

    This whole section has nothing to do with the point. Sure it takes more skill to write anti-virus software, but that doesn't mean a thorough understanding of how to write a virus wouldn't be helpful. It also doesn't mean that teaching someone how to write a virus turns them into a low skill programmer.

    One could argue that all the pieces of source code lying around that are designed to reproduce themselves in their output are a form of virus, yet writing them is considered an interesting intellectual challenge worthy of a serious programmer.

    I have a few comments regarding this section. It says that "No removable media will be taken out of the laboratory." I hope that this implies an armed guard at the door, doing a full body search of the students as they depart, because anything else would be insufficient. But what about things like printouts of the virus source code? Assuming that the students are really able to create a working virus, I sincerely hope that they will not be able to take home a printout of it, only to type it back in on their home machine. I would very much like to see some assurances in this area.

    This requirement is predicated on the automatically assumed malicious intent of anybody who writes a virus. The school is trying to protect against accidents, not a deliberate attempt to unleash a virus on the net as a whole.

    Preventing source code printouts is only a very minor deterrent against such maliciousness. So I don't think think it's worth considering putting into practice as it invites circumvention by treating the people taking the class as if they were criminals. People treated as criminals from the outset are more likely to act like criminals.

    The vast majority of the anti-virus community condemns the part that involves writing viruses, considering it ethically unacceptable, pointless, and outright stupid. On all mailing lists in the anti-virus community, all real virus researchers have agreed that what you are doing is unacceptable, and simply stupid.

    You may be secure in your academic ivory tower, not caring that your course is going to help legitimize virus writing, and will only lead to more viruses being written in the future - more problems in the real world which YOU will be responsible for.

    You create a mess, and then we have to clean up after you.

    The only valid point in the entire thing.

    The rest of it is all predicated on the assumption that anybody who takes the course automatically has criminal intent. I prefer not calling people criminals until they commit a crime. Writing a virus shouldn't be a crime. Releasing one into the wild should be.

    The social consequences of making virus writing seem legitimate is a real consideration. Though, I have an unfounded suspicion that the attitude that it isn't legitimate tends to inhibit a-life research some.

    • by Alan Cox ( 27532 ) on Friday June 13, 2003 @08:52AM (#6189839) Homepage
      Antivirus software ultimately is irrelevant, as is just about every other piece of "after they get in" type software. Security has to be about "they didnt get in" and more importantly "they got in but couldnt do any harm".

      Take slammer, mix with chernobyl and add disk firmware erasure. By the time something like that hits you its too late to update your virus scanner.
  • by M1000 ( 21853 ) on Thursday June 12, 2003 @09:03PM (#6187268)
    Here is the readme if you're wondering about it before downloading that 473 MB file ;-)

    btw, I love bittorrent... downloading at 250-400 k/s !

    --

    Note!

    To Install Ximian Desktop 2 for RedHat 9 (x86), please do the following:

    1) Burn the ISO to a CD.
    2) Mount the CD, and run installer-i386. make sure you have network
    connectivity. The installer will need a file from ximian.com, but it's only
    300k.
    3) Select "Local Media" and point it at where you mounted the cd (usually /mnt/cdrom for RedHat)

    4) THIS IS IMPORTANT!
    You'll get to a point where you verify what packages the installer will
    install. LOOK AT THE VERSIONS of the packages that will be installed.
    Note all the packages that do NOT have 'ximian' in the version number.
    These need to be installed from RedHat 9 media BEFORE continuing.

    If you see any packages that lack 'ximian' in its version, QUIT THE INSTALLER,
    install the missing packages, and rerun the installer.

    5) After noting 4, and installing the "missing" packages, rerun the installer.
    In a few minutes, you'll be able to enjoy your new XD2 install!
  • by Adam J. Richter ( 17693 ) on Thursday June 12, 2003 @09:26PM (#6187349)
    2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."

    Section 3 of version 2 of the GNU General Public License provides three options for those wishing to distribute GPL'ed software: (a) "Accompany it with the complete corresponding machine-readable source code [...]" (as I understand it, Linksys did not do this), (b) "Accompany it with a written offer, valid for at least three years, to give any third party , for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code [...]", or, (c) an option available "allowed only for noncommercial distribution" (not the case of Linksys). So, I infer that Linksys is now trying to get close to following option (b).

    The problem that I see with Linksys's claim that "It is not valid to issue a request for any 'code you may be using.'" is that without written offers that specifically identify exactly what GPL'ed software Linksys is using, and without source code to begin with, we cannot be sure that we know all of the source code that Linksys is using. For example, we don't know everything that was linked into their busybox image, and we might not even know every kernel device driver they use.

    It seems that Linksys sees two different specificity requirements in the GPL. Firstly, they seem to think that a blanket offer to provide code without identifying the source code that they are referring to satisifies the written offer requirements of section 3b. Secondly, they seem to think that they are not obliged to fulfill the acceptance of that offer when it is made with the same level of specificity. Linksys seems to think that they are fulfilling the GPL's requirements if they provide an offer to do x, but refuse to actually do it if someone simply says, "okay, I accept your offer." In other words, Linksys is not providing enough information in their offer for people to fully avail themselves of it. This is similar to offering to provide source code, but providing no contact information by which people can accept the offer. I expect that under some sort of "reasonable man" standard, a court would decide that these shenanigans are not in the intended meaning of the GPL.

    If I were in Linksys's shoes, I'd just dump of all of the GPL'ed source code involved into a CD image, send out CD's as needed, and also put it on an FTP site, which would probably reduce the requests for physical media to about a dozen (and, besides, the media costs less than postage and it's useful to have a mailing list of likely Linux wireless access point developers).

    Personally, I am mostly interested in the 802.11g drivers, although I suspect that some useful software may have been linked into busybox, which might be helpful to have too. I am glad that Linksys is trying to conform to the requirements of the GNU General Public License. Hopefully we can help them actually achieve that.

    By the way, I just sent info@linksys.com a request for the source code to the kernel and any software linked against BusyBox. I sure wish I knew what other GPL'ed software is in the WRT54G.

    • You may be right, but it could be that they'd be perfectly happy with a request like "please send me all GPL software that's used in my Linksys Wireless 4-port Cable/DSL Router". That ought to be perfectly specific enough and that may have been all they wanted. That's very different than "send me all GPL software that you've ever shipped a product with", which is what they might have been trying to avoid.
      • You may be right, but it could be that they'd be perfectly happy with a request like "please send me all GPL software that's used in my Linksys Wireless 4-port Cable/DSL Router."

        Sorry if I was unclear. I too would be perfectly happy with that.

        Likewise, I also think it would also be fine if they required that I tell them which 4-port Cable/DSL Router model I was referring to.

  • Power off buttons (Score:3, Interesting)

    by Skater ( 41976 ) on Thursday June 12, 2003 @09:40PM (#6187409) Homepage Journal

    "In any mode, hold down the stop button (a little square under the play button) for 2-3 seconds to turn off the unit."

    The CD stereo (an aftermarket Blaupunkt) in my car does something like this: to turn it off, you have to press and hold the power button for three seconds. Otherwise, it just reduces the volume significantly but continues to play. I've seen other brands do this, too.

    WHY?

    When I hit the power button, I want the radio to turn OFF. Right at that moment. If I'm turning off the radio, there's a good chance that I'm doing so because it's distracting me and I need to concentrate on the traffic and roads around me. Now, I'm forced to keep my hand at the radio (making it useless for steering or operating other controls, and it restricts my ability to look over my shoulders to check traffic in the blind spots) for several seconds. It's annoying.

    When I look at new radios, that's the first thing I check: the power button must work instantly. (I didn't pick this radio myself--it was installed by the dealer when I purchased the car.)

    If the manufacturers want to include a "mute" feature, fine, just add another button for it. Or better yet, use a volume knob; my other car has one and it works perfectly.

    --RJ

    • To turn it off, I need to press and hold down the Source (Tuner/CD) button for about a second. Any button will turn it back on.

      To be honest, it doesn't bother me much, and I never turn it off by mistake. I'm not sure that Off really has any meaning for a car stereo; it's on when the ignition is on, and off any other time, and as long as I can get it to shut up with a single button press (Mute/Pause) I don't really care what it's labelled as.

    • by AvitarX ( 172628 ) <me.brandywinehundred@org> on Thursday June 12, 2003 @10:38PM (#6187665) Journal
      Buttons suck on car stereos.

      I cannot find any aftermarket equipment that has a nob for the tuner, a nob for volume, a nob for the fader, and a nob for the balance and an equilizer that has levers.

      Why should I need to push about 8 things to decrease the trebble so I can here less static in the traffic report?

      And why can't I just spin a nob to get the sound behind me (Some times I can't deal with it infron of me as I drive).

      Because of this I slump along with my crappy factory supplied radio and an RF modulation changer.

      Also why do they make AM and FM bands have differnt presets? I could use like 5 presets spread between the bands and not need to wory about FM1 FM2 FM3 AM1 AM2 I only listen to 5 stations why should I need to worry about what band I am set to at all?

  • This is listed in the manual, which you are right, is a very poorly done Korean effort. ...which leads me to wonder if Americans have some kind of patent on bad English grammar.
  • Somebody help me out here..

    If they aren't statically or dynamically linking to the code. Then exactly how are they linking to it? Magically? The had to compile the code to work with linux base right?

    What bits did they leave in the open? Unless you disassemble their bio's there is no way to tell wether their code was in binary before it was compiled. Its really not in their best interest to just say 'See look, this is how I did it', even though they accepted the terms of the GPL in good faith. Maybe tomor
    • They took linux, compiled it, and are running it on their boxes. They then wrote a program which runs, under Linux, on those boxes.

      End of story. They have modified NOTHING which is under the GPL, so they don't have to release their own stuff. They are NOT required to post the parts of Linux they're using on their website, they're required to give it to whoever a) owns their product and b) specifically asks for it. They're also allowed to charge the cost of giving it to the person; hence the self-addre

  • by Artifex ( 18308 ) on Thursday June 12, 2003 @10:29PM (#6187628) Journal
    So does this mean that, if they want to use the JBoss name for their independent work, Mark Fleury [eweek.com] says to "fork off and die?"

  • by Saeger ( 456549 ) <farrellj@gPOLLOCKmail.com minus painter> on Thursday June 12, 2003 @10:43PM (#6187698) Homepage
    Red Mars is ... an 'almost plausible sci-fi' future-history approach about Colonizing and Terraforming Mars.

    It's only plausible if you still think that technology is advancing linearly, instead of exponentially [kurzweilai.net], and only if you assume humans will still be stuck in our fragile biological form for a period longer than the centuries it takes to terraform a planet in the first place. So no, IMHO, I think we'll sooner end up ripping Mars apart [aeiveos.com] (oh the humanity!) to make better use of its matter, than wasting space & energy by living on its limited surface area.

    (Yeah, I've had a slight problem suspending my disbelief for most SF in recent years :)

    I'd much rather see Iain Banks' Culture [floatingplanet.net] brought to the screen, though that would be just a tad bit more difficult.

    --

    • I like my "fragile biological form", and if I want to live on Mars one day, how dare you suggest you're going to rip it up. As a future citizen of Mars, I regard that as a declaration of war.

      In all seriousness, I have to say I think that is one of the most idiotic ideas I've ever heard. Most people like living in a biosphere. As much as I enjoy the works of Iain Banks, Ken MacLeod and Alastair Reynolds, and one day the universe probably will include many different cultures with body-changing, identity-s
  • My TiVo box, a loyal pal,
    A friend I Truly care for.
    Because It guarantees I'll see,
    The shows I wasn't there for.
    Two thousand shows I've "taped" so far,
    Each Night I "tape" a new one.
    Who knows, perhaps there'll come a day,
    I'll find the time to view one.

    Now I have an opportunity to get behind on all that radio talk show stuff that was previously unimportant.
  • After plain dumb journalism like this story on JBoss I wonder if I should trust other stories published here. The meaning of the statement is completely changed. It takes 20 sec to read the original quote (not even the whole story)!

  • by xdroop ( 4039 ) on Friday June 13, 2003 @08:14AM (#6189615) Homepage Journal
    Something I wrote for my own personal site.

    I'm getting sick of the juvenile hair pulling which passes for morning radio here in Ottawa these days, so this morning I was flipping around during the drive to a client site. I landed on one of the CBC stations, and they were talking about this uproar caused by the Calgary university teaching a course which included a module on how to write viruses.

    The controversy is that many of the anti-virus organizations say that they will not cooperate with the university if they are writing viruses. That it is irresponsible to give people the knowledge they can use to release even more viruses out into the wild.

    There were two interviews, one by someone against the course (and he was keen to point out that the virus writing component was the only component he objected to, and that the rest of the course was fine by him) and by the head of the Computer Science division at the university.

    According to the opponent, the problem was that there were quite enough viruses out there thank you very much and we did not need more people with the knowledge of how to pump out more. This was countered by the professor who pointed out that anyone who was in a fourth-year accredited computer science program all ready had the knowledge needed and could bang one out in a couple of hours. In other words, they already have the knowledge to write the viruses, so what is the big deal?

    The point danced around by both gentlemen is that there is a dirty little secret in the anti-virus community. The industry of virus detection and removal is by definition a reactive rather than a proactive process.

    Let's back up here for a little background. When you are writing a virus scanner, you only have two ways to detect a virus, which I describe as the what it is technique and the what it does technique. In other words, in using the first technique you recognize a virus because you have already seen this virus before and therefore know exactly what it is. The second technique is used to recognize a virus by what it does, virus-like activities.

    To put this into terms that everyone can understand, the what it is technique is similar to the police knowing that John Q. Criminal is a mugger because he's been convicted of mugging people in the past. The what it does technique is similar to the police witnessing John Q. Criminal hitting another citizen over the head and absconding with his wallet -- recognizing such behaviour as mugger-type activity, and reacting accordingly.

    Back to our world of viruses. The what it is technique is a list of signatures of viruses which have been seen before. A signature is a string of some kind, along with some other data (such as the expected location of said string in the suspect virus, the expected length of the suspect virus, and so on). With this information you can categorically say: "This is a virus." And all of us with virus scanners know about this, because it is this information which is constantly being updated by our vendors.

    The what it does method of recognition is much much harder. It is called heuristics, and it is supposed to recognize virus-like activity so that the requirement for an up-to-date signature file is no longer needed.

    To understand why this is so hard, consider this example. Suppose that I am a virus, and I am going to propagate myself. What I will have to do at some point is open a file to save myself so that I can be run at a later date. The operating system hosting me (Windows, for example) knows that I've asked to open this file. Now how is the virus scanner on the same computer supposed to know that I'm about to write myself out to that file, instead of being about to write out harmless Microsoft Word data? You can't determine the intent behind the program's request for system accesses -- and therefore you can not make intelligent decisions as to if you should intervene, preventing the request

Doubt is not a pleasant condition, but certainty is absurd. - Voltaire

Working...