Saturday, May 29, 2004

LINUX: DotGNU Portable.NET 0.6.6 released

[DotGNU]Portable.NET 0.6.6 released: "Portable.NET 0.6.6 has been released: Web Page: http://www.southern-storm.com.au/portable_net.html Download: http://www.southern-storm.com.au/download/pnet-0.6"

Portable.NET 0.6.6 has been released:

Web Page: http://www.southern-storm.com.au/portable_net.html
Download: http://www.southern-storm.com.au/download/pnet-0.6.6.tar.gz
Library: http://www.southern-storm.com.au/download/pnetlib-0.6.6.tar.gz
pnetC: http://www.southern-storm.com.au/download/pnetC-0.6.6.tar.gz
ml-pnet: http://www.southern-storm.com.au/download/ml-pnet-0.6.6.tar.gz

This release marks a big milestone for DotGNU. It is the first release
where the bulk of the work was done by contributors other than myself,
as I was on sabbatical writing libjit for most of the time.

Fantastic work guys! Major strides have been made in threading, Winforms=
System.Xml, ml-pnet, DCOP, serialization, and many, many, other places.
The NEWS files below list everyone's name (hopefully I didn't forget
anyone). Keep up the good work!

I am going to ease back into pnet development over the next month,
particularly on ilrun issues leading up to the libjit integration.
But don't let this stop you: there is still plenty of work to be done
all across Portable.NET.

NEWS entries and signed MD5 checksums for the above files are appended
to this message.



Portable.NET 0.6.6 (29 May 2004)

Runtime engine:

* GetManifestResourceNames internalcall (Russell Stuart).
* Add the --trace option to ilrun (Gopal V).
* Fix some I4/I/M/T cases in the verifier (Rhys Weatherley, Gopal V).
* Fix to Directory.GetFiles internalcall (Russell Stuart).
* Many fixes and speedups to the monitor implementation (Thong Nguyen).
* Remap some gtk# dll references (Ilyak Kasnacheev).
* Automatically load assemblies during "GetType" (Gopal V).
* Handling for interruptes and aborts (Thong Nguyen).
* Verification of indirect method calls (Gopal V).
* Resolve classes properly before layout (Gopal V).
* Support for Interlocked* functions (Thong Nguyen).
* Looser association of real threads with engine threads, to make
it easier to move to app domains in the future (Thong Nguyen).
* Asynchronous delegates (Thong Nguyen).
* Better shutdown logic for multi-threaded programs (Thong Nguyen).
* ILExecThreadBoxNoValue (Thong Nguyen).
* Dynamic invocation of methods with out/ref parameters (Thong Nguyen).
* Include inherited interfaces in return from "GetInterfaces" (Gopal V).
* Entry points must be in .exe's, not .dll's (Gopal V).
* Problems in OutputExceptionTable with nested try/catch (Rhys W).
* Fixes to make ilrun compile with gcc 3.4.0 (Norbert Bellow).
* Implement Thread.Abort (Thong Nguyen).
* Use interlocked increments for profile counts (Thong Nguyen).

C# Compiler:

* Stack underflow problem in codegen for "switch" (Rhys Weatherley).
* Problem with 8-bit characters in pre-processor lines (Rhys Weatherley).
* "/recurse" option for compiler compat mode (Gopal V).
* Fix semantic analysis for identifers and member accesses (Gopal V).
* Resolve aliases for fully qualified namespaces (Gopal V).
* "goto case" should emit a leave inside a "try" (Russell Stuart).
* Bug with ';' in #endregion directives (Russell Stuart).
* Handle "protected internal" across assemblies (Richard Baumann).
* Disambiguate static members and types with the same name (Gopal V).

C Compiler:

* Add dependency options to the pre-processor (-M, -MD, etc) (Rhys W).
* Fixes for bit field accesses (Rhys Weatherley).
* Complex structure initializers (Rhys Weatherley).
* Array access on managed arrays (Gopal V).


* Strong alias linking for vararg methods (Rhys Weatherley).


* Comma-separated lists of target dependencies (Russell Stuart).
* Directory deletion and copying (Russell Stuart).

Platform Support:

* Win32-specific filename expansion (Rhys Weatherley).
* Disable zlib under mingw32 because of dependency issues (Rhys W).
* Fixes for Win32 file operations (Thong Nguyen).
* Integrate libgc version 6.3alpha6 (Thong Nguyen).
* Overflow bugs in time routines (Thong Nguyen).
* ILGetSinceRebootTime for Windows (Thong Nguyen).

pnetlib 0.6.6 (29 May 2004)

System.Windows.Forms & System.Drawing:

* HelpProvider, TabPageCollection (Russell Stuart).
* Button.PerformClick should only work when button is enabled and
visible (Jens Kuehner).
* Allow multiple texture brushes to use the same image (Gopal V).
* Generate image masks from alpha information (Gopal V).
* Null reference exception in MessageBox (Gopal V).
* UpDown controls (Klaus Treichel).
* Ignore KeyPress events in TextBox that are already handled (Gopal V).
* Process application KeyPress's before local (Heiko Weiss).
* Fixes to MainMenu, SystemIcons, CheckListBox (Gopal V).
* Bug in empty TreeView's (leppie).
* Performance improvements to MainMenu, Control, ContextMenu (Richard B).
* Double-click bug in TextBox (David Logan).
* Deserialization of images (Gopal V).
* Double buffering of TabControl (Thong Nguyen).
* Fixes to ScrollableControl (Gopal V).
* ColumnHeader, ListBindingConverter, ImageIndexConverter (Klaus Treichel=


* Properly fall back to DISPLAY when displayName null (Ilyak Kasnacheev).
* Improve ICE and DCOP to the point of being useful (Ilyak Kasnacheev).
* Recognize transparent "ParentRelative" backgrounds (Rhys Weatherley).
* Detect MDI top-level windows properly (David Logan, Gopal V).


* Fix parsing of empty elements (Richard Baumann).
* Various fixes for ml-pnet (Klaus Treichel, Gopal V).
* Fixes to element list enumeration (Gopal V).
* Attribute handling in XmlDocument (Richard Baumann).
* Whitespace and namespace handling (Richard Baumann).
* Proper name table usage in NameCache (Richard Baumann).
* Lots of small fixes and TODO's (Richard Baumann).
* Implement XmlSerialization classes (Richard Baumann).
* Fixes for compatibility with ml-pnet (Klaus Treichel).
* XmlDocument.Save (Andres March).
* Change default namespace URL to expected value (Gopal V).
* Processing instructions (Richard Baumann).


* Binary serialization for decimal, array, string, null (Andre Seidelt).
* Implement binary de-serialization (Andre Seidelt).
* Fix incompatibilities between systems (Andre Seidelt).
* Serialization of keys and array elements (Andre Seidelt).
* Handle ISerializable types properly (Andre Seidelt).


* Array accesses in JScript (Carl-Adam Brengesjo).
* Argument passing fixes (Carl-Adam Brengesjo).
* Parse problems with ++ and -- (Gopal V).
* --help and --version for jsrun command (Carl-Adam Brengesjo).
* Use ScriptStream for output where required (Carl-Adam Brengesjo).


* Sign extension bug in IPv4 addresses (Russell Stuart).
* TcpClient fix (Gopal V).
* Stub out cookie and certificate handling in HTTP classes (Gopal V).
* SSL tunnelling for HTTP proxies (Gopal V).
* Fix parsing of IPv6 hex addresses (Gopal V).


* Internalcall fixes and tests for pnet threading changes (Thong Nguyen).
* Rewrote the Threading.Timer class (Russell Stuart).
* Asynchonrous delegates (Thong Nguyen).
* Minor typo that prevented LocalDataStoreSlot from working (Gopal V).


* Improvements to "csupport" for pnetC (Rhys Weatherley).
* Bug in TimeSpan (Gopal V).
* Fix stream length and buffering in StreamReader/XmlStreamReader (Gopal =
* Hex number parsing (Russell Stuart).
* Fixes to file routines to make them more ECMA compliant (Russell Stuart=
* Interfaces should be assignable to System.Object (Russell Stuart).
* Fixes to Hashtable for removed entries (Russell Stuart).
* Partial names in Assembly.LoadFrom (Gopal V).
* CodeCompiler/ShellExecute bug with redirected stderr (Gopal V).
* Only use response files in CodeCompile with long cmdlines (Gopal V).
* Small patch to Security Element (Carl-Adam Brengesjo).
* Change "test -e" to "test -f" for Solaris compat (Sebastien BOCQ).
* Patches to generic classes (Richard Baumann).
* Test cases for System.Reflection.Emit (Jonas Printzen).
* ClrConstructor.InvokeOnEmpty for post-allocation construction (Gopal V)=
* Bugs in "machine.default" file (Gopal V).
* "default1.1" profile to build 1.1 and install as default (Rhys W).
* Parse fixes to System.Configuration handlers (Gopal V).
* Use non-null evidence in AppDomain.CreateInstance (Gopal V).
* Handle "file://" URL's in Assembly.LoadFrom (Gopal V).

pnetC 0.6.6 (29 May 2004)

* Use dependency tracking in Makefile's because cscc supports it.
* Make word sizes dynamic, and remove __WORDSIZE.
* Implement "fcntl".
* Implement the basic infrastructure for socket and netdb functions.
* Import inet* routines from glibc.
* Mismatched definitions for __pt_thread_run and __syscall_seek (Gopal V)=

ml-pnet 0.6.6 (29 May 2004)

* Mono.Security and System.Data libs that depend on it (Klaus Treichel).
* Import jay and use it to help build System.Data (Gopal V).
* System.Web, System.Web.Services (Gopal V).

Hash: SHA1

f60bafdb7449af2d99b1dcd91e16cea2 ml-pnet-0.6.6.tar.gz
ba078c058cb98b26eb9e9d43d2160160 pnet-0.6.6.tar.gz
dcaba33357dc559caee9e7f82f89dd8b pnetC-0.6.6.tar.gz
5a046380a24632109016bd8cf9fdf535 pnetbin-0.6.6.tar.gz
b2cb4c5ea3847dbbc985f280443b9a23 pnetlib-0.6.6.tar.gz
Version: GnuPG v1.0.7 (GNU/Linux)


LINUX: Stallman: Accusatory Report Deliberately Confuses

Linux News: Open Source: Stallman: Accusatory Report Deliberately Confuses

LINK: Peerkat is a personal syndicated data aggregator living on your computer desktop.

Peerkat is a personal syndicated data aggregator living on your computer desktop.

LINK: RSS What can read it?

Voidstar - What can read it?

LINK: Rss Readers

Rss Readers

LINK: O'Reilly RSS DevCenter

O'Reilly Network: RSS DevCenter

LINK: RSS & Atom Resources

RSS & Atom Resources - Lockergnome - Your Top Technology Resource

LINK: RSS Resources

RSS Resources

OT: Nokia 6820 messaging phone

Nokia 6820 messaging phone | The Register

LINK: RSS: What RSS is, where to find RSS feeds, how to read RSS feeds, how to publish and syndicate RSS feeds

RSS: What RSS is, where to find RSS feeds, how to read RSS feeds, how to publish and syndicate RSS feeds

LINK: PHPBuilder.com - Columns

PHPBuilder.com - Columns

LINK: php rss aggregator script

php rss aggregator script

LINK: Web Services DevCon

Web Services DevCon

LINK: Intellie-Aggie


SEC: Microsoft demos security features in Windows XP Service Pack 2

SC Magazine: "by Marcia SavageMicrosoft demonstrated the security features of its upcoming Windows XP Service Pack 2 during a presentation on the company's security efforts held Thursday at"

by Marcia Savage

Microsoft demonstrated the security features of its upcoming Windows XP Service Pack 2 during a presentation on the company's security efforts held Thursday at its Mountain View, Calif., campus.

Rich Kaplan, corporate vice president of the Microsoft Security Business & Technology Unit, said Windows XP SP2 will do a better job on network protection, provide safer email, and make web browsing safer.

First, he showed off the software's Internet Explorer pop-up blocker, which will be on by default. Kaplan also demonstrated how Windows XP SP2 prevents malware from being installed through the browser by automatically blocking download requests. Users can approve downloads.

"It puts the user in control of what downloads on their machine," Kaplan said.

He also demonstrated the Security Center feature, which will allow users to check the status of their firewall, antivirus protection, and updates. Windows XP SP2 will be available in the third quarter, he said.

A capability that Microsoft plans to include to its Windows Server technology includes a "health check-up" that will check the patch status and antivirus protection of a system before it connects to the network, he said.

Overall, Microsoft's security efforts are paying off, Kaplan said. Windows Server 2003 had only 13 critical or serious security vulnerabilities within a year of its release while Windows Server 2000 had 42, he said.

"Little by little, the dev teams are making an impact," he said.

Asked after the presentation whether Microsoft plans to integrate antivirus protection into its software, Kaplan said the company hasn't decided on a long-term antivirus strategy. Last summer, Microsoft bought GeCAD software.

"We haven't decided how or if we'll integrate that technology," Kaplan said.


TCP Vulnerability by Noel Davis -- Noel Davis looks at problems in the TCP protocol, Midnight Commander (mc), proftpd, OpenOffice, libpng, rsync, LHA, Utempter, X-Chat, and sysklogd.

New Language Features in C# 2.0, Part 1 by Matthew MacDonald -- Four years ago, a new upstart language named C# surprised the development world with its elegance and consistency. Now that Microsoft has released a technology preview version of Visual Studio 2005 (formerly codenamed Whidbey), .NET's favorite language is back, with some new innovations. In this two-part servies by Matthew MacDonald, you'll get a first look at three of the four major language refinements in the latest version of C#.

New Language Features in C# 2.0, Part 2 by Matthew MacDonald -- The first part of this series introduced three new C# language features: anonymous methods, iterators, and partial types. In this second part, Matthew MacDonald tackles the last and most exciting new feature: Generics.

Cooking with C# by Stephen Teilhet and Jay Hilyard -- Learn how to convert a string returned as a Byte[ ] back into a string, and how to handle an exception that occurs within a method invoked via reflection, in these sample recipes from C# Cookbook.

Cooking with C#, Part 2 by Stephen Teilhet and Jay Hilyard -- In this second and final batch of recipes excerpted from the recently released C# Cookbook, learn how to obtain the HTML from a URL and how to efficiently synchronize the reading and writing of a resource.

ARTICLE: What Sun Really Wants to Sell in the x86 Market

What Sun Really Wants to Sell in the x86 Market: "May 27, 2004 By Steven J. Vaughan-NicholsI have a love-hate relationship with Sun Microsystems. I love many of its products and technologies; I hate the way it presents and packag"

May 27, 2004
By Steven J. Vaughan-Nichols

I have a love-hate relationship with Sun Microsystems. I love many of its products and technologies; I hate the way it presents and packages them. I feel like it can hardly manage one step forward without taking a step back. Take, for example, the confusion about the company's operating systems for the x86 market.

On the one hand, Sun Microsystems Inc. says it favors Linux. On the other, it criticizes its biggest Linux partner, Red Hat Inc.

On the one hand, it's tried to kill off its Solaris on Intel program at least three times by my count. On the other, the company is bringing it back with more OEM partners than ever.

And I've been wondering lately whether Solaris x86 really still exists only to counter Linux's growth.

But after talking with Jack O'Brien, Sun's group manager for x86 operating system marketing—aka Solaris x86 and Linux—I think Sun has decided to really support Solaris 86. In short, Solaris x86 will no longer be the red-haired stepchild of the Solaris family.

When I last spoke with Dan Kusnetzky, IDC's guru of all things operating system, we agreed that Solaris on Intel had always been a few features short of Solaris on SPARC.

Your customers would get a taste for Solaris, but then they'd find out that to really get the most out of it, they'd need to upgrade from Intel to SPARC systems. That worked for a while, but these days customers—used to the bottom-line prices of x86 systems and Linux—aren't willing to pony up the cash for SPARC.

Now, Sun, according to O'Brien, is making sure that Solaris 10 will be "feature- and bug-compliant" on both the x86 and SPARC platforms. Now, I'm a show-me kind of guy, and this isn't the first time I've heard similar things about Solaris x86. But this time, Sun appears to be walking the walk and not just talking the talk.

One of Solaris' best features has been its clustering support. Hewlett-Packard Co.'s TruCluster and IBM Corp.'s AIX are fine and dandy, but I've always really liked the unified view and control that Solaris gave me over clustering.

It also so happens that this is one of the areas where I think Solaris has a clear edge over Linux. And this crown jewel of Solaris has never been available on Solaris x86—until now.

On May 11, Sun made Sun Cluster 3.1 4/04 available on Solaris x86. OK, so maybe I'm wrong, and Sun is trying to make Solaris x86 a serious operating system for its customers and resellers.

Of course, companies don't make their buying decisions based on operating systems alone. According to Kusnetzky, they usually base their decisions on either the applications or the infrastructure software (DBMSs and the like) that they use.

And it seems that Solaris on Intel is making headway here with its ISVs. For example, Oracle Corp., I'm told, will be bringing Oracle 10G for Solaris x86 in its next quarter.

Next Page: The spotty past of Solaris on Intel won't make it an easy sale.

That said, getting Solaris x86 into businesses will be an uphill battle. Even though Solaris on Intel has as a history of more than a decade, its on-again, off-again past means it won't be an easy sale. After talking with Sun, though, it seems to me that the company is finally making the right moves to make it happen.

Of course, the first place resellers should look for Solaris x86 customers is in existing Solaris shops. For these users, moving from SPARC to Advanced Micro Devices Inc.'s Opteron servers will be a no-brainer. Their existing IT staffs should have no problem running Solaris on either platform.

Where does Linux fit into Sun's plans? According to O'Brien, all other things being equal at a customer's site, Sun will be pushing Solaris x86.

Jason Perlow, president of Argonaut Systems Corp., a Tenafly, N.J.-based systems integration firm specializing in Linux IT solutions, said he thinks Sun goes too far with this stance.

He told me, "Sun came into my client in Newark, N.J., to show their 1U Opteron Linux box and bid on a 500-node Linux cluster. What did they do after I told them, 'Linux, Linux, Linux'? Propose Linux? No!"

Instead, Perlow said, "They get all high and mighty about how we should really consider Solaris x86, and we should migrate to Solaris 10 on Opteron, because it will provide better performance and stability than Linux.

"And guess who won the bid? IBM, who came into the proposal more listening to what we wanted than what they thought we needed."

While Perlow, a hardcore Linux supporter, wasn't happy about his experience, I can understand why the Sun sales representatives pushed Solaris; clustering is one of the areas where Solaris shines.

OK, so where does Sun support its Linux options, Red Hat and SuSE? O'Brien told me that in situations where companies want low-end, edge servers and/or already have an existing Linux infrastructure, they'll push Linux.

Sun also will be pushing Linux and the Java Desktop System (JDS), which is currently based on Linux, for the desktop, according to Peder Ulander, director of marketing for desktop solutions.

But JDS is also on its way to Solaris x86 and will soon be showing up on Sun's thin-client Sun Ray devices. It sounds to me like in the long run, Solaris will be the centerpiece of Sun's desktop plans as well.

And where do you, as a reseller or integrator, fit into all of this? Well, O'Brien told me that Sun is planning on making its partners a real part of its Solaris x86 efforts. I believe him. Without its partners, despite all of the company's other efforts, Solaris x86 can't possibly fly.

Frankly, I'm hoping that Sun makes this move. Now, I think Sun could have done better by Linux, but frankly, what I want—and what I suspect Sun's resellers want, too—is just a clear direction from Sun on its x86 plans. And when I put it all together, it seems to me that Sun does have a roadmap for the x86 platforms, and its destination is Solaris x86.

Steven J. Vaughan-Nichols is the editor of Channel Zone and has been covering the channel for more than a decade and first used Solaris when it was SunOS.

Copyright (c) 2004 Ziff Davis Media Inc. All Rights Reserved.

Building a Linux Media PC by John Littler -- What do DVDs, CDs, TV stations, and video games have in common? Besides the fact that they require bulky equipment that takes up precious space in your living room, you can play them all on a PC running Linux. John Littler introduces the Linux media PC, a media convergence device.

OT: Programming Class-less Classes

Linux Magazine | February 2004 | PERL OF WISDOM | Programming Class-less Classes

LINK: arXiv.org e-Print archive

arXiv.org e-Print archive

LINUX: Is Swap Necessary?

Linux: Is Swap Necessary?

LINUX: The SCO Subpoena of FSF

The SCO Subpoena of FSF: "Bradley M. Kuhn Tuesday 18 May 2004Late last year, we were subpoenaed by SCO as part of the ongoing dispute between SCO and IBM. Today, we made that subpoena available on our website"
Bradley M. Kuhn

Tuesday 18 May 2004

Late last year, we were subpoenaed by SCO as part of the ongoing dispute between SCO and IBM. Today, we made that subpoena available on our website. This is a broad subpoena that effectively asks for every single document about the GPL and enforcement of the GPL since 1999. They also demand every document and email that we have exchanged with Linus Torvalds, IBM, and other players in the community. In many cases, they are asking for information that is confidential communication between us and our lawyers, or between us and our contributors.

As the SCO lawsuit drags on, we will have to make some tough decisions about how to answer this subpoena. We are certain that we will not produce all the material requested; we will not betray our legally protected confidences, particularly when they relate to our work upholding the integrity of the GPL. However, regardless of whether we dispute the whole subpoena in court, or provide those documents which we are able to determine are reasonable and relevant to produce, there is much work for FSF. If we fight the subpoena, it means substantial legal fees associated with litigation. If we produce materials, it means substantial effort to gather the relevant documents. Even though we'll be reimbursed for the direct costs, the indirect costs in staff time will be ours to bear.

Meanwhile, the leaked SCO documents have confirmed what we long believed: Microsoft, having found that the smear campaign against GPL was not succeeding, has instead bought their FUD at a bargain price from a third party. The "license" that Microsoft bought for SCO's "technology" was, more than anything else, a fee for the service of attacking the Free Software Movement and its lowest-level program, the kernel named Linux. Now that there has once been a "SCO", there will always be some "SCO" to come and attack our movement and our work.

Even though we believe that SCO has no basis to make the claims they make, that does not mean our community should assume it has nothing to learn from these events. Early in the lawsuit, we at FSF were unsure if SCO would attack only the kernel Linux, or the entire GNU/Linux operating system. As copyright holder on most major components of the GNU/Linux system, we of course feared that even while our copyright assignment process is the best and most diligent in the whole Free Software world, we would still be required to expend great effort in showing a judge how exactly we did this job. We are grateful for SCO's tactical error of attacking one of the deepest pockets on earth, IBM, who has the checkbook needed to efficiently fight such a nuisance lawsuit.

However, this does not mean FSF's work is done. In addition to answering and/or disputing the subpoena, we must also educate the community about why it is that Linux was attacked and GNU was not. For more than a decade, FSF has urged projects to build a process whereby the legal assembly of the software is as sound as the software development itself. Many Free Software developers saw the copyright assignment process used for most GNU components as a nuisance, but we arduously designed and redesigned the process to remove the onerousness. Now the SCO fiasco has shown the community the resilience and complete certainty that a good legal assembly process can create. (SCO, after all, eventually dropped their claims against GNU as a whole and focused on the Linux project which, for all its wonderful technical achievements, has a rather loose legal assembly process.) We have just begun a project here at FSF to document and codify our process, so that it can be disseminated in the form of a policy manual and accompanying software, to all other Free Software projects who wish to solidify their legal assembly process. Distilling nearly two decades of organizational know-how into easy-to-understand software and documentation is no easy task, and we will rely greatly on your financial support to aid us in carrying out this momentous task.

As always, we at FSF look to the long-term future. SCO is a blip --a precursor to the challenges Free Software will face. We strive to be ahead of that curve and lead the way for a legally certain future for Free Software.

We need your support to continue this work. We ask that if you are not yet an associate member of FSF, that you join now. If you join before 15 June 2004, you will receive a complimentary print copy of Lawrence Lessig's new book, Free Culture. We are happy to celebrate the addition of Professor Lessig to our board of directors by sharing his latest written work with you as we continue our work.

If you already an associate member, please encourage a friend to join!

Copyright © 2004, Free Software Foundation, Inc. Verbatim copying of this article is permitted in any medium, provided this notice is preserved.

LINUX: MS-Funded Alexis de Tocqueville Institution Attacks Linus, Probably Making Itself a Laughingstock

GROKLAW: "Monday, May 17 2004 @ 02:15 AM EDT Just when you thought it was safe to go back in the water. . . more FUD attacks.This is so stupid I think we need a parody done by Scott Lazar. But I'll do m"

Monday, May 17 2004 @ 02:15 AM EDT

Just when you thought it was safe to go back in the water. . . more FUD attacks.

This is so stupid I think we need a parody done by Scott Lazar. But I'll do my best to tell you the news with a straight face. The Alexis de Tocqueville Institution, who as you may recall admitted it gets funding from Microsoft, has put out a press release on a "study" they have done that suggests that Linus isn't the father of Linux after all. Another "independent" study with Microsoft peeking out from behind the curtain.

It's good when you are opposed by Larry and Moe. How dumb do you need to be to attack Linus Torvalds? As I've said before, it's like kicking Dorothy's little dog, Toto. All you get for your trouble is a lot of really offended folks who seriously dislike you and all your supporters.

Their press release provides no proof, no facts, no details, but it claims the author, the head of the Institution, Ken Brown, did extensive interviews with Richard Stallman, Dennis Ritchie, and Andrew Tanenbaum before discovering Linux's "questionable" roots. Linus, unbeknownst to us, is not the man of integrity we know him to have proven himself to be. Instead, I gather they mean to say he is a common thief, or so the Institution hints, who stole from UNIX. Because they provide no explanation, beyond the hints, we are compelled to draw the conclusion that this is what they seem to mean:

"Brown suggests the invention of Unix is an integral part of the Linux story commenting, 'It is clear that people's exceptional interest in the Unix operating system made Unix one of the most licensed, imitated, and stolen products in the history of computer science.'"

I guess Linus'd have to be a liar too, because he has stated publicly that the origins of Linux were not UNIX (Cf. Minix reference in this historic Linus email). The article about their "study" is here. Here is a taste:

"Popular but controversial 'open source' computer software, generally contributed on a volunteer basis, is often taken or adapted from material owned by other companies and individuals, a study by the Alexis de Tocqueville Institution finds. . . .

"Among other points, the study directly challenges Linus Torvalds' claim to be the inventor of Linux."

Maybe Linus would lie and steal other people's code if it's like that movie, "Invasion of the Cabbage People", or whatever that horror movie was called, where people's brains were taken over, and they were then pliable and did things they never would do as their true selves.

UPDATE: Linus has responded, as only Linus can. He reveals to LinuxWorld that he has been found out. The true fathers of Linux are Santa Claus and the Tooth Fairy. Santa is from Finland, after all, so he thought of Linus, who has strong teeth and was thus acceptable to the TF also. He suggests that the Alexis de Tocqueville's web site may have been taken over by some enterprising DNS thief:

"Btw, I do believe that somebody took over adti.net.

"I don't think the Alexis de Tocqueville institute ever had humor (they certainly used to take themselves very seriously), but their site today is filled with jokes.

"Maybe they forgot to pay their DNS registration fee, and some enterprising person decided to play a joke on them?"

This press release is disgusting, and I hope Linus sues, not that he is the type to sue. He may not be able to, because in true FUD fashion, the headline says "probably", as in "Torvalds claim to 'invent' Linux probably false, says new study." Of course the "study" itself is not available, consisting, I gather, of what is in Mr. Brown's head and notes. You can buy the book, and they probably put out the press release because they want you to, and there will be "excerpts" available on May 20.

If this group is the new SCO, we have lucked out. They incompetently provide a link from their article to what they say will be a UNIX and Linux timeline, but the link takes you instead to a Linux page, which is a bit out-of-date, listing Caldera Linux, which then links to the UNIX page. Except there is no timeline.

Not to worry. We are working on one. The Grokline research project, which will result in an ownership-history-of-UNIX timeline chart to amplify Eric Levenez' chart, will be going online this week. I'll tell you more soon, and I hope you will help us beat off the dark side's UNIX nonsense once and for all by contributing your knowledge and skills to that project, so we can prove where all the code came from and who owned it, making future "studies" like this one impossible. Not to mention future SCO's.

Anyway, when you get to the Linux page, it sings Linux's praises and correctly attributes Linux's authorship to Linus, thus serving as an antidote to their poison. You probably need to go there fast, though. Once they read this, they'll probably change it, once they realize we have probably shown them to probably be incompetent. Here is a highlight:

"Developed by Linus Torvalds and further elaborated by a number of developers throughout the world Linux (lee'nuhks/ or /li'nuks/,_not_/li:'nuhks) is a freely available multitasking and multi-user operating system. From the outset, Linux was placed under General Public License (GPL). The system can be distributed, used and expanded free of charge. In this way, developers have access to all the source codes, thus being able to integrate new functions easily or to find and eliminate programming bugs quickly. Thereby drivers for new adapters (SCSI controller, graphics cards, etc.) can be integrated very rapidly.

"Linux may be obtained in two different ways. All the necessary components can be downloaded free of charge from the Internet. This means that an individual operating system can be assembled for almost nothing. An alternative is to use a so-called Distribution, offered by various companies and including a wide range of applications and installation programs that significantly simplify the installation of Linux. . . .

"Pro: Linux and Linux variants are considerably less expensive to run. Most versions of Linux are free and those that are not are generally very affordable. Especially when looking at the Microsoft Windows NT with multiple licenses.

"Pro: Issues are generally resolved more quickly then Windows NT with open source code."

I doubt Microsoft pays people to say that or link to it either. The Institution, while acknowledging MS funding, claims they are independent in what they write. I don't know about these "independent" studies. Microsoft, to me, is like a 2-year-old covering his head with a towel and thinking he is thereby invisible.

There is absolutely no point in writing to the Institution, by the way, in my opinion. They long for controversy. Probably. And they may keep lists of everyone they hear from too, for all I know.

They have to know better, having spoken to the individuals they claim to have spoken to. This is why I don't talk to all the reporters who contact me, by the way, any more. Some people use you, if you let them. So I am selective. I expect we may hear a word or two from some of the poor, used interviewees.

The same institution has been on a roll, one press release after another. Here is their prediction that Linux is on a collision course with patents. The article is here. I think Microsoft needs to take a lesson from BayStar and ask for its money back. They might want to note their sage advice to SCO about not attacking Linux and the Linux community, too. Here is a sample of the quality of this article:

"To summarize, the General Public License (GPL), the contract/license for GNU/Linux software and other open source software requires distribution of the source code for the original program. If you receive a copy of GPL’ed software, you can use it without worrying about the original author exercising any limitations, fees, licenses, etc. The GPL enables developers to transfer the rights of their work to anyone they would like, for the privilege of having the reciprocal use of GPL’ed work. This feature makes selling GPL’ed software inane because anyone that agrees to the terms of the GPL can also have a copy of the same software with the code - for free."

These folks are probably toadies, so what can you expect? But I do have a question in my mind. Is Microsoft, with all its money, unable to come up with anything better than this? Isn't it remarkable how little they get for all their silver and gold?

Here is a threat at the very end of another offensive article of theirs. The topic is outsourcing, but they can't help themselves and just must say something hateful and untrue about open source:

"Many U.S. firms are not only devaluing intellectual property via outsourcing, but are also embracing business strategies to devalue (and if necessary, eradicate) their competitor’s intellectual property. Open source software, also described as free software, is the neutron bomb of IP. . . .

"However, the open source strategy is a triple-edge sword. First, most free software such as Linux, (the most popular because of its operating system capability), comes with a license that dictates that any all development of the product (which would have been valuable intellectual property) becomes community property and must subsequently become free as well. . . .

"In conclusion, while it is debatable whether outsourcing can be described as just another business solution or the hemorrhaging of the IT industry, downward pressure on intellectual property is having a serious impact upon the information technology sector and the entire U.S. economy. Instead of asking how much harm is this having on our economy, we should really be asking how much longer can we continually export the U.S. IP economy to every (and any) global competitor at no cost? Unless intellectual property assets are better protected, we will soon see information technology firms resorting to draconian measures even worse than outsourcing."

For those of you who wish to feel as angry as I do, I reproduce their loathsome press release in full.


Torvalds claim to "invent" Linux probably false, says new study

Fri May 14, 5:49 PM ET

Washington, DC (FeatureXpress) May 14, 2004 - Popular but controversial "open source" computer software, often contributed on a volunteer basis, is often taken or adapted without permission from material owned by other companies and individuals, a study by the Alexis de Tocqueville Institution finds. Among other points, the study directly challenges Linus Torvalds (news - web sites)' claim to be the inventor of Linux (news - web sites). In one of the few extensive studies on the source of open source code, Kenneth Brown, president of AdTI, traces the free software movement over three decades -- from its romantic but questionable beginnings, through its evolution to a commercial effort that draws on unpaid contributions from thousands of programmers. Brown's account is based on extensive interviews with more than two dozen leading technologists including Richard Stallman, Dennis Ritchie, and Andrew Tanenbaum.

"The report," according to Gregory Fossedal, a Tocqueville senior fellow, "raises important questions that all developers and users of open source code must face. While you cannot group all open source programmers and programs together; many are rigorous and respectful of the intellectual property rights, while others speak of intellectual property rights with open contempt."

Brown suggests the invention of Unix is an integral part of the Linux story commenting, "It is clear that people's exceptional interest in the Unix operating system made Unix one of the most licensed, imitated, and stolen products in the history of computer science." Brown writes, "Over the years, many have envied the startling and pervasive success of Unix. For almost thirty years, programmers have tried and failed to successfully build a Unix-like system and couldn't. To this day, we have a serious attribution problem in software development because people have chosen to scrupulously borrow or imitate Unix."

Brown's study is part a book he is writing on open source software and operating systems. Excerpts from the book will be published at www.adti.net on May 20, 2004.

LINUX: The Astroturf de Tocqueville Institute


Last year I wrote about how Tech Central Station was an astroturf operation, published by a public relations company to provide supposedly independant support for the PR companies clients. The Alexis de Tocqueville Institute (ADTI) is another astroturf operation.

As part of the Tobacco Settlement Agreement Philip Morris (PM) agreed to release millions of documents about their operations. These detail how ADTI was hired by PM to conduct a public relations campaign against the Clinton health plan in 1994. ADTI provided PM with regular progress reports to prove that PM was getting value for its money, so they also let us see how these campaigns are conducted.

The Clinton plan included an increase in taxes on cigarettes from 24c per pack to 99c. Understandably, PM was not in favour of this, so a Philip Morris executive suggested an astroturf campaign, writing to one of his people:

Having just read the Washington Post with a series of provocative articles about Canada cutting taxes, CBO estimating higher costs AND job loss from the Clinton plan and then our old favourite, former president current homebuilder, Jimmy Carter explaining why higher taxes will help tobacco farmers, it occurred to me that we ought to turn a few of our better letter writers loose to blitz the targeted states with letters to the editor about Clinton, Carter and Canada…

If you want some astroturfing done, who you gonna call? The Alexis de Tocqueville Institute:

David N & I think the Alexis de Tocqueville Institute is perfect for this kind of thing. We are working with them on a proposal.

And here is their proposal:

Our three key executives, Cesar Conda, Bruce Bartlett and myself, will run this campaign and we will devote the full energies of our operation and its consultants to this task. We plan to activate our key Advisory Board Members, including Jack Kemp, Robert Kasten, Dick Armey, Michael Boskin and others to mount a public awareness campaign immediately (see enclosed list of Center on Regulation and Economic Growth participants).

As you can see from our press in recent months, we are in a position to deliver. We would like to request $60,000, or $30,000 a month, to implement this program.

And over the next two months ADTI ran a PR campaign against the Clinton plan. For the benefit of PM they documented all their activities. You can see all the documents here, but some of the highlights are:

ADTI fellow Bruce Bartlett wrote an issue memorandum that formed the basis of their campaign, writing “the effect of the plan would be to increase federal taxes by over 27 percent”. ADTI arranged for this claim to repeated over and over again on radio and in print. Now the cigarette tax increase that PM was trying to prevent was only an increase in federal taxes of 0.5%. Since the Clinton plan made health insurance compulsory Bartlett counted all health insurance payments as tax increases. The plan was also expected to reduce insurance costs and hence increase wages (since employers could afford to pay more). Bartlett counted the additional tax revenue from the increased wages as a tax increase. I think the average worker who heard about this 27% tax increase would feel that it meant they would be paying 27% more taxes rather than that their wages would go up and their employer would have to provide health insurance for them.

ADTI arranged for their “27% tax increase” message to be sent to hundreds of radio talk shows, to appear in a Washington Times news story and to be sent by a Congressman to all other members of Congress. The Washington Times published a Bartlett op-ed but apparently “27% tax increase” wasn’t enough of a headline for them, so they gave it the headline “How to quadruple federal revenue”. (Bartlett’s op-ed actually says “Federal revenues, however, would not quadruple”.)

Look at this letter from ADTI to Robert Caldwell, the Editorial Page Editor at the San Diego Union Tribune and an ADTI operative advisory board member:

Congresswoman Lynn Schenk is one of 5 key swing Democratic health care votes in the Energy and Commerce Committee. There is reason to believe she is looking for reasons to vote against Clinton, and there is reason to believe that she can be spooked on the tax issue, especially after her 1993 Budget vote.
An editorial from the most important paper in her district urging her to do the right thing for the right reason would obviously have a huge impact, and could be the straw that breaks the camel’s back.

Nowhere in their campaign did ADTI mention that they were hired by PM to oppose the tobacco tax increase. Instead they presented themselves as a “bipartisan” economic think tank that was merely presenting an analysis of the Clinton plan. “Bipartisan” here would seem to mean that they are for sale to either side.

ADTI has been in the news this week because their president, Ken Brown has published a book where he claims that Linus Torvalds created Linux by copying from Minix. Stephen Shankland writes:

According to the study, it’s safe to argue that Tanenbaum, who had years of OS experience and who had seen the Unix source code, could create Minix in three years. “However, it is highly questionable that Linus, still just a student, with virtually no operating systems development experience, could do the same, especially in one-sixth of the time,” says the study, which was written by Ken Brown, president of the Alexis de Tocqueville Institution.

“Why are the most brilliant business minds in the history of PC technology, with hundreds of millions of dollars in capital, licensing Unix source code, if it is as simple as writing it from scratch with little help or experience?” the study asks. “Is it possible that building a Unix operating system really only takes a few months–and, oh by the way, you don’t even need the source code to do it?”

Brown’s argument works by ignoring the difference between version 0.01 of Linux which was only 10,000 lines of code and current versions of Linux which contain millions of lines of code. Linux version 0.01 was well within the capabilities of a good programmer in six months, but was by no stretch of the imagination something that could replace a Unix system. Current versions of Linux can replace Unix systems, but have taken a decade to develop with contributions from thousands of people.

Could Brown have made an honest mistake? Well, he actually talked to Tanenbaum, who Brown claimed Torvalds copied Linux from, and Tanenbaum told him in no uncertain terms that Linux was not copied from Minix. And Brown hired someone to compare Linux with Minix, who found no evidence of copying. It is clear that Brown’s mistake was not an honest one.

So why would Brown do such a thing? Well, ADTI gets funding from Microsoft:

Several tank officials and analysts, who spoke to UPI on the condition of anonymity, said that the Alexis de Tocqueville Institution, a small Arlington, Va.- based think tank that promotes free-market principles, receives a significant portion of its funding from the Microsoft Corp. The sources said that the think tank essentially lobbies in favor of issues important to Microsoft through op-ed pieces and policy briefs by tank officials.

It seems likely that, just as their attack on the Clinton health plan was commisioned by Philip Morris, their attack on Linux was commisioned by Microsoft.

More links on Brown’s book: Eric S Raymond’s review:

I haven’t seen a book quite so egregiously shoddy and dishonest since Michael Bellesisles’s Arming America.

Martin Pool’s review

* Nearly every paragraph makes an unsubstantiated assertion. Brown seems to feel that just inserting “it is clear that”, “ironically”, “clearly”, or “it is widely known” is an adequate substitute for cited evidence. Ironically, it clearly is not.
* Experts are asked misleading or hypothetical questions to elicit quotes that are used out of context. I think ADTI is not honest enough to ask straight questions because the answers would not suit them.
* Brown says he can’t believe that Linus wrote Linux, because… well, he just can’t believe it. Nothing more. He does not cite even a single line of Linux source that was copied from any other system, despite that all the data needed to check this is available to him. If he found even one line, his paper might be credible. But he does not.

Pamela Jones’ Groklaw has more on the story here, here, here and here. ADTI promise a response here, but it’s still “under construction”.

21:39 | /computers | 4 comments | link
The ADTI-Philip Morris file

This is a list of the documents that detail the astroturf campaign conducted by the Alexis de Tocqueville Institute (ADTI) on behalf of Philip Morris (PM) against the Clinton health plan in 1994. They were obtained by a search for “fname: anti-tax” in the Philip Morris documents archive.

OT: The ADTI-Philip Morris file


LINUX: Man AdTI Hired to Compare Minix/Linux Found No Copied Code

GROKLAW: "Thursday, May 27 2004 @ 05:01 PM EDTAndrew Tanenbaum has published the most remarkable email from the man hired by Ken Brown to do a line-by-line comparison of Minix and Linux, Alex"

Thursday, May 27 2004 @ 05:01 PM EDT

Andrew Tanenbaum has published the most remarkable email from the man hired by Ken Brown to do a line-by-line comparison of Minix and Linux, Alexey Toptygin, who summarizes his findings and posts them on the Internet:

"Around the middle of April, I was contacted by a friend of mine who asked me if I wanted to do some code analysis on a consultancy basis for his boss, Ken Brown. I ended up doing about 10 hours of work, comparing early versions of Linux and Minix, looking for copied code.

My results are here. To summarize, my analysis found no evidence whatsoever that any code was copied one way or the other."

When he turned in his work, he had a conversation with Brown:

"Apparently, Ken was expecting me to find gobs of copied source code. He spent most of the conversation trying to convince me that I must have made a mistake, since it was clearly impossible for one person to write an OS and 'code theft' had to have occured. So, I guess what I want to say is, pay no attention to this man. . . "

Eric Raymond has also answered Ken Brown's Samizdat. Another very detailed response here, on Newsforge, by Jem Matzan. I'll end your suspense. No, they didn't like it.


"In the history of publishing there has never been a less scrupulous work than this book. It's a stinging insult to real books and genuine authors everywhere, harming the credibility of all of us who write for a living."

Raymond publishes his email to AdTI, who inexplicably (unless the book is an elaborate troll) and foolishly sent him a copy to review:

"Judging by these excerpts, this book is a disaster. Many of the claimed facts are bogus, the logic is shoddy, some of the people you claim to have used as important sources have already blasted you for inaccuracy, and at the end of the day you will have earned nothing but ridicule for it. . . .

"The problems start in the abstract. Software is not composed of interchangeable parts that can be hodded from one project to another like a load of bricks. Context and interfaces are everything; unless it has been packaged into a library specifically intended to move, moving software between projects is more like an organ transplant, with utmost care needed to resect vessels and nerves. The kind of massive theft you are implying is not just contingently rare, it is necessarily rare because it is next to impossible. . . .

"Your account of the legal disclosure history of the Unix source code is seriously wrong. Persons authorized by AT&T did, in fact, frequently ship source tapes which contained no copyright notices — I know, because I still have some of that source code. . . .

"I began reading the excerpts skeptical of the widespread conspiracy theory that this book is a paid hatchet job commissioned by Microsoft. Now I find this theory much more credible. I can't imagine how anyone would want their names on a disgrace like this unless they were getting paid extremely well for undergoing the humiliation. . . .

"You claim that 'To date no other product comes to life in this way', presenting Linux as a unique event that requires exceptional explanations. This is wrong. Many other open-source projects of the order of complexity of the early Linux kernel predated it; the BSD Unixes, for example, or the Emacs editor. Torvalds was operating within an established tradition with well-developed expectations.

"'Is it possible that building a Unix operating system really only takes a few months —and, oh by the way, you don't even need the source code to do it?' Yes, it is possible, because there are published interface standards. I might have done it myself if it had occurred to me to try — in fact, I have sometimes wondered why it didn't occur to me.

"As for whether it was possible to produce Linux in the amount of time involved — it is never wise to assume that genius programmers cannot do something because the incompetent or mediocre cannot. Especially when, as in Linus's case, the genius already has a clear interface description and a mental model of what he needs to accomplish. . . .

"You propose that the absence of credits to developing countries might be evidence of some sinister memory-hole effect. The true explanation is much simpler: developing countries don't have Internet. There is a straight-up geographical correlation between contributions to open-source projects and Internet penetration."

There is a great deal more, and I encourage you to visit all four sites, to get the complete picture. Honestly, how incompetent must you be to think attacking Linus Torvalds' integrity is a good strategy? He is loved and admired internationally by folks who do understand the code, unlike Mr. Brown, and everyone knows such a man would never knowlingly steal anyone's code, period. Nobody else would either. It's not the FOSS way.

LINUX: issues/adti

sourcefrog issues/adti

Friday, May 28, 2004

LINK: FreeBSD Documentation Project

FreeBSD Documentation Project

--[ BOOK REVIEW: Hacker Diaries: Confessions of Teenage Hackers

# By Dan Verton
# Hardcover: 219 pages
# Publisher: McGraw-Hill Osborne Media; 1st edition (March 26, 2002)
# ISBN: 0072223642

Book discription (copied from Amazon):

To many who knew him, there was nothing odd about him. He was a normal kid...
On February 7, 2000, Yahoo.com was the first victim of the biggest distributed denial-of-service attack ever to hit the Internet. On May 8th, Buy.com was battling a massive denial-of-service attack. Later that afternoon, eBay.com also reported significant outages of service, as did Amazon.com. Then CNN's global online news operation started to grind to a crawl. By the following day, Datek and E-Trade entered crisis mode...all thanks to an ordinary fourteen-year-old kid.
Friends and neighbors were shocked to learn that the skinny, dark-haired, boy next door who loved playing basketball--almost as much as he loved computers--would cause millions of dollars worth of damage on the Internet and capture the attention of the online world--and the federal government. He was known online as "Mafiaboy" and, to the FBI, as the most notorious teenage hacker of all time. He did it all from his bedroom PC. And he's not alone.
Computer hacking and Web site defacement has become a national pastime for America's teenagers, and according to the stories you'll read about in The Hacker Diaries--it is only the beginning. But who exactly are these kids and what motivates a hacker to strike? Why do average teenagers get involved in hacking in the first place? This compelling and revealing book sets out to answer these questions--and some of the answers will surprise you. Through fascinating interviews with FBI agents, criminal psychologists, law-enforcement officials--as well as current and former hackers--you'll get a glimpse inside the mind of today's teenage hacker. Learn how they think, find out what it was like for them growing up, and understand the internal and external pressures that pushed them deeper and deeper into the hacker underground. Every hacker has a life and story of his or her own. One teenager's insatiable curiosity as to how the family's VCR worked was enough to trigger a career of cracking into computer systems. This is a remarkable story of technological wizardry, creativity, dedication, youthful angst, frustration and disconnection from society, boredom, anger, and jail time. Teenage hackers are not all indifferent punks. They're just like every other kid and some of them probably live in your neighborhood. They're there. All you have to do is look.

This is one of the only books that directly talks about teenage hackers and one that tries to change the people's and the media's perception about a hacker. It does not, however, do a great job of conveying this message, at least that is what I thought. The preface starts as a restatement of the well know Hacker's Manefesto authored by Mentor a decade ago. The book will not appeal to us techs and might only appeal to regular people who are just starting out to know what the hell TCP/IP is and how to crack passwords with LophtCrack (which is GUI btw ;) ). So if you think this book is in any way technical you are no where in the ball park of the truth. One issue that I really found serious in the book was that the message is contradicted. Although the book wants to convey the message that hacking is good and people who practice it are normal beings the choice of characters was no where normal. The characters which are mostly from divorced parents, living with no water in there house, picking fights, getting arrested, and getting expelled from school hardly the norm for the average teenager. A couple of technical inaccuracies were also spotted between the text and there a huge gap in the time line described between the day the hacker fiddled with his first computer and the day he started to break computers. Other than that issue the book is a good read although it does really appeal to my technological taste and must get a 6 out of 10.

Reviews done by others on the book:


Links pretaining to the book:

The hacker's manifesto, by the Mentor this is also knows by other names including The Conscience of a Hacker.
Genocide 2600 one of the guys talked about in the book.

LINK: Java, Gtk and Mono

Java, Gtk and Mono

LINK: MONO Presentation collection

Miguel de Icaza

GOOGLE: The fellowship of the 1GB storage lockers

[print version] The fellowship of the 1GB storage lockers | CNET News.com

LINK: IBM C/C Compilers Home Page

IBM C/C Compilers Home Page

SEC: Survey Shows Online Security Getting Better

Linux News: Security: Survey Shows Online Security Getting Better: "By Jack M. Germain www.TechNewsWorld.com, Part of the ECT News Network 05/28/04 10:33 AM PT'Financial institutions are fighting an ongoing battle to combat and mitigate ever-i"

By Jack M. Germain
Part of the ECT News Network
05/28/04 10:33 AM PT

"Financial institutions are fighting an ongoing battle to combat and mitigate ever-increasing security threats and attacks and privacy violations, as well as comply with the increasingly stringent regulatory environment," Ted DeZabala, a principal and national leader of security services at Deloitte & Touche LLP, told TechNewsWorld.

Free Newsletter Now Available From TechNewsWorld. Tech News Flash is your one-stop source for daily technology news and information, delivered straight to your inbox directly from TechNewsWorld. Keep up with the latest breaking tech news and enjoy insightful analysis from our team of expert writers and reporters.
Subscribe Today.
Security attacks on IT systems have more than doubled since last year. That's what 100 IT chief security officers at financial institutions around the globe reported in a global survey compiled by Deloitte & Touche LLP. External security attacks on information technology systems at a sampling of the world's leading financial institutions more than doubled from a year ago, according to those who responded to the rigorous global survey. Deloitte & Touche LLP is one of the nation's leading professional services firms.

According to the survey, 83 percent of surveyed financial firms acknowledged their systems were compromised in the past year. That number compares with 39 percent in 2003. Of those firms that were attacked, 40 percent sustained financial losses.
"Financial institutions are fighting an ongoing battle to combat and mitigate ever-increasing security threats and attacks and privacy violations, as well as comply with the increasingly stringent regulatory environment," said Ted DeZabala, a principal and national leader of security services at Deloitte & Touche LLP.

This survey marks the second year of what Deloitte & Touche plans to be an annual industry polling. The 100 organizations surveyed represented three categories. The largest category contained 31 of the top 100 Global Financial Services Institutions ranked by 2002 financial assets. The second category had 23 of the top 100 Global Banks ranked by Tier-1 Capital 2002. The third category had 10 of the top 50 Global Insurers ranked by 2002 financial assets.
Significant Findings
Reader Tools

E-Mail Article

Online Version

Related Stories


Author Search

Although the number of security attacks against financial institutions rose sharply in global terms, the United States had the smallest number of financial institutions reporting attacks -- 24 percent. Canada, the second lowest-ranked of the five regions, had a tally almost double that of the United States, with 44 percent of its financial institutions suffering attacks.
The Asia-Pacific region topped the charts, with 71 percent of financial institutions there acknowledging attacks. The Latin America-Caribbean region reported 50 percent of its financial institutions on the receiving end of attacks, and the region composed of Europe, the Middle East and Africa experienced attacks on 47 percent of its financial institutions.

But DeZabala cautioned about reading too much significance into the raw statistics.
"My sense is that there is an upward trend of attacks globally. Those companies represented in the survey are global firms, so some of their reported attacks could have occurred in the U.S.," he said. "Their ability to manage threats has to be compared to the rate of increase in threats."

Additional Key Findings
The 2004 Global Security Survey revealed several trends that bear watching, analysts said. Among the findings were the following:

* More than half of the respondents said security is a key part of their strategy. But 10 percent reported that their general management perceives security as a business enabler.
* The majority of respondents said they have a comprehensive IT disaster recovery plan in place, but only half include personnel in their business continuity plans.
* One-third of respondents said they believe security technologies acquired by their organizations are not being utilized effectively.
* Only one-fourth of respondents said they think their strategic and security technology initiatives are well aligned.
* Identity management and vulnerability management were the two most common technologies that financial services said they are piloting or intend to deploy in the coming 18 months.

Survey Spotlights IT Concerns

The survey results show a significant shift in attitudes by high-level executives toward IT security issues in recent years, DeZabala told TechNewsWorld. Regulatory issues and user identity management concerns are taking on new importance. Both the user experience and the IT environment are becoming more efficient.
Despite those gains in the corporate setting, third-party access to corporate networks is becoming a huge administrative management problem.

"A lot of attention is being paid to this area now," said DeZabala.
Lastly, security budgeting in general is a soft thing. "It requires a huge undertaking," he said.

Finacnial Disparity
Despite the reported doubling of security attacks, more than one-fourth of financial institutions surveyed said their security budgets remained flat. Some 10 percent of the respondents said their companies slashed their online security budgets from the previous year.

The respondents also reported that they perceive their spending on security to be in line with other comparable organizations and in line with their own security plans.
However, DeZabala said he sees a larger picture than what the survey shows. Overall, at the big financial institutions, spending is on the rise.

"I take a more pragmatic [view] in assessing if statistics are valid. Financial institutions are starting to take IT issues seriously. Online security risks will continue to grow. Some financial institutions are keeping up; some aren't," said DeZabala regarding IT budgets.
Technology Lagging, Compliance Gaining

According to the survey, financial institutions are not keeping up with security technologies. More than 70 percent of the respondents identified viruses and worms as the likely greatest threat to their systems within the next year.
A total of 87 percent of respondents said they have fully deployed antivirus measures. This result is down from a response rate of 96 percent in last year's survey.

On the regulatory front, however, more financial institutions are improving their compliance efforts. Two-thirds of respondents indicated they now have a program for managing privacy. That compares with 56 percent of respondents in 2003. In addition, nearly seven of 10 said they think senior management is committed to security projects needed to address regulatory requirements.
"Security threats such as viruses, worms, malicious code, sabotage and identity theft are real and have already cost millions of dollars in lost revenues to institutions globally," said DeZabala.

New Solutions Needed
Financial firms need better methods to maintain online security, DeZabala told TechNewsWorld. Many companies are having a hard time with the time span between Internet vulnerabilities being announced and protections being applied. "Those events are becoming highly compressed," he said. "Vulnerabilities are being discovered only after attacks are discovered."

The current system of waiting for patches to be released and then installing them is not enough in today's volatile virus and worm environment. "We need new security methods," he said.
DeZabala likened the results of the survey of financial institutions to a report on the medical industry. The survey showed the online financial presence is generally healthy but not without some symptomatic sniffles.

The online financial industry is a lot like medical science, he said. There will always be some diseases cured while other sicknesses remain a threat. "That's because some people are too creative and too lustful," he concluded.

LINUX: One (Strange) Man's Hunt for the Linux Desktop

Linux Today - Linux Today: Editor's Note: One (Strange) Man's Hunt for the Linux Desktop: "By Brian Proffitt Managing Editor Linux on the desktop. It feels like there should be an echo effect there, doesn't it? Linux-inux-inux-nux... On The Desktop-top-top-top...Wi"

By Brian Proffitt
Managing Editor

Linux on the desktop.

It feels like there should be an echo effect there, doesn't it?

Linux-inux-inux-nux... On The Desktop-top-top-top...

With all the reports we have seen of late about getting our favorite operating system on the desktop of corporate and home users, I don't think the echo chamber effect is going overboard, do you? Then, picture in your mind a giant Tux, standing on a dark mountaintop, sword in hand, the bones of proprietary code strewn on the jagged mountainside below him. Do the echo chamber again. See? Not a bad scene.

Sam Raimi had better watch out, there's a new director coming to town.

But to the matter at hand. Linux on the desktop. I have a problem with this description. After a day or two of fiddling around with some cool desktop tools and theme, I have come to the conclusion that worrying about Linux on the desktop is a misnomer, because 99 percent of the time I can't even see the desktop and all of the cool toys I have put on it!

This all started last week, when I upgraded to Fedora Core 2. I had tried to point yum and up2date to the new Core 2 mirrors, but they were still heavily trafficked, so I finally muttered some obscenities and tried this new BitTorrent thing-a-ma-bob to pull the ISOs down for CD burning.

Boy! Was this a pleasant surprise! For those of you not familiar with it, BitTorrent is a peer-to-peer system that lets you share files across a completely distributed network. So, instead of finding and linking to a single peer who has the file I need and praying they have the bandwidth and the will to stay online long enough for me to pull the file down, I downloaded a .torrent file that indexed the files I needed and allowed me to download the files from multiple sources at once.

This jigsaw-puzzle approach to downloading spreads the load across multiple sources and (if there are enough sources online) makes your download go much faster. The karmic is that while you download files, you become a source, too. So your system uploads while it yanks files down. For courtesy's sake, users are urged to keep sharing the files after the download is complete, to keep the number of sources to share high. (I did good, I left the files in place for two days.)

After I upgraded to FC2, I wanted to try out some new eye candy for my system. After reading Marcel Gagné's recent article on SuperKaramba, I was intrigued enough to give it a whirl.

I tried the binaries first, and that seemed to work. But after running SK, I tried to load some themes and got nothing but black boxes. Well, after pulling the source down and trying to compile, I discovered that I supposed wasn't running the right version of the Python libraries, which was odd, since I had a version that was way past what was required.

I faced a choice: get the libraries into my system's path or try something else. I'm more into instant gratification, so I chose the latter and shifted over to GNOME to try gdesklets.

PCLinuxOnline ran a tutorial about this GNOME eye candy recently, and I thought it would be worth a look.

And it was, actually. It took a little while to get everything sorted out, because the documentation was a bit lean, but ultimately I got the GoodWeather, Popmail, and RRS-Feed desklets up and running. I think they look really sharp... when I can see them.

The problem is, at least for me, that I never actually get to see my desktop. All day long, virtually every day, I have Mozilla open with its multiple tabs looking at every Linux site you can think of, a Gnumeric spreadsheet with the day's storyboard, and Evolution churning out whatever e-mail makes it past spamassassin. With these three windows open at any given time, I hardly every get to see the actual desktop.

Since I have Weather Report 2.6 running on the GNOME panel, and Evolution beeps when I get new mail, I only missed the added functionality of the RSS-Feed. But, setting up some bookmarks in Mozilla to alert me when a page updates was a workaround for that.

I still wanted a cool desktop, though, so I went hunting about for a nifty theme instead. And therein lies another tale.

So, Linux on the desktop? Well, in the most literal sense of the termd, I'll believe it when I see it.

In the meantime, it's a holiday weekend here in the States, and you know what that means. Linux Today's newsfeed will not be running this coming Monday, May 31, as the staff (me) enjoys a weekend of relaxation (watching sports). To those celebrating, have a safe Memorial Day weekend, and for the rest of you, please feel free to relax amongst yourselves. :)

VIRUS: VBS.Krim.G@mm

Symantec Security Response - VBS.Krim.G@mm

VIRUS: Backdoor.Mtron

Symantec Security Response - Backdoor.Mtron

VIRUS: W64.Rugrat.3344

Symantec Security Response - W64.Rugrat.3344

OT: 83% Of U.S. E-Mail Is Spam

Security Pipeline | News | 83% Of U.S. E-Mail Is Spam: " By TechWeb News The United States is the world's spam superpower, filtering firm MessageLabs said Tuesday as it released its April count of junk mail.A whopping 83 percent of all e"

By TechWeb News
The United States is the world's spam superpower, filtering firm MessageLabs said Tuesday as it released its April count of junk mail.

A whopping 83 percent of all e-mail traffic in the United States was spam last month, the U.K.-based anti-spam service provider said. Globally, spam continued to climb as a percentage of e-mail, and now accounts for over two-thirds of all messages.

But countries where English is popular make up the vast bulk of spam targets. More than 97 percent of all spam is sent to the U.S., the U.K., Germany, Australia, and Hong Kong, said MessageLabs.

"Countries where English is widely used will always be a natural target for spammers as mass mailing in one common language is by far the easiest way for them to disperse their messages," said Mark Sunner, the chief technology officer at MessageLabs, in a statement.

The United Kingdom, for instance, saw spam account for 52 percent of all mail, while in Germany and the Netherlands, 41 and 30 percent of messages were junk, respectively. Hong Kong, meanwhile, escaped relatively unscathed: just 27 percent of mail sent to users there was spam.

"Spam is becoming a bigger problem worldwide, and unfortunately shows that current legislation is having little impact in curbing the upward trend," said Sunner.

MessageLabs predicted that the U.K. would see U.S-style spam levels within six months, and countries in Asia and the Pacific should expect just-as-high spam counts within a year.

"When it comes to the Internet, if the U.S. sneezes, the rest of us catch a cold," added Sunner.

OT: 83% Of Financial Sector Admits Security Breaches

Security Pipeline | Trends | 83% Of Financial Sector Admits Security Breaches: "By Gregg KeizerSecurity attacks at major financial institutions more than doubled over a year ago, said a survey released Thursday of leading global banks, securities firms, an"

By Gregg Keizer
Security attacks at major financial institutions more than doubled over a year ago, said a survey released Thursday of leading global banks, securities firms, and insurance companies.

The survey, the second such conducted by the consulting firm Deloitte & Touche LLP, discovered that an amazing 83 percent of financial services firms acknowledged that their IT systems had been compromised by attacks from the outside in the past year. In 2003, only 39 percent of the companies surveyed admitted to a breach.

In addition, 40 percent of the companies polled -- which included a quarter of the world's top 100 banks, about a third of the top 100 financial services firms, and ten percent of the 100 largest insurance companies -- said that they had suffered financial losses due to the attacks.

"Security threats such as viruses, worms, malicious code, sabotage, and identity theft are real and have already cost millions of dollars in lost revenues to institutions globally," said Ted DeZabala, Deloitte's national managing partner for security services.

The dramatic increase in acknowledged attacks, said DeZabala, was due to a combination of factors. "There's definitely a lot more activity in terms of worms and viruses," he said. "And there's a lot more visibility into what's going on in security. What went undetected last year, or wasn't communicated up the chain of command, may have been spotted this year."

The acknowledgement of losses surprised DeZabala, who said that in the past companies have been tight-lipped about the issue. "Security is one of those things that you really pay attention to when you lose money," he said, and theorized that firms are owning up to the problem to demonstrate how seriously they're now taking security.

But while the survey noted that attacks have doubled, it also spotted a substantial number of firms running contrary to the general rule of increased security spending. More than a quarter of the institutions said that their security budgets stayed flat over the past year, and nearly ten percent actually had their funds cut.

Firms base din the United States, however, generally spend more than those in other countries, take security more seriously, and suffer fewer breaches. The reason: partly an overall heightened interest in security since 9/11, partly more stringent regulations related to security in legislation such as Sarbanes-Oxley.

Sixty-four percent of the U.S. companies polled, for instance, boosted their security budgets, the highest percentage of the five geographic areas Deloitte surveyed. And only a quarter of the financial institutions in the U.S. acknowledged a compromise of their IT systems, the lowest percentage reported.

But problems remain, even in the U.S., and the financial industry has a long way to go to lock its IT. While banks generally lead the way in security, insurance companies are way behind.

As an example, DeZabala cited the high hopes firms once had for patch management.

"They thought that patch management was a solution which would deal with the increasing number of worms and viruses," said DeZabala. But that was overly optimistic. "It turned out that patch management was much more difficult than first believed, and now it seems that it won't solve the problem at all. Worms and viruses are coming out too fast for any patch management solution to be effective. They just don't work if worms are coming out in a matter of hours or even minutes after a vulnerability is made public."

One solution that financial firms are eager to implement is identity management, a technology that was among the top two to be deployed in the next 18 months.

"Identity management could solve a lot of control issue problems," said DeZabala, "and is something that financial institutions are picking up the pace."

Security in general, and identity management in particular, are increasingly important to financial firms as they boost their off-shore outsourcing to countries like India, said DeZabala. "Outsourcing complicates security. When institutions first contract with off-shore firms, it may be only 50 or 100 people with direct access to the company's data, but if that off-shore firm is purchased by another organization -- which is happening in India, for example -- all of a sudden it's 30,000 people who have access. That's a big risk."

Another risk that wasn't specifically targeted by the survey -- the rapid jump in "phishing" attacks -- is also a major concern for banks, brokers, and other institutions which provide accounts and credit cards to customers.

In his conversations with the companies polled, DeZabala heard that phishing is a "very large issue for most big financial service institutions. But it's a very, very difficult problem to solve, and one that doesn't lend itself to a systemic solution."

BOOK: A .NET Developer's Guide to Windows Security

A .NET Developer's Guide to Windows Security

SEC: SANS NetworkBits - Vol: 1, Issue: 9

SANS NetworkBits - Vol: 1, Issue: 9

Turning Out Wireless Chaos

SANS NetworkBits                     May 28, 2004                    Volume: 1, Issue: 9
  Australia's iBurst Going to U.K.

  Study Predicts Rise in VoIP Revenues

  Calm Prevails in Wake of Stolen Cisco Code

  States Rushing to Pass VoIP Rules

  Wi-Fi Network Closes Due to Lack of Investments

  ACA Provides Timeline for VoIP Regulations

  Call for a Standardized Communication Network

  EMSM Locks Down Mobile Data

  Sniffer Products Enhanced

  Metro Ethernet Wanted if Reliable and Cheap

  Use Network Gear Making a Hit

  Companies Can't Keep Up with Attacks

  Cisco Wants Patent for TCP Fix

  AusCERT and US-CERT Warn of "Indefensible" 802.11b Flaw

  Bluetooth Not a Security Risk

  AOL Looks at Wireless Service in the U.K.

  ISP to Reduce Its Dependence on Telstra

  AOL Japan Sold

  AOL's Screening Program is a Success

  Manpower Signs Up BT

  BT Losing Customers

  Telekom Warned About Empire-Building

  SMS Messages Beat Out MMS Messages in Europe

  Wireless Hacking Techniques

  Selecting an Internet Service Provider

  VoIP Protocols

  Turning Out Wireless Chaos

  China Celebrates 10 Years of Internet Connection

  More Information

  FCC Proposes Unlicensed 3650-3700 MHz Operation

  FCC Announces Disability Access "Solutions Summit"

  USDA RUS Broadband Grant Program

  FCC's Final Rule on Debt Collection Improvement Act

  FCC Seeking Comments Regarding DAB Migration

  FCC Announces Effective Date of MVDDS Final Rule

  More Information

******************* Sponsored by SANS SCHOOL STORE ********************

Check out our School Store for just released books on Business Law, Solaris Securing Solaris, Computer Security Incident Handling and exclusive books and merchandise. Also, check out our new section on recommended books written by SANS faculty, PDF samples on our Step-By-Step Guides, and current specials on Oracle Security, 7-Pack Guides, and T-shirts. For more information go to https://store.sans.org/


This Week's Featured Security Training Program: SANSFIRE 2004 Monterey, CA, July 5-13, 2004

Early Registration Deadline: This Sunday, May 30, 2004

SANSFIRE offers you 14 immersion training tracks in one of the most beautiful and romantic places in America. Phenomenal training for auditors who want to master the challenges of security auditors, for managers who want to build a great security program, for security beginners who want to get a fast start, and, of course, the only place to go for technologists who want to master the most current methods for protecting systems and networks. SANSFIRE also offers lots of evening programs, extra one-day classes ranging from security business law to cyberwarrior training, and vendor exhibits, too.

Register soon to get a seat at your choice of courses. http://www.sans.org/sansfire2004


Australia's iBurst Going to U.K. (25 May 2004)
Personal Broadband Australia (PBA), a wireless carrier, will begin tests of its iBurst technology at six sites in the U.K. in July. By precisely locating the user, the iburst standard, developed by ArrayComm, will provide mobile data speeds of up to 1Mbps. PBA's Sydney iBurst network has attracted interest world-wide with international carriers, including Orange UK and Korea Telecom, traveling to Sydney to inspect the network. However, the first iBurst network outside of Australia will be in South Africa; its iBurst network is scheduled to be complete by July.

Study Predicts Rise in VoIP Revenues (24 May 2004)
Juniper Research analysts predict that by 2009, twelve percent of all telephony revenues will be from Internet telephony; contributing 32 billion USD of the approximately 260 billion USD in total telephony revenues. According to Juniper Research broadband specialist Ian Cox, "VoIP brings new revenue generating opportunities to the telephony market, by combining voice services with other IP applications." Juniper's findings come from a white paper, "Voice over IP and Network Convergence," published by Juniper.
Related Article: Wireless LANs Find Their Voice
Related Article: A Guide to VoIP Hardware

Calm Prevails in Wake of Stolen Cisco Code (24 May 2004)
Despite the fact that the Federal Bureau of Investigations has been called in to investigate the theft of 800MB of Cisco's software source code, users of Cisco devices are not panicking. One manager who's company uses Cisco products asserted, "It don't think we have any concerns, I'm not aware of any." Another customer notes that the theft "is no longer a worry" for his organization. Cisco Asia-Pacific spokesman maintains that the theft wasn't a result of a vulnerability in Cisco's networking hardware or software.
Related Article: FBI Opens Probe Into Cisco Software Theft
Related Article: No Risk Increase From Code Theft

States Rushing to Pass VoIP Rules (20 May 2004)
Large states, such as California and New York, are continuing their efforts to pass legislation to regulate voice over Internet Protocol (VoIP), despite the probability of having to eventually confront federal regulators. According to Carl Wood, one of the five commissioners on the California Public Utilities Commission, "There will be a collision if the FCC
[Federal Trade Commission ]
takes a position that's at variance with a state's
[position ]
." However, as states pass legislation to regulate VoIP, they tailor the rules to meet their specific needs creating a patchwork of regulations that small VoIP service providers may not be able to navigate.

Wi-Fi Network Closes Due to Lack of Investments (19 May 2004)
Cometa Networks, a Wi-Fi hotspot wholesaler, announced its decision to shut down its network a mere 18 months after it was launched due to lack of enough outside investment. The company overstretched itself believing they would be receiving a major contract from McDonald's that was ultimately awarded to a rival network. The company found itself unable to find outside investments that would carry it through the long period of time needed to pursue a new contract.

************************* SPONSORED LINKS **************************

Privacy notice: These links may redirect to non-SANS web pages.

(1) What's an IPS -- a firewall, a new breed IDS?

Find out, free analyst paper from Top Layer


(2) Save $75 when buying a 7-pack of Technical Guides

Go to:


(3) Are you interested in teaching Security+? Here's the

Starter Kit:



ACA Provides Timeline for VoIP Regulations (20 May 2004)
According to Australian Communications Authority's (ACA) acting chairman Dr. Bob Horton, VoIP regulation is "inevitable because whoever is carrying it has obligations for data, voice, or whatever and there needs to be requirements for universal service." A discussion paper covering the regulation of VoIP is expected sometime at the end of the year. A couple of months will then be given for all parties to examine the paper and a draft of the regulatory conditions will be drawn up. It is anticipated that some time around February 2005 the regulations will be put to the industry and the complete regulation guidelines finalized by July 2005. The three areas of quality of service, call location, and privacy will be the main areas of regulation, say Horton.

Call for a Standardized Communication Network (18 May 2004)
In a recently released discussion paper, emergency services organizations highlighted the need for a standardized communications network for better communications with other agencies during emergency situations such as terrorist attacks and natural disasters. The paper also noted that the various agencies called for better use of communications technology such as satellites and more use of IT including databases to coordinate actions by emergency services and utilities.

EMSM Locks Down Mobile Data (17 May 2004)
Senforce Technologies has introduced a tool, Enterprise Mobile Security Manager (EMSM), which is designed to keep sensitive data on notebook computers from being stolen. EMSM uses centrally controlled group policies to control access to various paths that might be vulnerable to hacking or theft. Such policies can also be used to control which network applications users have access to and when. EMSM is priced at $89 per workstation.

Sniffer Products Enhanced (17 May 2004)
Network General Corp., which will officially spin off from Network Associates Inc. in July, has begun an 18-month product rollout of enhanced products from the Sniffer line. The first enhanced product, which was recently launched, is Appera Application Manager, which provides real-time, flow-based application traffic monitoring and analysis. The product checks traffic over time, rather than just analyzing packets at a moment in time.

Metro Ethernet Wanted if Reliable and Cheap (17 May 2004)
NetWorld+Interop hosted a roundtable discussion for several enterprise IT professionals and Ethernet service providers. The participants noted that issues such as latency, quality of service, rate limiting, resiliency to specific locations and security needed to be addressed. Mark Katz, manager of UBS Financial Services, summed up the conclusion the group reach when he stated, "If
[carriers ]
can offer a solution that solves those problems
[listed above ]
, it would help UBS cut network costs. But, in no way will we pay more for it" than from traditional telco WAN services.

Use Network Gear Making a Hit (14 May 2004)
There are approximately 20 companies in the U.S., including Santa Barbara-based Network Hardware Resale (NHR), reselling used or surplus networking gear from companies such as Cisco, Extreme Networks and Juniper Networks. Privately held NHR brought in 50 million USD in 2003 and expects revenues to hit 150 million USD by 2007. However, the majority of resales are done through eBay, maintains Yankee Group analyst Zeus Kerravala. Karravala estimates that the second hand equipment market is worth approximately 500,000 USD a year.

Companies Can't Keep Up with Attacks (25 May 2004)
The 2004 Australian Computer Crime and Security Survey shows that despite the increased activity by organizations to protect their networks, they are still falling behind with about half of those surveyed saying they were hit by attacks that compromised confidentiality, integrity and availability of systems in 2003. The survey's respondents were from large and medium organizations in 17 private industry sectors and local, state and federal government. Eighty eight percent of attacks involved viruses, worms or Trojans. Respondents noted that appling critical patches to their systems in a timely manner was difficult. According to the survey, sixty percent of the respondents acknowledged that the attacks were successful because of unpatched or unprotected software.

Cisco Wants Patent for TCP Fix (25 May 2004)
Cisco Systems, who recently confirmed that it had applied for U.S. patents on fixes for a protocol called Transmission Control Protocol (TCP), has stated that it plans to standardize some of the technology outlined in its patent applications. However, Security expert Paul Watson, who discovered the flaw in this protocol, notes that Cisco's new fixes could create other problems including increasing the risk of denial of service attacks and leaving a connection open when a valid reset packet is sent but not acknowledged. Watson maintains that if vendors update their products, they can take advantage of a part of the standard, which already exists in the standard version of TCP but has not implemented, rather than updating gear in order to utilize Cisco's solution.

AusCERT and US-CERT Warn of "Indefensible" 802.11b Flaw (17 May 2004)
The U.S. Computer Emergency Readiness Team (US-CERT) and the Australian Computer Emergency Response Team (AusCERT) have issued alerts, warning of a flaw in wireless LAN equipment based on the 802.11b Wi-Fi standard, rendering the devices vulnerable to a jamming attack that could result in a denial-of-service (DoS). A problem exists with the 802.11b direct-sequence spread spectrum (DSSS) modulation scheme's Clear Channel Assessment (CCA), normally used to determine if a WLAN channel is clear for transmission. 802.11g devices operating at a data rate of 20 Mbit/sec or below are also vulnerable since they switch over to using DSSS. At higher speeds, 802.11g utilizes orthogonal frequency division multiplexing (OFDM), a different modulation scheme which is also used by 802.11a devices and which is not vulnerable to the DSSS jamming attack. Mark Looi, an associate professor at the School of Software Engineering and Data Communications at Queensland University, Brisbane, Australia, asserts that continued use of 802.11b for critical infrastructure "could be considered negligent;" Three of his Ph.D. students discovered the flaw.
Related Article: DoS Vulnerability Threatens Wireless Networks
Related Article: Wi-Fi open to jamming attack

Bluetooth Not a Security Risk (14 May 2004)
The Bluetooth Special Interest Group (SIG) maintains that bluetooth technology is not a security risk noting that flaws are limited to a small number of Nokia and Sony Ericsson phones. The phones containing flaws are susceptible to "bluesnarfing," a hacking technique which allows hackers to access data such as information in address books and calendars. New models produced by Nokia and Sony Ericsson are not vulnerable to "bluesnarfing." The two companies are working to produce patches for older phones.
Related Article: Security Threats Raise Concerns About Bluetooth

AOL Looks at Wireless Service in the U.K. (21 May 2004)
Internet service provider America On Line (AOL) UK would like to team up with the wireless operator UK Broadband to launch a high-speed wireless Internet access product in the U.K. UK Broadband has control of the 3.4GHz frequency in Britain. If UK Broadband did join with AOL, the company, which planed to sell 512Kbps and 1Mbps services directly to customers, would then become a wholesaler of products. A UK Broadband spokesman has stated, "It's far too early to speculate on what may or may not happen."

ISP to Reduce Its Dependence on Telstra (18 May 2004)
Another Australian Internet service provider, Netspace, has decided to build its own broadband infrastructure in an attempt to reduce its dependence on Telstra's ADSL network. Two other internet service providers, iiNet and Internode, spoke with the Australian Competition and Consumer Commission (ACCC)in its ongoing investigation of Telstra's business practices stating that, in addition to its anti-competitive retail price moves, Telstra is creating barriers to ISPs setting up their own DSLAMs.

AOL Japan Sold (17 May 2004)
Japanese wholesale DSL company e-Access has purchased AOL Japan. As part of the deal, the AOL brand will continue operating in Japan.

AOL's Screening Program is a Success (17 May 2004)
Internet service provider AOL, a subsidiary of Time Warner, announced that since the launch of its screening program in April 2003, it has blocked more than one billion virus-infected e-mails. The program screens both incoming and outgoing mail at no cost to its customers. Despite AOL's efforts, a survey of 300 companies using AOL, conducted by TruSecure's ICSA Labs, found that about eleven percent of the companies' computers were infected at any given time in 2003.

Manpower Signs Up BT (20 May 2004)
A five-year deal was signed between recruitment firm Manpower and BT which will migrate Manpower on to a fully managed, global Wide Area Network (WAN). The network will cover 3,200 sites in 63 countries.

BT Losing Customers (20 May 2004)
The U.K. dominant fixed-line telcom, BT, is loosing between 50,000 and 100,000 customers a month. However, the company's "new wave" technologies, such as broadband, mobility and managed services, are helping to compensate for the loss of traditional fixed-line customers. According to BT chief executive, Ben Verwaayen, "Our transformation of the business will continue to accelerate."
Related Article: BT loses 150,000 customers a month

Telekom Warned About Empire-Building (May 19 2004)
Kai-Uwe Ricke, who took Deutche Telecom from a loss of 24.6 billion in 2002 to profitability in 2003, told shareholders at the company's annual general meeting he intended to pursue opportunities in Eastern Europe if they arose. However, Deutsche Bank, one of Deutche Telekom's biggest shareholders, after the German government, has warned Ricke not to return to costly empire-building characteristic of Telekom three years ago, which left the company with considerable debts and cost Ricke's predecessor his job.

SMS Messages Beat Out MMS Messages in Europe (12 May 2004)
Although multimedia messaging (MMS) is available, mobile phone users prefer SMS messaging reports a poll conducted by NOP Research. German-owned operator, T-Mobile, reports that while thirty-nine percent of new phones sold in 2003 were MMS enabled, users sent a thousand times more SMS messages than MMS. T-Mobile reports that in the U.K., where 55 percent of mobile phone users have handsets capable of sending MMS messages, in 2003 its network carried 4.39 million MMS messages compared to 2.98 billion simple text messages. According to Jerome Meniere, founder of digital image enhancement firm DO Labs, until mobile phones offer a credible alternative to entry level cameras picture messaging will continue to be a fad.

Wireless Hacking Techniques
This tutorial consists of a chapter from a new book, "Maximum Wireless Security," by authors Dr. Cyrus Peikari and Seth Fogie. Techniques used by hackers to compromise wireless networks are examined. Topics, such as sniffing, social engineering, lost password, and garbage collecting, will be covered.

Selecting an Internet Service Provider
Service providers bombard prospective customers with a variety of measurements to show the size and performance of their IP networks. This tutorial takes a look at the various numbers and what they mean to you.

VoIP Protocols
In order to understand the bandwidth overhead of voice over IP, one must have a basic understanding of the protocols which are involved when transporting voice over an IP based network. This paper discusses the various protocols typically used including: Internet Protocol, Unser Datagram Protocol and Real-time Transport Protocol

Turning Out Wireless Chaos by Rupert Goodwins
The author discusses the problems with wireless and ways to safeguard against radio chaos.

China Celebrates 10 Years of Internet Connection
This article details the last ten years of Internet in China.


Alcatel Launches Its First Clamshell Mobile Phone In Taiwan

Alcatel Accelerates Service Delivery At IP/MPLS

China Telecom Deploys Trial 3G Network With Alcatel Gear

BT Selects Alcatel As Prime Contractor For Project Bluephone

Alcatel Doubles Up in Russia


Cisco Systems Board Authorizes Additional Stock Repurchases.

Cisco Profits Fail To Impress Investors

Rise In Cisco Earnings Creates 1,000 Jobs

IBM And Cisco Systems To Offer Internet Telephony

FBI Investigating Cisco Source Code Leak

Theft Of Cisco Source Code Stirs Fears Of Security Threat

Happy Birthday to Cisco

Cisco Unveils Big, Fast Router To Counter Juniper


Juniper Celebrates Itself

Juniper: Integrated Security A Necessity For Networks

Juniper Networks Marks Two Years of Growth


Network Associates Readies Updated Security Appliances

Network Associates Joins Standards Group


Nortel Docs Subpoenaed

Nortel Opens Local Wireless Lab

MCI, Nortel Attempt To Allay Users' Doubts About Stability


Symantec Swallows Brightmail

Brightmail Acquisition By Symantec Seen As Good For It Users


TippingPoint Launches European Offensive


Lucent To Buy Telica For VoIP Gear

Vodafone To Buy Rest Of Japanese Unit

Telekom Buys 2 Singular Cellphone Networks

Three Ex-Enterasys execs plead innocent

FCC Proposes Unlicensed 3650-3700 MHz Operation
The Federal Communications Commission (FCC) proposes to amend the its rules to maximize the efficient use of the 3650-3700 MHz band. The proposal would allow unlicensed devices to operate in either all, or portions of, this radiofrequency (RF) band under flexible technical limitations with smart/cognitive features that should prevent interference to licensed satellite services. It is believed that this proposal will foster the introduction of new and advanced services to the American public, especially in rural areas. Comments due: 28 July 2004.

FCC Announces Disability Access "Solutions Summit" Panelists
The FCC has announced the panelists for the "Solutions Summit" on Disability Access Issues Associated With Internet-Protocol Based Communications Services, and invites interested persons to a Solutions Summit. The Solutions Summit is the second in a series where government, industry leaders and stakeholders can discuss creative ways to address policy issues that arise as communications services move to Internet-Protocol based platforms. This meeting will focus on the ways persons with disabilities access services increasingly based upon IP technologies. Date & Time: 07 May 2004, 9 a.m. to 1:15 p.m.

USDA RUS Broadband Grant Program
The Rural Utilities Service, an agency of the U.S. Department of Agriculture (USDA), is proposing regulations to administer the Community Connect Grant Program for the provision of broadband transmission service in rural America. Comments due: 14 June 2004.

FCC's Final Rule on Debt Collection Improvement Act Implementation
The Federal Communications Commission (FCC) amends its rules to implement the Debt Collection Improvement Act of 1996 (DCIA). The Commission also adopts a rule whereby applications or other requests for benefits would be dismissed upon discovery that the entity applying for or seeking the benefit is delinquent in any debt to the Commission, and that entity fails to resolve the delinquency. Effective: 16 June 2004; some sections: 01 October 2004.

FCC Seeking Comments Regarding DAB Migration
In regards to Digital Audio Broadcasting (DAB) systems and their impact on the terrestrial radio broadcast service, the Federal Communications Commission (FCC) seeks comment on policies it may adopt to encourage broadcasters to convert from an analog-only radio service to a hybrid analog/digital radio service, and eventually, to an all-digital radio service. Of especial concern is what changes and amendments to the FCC's technical rules are necessary to further the DAB introduction. Among the issues the FCC would like to receive input on are proposals to allow AM nighttime digital service, and whether a radio station should be allowed to offer a high definition service, a multiplexed service, a datacasting service, or a combination of all of these possibilities. In addition, the FCC seeks comment on which of its existing programming and operational rules should be applied to DAB. Comments due: 16 June 2004

FCC Announces Effective Date of MVDDS Final Rule
In mid- to late 2002, the Federal Communications Commission adopted new rules to establish technical, service and licensing rules governing Multichannel Video Distribution and Data Service (MVDDS) in the 12 GHz band. Certain rules contained new and modified information collection requirements and were published in the Federal Register on 26 June 2002: Order To Permit Operation of NGSO FSS Systems Co-Frequency With GSO and Terrestrial Systems in the Ku-Band Frequency Range; Authorize Subsidiary Terrestrial Use of the 12.2-12.7 GHz Band by Direct Broadcast Satellite Licensees and Their Affiliates; and in Re Applications of Broadwave USA, PDC Broadband Corporation, and Satellite Receivers, Ltd. in the 12.2-12.7 GHz Band. Effective: 20 November 2002.

14.64 Alcatel UP 0.48
22.54 Cisco NC
20.75 Juniper UP 0.26
16.53 Network Asssoc. DOWN 0.01
03.84 Nortel UP 0.27
45.65 Symantec NC
27.36 Tipping Pt. NC

NetworkBits Editorial Board:
Aminah Grefer, Roland Grefer, Steve Lewis, Stephen Northcutt, Arrigo Triulzi

To submit comments, additional news items or other information you would like to share with us, please send an email to NetworkBits@sans.org.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, and for free posters) or to update a current subscription, visit http://portal.sans.org/

An archive of past issues of the NetworkBits newsletter is available at http://www.sans.org/newsletters/networkbits

The NetworkBits newsletter is also available as a RSS feed at http://www.sans.org/newsletters/networkbits/rss

Get Firefox!