From djm@mindrot.org Wed Aug 1 00:28:46 2001 From: djm@mindrot.org (Damien Miller) Date: Wed, 1 Aug 2001 10:28:46 +1000 (EST) Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: Message-ID: On Wed, 1 Aug 2001, Rick Welykochy wrote: > On Wed, 1 Aug 2001, Grant Bayley wrote: > > > >From Wired: > > http://www.wired.com/news/politics/0,1283,45692,00.html > [SNIP] > > But that may be changing. Federal rules that will make it obligatory for > > specific sectors to download virus patches are already here, and more are > > coming. > > Let me see now ... > > 1. Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. > > 2. Johnson & Johnson produce defective silicon breast implants. Even > though J&J rigorously defends itself against a class action, it > is found guilty of its breach of care to its customers and pays > out $100's of millions in damages. [snip] > And Microsoft is home-free, sitting high on its proverbial > corporate backside, stuffed with $BILLIONS of ill-gained profits, > scraped out of consumer and corporate purses with narry a skerrick > of responsibility for the crappe product it is selling. I find this comparison inaccurate and quite distasteful. While Microsoft has undoubtedly caused much frustration and cost to individual and businesses affected by their shoddy software, this should not be compared with companies who have caused such a degree of personal suffering and loss of life. To do so is disrespectful to the victims and makes a caricature of your argument. Addressing your argument, the difference between the above companies is that someone has actually sued them. To date nobody (to my limited knowledge) has bothered to even try to do the same for Microsoft. -d -- | Damien Miller \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer From locust@iinet.net.au Wed Aug 1 00:40:39 2001 From: locust@iinet.net.au (Andrew Francis) Date: Wed, 1 Aug 2001 08:40:39 +0800 (WST) Subject: [LINK] ATO Ruling In-Reply-To: <4.3.2.7.2.20010801092605.00a9cdd0@pop.qut.edu.au> Message-ID: On Wed, 1 Aug 2001, Michael Lean wrote: > >AUSTRALIAN IT INDUSTRY CRITICIZES TAX RULING > >The Australian IT industry is criticizing a final decision > >from the Australian Tax Office that rules that simple > >Websites that involve converting documents to HTML and > >adding a few links does not constitute software development. > >http://australianit.news.com.au/common/storyPage/0,3811,2467625%5E442,00.html Well, it doesn't :) Maybe simple website publishing deserves to be more deductible, but it certainly doesn't merit the label "software development". Once you start adding dynamic content to a site, and certainly once you start dealing with money and credit card numbers, the skills required to develop the website, and the cost thereof, enters an entirely different ballpark. A lot of the time, when I hear about what someone paid to have a simple website done, I can't help but feel they've been ripped off.. -- Andrew Francis locust@iinet.net.au From Rik.Harris@fulcrum.com.au Wed Aug 1 00:41:33 2001 From: Rik.Harris@fulcrum.com.au (Rik Harris) Date: Wed, 1 Aug 2001 10:41:33 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: ; from Rick Welykochy on Wed, Aug 01, 2001 at 09:54:49AM +1000 References: Message-ID: <20010801104133.J1882@fulcrum.com.au> On Wed, Aug 01, 2001 at 09:54:49AM +1000, Rick Welykochy wrote: > On Wed, 1 Aug 2001, Grant Bayley wrote: > > > >From Wired: > > http://www.wired.com/news/politics/0,1283,45692,00.html > [SNIP] > > But that may be changing. Federal rules that will make it obligatory for > > specific sectors to download virus patches are already here, and more are > > coming. > > Let me see now ... > > 1. Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. > > 2. Johnson & Johnson produce defective silicon breast implants. Even > though J&J rigorously defends itself against a class action, it > is found guilty of its breach of care to its customers and pays > out $100's of millions in damages. > > 3. There are countless further examples of the *company or agency* > that produces the faulty product being culpible. As a matter of > fact, I'm hard pressed to find an example where the *customer* > who uses a faulty product is found to be liable to take any actions > of any sort. While I kind of agree with your argument about faulty products and software being included in this category, your examples are all related to safety (as are most product recalls). They are therefore covered by safety regulations (or at least the companies that supply them public liability insurance), rather than the companies doing this out of the goodness of their hearts. Most commodity software comes with a license that says it's not to be used in situations (medical, air, nuclear) where safety is critical - so it's seen as legitimate to claim 'caveat emptor'. I'm not sure that a public liability claim would stand up in this situation unless the company is writing software for medical equipment (for example). rik. -- ~ Specialists in IT Infrastructure ~ * Managed Services * Consulting * Product Supply & Support * Rik Harris The Fulcrum Group of Companies Chief Technology Officer Level 8, 628 Bourke Street ph: +61-3-8601-6100 Melbourne VIC 3000 fx: +61-3-8601-6199 Australia From locust@iinet.net.au Wed Aug 1 00:45:19 2001 From: locust@iinet.net.au (Andrew Francis) Date: Wed, 1 Aug 2001 08:45:19 +0800 (WST) Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: Message-ID: On Wed, 1 Aug 2001, Damien Miller wrote: > On Wed, 1 Aug 2001, Rick Welykochy wrote: > > 1. Ford Motor Co. produces a car with a defect. The defect turns out > > be a possible source of injury. The result: Ford is *legally liable* > > to recall and fix said vehicles. > > > > 2. Johnson & Johnson produce defective silicon breast implants. Even > > though J&J rigorously defends itself against a class action, it > > is found guilty of its breach of care to its customers and pays > > out $100's of millions in damages. > > [snip] > > > And Microsoft is home-free, sitting high on its proverbial > > corporate backside, stuffed with $BILLIONS of ill-gained profits, > > scraped out of consumer and corporate purses with narry a skerrick > > of responsibility for the crappe product it is selling. > > I find this comparison inaccurate and quite distasteful. > > While Microsoft has undoubtedly caused much frustration and cost to > individual and businesses affected by their shoddy software, this > should not be compared with companies who have caused such a degree of > personal suffering and loss of life. While the suffering of the victims is certainly significant, I suspect that the cases against Ford and J&J would have been based on the grounds that the products weren't "merchantable". Personally, I believe that many of Microsoft's products fall under the same label. -- Andrew Francis locust@iinet.net.au From jwhit@PrimeNet.Com Wed Aug 1 01:10:24 2001 From: jwhit@PrimeNet.Com (Jan Whitaker) Date: Wed, 01 Aug 2001 11:10:24 +1000 Subject: [LINK] MCSE Certification In-Reply-To: <4.3.2.7.2.20010731234145.00aaec40@popa.melbpc.org.au> References: <6u7kwppl7u.fsf@zork.zork.net> Message-ID: <5.0.2.1.0.20010801110817.02c72410@pop.primenet.com> At 11:57 PM 31/07/01 +1000, Stephen Loosley wrote: >"A lot of folks are not adopting Windows 2000 as >quickly as Microsoft hoped. They're the same ones >wondering, 'Why retire the NT version of the track?' " > >When I asked whether or not Microsoft might decertify >50 percent or more of its MCSEs on Jan. 1, >Microsoft's McSweeney replied, "I don't think that's >an unreasonable number." Is this a situation not unlike the Win3.X, 9X issue? The user really doesn't want to upgrade, there isn't a need to upgrade unless you want to upgrade to the upgraded office software, and the skills that are in place are really what are needed rather than the bloatware? Is M$ once again playing a business income ploy by decertifying people who still have needed and functional skills for the majority of the marketplace? Is a decertified person any less valuable to an organisation that stays with the prior version software? Jan JLWhitaker Associates Melbourne, Victoria, Australia jwhit@primenet.com -- http://www.primenet.com/~jwhit/whitentr.htm From Roger.Clarke@xamax.com.au Wed Aug 1 01:42:59 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Wed, 1 Aug 2001 11:42:59 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: References: Message-ID: Rick Welykochy : >1. Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. ... >Instead of Microsoft simply being found liable for producing a >defective product (that's *ONE* company to fix *ONE BIG PROBLEM*), >the USA is considering making *MILLIONS* of consumers of the >defective product liable for installing fixes to solve the >defects. The problem is that, under the product liability laws of Australia and most other countries, software is not a product. To the best of my knowledge, this issue was last canvassed (by the Clth Law Reform Commission) as long ago as, would you believe, 13 years ago!!!! See my analysis of the issues in late 1988: Who Is Liable for Software Errors? Proposed New Product Liability Law in Australia http://www.anu.edu.au/people/Roger.Clarke/SOS/PaperLiaby.html That's why I reckon the civil tort of negligence, and the law of criminal negligence, are better bets. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From eric.scheid@ironclad.net.au Wed Aug 1 02:05:50 2001 From: eric.scheid@ironclad.net.au (Eric Scheid) Date: Wed, 1 Aug 2001 12:05:50 +1000 Subject: [LINK] Fwd: Sunday cable break spares Australia Message-ID: <200108010205.f7125wg11906@web.anu.edu.au> >Re: ARN Daily - Wednesday, 1 August, 2001 > >Southern Cross Cable Network suffered a break in its Australia - US cable >on Sunday but the impact to customers was limited due to the fortunate >weekend timing, a spokesman for the company said. The break had limited >impact as it happened, 7.45 am on Sunday morning, he said. > ______________________________________________________________________ eric@ironclad.net.au i r o n c l a d n e t w o r k s information architect http://www.ironclad.net.au/ From eric.scheid@ironclad.net.au Wed Aug 1 02:05:48 2001 From: eric.scheid@ironclad.net.au (Eric Scheid) Date: Wed, 1 Aug 2001 12:05:48 +1000 Subject: [LINK] Fwd: MS $65K back flip over charity, but not for PCs for Kids Message-ID: <200108010205.f7125vg11898@web.anu.edu.au> From: Mailing_Service@idg.com.au (1/8/01 10:46 AM) >Re: ARN Daily - Wednesday, 1 August, 2001 >Two weeks after it copped a media flogging over its attempt to bring legal >action against a Victorian-based charity for software piracy, Microsoft >has revealed it will donate $65,000 worth of software and PCs to local >community organisations. But a furious PC for Kids co-founder Theresa >Bayes has labeled the move as a gross publicity stunt too late to benefit >the PC for Kids charity ? which is now facing closure. > ______________________________________________________________________ eric@ironclad.net.au i r o n c l a d n e t w o r k s information architect http://www.ironclad.net.au/ From Richard.Chirgwin@informa.com.au Wed Aug 1 03:38:10 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Wed, 1 Aug 2001 13:38:10 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A39@EXCHANGE_AU> Rik Harris writes: >Most commodity software comes with a license that says it's not to be >used in situations (medical, air, nuclear) where safety is critical - >so it's seen as legitimate to claim 'caveat emptor'. > >I'm not sure that a public liability claim would stand up in this >situation unless the company is writing software for medical equipment >(for example). As I recall, there was a motor vehicle recall because of a suspected software fault in the engine management computer - late last year? Ford, again? The "caveat emptor" on software licenses is fair to a degree - if I use consumer software in a safety-critical system, it's my own silly fault. But that statutory regulation is different from the (in Australia) common-law principle that a product should be fit for the purpose for which it is sold. Questions: a) Does the widespread expectation that software will crash weaken a common-law claim? b) What would constitute a "reasonable expectation" of software quality (since 100% is beyond our grasp)? c) Where is the line between safety-critical and non-safety-critical? For eg: the software in a heart monitor is safety-critical. My word processor is not. But what of the case of Canterbury Hospital (I think) in Sydney, where a badly-coded database UI led to the wrong drugs being dispensed from the hospital pharmacy? My bet is that such a system runs on a commercial OS (if not MS then a Unix and a database) - and I'd also wager that nobody even considered in advance whether the product liability waivers applied in that case. Richard Chirgwin -----Original Message----- From: Rik Harris [mailto:Rik.Harris@fulcrum.com.au] Sent: Wednesday, 1 August 2001 10:42 To: Rick Welykochy; Grant Bayley Cc: 2600-list@wiretapped.net; link@www.anu.edu.au Subject: Re: [LINK] "New Laws: Thou Shalt Patch" On Wed, Aug 01, 2001 at 09:54:49AM +1000, Rick Welykochy wrote: > On Wed, 1 Aug 2001, Grant Bayley wrote: > > > >From Wired: > > http://www.wired.com/news/politics/0,1283,45692,00.html > [SNIP] > > But that may be changing. Federal rules that will make it obligatory for > > specific sectors to download virus patches are already here, and more are > > coming. > > Let me see now ... > > 1. Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. > > 2. Johnson & Johnson produce defective silicon breast implants. Even > though J&J rigorously defends itself against a class action, it > is found guilty of its breach of care to its customers and pays > out $100's of millions in damages. > > 3. There are countless further examples of the *company or agency* > that produces the faulty product being culpible. As a matter of > fact, I'm hard pressed to find an example where the *customer* > who uses a faulty product is found to be liable to take any actions > of any sort. While I kind of agree with your argument about faulty products and software being included in this category, your examples are all related to safety (as are most product recalls). They are therefore covered by safety regulations (or at least the companies that supply them public liability insurance), rather than the companies doing this out of the goodness of their hearts. Most commodity software comes with a license that says it's not to be used in situations (medical, air, nuclear) where safety is critical - so it's seen as legitimate to claim 'caveat emptor'. I'm not sure that a public liability claim would stand up in this situation unless the company is writing software for medical equipment (for example). rik. -- ~ Specialists in IT Infrastructure ~ * Managed Services * Consulting * Product Supply & Support * Rik Harris The Fulcrum Group of Companies Chief Technology Officer Level 8, 628 Bourke Street ph: +61-3-8601-6100 Melbourne VIC 3000 fx: +61-3-8601-6199 Australia From cas@taz.net.au Wed Aug 1 04:01:47 2001 From: cas@taz.net.au (Craig Sanders) Date: Wed, 1 Aug 2001 14:01:47 +1000 Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <6u3d7dnrbf.fsf@zork.zork.net> Message-ID: <20010801140147.F32586@taz.net.au> On Tue, Jul 31, 2001 at 02:47:32PM +0100, Sean Neakums wrote: > >>>>> "CS" == Craig Sanders writes: > > CS> On Tue, Jul 31, 2001 at 10:48:02AM +0100, Sean Neakums wrote: > CS> anyway, these days it's fair to say that the commercial *nixes > CS> are proprietary linux clones :-) > >> Considering that most of them pre-date Linux, it most certainly is > >> not. > CS> it's a joke, joyce. > CS> notice the smiley? > > Any joke that requires a moronic `smiley' to be appended to identify > it as such is not worthy of the name. well, i'm glad we've got that cleared up. life is so much less confusing when experts like you give us peasants the benefit of their encyclopaedic knowledge and enormous intellect. > >> And let's try not to confuse `commercial' and `proprietary', > >> please. > CS> you're nitpicking over a point which is irrelevant in this > CS> situation. all commercial unixes ARE proprietary. > > Sure, but not all commercial _*nixes_. apparently you feel there's some difference between "unixes" and "*nixes". i'll rephrase that to remove the ambiguity for you. all commercial *nixes are proprietary. name one that isn't. while you're at it, find another pedantic point to waste everyone's time with. this one won't last much longer, so you'll need another one. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From cas@taz.net.au Wed Aug 1 04:09:23 2001 From: cas@taz.net.au (Craig Sanders) Date: Wed, 1 Aug 2001 14:09:23 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: <3B673460.CB93B2CC@id.ethz.ch> Message-ID: <20010801140923.G32586@taz.net.au> On Wed, Aug 01, 2001 at 12:42:40AM +0200, Auer, Karl James wrote: > Grant Bayley wrote: > > > http://www.wired.com/news/politics/0,1283,45692,00.html > > Federal rules that will make it obligatory for > > specific sectors to download virus patches are already here > > [...] > > "It means financial institutions will have a legal obligation to take > > steps to preserve the security of their organization," > > I'd have thought making software companies legally liable for defects > leading to losses due to security failures would get a whole lot more > done a whole lot faster. yes, that would be good. however, that shouldn't eliminate the liability of those who, through negligence or deliberate inaction, run insecure systems or networks which are hijacked to harm a third party. systems and network administrators have a professional responsibility to keep up to date with security announcements and ensure that their networks and systems are secure. if you fail to properly secure or train your dog and it bites someone, you're liable - why shouldn't you be liable for damage caused as a direct result of you failing to properly secure your network? > On the flip side, there is also no excuse for users to expect to be able > to use powerful and possibly dangerous tools with no effort and no > learning curve. yep. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From MToohey@fesa.wa.gov.au Wed Aug 1 04:09:07 2001 From: MToohey@fesa.wa.gov.au (MToohey@fesa.wa.gov.au) Date: Wed, 1 Aug 2001 12:09:07 +0800 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: Rick, in relation to your car analogy " Let me see now ... 1. Ford Motor Co. produces a car with a defect. The defect turns out be a possible source of injury. The result: Ford is *legally liable* to recall and fix said vehicles. " But if a customer does not service or maintain the vehicle as the manual requires, and a loss or damage occurs due to a failing of the product, then the supplier has a means of escaping liability. cheers, Matt. From foconno1@bigpond.net.au Wed Aug 1 04:46:40 2001 From: foconno1@bigpond.net.au (Frank O'Connor) Date: Wed, 1 Aug 2001 14:46:40 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: References: Message-ID: Ahhh ... but what is the situation when, from Day 1, Ford requires the owner to bring the car in for servicing daily or weekly and install new parts to replace defective parts? What is the situation when Ford doesn't advise the owner personally (so he is not aware of the defect) and simply places hundreds of bulletins on a set of Ford notice boards that are difficult to find? What is the situation when installing each repair means downtime for the truck or car that the owner is using in their business? What is the situation when the underlying design of Ford's cars is fundamentally flawed in the interests of 'user features' to the extent that the car represents a serious threat to the life and security of the owner as a result? What is the situation when ... You get the idea. :) Regards, At 12:09 PM +0800 1/8/01, MToohey@fesa.wa.gov.au wrote: >Rick, > >in relation to your car analogy > >" Let me see now ... > >1. Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. " > >But if a customer does not service or maintain the vehicle as the manual >requires, and a loss or damage occurs due to a failing of the product, then >the supplier has a means of escaping liability. > >cheers, >Matt. -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From eric.scheid@ironclad.net.au Wed Aug 1 04:48:55 2001 From: eric.scheid@ironclad.net.au (Eric Scheid) Date: Wed, 1 Aug 2001 14:48:55 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: <200108010449.f714nDg00542@web.anu.edu.au> From: Craig Sanders (1/8/01 2:09 PM) >however, that shouldn't eliminate the liability of those who, through >negligence or deliberate inaction, run insecure systems or networks >which are hijacked to harm a third party. here in NSW if you leave your vehicle with it's doors unlocked, it's a crime. e. ______________________________________________________________________ eric@ironclad.net.au i r o n c l a d n e t w o r k s information architect http://www.ironclad.net.au/ From mail@ecommercereport.com.au Wed Aug 1 04:34:12 2001 From: mail@ecommercereport.com.au (stewart carter) Date: Wed, 01 Aug 2001 14:34:12 +1000 Subject: [LINK] eMarketplaces seminar invitation Message-ID: <5.1.0.14.2.20010801143225.028f74c0@mail.sprintsoft.com> Dear Tony I'm pleased to be able to invite Linkers to attend the next meeting of the Victorian eCommerce Network on Tuesday the 7th of August at the usual time/usual venue ( Shell Australia conference centre, 1 Spring St Melbourne 5.30-7pm). Topic this month is e-Marketplaces and our speakers are Tom Honan, CEO of corProcure (www.corProcure.com.au) Noel Hamill, GM of eBusiness, Cable and Wireless Optus (www.cwomarketsite.com.au) Allan Poezyn, Regional V-P, Australia and Asia, Quadrem (www.quadrem.com) As usual, there is no charge to attend, but space is limited and so we'd ask that you register first at www.vecn.org Stewart Carter Publisher/Editor eCommerce Report GPO Box 1240L Melbourne Australia 3001 www.ecommercereport.com.au mail@ecommercereport.com.au Phone 61 (0) 3 9347 5254 or mobile 61 (0) 411 477 149 From MToohey@fesa.wa.gov.au Wed Aug 1 04:55:36 2001 From: MToohey@fesa.wa.gov.au (MToohey@fesa.wa.gov.au) Date: Wed, 1 Aug 2001 12:55:36 +0800 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: I couldn't agree more. On re-reading my earlier email it could be construed that I was defending the indefensible - which wasn't my intention, rather I was intending to point out an ambiguity of the law which could provide a possible defense. A further example of how the law can work is cigarette manufacturers - i.e. If you use the product as it is intended - it will kill you. Frank O'Connor cc: Rick Welykochy , link@www.anu.edu.au Subject: Re: [LINK] "New Laws: Thou Shalt Patch" 01/08/2001 12:46 PM Ahhh ... but what is the situation when, from Day 1, Ford requires the owner to bring the car in for servicing daily or weekly and install new parts to replace defective parts? What is the situation when Ford doesn't advise the owner personally (so he is not aware of the defect) and simply places hundreds of bulletins on a set of Ford notice boards that are difficult to find? What is the situation when installing each repair means downtime for the truck or car that the owner is using in their business? What is the situation when the underlying design of Ford's cars is fundamentally flawed in the interests of 'user features' to the extent that the car represents a serious threat to the life and security of the owner as a result? What is the situation when ... You get the idea. :) Regards, At 12:09 PM +0800 1/8/01, MToohey@fesa.wa.gov.au wrote: >Rick, > >in relation to your car analogy > >" Let me see now ... > >1. Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. " > >But if a customer does not service or maintain the vehicle as the manual >requires, and a loss or damage occurs due to a failing of the product, then >the supplier has a means of escaping liability. > >cheers, >Matt. -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From lannet@lannet.com.au Wed Aug 1 05:06:03 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Wed, 1 Aug 2001 15:06:03 +1000 (EST) Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: <20010801140923.G32586@taz.net.au> Message-ID: I wonder if the answer might be a form of professional licencing. You need a licence to practice medicine. You need a licence to practice law. You need a licence to drive a car and it is graded. You need a licence to fly a plane and it is also graded. Any idiot can administer a network without any training or experience. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Wed, 1 Aug 2001, Craig Sanders wrote: > systems and network administrators have a professional responsibility > to keep up to date with security announcements and ensure that their > networks and systems are secure. > > > if you fail to properly secure or train your dog and it bites someone, > you're liable - why shouldn't you be liable for damage caused as a > direct result of you failing to properly secure your network? > > > On the flip side, there is also no excuse for users to expect to be able > > to use powerful and possibly dangerous tools with no effort and no > > learning curve. > > yep. > > craig > > From rick@praxis.com.au Wed Aug 1 05:22:07 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Wed, 01 Aug 2001 15:22:07 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" References: <9BD4AE8C2EB1D311982700508BA2498901573A39@EXCHANGE_AU> Message-ID: <3B6791FF.2F578DD4@praxis.com.au> "Chirgwin, Richard" wrote: > a) Does the widespread expectation that software will crash weaken a > common-law claim? IANAL! Did the widespread expectation that smoking cigarettes causes cancer weaken class action claims against the Tobacco Giants in the USA recently? > b) What would constitute a "reasonable expectation" of software quality > (since 100% is beyond our grasp)? Perhaps chalk up the reliability of various platforms, software packages, etc, and rank them. But I must admit that getting a reasonable estimate of reliablility vs. cost is difficult. For example, I can demonstrate that a system running a Linux 2.2 kernel and some basic Internet services (for a software licence cost of zero) is far more reliable (stays up, secure, etc) than a Windows NT 4.0 server doing the same job (cost ... several $1000's?) In simple terms, I expect the underlying operating system to be secure, does not crash and does not corrupt data. An expectation of 100% is unreasonable for any software system, but 99% is not expecting too much. As for application software, I expect it to function in a reasonable manner, and produce expected results reliably and consistently across multiple invocations. A minor bug/glitch/hiccup is acceptable, but a freeze-up/crash/'GPF' or similar is not acceptable. The latter should be caught by regression, unit and integration test during QA before product release. These expectations are based on what is by now years of experience the world and the industry have had with computer systems. They are not unreasonable expectations. For heaven's sake, back in my uni days in the the 70's the above criteria were consistently being met by all the systems on which I did my undergraduate work. Such expecations and concepts are not new. QA concepts are not new. > c) Where is the line between safety-critical and non-safety-critical? For > eg: the software in a heart monitor is safety-critical. My word processor is > not. But what of the case of Canterbury Hospital (I think) in Sydney, where > a badly-coded database UI led to the wrong drugs being dispensed from the > hospital pharmacy? My bet is that such a system runs on a commercial OS (if > not MS then a Unix and a database) - and I'd also wager that nobody even > considered in advance whether the product liability waivers applied in that > case. I've never had to work on a safety critical system. The stress and burden of responsbility must be enormous. That said, I treat all software projects as if they were safety-critical. I test the hell out them before they leave my control. To do anything less I consider negligent. If I did have the responsibility of a safety-critical software system, I think testing and proof of safety would take upwards of 90% of the project time. Back to the thread. To sum up some points made so far: 1. sys admins are responsible for maintaining the integrity and security of the systems they deploy; this is all the more important when those systems reside on the open Internet, for their negligence can contribute to the spread a malicious software to hundreds of thousands of other similarly connected machines; 2. software is considered a service not a product, thus hindering action that can be taken against a software producer (this came as sad news to me); 3. *some* software producers make it very difficult to see 'under the hood' of their systems, making it difficult to harden their systems against attack; and *some* of these systems arive out of the box in a very insecure state that must be 'hardened' by a diligent sys admin; 4. *some* software producers have made the regime of patching and maintaining their systems with updates onerous to the point of being overwhelming It seems there is a balance to be reached between software producers selling reasonably secure and reliable systems and users of said systems maintaining the future security of same with reasonable diligence. I once again make the point that proposed American legislation to heap the burden of secure systems entirely upon sys admins and their diligence in applying patches is unfair and further removes any incentive for software producers to produce quality systems. Rgds Rick W _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From NSMITH@nla.gov.au Wed Aug 1 05:32:47 2001 From: NSMITH@nla.gov.au (Nick Smith) Date: Wed, 1 Aug 2001 15:32:47 +1000 Subject: [LINK] The ADA Monthly Intellectual Property Wrap-Up: July 2001 Message-ID: <35A0BC67FA1AD311B18E0090277A418703BC4095@mirkwood.nla.gov.au> The ADA Monthly Intellectual Property Wrap-Up ---------------------------------------------------------------------------- ----------- A monthly summary of recent legislation, cases, reports and other events relating to intellectual property and the public interest, published by the Australian Digital Alliance. -------------------------------------------------------------- July 2001 -------------------------------------------------------------- [1] About this publication [2] The Panel and the White pages: recent Australian legal action [3] The jailing of a programmer and the death of 'fair use': US v Sklyarov [4] Feeling chilly? Get a weather report from the Chilling Effects Clearinghouse [5] How 'limited' are 'limited times'? Disappointing result in Eldred v Ashcroft [6] New Zealand announces digital copyright reform [7] I can copy, right? >[1] About this publication This summary of recent IP (but chiefly copyright) happenings of relevance to Australia is published every month by email and on the Australian Digital Alliance website at http://www.digital.org.au/issue/ipwjul01.htm. If you have any suggestions as to what should go in the next issue, please let the Nick Smith know by email: (nsmith@nla.gov.au). Nothing in this publication constitutes legal advice. >[2] The Panel and the White pages: recent Australian legal action As reported in the May issue of the Update (http://www.digital.org.au/issue/ipwmay01.htm), the Federal Court ruled in favour of Telstra, affirming copyright protection for its White and Yellow pages. It had been argued that this 'database' of unprotected facts (people's names, addresses and phone numbers) was itself not subject to copyright protection as a compilation. The losing party, Desktop Marketing Systems, has since been granted leave to appeal to the Full Bench of the Federal Court. It is not known when this case will be heard. In other Australian court news, the second part of the decision involving Cha nnel 10's TV program, 'the Panel', has been handed down. The case involved a lawsuit brought by Channel 9 against Channel 10's show on the grounds that its frquent habit of showing snippets of programs from other networks is an infringement of copyright. In the first part of the case, concerning the actual broadcast of the snippets, the court found that they were not sufficiently 'substantial' to infringe copyright. The second part of the case involved the making of video tapes of the snippets in order to later broadcast them. Nine contended that each and every separate visual image in a 'cinematograph film' is subject to copyright protection. Justice Finkelstein pointed out that this would involve a 'copyright duration of broadcasting time of less than 0.001 per cent of the total of an average television feature film.' Ten contended the opposite, that the duration of the work extended to the continuous 24-hour broadcast. Finkelstein J somewhat sensibly held that the duration of a program is the actual length of that program 'exclusive of advertisements.' Having rejected Nine's contention that every split-second is a separate copyright work, he reaffirmed his earlier judgement that the snippets copied and rebroadcast by Channel 10 were 'insubstantial'. >[3] The jailing of a programmer and the death of fair use: US v Sklyarov FBI agents have arrested a Russian programmer for distributing software that removes the restrictions on encrypted Adobe e-book files. His is one of the very first criminal prosecutions under the Digital Millennium Copyright Act, the US equivalent of our Digital Agenda Act. Dmitry Sklyarov, a programmer for Russian software company ElcomSoft, was visiting the United States for a convention to give a talk on the often-flawed security of e-books, including details of how he was able to break Adobe's encryption. ElcomSoft argue that their product allows users to get greater legally-permitted functionality from legitimately purchased e-books only (eg, allowing them to be used on machines other than the one the e-book was downloaded on or to translate the text to speech for the deaf). Adobe contends that the software's purpose is e-book piracy. It is also argued that company agreed not to distribute the product even prior to Sklyarov's arrest so that Sklyarov could not possibly have been 'trafficking' in the software (which is what he has been charged with). His arrest and subsequent detention without bail has radicalised the online community. The ferocity of the reaction, which included street protests in many cities in the US and elsewhere, surprised Adobe. It promptly backed and requested Sklyarov's release (though while still endorsing the DMCA) in this media release: http://www.adobe.com/aboutadobe/pressroom/pressreleases/200107/20010723dcma. html Sklyarov remains in jail however as the decision to continue with the prosecution rests with the US Attorney's Office. The head of the San Francisco office which is prosecuting the case is Robert Muller, George W. Bush's nominee for Director of the FBI. Mueller prides himself on being 'tough on e-crime' so Sklyarov is not expected to be released any time soon. This case has enormous implications for the future of copyright. If the prosecution succeeds, it may well signal the end of copyright as a creature of statute, at least as far as the electronic environment is concerned; all conditions of usage will be dictated by commercial vendors rather than Congress or Parliament. Fair use rights will still exist on the statute books but will have little practical value if those who seek to enforce them are jailed as felons. Lawrence Lessig weighed into the debate with an op-ed article in the New York Times (at http://www.nytimes.com/2001/07/30/opinion/30LESS.html). He commented that: "The D.M.C.A. outlaws technologies designed to circumvent other technologies that protect copyrighted material. It is law protecting software code protecting copyright. The trouble, however, is that technologies that protect copyrighted material are never as subtle as the law of copyright. Copyright law permits fair use of copyrighted material; technologies that protect copyrighted material need not. Copyright law protects for a limited time; technologies have no such limit." The decision to prosecute has also been criticised by many security researchers who assert that the DMCA is having a chilling effect on IT security research. In another recent DMCA case, the Recording Industry Association of America earlier threatened Princeton researcher Professor Ed Felten with a lawsuit if he gave a planned paper on his (invited) cracking of the Secure Digital Music Initiative; as a result he declined to give his paper. As Jon Katz of slashdot.org commented: "[Sklyarov's] arrest chills criticism of software, and of new technologies and the powerful companies that create them. It also undermines security -- one of the very things the DMCA is supposed to protect. How can weaknesses and flaws in security and encryption programs be discovered if they can't be shared, discussed or explored?" Some commentators have even suggested that, in future, US IT security conferences will move to Canada or offshore to maintain the right of researchers to freely discuss encryption issues. One positive aspect of Sklyarov's arrest is that the constitutionality of the DMCA will be challenged as well as subjecting it to greater public scrutiny. Meanwhile Dmitry Sklyarov, a 27 year old father of two, remains in jail far from home... More information can be found at: The Electronic Frontier Foundation, http://www.eff.org/Legal/Cases/US_v_Sklyarov/ and The Politech site, http://www.politechbot.com/cgi-bin/politech.cgi?name=sklyarov >[4] Feeling chilly? Get a weather report from the Chilling Effects Clearinghouse Feel the need to pull your cardie tight against the cool prevailing legal wind? You're not alone. Harvard's Berkman Center for Internet & Society and the Electronic Frontier Foundation are collaborating on a new project called the 'Chilling Effects Clearinghouse'. While the law itself can be constraint on freedom of expression (see the May issue of the ADA Monthly IP update http://www.digital.org.au/issue/ipwmay01.htm), perceptions of the law can prove an even bigger restraint. The Chilling Effects Clearinghouse aims to document the 'chilling effect' that 'cease and desist' letters can have. According to the site itself: "On the Internet, we often see more powerful actors sending vaguely worded legal threats and cease-and-desist notices to individuals who comply because they lack the legal resources to mount a challenge. The chilling effects of these threats on speech and activity are easy to discuss, but harder to quantify or to counter." Recent examples of issues which have been the subject of 'chilling' letters include: "the Motion Picture Association of America's letters implying that the injunction against 2600 bars the world from linking to the DeCSS code, Cyberpatrol emails regarding the CPhack posting as a copyright violation, and letters claiming that reverse engineering the CueCat bar-code reader's protocol 'conflict[s] with intellectual property rights owned by Digital Convergence.'" Alleged trademark violations are also popular targets for cease and desist letters; parodies of Barney the dinosaur and the Mastercard 'priceless' advertisements being two recent examples. A central aim of the Chilling Effects Clearinghouse is to put out information clarifying areas of the law which are subject to such letters in order to defuse nebulous legal threats. The site asks those who have received cease and desist letters to submit them. The site can be found at www.chillingeffects.org . >[5] How 'limited' are 'limited times'? Disappointing result in Eldred v Ashcroft An appeal decision was recently handed down in the case of Eldred v Ashcroft (it was formerly known as Eldred v Reno, following the name of the then US Attorney-General). Plaintiff Eric Eldred, a publisher of public domain works, is challenging the constitutionality of the Sonny Bono Copyright Term Extension Act (named after the no longer extant entertainer and Congressman). It is argued that the extension of copyright duration from life of the author plus 50 years to life plus 70 (or 95 years for corporations) violates the copyright clause in the US Constitution. (Bear in mind that the duration of copyright was once 14 years with an additional 14 being available upon re-registration). This clause allows Congress to "promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries." Eldred, represented by cyber law guru Lawrence Lessig, argued that the 'founding fathers' were not just wasting ink when they used the phrase 'limited Times'; that there must be some constitutional constraint on the frequent extensions to copyright duration. They also claimed that the increasing level of copyright protection violates the First Amendment guarantee of protection of freedom of expression. So far the case has not been terribly successful, lately having by rejected by the DC Appeals Court (though there was a heartening dissent from one justice). Apparently the only option remaining is to appeal to the Supreme Court. At least, however, this action has forced attention upon the ever-increasing duration of copyright. This case reveals a division within the US Court System about the relationship between copyright and the First Amendment. While the DC Appeals Court held that 'copyrights are categorically immune from First Amendment scrutiny', the Eleventh Circuit Court of Appeals lifted a copyright-based injunction in the Wind Done Gone case (see May issue http://www.digital.org.au/issue/ipwmay01.htm for more information) calling the copyright injunction an 'extraordinary and drastic remedy' that 'amounts to an unlawful prior restraint in violation of the First Amendment.'" The latest decision can be found at: http://biotech.law.umkc.edu/cases/IP/copyright/eldred_v_reno.htm Further discussion an open invitation to participate in working out the next step: http://eon.law.harvard.edu/openlaw/eldredvreno/ >[6] New Zealand announces digital copyright reform Hot on the heels of Canada's recently reported digital copyright reform, comes a digital copyright discussion paper from New Zealand's Ministry of Economic Development. The discussion paper, entitled Digital Technology and the Copyright Act 1994: A Discussion Paper can be found at http://www.med.govt.nz/buslt/int_prop/digital/index.html The Ministers responsible for releasing the paper, Laila Harre and Paul Swain, said that: "copyright law has traditionally aimed to balance the interest of rights holders and users of works of copyright. The challenge we face now is maintaining this balance while taking into account the impact of new technologies." The paper seeks comments from copyright owners, users and the public on such issues as the protection of electronic reproduction and communication; the liability of ISPs; the legal protection of technological protection measures and electronic rights management information; the legal protection of electronic databases; and 'whether any new exceptions or permitted uses are required to protect the interests of the users of copyright works and the wider public interest in the digital age.' Submission must be received by 12 October 2001. There is also a second discussion paper on performers' rights. >[7] I can copy, right? Yes, you can copy this publication. Feel free to send it to friends, colleagues or people you've never met; print it off or put it on your website provided that all text is included or, in the case of an excerpt, appropriate credit is given. -- ========================================================= Nick Smith Executive Officer :: Australian Digital Alliance Copyright Advisor :: Australian Libraries Copyright Committee PO Box E202 \\ Kingston ACT 2604 Ph: 02 6262 1273 \\ Fax: 02 6273 2545 Email: nsmith@nla.gov.au \\ Web: www.digital.org.au ========================================================= From bscott@gtlaw.com.au Wed Aug 1 05:37:38 2001 From: bscott@gtlaw.com.au (bscott@gtlaw.com.au) Date: Wed, 1 Aug 2001 15:37:38 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: There is a difference in kind between a latent defect being in a product and the product not being serviced properly and I doubt a court will have much truck with a car company that says that regular inspection of the spot welding of the axles is part of user servicing. In the case of a car I can't think of any examples where there'd be doubt as to one or the other. Software vendors and customers get into some delicious arguments about software maintenance - this is where the customer gets to pay the vendor for the vendor to correct problems with the software. On the one hand you're providing an incentive for the vendor to provide buggy software, so that maintenance is essential, on the other hand it's just a fact of business that the bugs aren't going to be fixed unless you pay for it (Vendors tend to cushion the blow by chucking "new releases" into the package as a bonus). Similar arguments arise over warranty periods. If a bug is found after the end of the warranty period it's not going to be a result of wear and tear, it's because the vendor didn't do the job properly in the first place. The whole discussion indicates to me that there are no accepted standards. That's probably because of the relative immaturity of the market. Sooner or later the courts will start throwing around liability for software. I guess just not soon enough for some of the correspondents. Brendan "Frank O'Connor" To: MToohey@fesa.wa.gov.au , nd.net.au> link@www.anu.edu.au, (bcc: Brendan Scott/Gilbert & Tobin/61) Subject: Re: [LINK] "New Laws: Thou Shalt Patch" 01/08/01 02:46 PM Ahhh ... but what is the situation when, from Day 1, Ford requires the owner to bring the car in for servicing daily or weekly and install new parts to replace defective parts? What is the situation when Ford doesn't advise the owner personally (so he is not aware of the defect) and simply places hundreds of bulletins on a set of Ford notice boards that are difficult to find? What is the situation when installing each repair means downtime for the truck or car that the owner is using in their business? What is the situation when the underlying design of Ford's cars is fundamentally flawed in the interests of 'user features' to the extent that the car represents a serious threat to the life and security of the owner as a result? What is the situation when ... You get the idea. :) Regards, At 12:09 PM +0800 1/8/01, MToohey@fesa.wa.gov.au wrote: >Rick, > >in relation to your car analogy > >" Let me see now ... > >1. Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. " > >But if a customer does not service or maintain the vehicle as the manual >requires, and a loss or damage occurs due to a failing of the product, then >the supplier has a means of escaping liability. > >cheers, >Matt. -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From Fred.Pilcher@act.gov.au Wed Aug 1 05:43:03 2001 From: Fred.Pilcher@act.gov.au (Pilcher, Fred) Date: Wed, 1 Aug 2001 15:43:03 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: <9F7F0A389219D411BDA900A0C9F2D6140430EE40@cal013.dpa.act.gov.au> (I take my last comment back, Richard) > > 1. Ford Motor Co. produces a car with a defect. The defect turns out > > be a possible source of injury. The result: Ford is > *legally liable* > > to recall and fix said vehicles. Regardless of any legal liability, Ford knows that if it gets a reputation for producing unreliable vehicles its customers will simply buy the GM equivalent which is, to all intents and purposes, identical. Thus, Ford has a commercial interest in making good any manufacturing faults. This works in exactly the same way as the PC market doesn't. Fred From me@Tony-Barry.emu.id.au Wed Aug 1 06:17:25 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Wed, 1 Aug 2001 16:17:25 +1000 Subject: [LINK] Talk is cheap Message-ID: >Date: Wed, 1 Aug 2001 14:38:50 +1000 (EST) >From: owner-all@minister.dcita.gov.au >subject: New Ministerial Media Release >Sender: owner-all@minister.dcita.gov.au >To: tony > >The following Ministerial Media Release is available at: >Page located at: http://www.dcita.gov.au/cgi-bin/graphics.pl?path=5893 > >TALK IS CHEAP - VERY CHEAP - WITH NEW INTERNET TELEPHONY SOFTWARE >Internet telephony and online conferencing provider Colloqui has been >awarded a $100,000 Federal Government grant to help commercialise its >flagship Internet software ChatStack which will dramatically reduce the cost >of voice and video communication. >Media contact: >Sasha Grebe, Minister's office, 02 6277 7480. >Chris Butler, AusIndustry, 02 6213 7324. > >----------------------------------------------------------------------- >To REMOVE yourself from this mailing list, send an E-Mail message to: >majordomo@minister.dcita.gov.au and in the message BODY, include a line >containing: unsubscribe all (or the name of the mailing list you want to be >removed from). You may also use the Web form at www.dcita.gov.au in the >Newsroom. -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From lannet@lannet.com.au Wed Aug 1 06:56:19 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Wed, 1 Aug 2001 16:56:19 +1000 (EST) Subject: [LINK] Talk is cheap In-Reply-To: Message-ID: Why is $100K of my, and your, money being given to a P/L business to commercialise some software? -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Wed, 1 Aug 2001, Tony Barry wrote: > >Date: Wed, 1 Aug 2001 14:38:50 +1000 (EST) > >From: owner-all@minister.dcita.gov.au > >subject: New Ministerial Media Release > >Sender: owner-all@minister.dcita.gov.au > >To: tony > > > >The following Ministerial Media Release is available at: > >Page located at: http://www.dcita.gov.au/cgi-bin/graphics.pl?path=5893 > > > >TALK IS CHEAP - VERY CHEAP - WITH NEW INTERNET TELEPHONY SOFTWARE > >Internet telephony and online conferencing provider Colloqui has been > >awarded a $100,000 Federal Government grant to help commercialise its > >flagship Internet software ChatStack which will dramatically reduce the cost > >of voice and video communication. > >Media contact: > >Sasha Grebe, Minister's office, 02 6277 7480. > >Chris Butler, AusIndustry, 02 6213 7324. > > > >----------------------------------------------------------------------- > >To REMOVE yourself from this mailing list, send an E-Mail message to: > >majordomo@minister.dcita.gov.au and in the message BODY, include a line > >containing: unsubscribe all (or the name of the mailing list you want to be > >removed from). You may also use the Web form at www.dcita.gov.au in the > >Newsroom. > > From brd@austarmetro.com.au Wed Aug 1 06:59:13 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Wed, 01 Aug 2001 16:59:13 +1000 Subject: [LINK] Paid Search Results An Online-Ad 'Bright Spot' - Study Message-ID: <3B67A8C1.BC445E92@austarmetro.com.au> Paid Search Results An Online-Ad 'Bright Spot' - Study By Kevin Featherly, Newsbytes NEW YORK, NEW YORK, U.S.A., 31 Jul 2001, 5:52 PM CST http://newsbytes.com/news/01/168547.html With advertising still generally playing the role of online publishing's albatross, one bright spot in the business has emerged - paid search-engine placements. At least, that is the contention of a new Jupiter Media Metrix report, authored by analyst Marissa Gluck. The document contends that, "while scorned just two years ago," paid search-engine placements have risen to be among the most successful forms of online advertising. It is promotion that capitalizes on a rare alignment of consumers' online needs and advertisers' desires, the report says. ... etc -- He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. -- Friedrich Nietzsche Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From lannet@lannet.com.au Wed Aug 1 07:10:27 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Wed, 1 Aug 2001 17:10:27 +1000 (EST) Subject: [LINK] Talk is cheap In-Reply-To: Message-ID: I went to both colloqui.com and chatstack.com looking for information. There is no mention of any standards, other than for the need to be running M$ Netmeeting, and the ports are all oddball up around 14000+/tcp and 15000+/udp It strikes me that someone has sold the village idiot some snake oil. Now that really makes my blood boil. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Wed, 1 Aug 2001, Tony Barry wrote: > >Date: Wed, 1 Aug 2001 14:38:50 +1000 (EST) > >From: owner-all@minister.dcita.gov.au > >subject: New Ministerial Media Release > >Sender: owner-all@minister.dcita.gov.au > >To: tony > > > >The following Ministerial Media Release is available at: > >Page located at: http://www.dcita.gov.au/cgi-bin/graphics.pl?path=5893 > > > >TALK IS CHEAP - VERY CHEAP - WITH NEW INTERNET TELEPHONY SOFTWARE > >Internet telephony and online conferencing provider Colloqui has been > >awarded a $100,000 Federal Government grant to help commercialise its > >flagship Internet software ChatStack which will dramatically reduce the cost > >of voice and video communication. > >Media contact: > >Sasha Grebe, Minister's office, 02 6277 7480. > >Chris Butler, AusIndustry, 02 6213 7324. From sneakums@zork.net Wed Aug 1 07:54:48 2001 From: sneakums@zork.net (Sean Neakums) Date: Wed, 01 Aug 2001 08:54:48 +0100 Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <20010801140147.F32586@taz.net.au> (Craig Sanders's message of "Wed, 1 Aug 2001 14:01:47 +1000") References: <20010801140147.F32586@taz.net.au> Message-ID: <6uy9p4mczb.fsf@zork.zork.net> >>>>> "CS" == Craig Sanders writes: CS> On Tue, Jul 31, 2001 at 02:47:32PM +0100, Sean Neakums wrote: >> Any joke that requires a moronic `smiley' to be appended to identify >> it as such is not worthy of the name. CS> well, i'm glad we've got that cleared up. CS> life is so much less confusing when experts like you give us CS> peasants the benefit of their encyclopaedic knowledge and CS> enormous intellect. It is strange that you have such a low opinion of yourself, and such a ridiculously high opinion of me. Perhaps you should arrange for therapy. You could start by asking your new friend to explain the difference between statements of fact and opinions. CS> apparently you feel there's some difference between "unixes" CS> and "*nixes". Yes, there is. Unix refers to operating systems that contain code from AT&T's line (usually SVR4 these days); *nix covers Unix and Unix clones, such as systems based on the Linux kernel and the various BSDs. QNX with the POSIX subsystems added might even qualify here. CS> i'll rephrase that to remove the ambiguity for you. CS> all commercial *nixes are proprietary. CS> name one that isn't. Red Hat Linux. OpenBSD. And so forth. CS> while you're at it, find another pedantic point to waste CS> everyone's time with. this one won't last much longer, so CS> you'll need another one. There's no shame in getting things right, Craig. -- ///////////////// | | The spark of a pin | left blank. | dropping, falling feather-like. \\\\\\\\\\\\\\\\\ | | There is too much noise. From darius@bofh.net.au Wed Aug 1 14:42:19 2001 From: darius@bofh.net.au (Kevin Littlejohn) Date: Thu, 02 Aug 2001 00:42:19 +1000 Subject: [LINK] Talk is cheap In-Reply-To: Your message of "Wed, 01 Aug 2001 17:10:27 +1000." Message-ID: <200108011442.AAA24690@wobbly.bofh.net.au> >>> Howard Lowndes wrote > I went to both colloqui.com and chatstack.com looking for information. > > There is no mention of any standards, other than for the need to be > running M$ Netmeeting, and the ports are all oddball up around 14000+/tcp > and 15000+/udp MS Netmeeting vaguely adheres to the H.323 standard for voice-over-IP. So there's half a chance they're vaguely just re-implementing netmeeting - in which case .au govt is funding someone to go into competition with MS - always a good business plan. Gotta wonder whether the business plan for colloqui involves being bought out by MS in a year, and what sort of return the .au govt expects to see from that. > > It strikes me that someone has sold the village idiot some snake oil. Now > that really makes my blood boil. Heh. See, the difference is, you could always slap the village idiot in the stocks and pelt them with rotten fruit... Question for the more politically-savvy amongst you: Why can't we vote for who gets what portfolio? Why can't we insist that someone with half a clue technically be put in charge of the IT portfolio? KevinL -- Internet techie Obsidian Consulting Group Specialising in proxy servers and traffic measuring/billing. http://www.obsidian.com.au/ darius@obsidian.com.au From at@ah.net Wed Aug 1 13:09:13 2001 From: at@ah.net (Adam Todd) Date: Wed, 01 Aug 2001 23:09:13 +1000 Subject: [LINK] ATO Ruling In-Reply-To: References: <4.3.2.7.2.20010801092605.00a9cdd0@pop.qut.edu.au> Message-ID: <5.1.0.14.0.20010801230729.05505e60@pop> > > >AUSTRALIAN IT INDUSTRY CRITICIZES TAX RULING > > >The Australian IT industry is criticizing a final decision > > >from the Australian Tax Office that rules that simple > > >Websites that involve converting documents to HTML and > > >adding a few links does not constitute software development. I'm not criticizing it! >Well, it doesn't :) I totally agree! >Maybe simple website publishing deserves to be more deductible, but it >certainly doesn't merit the label "software development". Once you start >adding dynamic content to a site, and certainly once you start dealing >with money and credit card numbers, the skills required to develop the >website, and the cost thereof, enters an entirely different ballpark. One can hardly call using Frontpage "Software Development" otherwise every company secretary that uses "Word" and saves as HTML will also qualify! >A lot of the time, when I hear about what someone paid to have a simple >website done, I can't help but feel they've been ripped off.. Yeah, like City Search, $193 a MONTH, and over $500 in development costs for a ONE page with four buttons that go nowhere! From at@ah.net Wed Aug 1 13:06:43 2001 From: at@ah.net (Adam Todd) Date: Wed, 01 Aug 2001 23:06:43 +1000 Subject: [LINK] Talk is cheap In-Reply-To: References: Message-ID: <5.1.0.14.0.20010801230448.04d38e30@pop> At 17:10 1/08/01 +1000, Howard Lowndes wrote: >I went to both colloqui.com and chatstack.com looking for information. > >There is no mention of any standards, other than for the need to be >running M$ Netmeeting, and the ports are all oddball up around 14000+/tcp >and 15000+/udp > >It strikes me that someone has sold the village idiot some snake oil. Now >that really makes my blood boil. Howard, Howard, Howard. Now, now. Don't get upset because some idiot pulled out a M$ CD-ROM and loaded Netmeeting and discovered they too can set up an ILS server and call it "cheap talk" If you'd have thought of it first you'd probably get the $100K ... then again, your too smart to waste tie on something that will leave a bad taste and destroy ones own reputation. They won't last long, like all the "cheap" tricks things floating around. And their reputations will be worthless in 6 months. From eric.scheid@ironclad.net.au Wed Aug 1 13:40:09 2001 From: eric.scheid@ironclad.net.au (Eric Scheid) Date: Wed, 1 Aug 2001 23:40:09 +1000 Subject: [LINK] Code Red reporting in the popular news Message-ID: <200108011340.f71DeKg10547@web.anu.edu.au> Was listening to JJJ today, and heard mention of the Code Red worm in the hourly news... Good points - some kind of mention, any kind of mention - over a million downloads of the patch - the software vendor in question was mentioned by name Bad points - they called it a virus, not a worm - they said it spreads by email downloads - they didn't say it only affected [vendorname]'s software Ah well, not a great result, you'd expect some mangling of the message across the wire, and the general press wouldn't know a worm if it bit them anyway. The only redeeming point was the tarring by association of a certain monopolist. e. ______________________________________________________________________ eric@ironclad.net.au i r o n c l a d n e t w o r k s information architect http://www.ironclad.net.au/ From peterc@arquebus.com.au Wed Aug 1 14:04:18 2001 From: peterc@arquebus.com.au (Peter J. Cherny) Date: Thu, 02 Aug 2001 00:04:18 +1000 Subject: [LINK] Talk is cheap In-Reply-To: Message-ID: <3.0.5.32.20010802000418.00b77e30@203.20.87.97> >Internet telephony and online conferencing provider Colloqui has been > ... Rick Spielrein is the MD who in a previous life manufactured modems and comms h/w as Interlink Communications ... they did quite well circa 10 years ago ... so he has some credentails. I know they were doing some serious s/w development, so it's plausable that they may have glued Netmeeing to a directory service and PSTN gateway, with a mixture of their own h/w and s/w. Maybe think of it as an R&D grant that ends-up being used for "productization" ? From Roger.Clarke@xamax.com.au Wed Aug 1 22:10:18 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Thu, 2 Aug 2001 08:10:18 +1000 Subject: [LINK] Computers, Freedom & Privacy: Call for Proposals Message-ID: [I'm on the Advisory Committee for CFP again, so if you have any questions, ask. My reports on prior conferences are at: http://www.anu.edu.au/people/Roger.Clarke/DV/index.html#CFP ] CFP2002: The Twelfth Conference on Computers, Freedom & Privacy http://www.cfp2002.org Cathedral Hill Hotel San Francisco, California, USA April 16-19, 2002 CALL FOR PROPOSALS The Program Committee of the Twelfth Conference on Computers, Freedom, and Privacy (CFP2002) seeks your proposals for innovative conference sessions and speakers. The Computers, Freedom & Privacy Conference has been a leader in the public debate on the future of privacy and freedom in the online world for over a decade. Each year, key representatives from government, business, education, and non-profits including the legal, law enforcement, security, media, consumer, and hacker communities have gathered together to anticipate policy trends and issues and to help map the future of society in the online world. Attendees will meet again next April to address cutting edge questions and issues in computing, freedom and privacy. The conference's site, San Francisco, brings CFP back to its Bay Area roots, and provides as a rich backdrop the people, ideas and culture that have shaped both the Internet as well as global Internet activism. The conference will examine the role the Internet is playing in democratic activism at all levels: local, national, and global. Proposals are welcomed on all aspects of computers, freedom, and privacy. We strongly encourage proposals that explore some of the most important issues facing the Internet and freedom, including: global activitism; technology and monopoly; voting technology and democracy; technology and weapons; ICANN and Internet governance; borders and censorship; digital divide; biometric systems; consumer privacy; wireless privacy and security; hacktivism; intellectual property and intellectual freedom; digital rights management and privacy; public records and private lives. We are seeking proposals for tutorials, plenary sessions, workshops, technical demonstrations, and birds-of-a-feather sessions. We are also seeking suggestions for speakers and topics. Sessions should present a wide range of thinking on a topic by including speakers from different viewpoints. Complete submission instructions appear on the CFP2002 web site at http://www.cfp2002.org/submissions/. We are also planning a day-long workshop on building digital rights management technologies. A separate Call for Papers will be sent for this workshop. All submissions must be received by October 15, 2001. Proposals will be reviewed by the CFP2002 Program Committee and Advisory Board . The Program Committee will notify submitters of the status of proposals no later than December 7, 2001. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From lannet@lannet.com.au Wed Aug 1 22:25:58 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Thu, 2 Aug 2001 08:25:58 +1000 (EST) Subject: [LINK] Talk is cheap In-Reply-To: <200108011442.AAA24690@wobbly.bofh.net.au> Message-ID: Yes, I am aware that Netmeeting kinda uses H323 proto, but why is it necessary for ChatStack to use its own ports. If Colloqui is sold down the line then the gummint should be demanding its^H^H^Hour money back, with interest. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Thu, 2 Aug 2001, Kevin Littlejohn wrote: > > >>> Howard Lowndes wrote > > I went to both colloqui.com and chatstack.com looking for information. > > > > There is no mention of any standards, other than for the need to be > > running M$ Netmeeting, and the ports are all oddball up around 14000+/tcp > > and 15000+/udp > > MS Netmeeting vaguely adheres to the H.323 standard for voice-over-IP. > So there's half a chance they're vaguely just re-implementing netmeeting > - in which case .au govt is funding someone to go into competition with MS - always > a good business plan. Gotta wonder whether the business plan for colloqui > involves being bought out by MS in a year, and what sort of return the .au > govt expects to see from that. From Richard.Chirgwin@informa.com.au Wed Aug 1 22:28:58 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Thu, 2 Aug 2001 08:28:58 +1000 Subject: [LINK] Talk is cheap Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A42@EXCHANGE_AU> >Question for the more politically-savvy amongst you: Why can't we vote for >who gets what portfolio? Why can't we insist that someone with half a clue >technically be put in charge of the IT portfolio? Or even better, that someone with 0.5*clue is in charge of departmental decision making. After all, Richard didn't pick out Colloqui, that would have been in the department. That said, and notwithstanding the history of one of the founders, shouldn't the "mining company-owned dotcom" have been a hint? Or are there actually mining company dotcoms that are successful that we haven't heard about? Richard Chirgwin -----Original Message----- From: Kevin Littlejohn [mailto:darius@bofh.net.au] Sent: Thursday, 2 August 2001 0:42 To: link@www.anu.edu.au Subject: Re: [LINK] Talk is cheap >>> Howard Lowndes wrote > I went to both colloqui.com and chatstack.com looking for information. > > There is no mention of any standards, other than for the need to be > running M$ Netmeeting, and the ports are all oddball up around 14000+/tcp > and 15000+/udp MS Netmeeting vaguely adheres to the H.323 standard for voice-over-IP. So there's half a chance they're vaguely just re-implementing netmeeting - in which case .au govt is funding someone to go into competition with MS - always a good business plan. Gotta wonder whether the business plan for colloqui involves being bought out by MS in a year, and what sort of return the .au govt expects to see from that. > > It strikes me that someone has sold the village idiot some snake oil. Now > that really makes my blood boil. Heh. See, the difference is, you could always slap the village idiot in the stocks and pelt them with rotten fruit... Question for the more politically-savvy amongst you: Why can't we vote for who gets what portfolio? Why can't we insist that someone with half a clue technically be put in charge of the IT portfolio? KevinL -- Internet techie Obsidian Consulting Group Specialising in proxy servers and traffic measuring/billing. http://www.obsidian.com.au/ darius@obsidian.com.au From Richard.Chirgwin@informa.com.au Wed Aug 1 22:33:02 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Thu, 2 Aug 2001 08:33:02 +1000 Subject: [LINK] ATO Ruling Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A43@EXCHANGE_AU> If I understand this correctly, this means a simple Website would be deductable as a service purchase instead of as software. So what's the problem? RC -----Original Message----- From: Andrew Francis [mailto:locust@iinet.net.au] Sent: Wednesday, 1 August 2001 10:41 To: Michael Lean Cc: link@www.anu.edu.au Subject: Re: [LINK] ATO Ruling On Wed, 1 Aug 2001, Michael Lean wrote: > >AUSTRALIAN IT INDUSTRY CRITICIZES TAX RULING > >The Australian IT industry is criticizing a final decision > >from the Australian Tax Office that rules that simple > >Websites that involve converting documents to HTML and > >adding a few links does not constitute software development. > >http://australianit.news.com.au/common/storyPage/0,3811,2467625%5E442,00.ht ml Well, it doesn't :) Maybe simple website publishing deserves to be more deductible, but it certainly doesn't merit the label "software development". Once you start adding dynamic content to a site, and certainly once you start dealing with money and credit card numbers, the skills required to develop the website, and the cost thereof, enters an entirely different ballpark. A lot of the time, when I hear about what someone paid to have a simple website done, I can't help but feel they've been ripped off.. -- Andrew Francis locust@iinet.net.au From saliya@hinet.net.au Wed Aug 1 22:47:03 2001 From: saliya@hinet.net.au (Saliya Wimalaratne) Date: Thu, 2 Aug 2001 08:47:03 +1000 (EST) Subject: [LINK] Code Red (again!): call to lurking journos Message-ID: People, "Code Red" has, of course, hit the news. It would have been good to 'get it right' to begin with; but it's not too late. Here are two sound-bites that you can *and should* use when reporting on this virus: "Code Red ONLY affects Microsoft Windows machines running Microsoft Internet Information Server." and "MOST home-users will not be running Microsoft Internet Information Server, so they should not be at risk" I haven't seen "Microsoft" or "IIS" mentioned in ANY of the news reports about this virus, which can mean one of two things: 1) you don't know the truth 2) you're scared to tell the truth - (1) has been removed from the list of options. Who's going to be a *real* journalist ? Regards, Saliya From Richard.Chirgwin@informa.com.au Wed Aug 1 22:55:43 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Thu, 2 Aug 2001 08:55:43 +1000 Subject: [LINK] Dotcom hype isn't dead... Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A46@EXCHANGE_AU> Love this Newsbytes report: Online Kids Have $60 Billion To Spend - Datamonitor By Dick Kelsey, Newsbytes NEW YORK, NEW YORK, U.S.A., 01 Aug 2001, 3:22 PM CST More than 65 million young Net surfers in the U.S. and seven European countries have $60 billion in annual spending power, according to a new report. Take into account the 5 billion hours of online time per year among five- to 17-year-olds, and that many kids with that kind of money burning a hole in their collective pocket become even more valuable to Web sites, analysts at Datamonitor found. "If used responsibly, the Internet will act as a powerful advertising medium," Datamonitor analyst Piers Berezai said in a news release. "If not, it can just as easily turn off this Web-savvy set of consumers." By 2006, Datamonitor projects that 95 million online kids in Europe and the U.S. will have more than $200 billion. Nearly three out of four young people in the region will have regular online access. In all, 65.3 million individuals in the age group have home Internet access while 54.1 million are able to go online at school, Datamonitor said. Datamonitor advised e-tailers that Web sites must be focused on specific characteristics of their target audience, bearing in mind that boys seek novelty and entertainment, and girls enjoy fulfilling goals and prefer to feel part of a community. "As a general rule, teens are rarely impressed by generic teen-oriented Web sites, preferring to find Web sites that support their interests," Datamonitor said. Reported by Newsbytes.com, http://www.newsbytes.com . ........................................... Yeah, right. Richard Chirgwin From gbayley@ausmac.net Wed Aug 1 22:59:08 2001 From: gbayley@ausmac.net (Grant Bayley) Date: Thu, 2 Aug 2001 08:59:08 +1000 (EST) Subject: [LINK] Amen to Code Red Message-ID: http://www.theregister.co.uk/content/55/20779.html Code Red hysteria -- $8.7 billion in damage estimated By Thomas C Greene in Washington Posted: 01/08/2001 at 18:55 GMT The Reuters wire service is reporting that Code Red has already cost an estimated $1.2 billion in damage, and may top out at an incredible $8.7 billion when its bitter reign of destruction finally ends. Citing one Michael Erbschloe, vice president of research at IT efficiency clearinghouse Computer Economics, Reuters reckons that the cost of patching systems and losses in worker productivity will skyrocket. We hate to point out that patching systems is what IT staff do, so we don't quite see the dreadful loss of productivity here. One might as easily say that police lose productivity when they have to interrupt their doughnut runs by investigating crimes, or that doctors lose productivity when they have to abandon the back nine to treat patients. And as for the cost of clearing the worm from an already-infected system, this is accomplished by re-booting. It's hard to imagine billions going down the drain here, either. Erbschloe previously estimated the damage from the Love Bug at $8.7 billion and the damage from the Melissa virus at about $1 billion. "In my opinion, $8.7 billion [in damage from Code Red] is not ludicrous," Reuters quotes him as saying. And thus Reuters got the sensationalist quote they wanted from an 'expert'. From at@ah.net Wed Aug 1 23:49:00 2001 From: at@ah.net (Adam Todd) Date: Thu, 02 Aug 2001 09:49:00 +1000 Subject: [LINK] Amen to Code Red In-Reply-To: Message-ID: <5.1.0.14.0.20010802094836.03e91600@pop> >We hate to point out that patching systems is what IT staff do, so we >don't quite see the dreadful loss of productivity here. One might as >easily say that police lose productivity when they have to interrupt their >doughnut runs by investigating crimes, or that doctors lose productivity >when they have to abandon the back nine to treat patients. > >And as for the cost of clearing the worm from an already-infected system, >this is accomplished by re-booting. It's hard to imagine billions going >down the drain here, either. I LOVE THAT! Someone with intelligence and a reporter to go with it! From ash@melbpc.org.au Wed Aug 1 23:50:40 2001 From: ash@melbpc.org.au (Ash Nallawalla) Date: Thu, 2 Aug 2001 09:50:40 +1000 Subject: [LINK] Code Red (again!): call to lurking journos In-Reply-To: Message-ID: > From: Saliya Wimalaratne > "Code Red ONLY affects Microsoft Windows machines running Microsoft > Internet Information Server." > > and > > "MOST home-users will not be running Microsoft Internet Information > Server, so they should not be at risk" It would be much safer to say that it affects Microsoft Windows NT/2000 *Server* machines running IIS. Most home users would not be using IIS, which typically runs on the Server flavour of those OSs. The lengthy report Nathan Reilly posted on Oz-ISP is an excellent account but it too didn't place the word "Server" after "Windows NT/2000" but instead used the word "system". Not every little workplace that uses NT/2000 Server necessarily runs IIS and even so not all of them are connected to the Internet. Little workplaces that have web sites typically host them elsewhere. Then again, some NT installers just install IIS by default with no intention of replacing the default "home page" with custom content. - Ash From cas@taz.net.au Wed Aug 1 23:51:58 2001 From: cas@taz.net.au (Craig Sanders) Date: Thu, 2 Aug 2001 09:51:58 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: Message-ID: <20010802095158.I32586@taz.net.au> On Wed, Aug 01, 2001 at 03:06:03PM +1000, Howard Lowndes wrote: > I wonder if the answer might be a form of professional licencing. > > You need a licence to practice medicine. > You need a licence to practice law. > You need a licence to drive a car and it is graded. > You need a licence to fly a plane and it is also graded. > Any idiot can administer a network without any training or experience. > > licensing is not necessary. in fact, it would be counterproductive - we'd end up with a requirement to have an MCSE or some similarly useless "qualification". holding people/companies responsible for the results of their negligence or incompetence would be good, though. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From thealy@magna.com.au Thu Aug 2 00:03:37 2001 From: thealy@magna.com.au (Anthony Healy) Date: Thu, 2 Aug 2001 10:03:37 +1000 Subject: [LINK] Foolish Grant In-Reply-To: Message-ID: Howard wrote: > Why is $100K of my, and your, money being given to a P/L business to > commercialise some software? I would like to know the answer to this question too. The grant is for commercialising emerging technology, yet Voice over IP emerged some time ago, and died. Ozemail was doing this in 1995, with one of the directors of this company in fact. The basis of the business seems to be mainly that they're offering conferencing services. Big deal. The grant might as well go to the local print shop or something. Secondly, the business apparently has good venture funding. It doesn't need $100,000. Given the involvement of equity investors, I don't see why we're giving these guys $100,000 to pay for some nice trips overseas. Regards, Tony Healy -------- Now the trouble comes when you can't think of any new features, so you put in the paperclip, and then you take out the paperclip, and you try to charge people both times, and they aren't falling for it. Joel Eschler(www.joelonsoftware.com) From jwhit@PrimeNet.Com Wed Aug 1 23:24:08 2001 From: jwhit@PrimeNet.Com (Jan Whitaker) Date: Thu, 02 Aug 2001 09:24:08 +1000 Subject: [LINK] Code Red (again!): call to lurking journos In-Reply-To: Message-ID: <5.0.2.1.0.20010802092342.02f33340@pop.primenet.com> At 08:47 AM 2/08/01 +1000, Saliya Wimalaratne wrote: >"MOST home-users will not be running Microsoft Internet Information >Server, so they should not be at risk" > >I haven't seen "Microsoft" or "IIS" mentioned in ANY of the news reports >about this virus, which can mean one of two things: > >1) you don't know the truth >2) you're scared to tell the truth > >- (1) has been removed from the list of options. Who's going to be a >*real* journalist ?] the ABC reports were quite explicit in naming Microsoft and IIS. JLWhitaker Associates Melbourne, Victoria, Australia jwhit@primenet.com -- http://www.primenet.com/~jwhit/whitentr.htm From rachel@excitehome.com.au Thu Aug 2 00:07:14 2001 From: rachel@excitehome.com.au (Rachel Polanskis) Date: Thu, 2 Aug 2001 10:07:14 +1000 (EST) Subject: [LINK] Code Red (again!): call to lurking journos In-Reply-To: Message-ID: On Thu, 2 Aug 2001, Saliya Wimalaratne wrote: > > - (1) has been removed from the list of options. Who's going to be a > *real* journalist ? > With due respect tothe ABC, they have made great pains to point out the worm only attacks Micorsoft servers. They did make some mention of IIS. I am off sick today and lust finished listening to Dr Karl who gave a very good description of the worm. He lso mentioned the specific requirement for the wrom to propagate was a MS platform running IIS. He also mentioned MS products are very poorly made to begin with. In fact he was almost quite angry about it! rachel -- Rachel Polanskis Optus/Excite@Home UNIX Administrator 100 Harris Street IT Operations Pyrmont, Sydney NSW rachel@excitehome.com.au Ph: (+61 2) 900 51144 From thealy@magna.com.au Thu Aug 2 00:10:14 2001 From: thealy@magna.com.au (Anthony Healy) Date: Thu, 2 Aug 2001 10:10:14 +1000 Subject: [LINK] Motor Vehicle Software Systems In-Reply-To: Message-ID: Grant wrote: > Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. Probably won't be far off. Software is moving fast into cars and trucks for: 1. in-car systems such as navigation, email and other horrors 2. driving automation including lane-keeping and collision avoidance 3. drive-by-wire, analagous to aviation's fly-by-wire Currently, the engineers and researchers working on these applications are very switched on folks, critically aware of safety, redundancy and so on. However if dopes from business-software markets get involved, we will almost certainly see people killed and injured. Regards, Tony Healy -------- Now the trouble comes when you can't think of any new features, so you put in the paperclip, and then you take out the paperclip, and you try to charge people both times, and they aren't falling for it. Joel Eschler(www.joelonsoftware.com) From thealy@magna.com.au Thu Aug 2 00:11:41 2001 From: thealy@magna.com.au (Anthony Healy) Date: Thu, 2 Aug 2001 10:11:41 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" In-Reply-To: <3B673460.CB93B2CC@id.ethz.ch> Message-ID: Karl James Auer wrote: > There just is no excuse for buffer overrun vulnerabilities any more. No > excuse for delivering operating systems with all network features turned > ON by default. No excuse for security features to be turned OFF by > default. No excuse for delivering software with undocumented network > protocols. > > On the flip side, there is also no excuse for users to expect to be able > to use powerful and possibly dangerous tools with no effort and no > learning curve. Very good statement of the situation. Regards, Tony Healy -------- Now the trouble comes when you can't think of any new features, so you put in the paperclip, and then you take out the paperclip, and you try to charge people both times, and they aren't falling for it. Joel Eschler(www.joelonsoftware.com) From nic@next.com.au Thu Aug 2 00:10:18 2001 From: nic@next.com.au (Nic Healey) Date: Thu, 2 Aug 2001 10:10:18 +1000 Subject: [LINK] Code Red (again!): call to lurking journos Message-ID: <89279C4D0E69D41180C100B0D03D942001876EB4@ftp.next.com.au> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ---------------------- multipart/alternative attachment I personally wouldn't go removing (1) so quickly. I think its the most likely... nic > ---------- > From: Saliya Wimalaratne > Sent: Thursday, August 2, 2001 8:47 AM > To: aussie-isp@aussie.net > Cc: link@www.anu.edu.au > Subject: [LINK] Code Red (again!): call to lurking journos > > People, > > "Code Red" has, of course, hit the news. > > It would have been good to 'get it right' to begin with; but it's not too > late. > > Here are two sound-bites that you can *and should* use when reporting on > this virus: > > "Code Red ONLY affects Microsoft Windows machines running Microsoft > Internet Information Server." > > and > > "MOST home-users will not be running Microsoft Internet Information > Server, so they should not be at risk" > > I haven't seen "Microsoft" or "IIS" mentioned in ANY of the news reports > about this virus, which can mean one of two things: > > 1) you don't know the truth > 2) you're scared to tell the truth > > - (1) has been removed from the list of options. Who's going to be a > *real* journalist ? > > Regards, > > Saliya > > > > ---------------------- multipart/alternative attachment An HTML attachment was scrubbed... URL: http://mailman.anu.edu.au/pipermail/link/attachments/7846bee4/attachment.htm ---------------------- multipart/alternative attachment-- From jasonb@ce.com.au Thu Aug 2 00:25:01 2001 From: jasonb@ce.com.au (jasonb@ce.com.au) Date: Thu, 2 Aug 2001 10:25:01 +1000 (EST) Subject: [LINK] Amen to Code Red In-Reply-To: Message-ID: On Thu, 2 Aug 2001, Grant Bayley wrote: > > We hate to point out that patching systems is what IT staff do, so we > don't quite see the dreadful loss of productivity here. One might as > easily say that police lose productivity when they have to interrupt their > doughnut runs by investigating crimes, or that doctors lose productivity > when they have to abandon the back nine to treat patients. I disagree. The impact of these patches will often involve more than the Systems Admin. Especially when you may have to go through detailed testing of your application to ensure the patch does not introduce any undesirable effects. The extent of the testing required would depend on the systems involved, and the nature of the patch to be applied. The cost of this testing would likely be less than that of not patching the system. Howeer do not make the mistake of thinking that 'patching' systems is always easy and reliable. I have seen all sorts of supposedly unrelated problems arise from simple vendor patches. This is especially applicable with Microsoft systems. A number of updates are usually back-doored in patches, with no details on what fixes are contained in the patches or what systems/applications are affected. Cheers Jason. -- --- Jason Ball Electronic Commerce Specialist Corporate Express Australia Ltd Phone: +61 2 9335 0374 Fax: +61 2 9335 0753 Email: jason.ball@ce.com.au From Richard.Chirgwin@informa.com.au Thu Aug 2 00:41:07 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Thu, 2 Aug 2001 10:41:07 +1000 Subject: [LINK] Talk is cheap Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A47@EXCHANGE_AU> H.323 isn't 100% predictable in its port usage, as I recall. Let me see, session initiation happens on one port, then the actual conversation gets assigned to another port - correct me if wrong. RC -----Original Message----- From: Howard Lowndes [mailto:lannet@lannet.com.au] Sent: Thursday, 2 August 2001 8:26 To: Kevin Littlejohn Cc: link@www.anu.edu.au Subject: Re: [LINK] Talk is cheap Yes, I am aware that Netmeeting kinda uses H323 proto, but why is it necessary for ChatStack to use its own ports. If Colloqui is sold down the line then the gummint should be demanding its^H^H^Hour money back, with interest. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Thu, 2 Aug 2001, Kevin Littlejohn wrote: > > >>> Howard Lowndes wrote > > I went to both colloqui.com and chatstack.com looking for information. > > > > There is no mention of any standards, other than for the need to be > > running M$ Netmeeting, and the ports are all oddball up around 14000+/tcp > > and 15000+/udp > > MS Netmeeting vaguely adheres to the H.323 standard for voice-over-IP. > So there's half a chance they're vaguely just re-implementing netmeeting > - in which case .au govt is funding someone to go into competition with MS - always > a good business plan. Gotta wonder whether the business plan for colloqui > involves being bought out by MS in a year, and what sort of return the .au > govt expects to see from that. From ivan.trundle@alia.org.au Thu Aug 2 00:44:38 2001 From: ivan.trundle@alia.org.au (Ivan Trundle) Date: Thu, 02 Aug 2001 10:44:38 +1000 Subject: [LINK] Dotcom hype isn't dead... Message-ID: I had to chuckle over this one. Given that children between 5 to 17 are not permitted to have credit cards (AFAIK?), then how is this yet-to-be-unleashed $60 billion going to be spent during these 5 billion hours? Looks like instant gratification (a prerequisite for my two teenagers, and most likely all others) will have to take second place for now... I'm locking mine away right now (kids AND credit cards). iT Ivan Trundle -- Ivan Trundle Manager, communications and publishing Australian Library and Information Association PO Box E441 Kingston 2604 AUSTRALIA ph +61 2 6285 1877 fx +61 2 6282 2249 http://www.alia.org.au ivan.trundle@alia.org.au >>> "Chirgwin, Richard" - 2/08/01 8:55 AM >>> Love this Newsbytes report: Online Kids Have $60 Billion To Spend - Datamonitor By Dick Kelsey, Newsbytes NEW YORK, NEW YORK, U.S.A., 01 Aug 2001, 3:22 PM CST More than 65 million young Net surfers in the U.S. and seven European countries have $60 billion in annual spending power, according to a new report. Take into account the 5 billion hours of online time per year among five- to 17-year-olds, and that many kids with that kind of money burning a hole in their collective pocket become even more valuable to Web sites, analysts at Datamonitor found. "If used responsibly, the Internet will act as a powerful advertising medium," Datamonitor analyst Piers Berezai said in a news release. "If not, it can just as easily turn off this Web-savvy set of consumers." By 2006, Datamonitor projects that 95 million online kids in Europe and the U.S. will have more than $200 billion. Nearly three out of four young people in the region will have regular online access. In all, 65.3 million individuals in the age group have home Internet access while 54.1 million are able to go online at school, Datamonitor said. Datamonitor advised e-tailers that Web sites must be focused on specific characteristics of their target audience, bearing in mind that boys seek novelty and entertainment, and girls enjoy fulfilling goals and prefer to feel part of a community. "As a general rule, teens are rarely impressed by generic teen-oriented Web sites, preferring to find Web sites that support their interests," Datamonitor said. Reported by Newsbytes.com, http://www.newsbytes.com . ........................................... Yeah, right. Richard Chirgwin From lannet@lannet.com.au Thu Aug 2 00:52:37 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Thu, 2 Aug 2001 10:52:37 +1000 (EST) Subject: [LINK] Text based White Pages Message-ID: Has anyone tried to use the text based white pages at http://text.whitepages.com.au/pages_t/schs_t.htm recently I get either: "A system error has occurred" or "The server is not responding" or "Sorry, no locality matching RUTHERGLEN was found" Now everyone knows that that is where the best port comes from. The stupid thing is that their graphical interface at whitepages.com.au works. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com From ivan.trundle@alia.org.au Thu Aug 2 00:53:32 2001 From: ivan.trundle@alia.org.au (Ivan Trundle) Date: Thu, 02 Aug 2001 10:53:32 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: One has to ask the question "Why is licencing required?" in each of the activities listed before making any real comparisions. From both an historical perspective and from a view of determining a level of risk as well as culpability. Ivan Trundle >>> Craig Sanders - 2/08/01 9:51 AM >>> On Wed, Aug 01, 2001 at 03:06:03PM +1000, Howard Lowndes wrote: > I wonder if the answer might be a form of professional licencing. > > You need a licence to practice medicine. > You need a licence to practice law. > You need a licence to drive a car and it is graded. > You need a licence to fly a plane and it is also graded. > Any idiot can administer a network without any training or experience. > > licensing is not necessary. in fact, it would be counterproductive - we'd end up with a requirement to have an MCSE or some similarly useless "qualification". holding people/companies responsible for the results of their negligence or incompetence would be good, though. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From brd@austarmetro.com.au Thu Aug 2 01:01:57 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Thu, 02 Aug 2001 11:01:57 +1000 Subject: [LINK] Dotcom hype isn't dead... References: <9BD4AE8C2EB1D311982700508BA2498901573A46@EXCHANGE_AU> Message-ID: <3B68A684.DFC09F59@austarmetro.com.au> "Chirgwin, Richard" wrote: > > Love this Newsbytes report: > > Online Kids Have $60 Billion To Spend - Datamonitor If you have a look at the marketing style of companies such as Coca Cola, then hype is a word that just isn't strong enough. Go to http://customer.coca-cola.com/html/olivegard_article_ss.html and read the language that they use when trying to convince cutomers not to drink water. Water ... contributes to a dull dining experience for the customer. ... train crews to sell alternative choices to tap water ... with the goal of increasing overall guest satisfaction. ... less water and more beverage choices mean happier customers. Olive Garden restaurants ... were facing a high water incidence rate. Olive Garden's goal was to influence customers to abandon their default choice of tap water and experience other beverage choices to improve their dining experience. CCUSA-Fountain ... suggested a tap water reduction program named H2NO. -- A man is crawling through the Sahara desert when he is approached by another man riding on a camel. When the rider gets close enough, the crawling man whispers through his sun-parched lips, "Water... please... can you give...water..." "I'm sorry," replies the man on the camel, "I don't have any water with me. But I'd be delighted to sell you a necktie." "Tie?" whispers the man. "I need *water*." "They're only four dollars apiece." "I need *water*." "Okay, okay, say two for seven dollars." "Please! I need *water*!", says the man. "I don't have any water, all I have are ties," replies the salesman, and he heads off into the distance. The man, losing track of time, crawls for what seems like days. Finally, nearly dead, sun-blind and with his skin peeling and blistering, he sees a restaurant in the distance. Summoning the last of his strength he staggers up to the door and confronts the head waiter. "Water... can I get... water," the dying man manages to stammer. "I'm sorry, sir, ties required." Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From glen.turner@aarnet.edu.au Thu Aug 2 01:13:29 2001 From: glen.turner@aarnet.edu.au (Glen Turner) Date: Thu, 02 Aug 2001 10:43:29 +0930 Subject: [LINK] Foolish Grant References: Message-ID: <3B68A939.3250D61F@aarnet.edu.au> Anthony Healy wrote: > > The grant is for commercialising emerging technology, yet Voice over IP > emerged some time ago, and died. Ozemail was doing this in 1995, with one of > the directors of this company in fact. I'm not sure in what whay you think Voice over IP is dead. If you do the sums for a greenfields site VoIP is now cheaper than a traditional corporate PBX. That's without counting the reduction in voice+data cabling. If you need to upgrade you PBX from one software version to the next, replacing the PBX with VoIP seems to be a break-even exercise. Obviously, PBX manufacturers will come under some pressure to lower their software charges. In the US, VoIP is popular with banks and other institutions with many branches as it allows the installation of just one WAN link for their SNA, PC and voice traffic. The Cisco 3600 series of routers is aimed at this branch-office market. Ericcson don't expect their traditional PBX, the MD110, to be competitive in the future and have announced the end of life for the architecture after one more major software release. That's the *architecture*, not just the MD110 product. In short, VoIP will be the corporate telephony standard in under five years. I doubt it will have much home pentration until the Customer Access Network is replaced. Even then you'd probably see analogue handsets running to a set-top box which also contains TV and Ethernet connectors. I've no idea what the company mentioned in doing, as I've never had contact with them. There are already some very good Australian companies developing VoIP software (Equivalence Pty Ltd springs to mind) so hopefully the company mentioned had to beat some seriously good competition to get the grant. Glen -- Glen Turner Network Engineer (08) 8303 3936 Australian Academic and Research Network glen.turner@aarnet.edu.au http://www.aarnet.edu.au/ -- The revolution will not be televised, it will be digitised From thealy@magna.com.au Thu Aug 2 01:16:35 2001 From: thealy@magna.com.au (Anthony Healy) Date: Thu, 2 Aug 2001 11:16:35 +1000 Subject: [LINK] Foolish Grant In-Reply-To: <3B68A939.3250D61F@aarnet.edu.au> Message-ID: True. I should have been more specific. I was really referring to voice over IP being an emerging technology. - tony > Anthony Healy wrote: > > > > The grant is for commercialising emerging technology, yet Voice over IP > > emerged some time ago, and died. Ozemail was doing this in > 1995, with one of > > the directors of this company in fact. > > I'm not sure in what whay you think Voice over IP is dead. > > If you do the sums for a greenfields site VoIP is now cheaper > than a traditional corporate PBX. That's without counting > the reduction in voice+data cabling. > > If you need to upgrade you PBX from one software version to > the next, replacing the PBX with VoIP seems to be a break-even > exercise. Obviously, PBX manufacturers will come under > some pressure to lower their software charges. > > In the US, VoIP is popular with banks and other institutions > with many branches as it allows the installation of just > one WAN link for their SNA, PC and voice traffic. The Cisco > 3600 series of routers is aimed at this branch-office market. > > Ericcson don't expect their traditional PBX, the MD110, to be > competitive in the future and have announced the end of life > for the architecture after one more major software release. > That's the *architecture*, not just the MD110 product. > > In short, VoIP will be the corporate telephony standard > in under five years. I doubt it will have much home > pentration until the Customer Access Network is replaced. > Even then you'd probably see analogue handsets running to > a set-top box which also contains TV and Ethernet connectors. > > I've no idea what the company mentioned in doing, as I've > never had contact with them. There are already some very > good Australian companies developing VoIP software > (Equivalence Pty Ltd springs to mind) so hopefully the company > mentioned had to beat some seriously good competition to > get the grant. > > Glen > > -- > Glen Turner Network Engineer > (08) 8303 3936 Australian Academic and Research Network > glen.turner@aarnet.edu.au http://www.aarnet.edu.au/ > -- > The revolution will not be televised, it will be digitised > From dallas@quicksprint.com.au Thu Aug 2 01:21:02 2001 From: dallas@quicksprint.com.au (dallas@quicksprint.com.au) Date: Thu, 02 Aug 2001 11:21:02 +1000 Subject: [Oz-ISP] RE: [LINK] Code Red (again!): call to lurking journos References: Message-ID: <3B68AAFE.1010302@quicksprint.com.au> If only *somewhere* in the media and news reports could they have mentioned... "well if You were using unix/linux this wouldn't be a problem"... does anybody actually use the .ida / .idq extentions??? Realistically we're only hearing about this 'worm' because it attacks a .gov site. How many news reports were there about sircam??? magistra?? I saw *one* on brisbane extra... Surely those two would have caused more damage in the *public sector* than code red which is inherently restricted to those running IIS5 (which i would say is a lot less than the amount of people running outlook whatever). dallas Ash Nallawalla wrote: >> From: Saliya Wimalaratne > > >> "Code Red ONLY affects Microsoft Windows machines running Microsoft >> Internet Information Server." >> >> and >> >> "MOST home-users will not be running Microsoft Internet Information >> Server, so they should not be at risk" > > > It would be much safer to say that it affects Microsoft Windows NT/2000 > *Server* machines running IIS. Most home users would not be using IIS, > which typically runs on the Server flavour of those OSs. > > The lengthy report Nathan Reilly posted on Oz-ISP is an excellent account > but it too didn't place the word "Server" after "Windows NT/2000" but > instead used the word "system". > > Not every little workplace that uses NT/2000 Server necessarily runs IIS and > even so not all of them are connected to the Internet. Little workplaces > that have web sites typically host them elsewhere. Then again, some NT > installers just install IIS by default with no intention of replacing the > default "home page" with custom content. > > - Ash > > ---- > Email "unsubscribe aussie-isp" to majordomo@aussie.net to be removed. From Roger.Clarke@xamax.com.au Thu Aug 2 01:37:01 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Thu, 2 Aug 2001 11:37:01 +1000 Subject: [LINK] Text based White Pages In-Reply-To: References: Message-ID: Howard Lowndes : >Has anyone tried to use the text based white pages at >http://text.whitepages.com.au/pages_t/schs_t.htm recently > >I get either: >"A system error has occurred" or >"The server is not responding" or >"Sorry, no locality matching RUTHERGLEN was found" Now everyone knows >that that is where the best port comes from. I reported it to them Tuesday afternoon. They responded promptly enough; but didn't fix it. The report and response are below. >The stupid thing is that their graphical interface at whitepages.com.au >works. And they didn't tell me that!!! >-----Original Message----- >From: emailr@pacificaccess.com.au [mailto:emailr@pacificaccess.com.au] >Sent: Tuesday, 31 July 2001 12:42 >To: agent1@pacificaccess.com.au >Subject: WP-Technical [WPT2001073100000108196496] >--------------------------------------------------------------------- >Name: >Email: Roger.Clarke@xamax.com.au >--------------------------------------------------------------------- >Problem details > >Your site has been out of action for over 24 hours. > >I use: >http://text.whitepages.com.au/pages_t/schs_t.htm >from iCab on a Mac OS 9, with cookies accepted provided that they're from >the same server, and expired at end of session. >From: email@pacificaccess.com.au >Date: Tue, 31 Jul 2001 16:26:55 +1000 >Subject: RE: WP-Technical [WPT2001073100000108] >To: Roger.Clarke@xamax.com.au > >Dear Roger, > >Thank you for contacting us. > >Unfortunately White Pages Online and Yellow Pages Online are currently >experiencing technical difficulties. Appropriate action is being taken in >order to ensure that this situation is rectified as a matter of urgency. We >understand the frustration associated with this and apologise for any >inconvenience caused. > >Regards, > >Lisa >Pacific Access Online Customer Service >Visit our web sites at: www.yellowpages.com.au, >www.whitepages.com.au, www.whereis.com.au, >www.pacificaccess.com.au, www.goeureka.com.au >® & Registered trade mark and trade mark of Telstra Corporation >Limited > >PLEASE NOTE: Pacific Access Online Support has introduced a >Email Monitoring System to help respond to your queries more >efficiently. >For further reference to your correspondence please avoid >altering the subject field, which contains your email enquiry >number. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From brd@austarmetro.com.au Thu Aug 2 01:37:57 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Thu, 02 Aug 2001 11:37:57 +1000 Subject: [LINK] Talk is cheap References: Message-ID: <3B68AEF5.96DB2518@austarmetro.com.au> >Internet telephony and online conferencing provider Colloqui has been >awarded a $100,000 Federal Government grant to help commercialise its >flagship Internet software ChatStack which will dramatically reduce the >cost of voice and video communication. I thought this government was allergic to "picking winners". I wonder what's different about Colloqui. -- Where it is a duty to worship the sun it is pretty sure to be a crime to examine the laws of heat. -- Christopher Morley Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From Richard.Chirgwin@informa.com.au Thu Aug 2 02:11:59 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Thu, 2 Aug 2001 12:11:59 +1000 Subject: [LINK] VoIP not dead Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A4F@EXCHANGE_AU> Glen, I am now a user of VoIP - against my will, it was a corporate decision...it's not dead but it damn well should be. Shot and buried at midnight in an umarked grave is my vote. One of the IT industry's worst habits is to pitch emerging technologies on the basis of "buy now, we'll make it work sometime". This is what's happened with commercial-grade VoIP. Experience: 1) Too many simultaneous attempts to dial-out, and the servers can't handle the call setup load. Result: existing calls start experiencing strange artefacts. 2) Call quality is unpredictable at best. At worst, it's like using a mobile, driving through a tunnel, with a broken echo-canceller, and having a satellite link in the conversation all at once. 3) Despite repeated claims to the contrary by VoIP vendors, the feature set has fallen short of the aging PBX. For eg: there aren't enough call groups, so people can't answer each others' phones. For eg: the music-on-hold was only introduced a couple of months ago, is still version 1.0 and is flaky. For eg: some functions have migrated back to the administrator, so I can't set the number of rings before a divert (that's now an admin function). For eg: the UI adds unnecessary steps to an operation like call transfer. For eg: the new system only holds some settings for 24 hours, don't know why. 4) No price comparison factors in the matter of skills. PBXs had deskilled many normal operations - ie, they were designed to be sold with a minimum of knowledge and personnel at the installation end. Once the cables are pulled and the PBX is plugged in, configuration was a one-person job. OTOH, the VoIP system has needed an NT+SQL Server expert, a telephony expert, a router expert, and some weeks of installation, implementation, tuning, complaining, promises, and "it will get better when we upgrade the routers". Calls are cheaper, yes. About 1/2 of the phone bill now pays for people saying "what"? at each other. In short, the VoIP industry needs to go back and try again. Richard Chirgwin -----Original Message----- From: Glen Turner [mailto:glen.turner@aarnet.edu.au] Sent: Thursday, 2 August 2001 11:13 To: Anthony Healy Cc: Link List Subject: Re: [LINK] Foolish Grant Anthony Healy wrote: > > The grant is for commercialising emerging technology, yet Voice over IP > emerged some time ago, and died. Ozemail was doing this in 1995, with one of > the directors of this company in fact. I'm not sure in what whay you think Voice over IP is dead. If you do the sums for a greenfields site VoIP is now cheaper than a traditional corporate PBX. That's without counting the reduction in voice+data cabling. If you need to upgrade you PBX from one software version to the next, replacing the PBX with VoIP seems to be a break-even exercise. Obviously, PBX manufacturers will come under some pressure to lower their software charges. In the US, VoIP is popular with banks and other institutions with many branches as it allows the installation of just one WAN link for their SNA, PC and voice traffic. The Cisco 3600 series of routers is aimed at this branch-office market. Ericcson don't expect their traditional PBX, the MD110, to be competitive in the future and have announced the end of life for the architecture after one more major software release. That's the *architecture*, not just the MD110 product. In short, VoIP will be the corporate telephony standard in under five years. I doubt it will have much home pentration until the Customer Access Network is replaced. Even then you'd probably see analogue handsets running to a set-top box which also contains TV and Ethernet connectors. I've no idea what the company mentioned in doing, as I've never had contact with them. There are already some very good Australian companies developing VoIP software (Equivalence Pty Ltd springs to mind) so hopefully the company mentioned had to beat some seriously good competition to get the grant. Glen -- Glen Turner Network Engineer (08) 8303 3936 Australian Academic and Research Network glen.turner@aarnet.edu.au http://www.aarnet.edu.au/ -- The revolution will not be televised, it will be digitised From rachel@excitehome.com.au Thu Aug 2 02:37:22 2001 From: rachel@excitehome.com.au (Rachel Polanskis) Date: Thu, 2 Aug 2001 12:37:22 +1000 (EST) Subject: [LINK] OT: "closing the gap" Message-ID: In one of the Federal Govt's current ads for the "Gap", it shows a woman holding an umbrella over her head. As she "closes the gap" in the umbrella, you can just make out hidden strings that actually pull the gap in the brolly shut. I wonder if this is subliminal advertising to suggest that "closing the gap" will have "strings attached"? :) rachel -- Rachel Polanskis Optus/Excite@Home UNIX Administrator 100 Harris Street IT Operations Pyrmont, Sydney NSW rachel@excitehome.com.au Ph: (+61 2) 900 51144 From mischief@optushome.com.au Thu Aug 2 02:47:31 2001 From: mischief@optushome.com.au (Ralph Wallis) Date: Thu, 2 Aug 2001 12:47:31 +1000 Subject: [LINK] "New Laws: Thou Shalt Patch" Message-ID: <20010802124731.C4365@lanesbry.com> On Wed, Aug 01, 2001 at 03:06:03PM +1000, Howard Lowndes wrote: > I wonder if the answer might be a form of professional licencing. > > You need a licence to practice medicine. > You need a licence to practice law. > You need a licence to drive a car and it is graded. > You need a licence to fly a plane and it is also graded. > Any idiot can administer a network without any training or experience. > > Not true in the case of lawyers who work as employees. Most systems administrators work as employees, so by analogy would be exempt as well. The licencing of lawyers (and medicos i believe) and even builders, is required when they offer services to the public. Driving a car on your own property similarly requires no licence. Even on a driveway that connects to the public roads. From Roger.Clarke@xamax.com.au Thu Aug 2 03:10:40 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Thu, 2 Aug 2001 13:10:40 +1000 Subject: Fwd: Re: [LINK] Text based White Pages Message-ID: >From: Brenda Aynsley >> Howard Lowndes : >>> Has anyone tried to use the text based white pages at >>> http://text.whitepages.com.au/pages_t/schs_t.htm recently >>> >>> I get either: >>> "A system error has occurred" or >>> "The server is not responding" or >>> "Sorry, no locality matching RUTHERGLEN was found" Now everyone knows >>> that that is where the best port comes from. >> Roger replied: >> I reported it to them Tuesday afternoon. They responded promptly >>enough; but didn't fix it. The report and response are below. >> >>> The stupid thing is that their graphical interface at whitepages.com.au >>> works. >> >> And they didn't tell me that!!! > > >I suspect they dont know that it has changed to >http://www.whitepages.com.au/wp/search/search_text.jhtml - works for >me no problem > >lefthand /right hand stuff? > >i cant respond to the list from this address roger, you may want to >pass it on for me Sure does! -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From jack@backroad.com.au Thu Aug 2 03:19:37 2001 From: jack@backroad.com.au (Jack Gilding) Date: Thu, 02 Aug 2001 13:19:37 +1000 Subject: [LINK] Dotcom hype isn't dead... In-Reply-To: <3B68A684.DFC09F59@austarmetro.com.au> References: <9BD4AE8C2EB1D311982700508BA2498901573A46@EXCHANGE_AU> Message-ID: <200108020320.f723KTg22819@web.anu.edu.au> Linkers Looks like Coke might have pulled this gem off their website or it might just be a reorganisation. I couldnt find it at the URL brd gave. Google still has it listed and you can see a bit of the text in their cache but unfortunately not the whole article. Google search string is: coca-cola olive garden H2NO There is no search as such on http://customer.coke.com/ but I did ask "Hank the vRep" under "Ask Coca-Cola" who was very polite but couldn't answer any of my questions. Jack ====== At 11:01 AM 2/08/01 +1000, Bernard Robertson-Dunn wrote: >"Chirgwin, Richard" wrote: >> >> Love this Newsbytes report: >> >> Online Kids Have $60 Billion To Spend - Datamonitor > >If you have a look at the marketing style of companies such as Coca Cola, >then hype is a word that just isn't strong enough. > >Go to http://customer.coca-cola.com/html/olivegard_article_ss.html and read >the language that they use when trying to convince cutomers not to drink >water. > > >Water ... contributes to a dull dining experience for the customer. > >... train crews to sell alternative choices to tap water ... with the goal >of increasing overall guest satisfaction. > >... less water and more beverage choices mean happier customers. > >Olive Garden restaurants ... were facing a high water incidence rate. > >Olive Garden's goal was to influence customers to abandon their default >choice of tap water and experience other beverage choices to improve >their dining experience. > >CCUSA-Fountain ... suggested a tap water reduction program named H2NO. > > >-- >A man is crawling through the Sahara desert when he is approached by >another man riding on a camel. When the rider gets close enough, >the crawling man whispers through his sun-parched lips, >"Water... please... can you give...water..." > >"I'm sorry," replies the man on the camel, "I don't have any water with >me. But I'd be delighted to sell you a necktie." > >"Tie?" whispers the man. "I need *water*." > >"They're only four dollars apiece." > >"I need *water*." > >"Okay, okay, say two for seven dollars." > >"Please! I need *water*!", says the man. > >"I don't have any water, all I have are ties," replies the salesman, >and he heads off into the distance. > >The man, losing track of time, crawls for what seems like days. > >Finally, nearly dead, sun-blind and with his skin peeling and blistering, >he sees a restaurant in the distance. Summoning the last of his strength >he staggers up to the door and confronts the head waiter. > >"Water... can I get... water," the dying man manages to stammer. > >"I'm sorry, sir, ties required." > >Regards >brd > >Bernard Robertson-Dunn >Canberra Australia >brd@dynamite.com.au >brd@austarmetro.com.au > end ============================================================= Jack Gilding mailto:jack@backroad.com.au Backroad Connections Pty Ltd http://www.backroad.com.au RSD 1344 Korweinguboora VIC 3461 phone: 03 5348 6651 Australia fax: 03 5348 6671 ABN: 64 090 245 382 From grog@lemis.com Thu Aug 2 03:34:01 2001 From: grog@lemis.com (Greg Lehey) Date: Thu, 2 Aug 2001 13:04:01 +0930 Subject: [LINK] Re: [Oz-ISP] Code Red (again!): call to lurking journos In-Reply-To: ; from saliya@hinet.net.au on Thu, Aug 02, 2001 at 08:47:03AM +1000 References: Message-ID: <20010802130401.D4652@wantadilla.lemis.com> On Thursday, 2 August 2001 at 8:47:03 +1000, Saliya Wimalaratne wrote: > People, > > "Code Red" has, of course, hit the news. > > > > I haven't seen "Microsoft" or "IIS" mentioned in ANY of the news reports > about this virus, which can mean one of two things: > > 1) you don't know the truth > 2) you're scared to tell the truth 3) You're listening to the wrong news. All the news reports I've heard have mentioned Microsoft. Greg -- Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers From thealy@magna.com.au Thu Aug 2 03:35:00 2001 From: thealy@magna.com.au (Anthony Healy) Date: Thu, 2 Aug 2001 13:35:00 +1000 Subject: [LINK] Licencing In-Reply-To: Message-ID: Howard Lowndes wrote: > I wonder if the answer might be a form of professional licencing. > Any idiot can administer a network without any training or experience. I'm not sure it's the actual staff who are to blame. It's organisational management who hire the cheapest person they can find, fail to give them enough time to do their job and tell them not to worry about the details. I would licence management. Regards, Tony Healy -------- This ease of use gave the Microsoft program manager a favorable impression of the program right off the bat. Now, when Microsoft gets a favorable impression of a program right off the bat, they shell out $150 million or so. Joel Eschler (www.joelonsoftware.com) From thealy@magna.com.au Thu Aug 2 03:35:28 2001 From: thealy@magna.com.au (Anthony Healy) Date: Thu, 2 Aug 2001 13:35:28 +1000 Subject: [LINK] Licencing ... In-Reply-To: <20010802095158.I32586@taz.net.au> Message-ID: Re licencing, and talking about software engineers rather than network managers, there has been a big debate on licencing in the US, leading to the prestigious ACM *formally* opposing it. http://www.acm.org/serving/se_policy/selep_main.html#executive_summary Regards, Tony Healy -------- To the Bear, there was nothing so beautiful as a formation landing of helicopters - not only for the physical beauty of the formation's geometric order, but for the determination and purpose they showed, driving downward into whatever might lay ahead. There was no need for them to be so close, and yet, because they were, they were a beautiful sight, those ten ships driving down as one. The diamonds glistened, as the sun caught the rotor blades, like the patterns on a snake's back. Adapted from William Holland: Let a Soldier Die From saliya@hinet.net.au Thu Aug 2 03:45:58 2001 From: saliya@hinet.net.au (Saliya Wimalaratne) Date: Thu, 2 Aug 2001 13:45:58 +1000 (EST) Subject: [LINK] Re: [Oz-ISP] Code Red (again!): call to lurking journos In-Reply-To: <20010802130401.D4652@wantadilla.lemis.com> Message-ID: On Thu, 2 Aug 2001, Greg Lehey wrote: > 3) You're listening to the wrong news. > > All the news reports I've heard have mentioned Microsoft. Just as a followup: I've received a number of reports of people seeing this on the ABC news; and on 2BL, and JJJ. News on the J's this morning mentioned Code Red; no MS or IIS. News on commercial TV night-before-last and last night mentioned Code Red, no MS or IIS. I was looking/listening specifically for it at the time. ... perhaps it was just bad luck that they omitted the *only pertinent details* from the stories that I saw/heard ? Saliya From Fred.Pilcher@act.gov.au Thu Aug 2 03:49:56 2001 From: Fred.Pilcher@act.gov.au (Pilcher, Fred) Date: Thu, 2 Aug 2001 13:49:56 +1000 Subject: [LINK] VoIP not dead Message-ID: <9F7F0A389219D411BDA900A0C9F2D6140430EE4A@cal013.dpa.act.gov.au> My only experience of VOIP was to test it with a friend in Melbourne. We were both using dial-up connections and Netmeeting (yes, yes - I know). Richard said: >2) Call quality is unpredictable at best. At worst, it's like using a >mobile, driving through a tunnel, with a broken echo-canceller, and having a >satellite link in the conversation all at once. It wasn't nearly that good for us. We stuck with it for almost an hour, assuming that the problem had to be with our settings since it couldn't possibly be that bad. But nothing we did improved it. During the entire time I suppose we exchanged about a dozen words, though they tended to be at random intervals and totally disconnected from the sentences of which they were originally a part. We were even silly enough to try video for few minutes but, of course, that simply put an end to any semblance of voice connection at all. *Was* it our settings, Netmeeting's implementation, or is it simply a crock over a 28k dialup connection? Fred From Richard.Chirgwin@informa.com.au Thu Aug 2 05:01:25 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Thu, 2 Aug 2001 15:01:25 +1000 Subject: [LINK] VoIP not dead Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A56@EXCHANGE_AU> I think trying to use 28.8 *may* have been optimistic. Heaven knows, a 2M link seems to be having trouble... RC -----Original Message----- From: Pilcher, Fred [mailto:Fred.Pilcher@act.gov.au] Sent: Thursday, 2 August 2001 13:50 To: Link List Subject: RE: [LINK] VoIP not dead My only experience of VOIP was to test it with a friend in Melbourne. We were both using dial-up connections and Netmeeting (yes, yes - I know). Richard said: >2) Call quality is unpredictable at best. At worst, it's like using a >mobile, driving through a tunnel, with a broken echo-canceller, and having a >satellite link in the conversation all at once. It wasn't nearly that good for us. We stuck with it for almost an hour, assuming that the problem had to be with our settings since it couldn't possibly be that bad. But nothing we did improved it. During the entire time I suppose we exchanged about a dozen words, though they tended to be at random intervals and totally disconnected from the sentences of which they were originally a part. We were even silly enough to try video for few minutes but, of course, that simply put an end to any semblance of voice connection at all. *Was* it our settings, Netmeeting's implementation, or is it simply a crock over a 28k dialup connection? Fred From lannet@lannet.com.au Thu Aug 2 05:05:38 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Thu, 2 Aug 2001 15:05:38 +1000 (EST) Subject: [LINK] Re: [Oz-ISP] Code Red (again!): call to lurking journos In-Reply-To: Message-ID: Our local ABC had the expert from the local uni on and he really served it up as it is. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Thu, 2 Aug 2001, Saliya Wimalaratne wrote: > On Thu, 2 Aug 2001, Greg Lehey wrote: > > > 3) You're listening to the wrong news. > > > > All the news reports I've heard have mentioned Microsoft. > > Just as a followup: > > I've received a number of reports of people seeing this on the ABC news; > and on 2BL, and JJJ. > > News on the J's this morning mentioned Code Red; no MS or IIS. > News on commercial TV night-before-last and last night mentioned Code Red, > no MS or IIS. > > I was looking/listening specifically for it at the time. > > ... perhaps it was just bad luck that they omitted the *only pertinent > details* from the stories that I saw/heard ? > > Saliya > > ---- > Email "unsubscribe aussie-isp" to majordomo@aussie.net to be removed. > From lannet@lannet.com.au Thu Aug 2 05:13:29 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Thu, 2 Aug 2001 15:13:29 +1000 (EST) Subject: [LINK] Licencing In-Reply-To: Message-ID: Which is precisely why licencing would work. If you didn't have a licenced practitioner on staff, or on contract, then you land in the mire -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Thu, 2 Aug 2001, Anthony Healy wrote: > > > Howard Lowndes wrote: > > I wonder if the answer might be a form of professional licencing. > > Any idiot can administer a network without any training or experience. > > I'm not sure it's the actual staff who are to blame. It's organisational > management who hire the cheapest person they can find, fail to give them > enough time to do their job and tell them not to worry about the details. I > would licence management. > > Regards, Tony Healy > > -------- > > This ease of use gave the Microsoft program manager a favorable impression > of the program right off the bat. Now, when Microsoft gets a favorable > impression of a program right off the bat, they shell out $150 million or > so. Joel Eschler (www.joelonsoftware.com) > From brd@austarmetro.com.au Thu Aug 2 05:21:05 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Thu, 02 Aug 2001 15:21:05 +1000 Subject: [LINK] Dotcom hype isn't dead... References: <9BD4AE8C2EB1D311982700508BA2498901573A46@EXCHANGE_AU> <200108020320.f723KTg22819@web.anu.edu.au> Message-ID: <3B68E341.199B4F51@austarmetro.com.au> Jack Gilding wrote: > > Linkers > > Looks like Coke might have pulled this gem off their website or it might > just be a reorganisation. I couldnt find it at the URL brd gave. I can't see it now either. I found the URL at www.memepool.com. Maybe Coke didn't like the publicity it has attracted, or their server has been overloaded, or Code Red has struck. If you try customer.coca-cola.com you get a 140k flash which is very coke red. Maybe there is a connection with that well known worm (he says in his best Erich Von Daniken style) -- It has long been known that birds will occasionally build nests in the manes of horses. The only known solution to this problem is to sprinkle baker's yeast in the mane, for, as we all know, yeast is yeast and nest is nest, and never the mane shall tweet. -- unknown Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From brd@austarmetro.com.au Thu Aug 2 05:40:06 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Thu, 02 Aug 2001 15:40:06 +1000 Subject: [LINK] Red alert (The Economist) Message-ID: <3B68E7B6.533E4DE2@austarmetro.com.au> Red alert Aug 1st 2001 >From The Economist Global Agenda http://www.economist.com/agenda/displayStory.cfm?story_id=718547 Organisations around the world have scrambled to protect their computers against a malicious program called Code Red, but so far the alert has turned out to be more hype than horror. One day, however, Internet saboteurs may succeed in causing mayhem ..... -- It turned out that the worm exploited three or four different holes in the system. From this, and the fact that we were able to capture and examine some of the source code, we realized that we were dealing with someone very sharp, probably not someone here on campus. -- Dr. Richard LeBlanc, associate professor of ICS, in Georgia Tech's campus newspaper after the Internet worm. Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From bonfire@bur.st Thu Aug 2 05:55:11 2001 From: bonfire@bur.st (Paul Day) Date: Thu, 2 Aug 2001 13:55:11 +0800 (WST) Subject: [LINK] VoIP not dead In-Reply-To: <9F7F0A389219D411BDA900A0C9F2D6140430EE4A@cal013.dpa.act.gov.au> Message-ID: On Thu, 2 Aug 2001, Pilcher, Fred wrote: > My only experience of VOIP was to test it with a friend in Melbourne. We > were both using dial-up connections and Netmeeting (yes, yes - I know). > > *Was* it our settings, Netmeeting's implementation, or is it simply a crock > over a 28k dialup connection? I'm not too sure what you guys are doing, but I use VoIP (NetMeeting - H.323) to call across the planet (family in Canada) using 56k v.90 modems with no problems at all. Call quality is excellent, better and more consistent than a normal telephone conversation. The only draw-back is the extra latency, which is generally much better on a telephone conversation. Added bonus: I get to see the family because they have a cheap camera at their end. International telephone bill dropped considerably. However, with a cheap/dodgey ISP it's harldy worth loading NetMeeting up. At the other end of the spectrum, VoIP in a corporate network envrionment is only beginning to take off and that's where it really does it's stuff. Decent amounts of bandwidth to work with and routers with good QoS queuing. And most importantly, it saves them money (dispate the initial high cost of equipment - IP-Phones arne't cheap). The US's Office Inspector General (the body that overseas the US postal sevrice to make it more effecienct and reduce fraud) reduced their telecommunications costs by 40% by combining two networks into one and rolling out VoIP to all their offices. Closer to home, WA's largest ISP, iiNet (now national), has rolled VoIP out across the entire company, after starting with a few of their external offices over the last two years. At one stage they even had local support numbers at their remote POPs which then got transported up to the central call centre using VoIP over DDS (cheaper than a 13 number and stops the customer paying STD). VoIP is only just beggining to flourish, and with more routers now supporting good QoS protocols, it will only get bigger. In the corporate world: it works and more importantly, it saves money. PD -- Paul Day Web: www.bur.st/~bonfire PGP-key: www.bur.st/~bonfire/pk.txt From brd@austarmetro.com.au Thu Aug 2 05:56:24 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Thu, 02 Aug 2001 15:56:24 +1000 Subject: [LINK] Code Red - a Red Herring. Message-ID: <3B68EB88.8CB8A824@austarmetro.com.au> Seen on Politech From: WMadsen777@aol.com Date: Wed, 1 Aug 2001 15:01:06 EDT Subject: Code Red = Red Herring Update To: jstanton@ndia.org, Washauthor@aol.com, VGSmith@sar.med.navy.mil, DRFagg@aol.com, banisar@2rad.net, wrodger@home.net, john.m.hamlet@lmco.com, hoofnagle@epic.org, Juhani.Saari@pp.inet.fi, HQ2600@aol.com, LMcNulty@cyberhost.com, speacock@warren-news.com, declan@well.com CODE RED ­ A RED HERRING Wayne Madsen 30 July 2001 Washington, DC Here we go again folks. The White House, NSA, and National Infrastructure Protection Center (NIPC) are warning of a dangerous new Internet worm called "Code Red." We've been here before. Just last year, we were all treated to the impending doom caused by a series of "Distributed Denial of Service Attacks" that resulted in a host of web sites going down. Imagine the disruption to the nation's infrastructure caused by someone's failure to auction off their great grandmother's curios on e-Bay. Conveniently, a few weeks after the dreaded attacks on the dot coms (many of which are now dot gones ­ and it wasn't a result of hackers), President Clinton hosted a cyber-security roundtable at the White House. The gloom and doom sayers pointed out why the nation was on the verge of an "electronic Pearl Harbor." Chief among them was Richard Clarke, the National Security Council's "Dr. Strangelove" of cyber-security. However, it is not an e-Pearl Harbor we must be concerned about but an e-Reichstag Fire. Back in 1933, Hitler's Propaganda Minister Joseph Goebbels, a pioneer of perception management, hired a bunch of Nazi hooligans to burn down the Reichstag. The next day, while the German Parliament was still smoldering, the Nazis passed the Reichstag Decree, which effectively relegated the German Constitution and all of its civil liberty provisions to the toilet. But would the United States take advantage of such a situation in cyber-space to advance a secret agenda? They've probably already done so. Back in 1988, the Internet was treated to its first worm. Programmed and launched by Robert Morris, Jr., the worm crippled hundreds of thousands of computers connected to the Internet. It just so happened that young Mr. Morris's dad was the Chief Scientist at NSA ­ during a period when the agency was feverishly trying to test the vulnerabilities of various operating systems and application programs. But that was then, and Code Red is now. We are told that Code Red only affects web sites relying on Windows NT and Windows 2000. Of course, why would any self-respecting 24-hour cable news network want to show a housewife trying to struggle with a virus-infected home computer operating Windows 95? Better to capture viewers' attention with hordes of computer programmers and managers wrestling with downed web sites at Ford, Xerox, Charles Schwab, and Amazon.com. And that's the way the government (and apparently Microsoft) wants it. Microsoft, the humbled post-anti trust suit corporate giant, seems to be cozying up with the Feds and their cyber-security agenda as of late. At a recent Interagency Technical Forum at the National Institute of Standards and Technology (NIST), Microsoft's director of Mobile Code Security revealed that Microsoft now maintains a full-time resident office at NSA headquarters with a fully-cleared staff. Even the term Code Red is a red herring. Just like Distributed Denial of Service attack, it is more out of the Pentagon's lexicon than that of computer crackers. Code Red is just too campy ­ seems like it belongs in the same league with the movies "Deep Impact" and "Armageddon." But Code Red is just the kind of term that might impress our otherwise attention deficit disordered President. Computer crackers, of course, like to be a bit more original and artsy, opting for terms like "Melissa," "Back Orifice," and "Michaelangelo" How many original code names ever came out of NSA? "Echelon," for example. Boring! Now Code Red, that's something that could have been conjured up by the Faulkners of the Fort! Why the Code Red hoopla? Well, in a few weeks, President Bush (with Dick Cheney looming over his shoulder) will be issuing a new Executive Order on Cyber-Security. He will appoint an inter-agency Cybersecurity and Continuity of Operations Board and his current cyber-security guru Clarke stands a good chance of being selected chairman. If so, Clarke will have transcended three administrations in essentially the same executive branch job ­ a record surpassed only by FBI Director J. Edgar Hoover. And tomorrow NIPC head Ron Dick gets a jump start on things with a press conference on cyber security at the National Press Club. Hyping Code Red is a sure fire way to ensure the conference is covered by all the talking head networks. And it does not hurt that today, while FBI Director designate Robert Mueller is fielding some questions on what the FBI will do on cyber security during his Senate conformation hearings, Code Red is a backdrop. Coming on the heels of the G8 Summit in Genoa, Code Red also bolsters one of the items on the agenda of the leaders. It was at the G8 Summit in Lyon in 1996, that the leaders first put cyber crime on their docket, a decision that was ultimately manifested in the Council of Europe's soon-to-be-enacted Cyber Crime Treaty. When enacted, the treaty will enable police agencies to reach beyond borders to seize Internet communications record traffic. The anti-globalization Genoa Social Forum got a taste of what is to come when Italian police stormed their headquarters and seized computer disks and Inte rnet traffic records. This past April, the FBI, acting on behalf of the Canadian police, seized similar records from the Independent Media Center in Seattle after the Summit of the Americas in Quebec. Not to be outdone by his peers, British Prime Minister Tony Blair ­ who resembles Big Brother more and more every day ­ hurried back to London to urge Parliament to pass a bill that would equate computer hacking with terrorism. Perception Management actually was part and parcel of the agenda of the same coterie of Pentagon brass and Beltway Bandits who dreamt up information warfare in the first place. They knew to be successful, the public would have to be force fed large diets of disinformation and sensationalized news. Ah, Dr. Goebbels would be so proud of them. So in the meantime, we should all head for hills. Because just like Y2K, our government says our American Way of life is threatened by unknown computer toxins. Time to erect our Computer Defense Shield. Fear is the greatest weapon but the truth is the greater defense! POSTSCRIPT: Not getting the media bounce from the 8:00 PM EST Code Red meltdown hour on July 31 (nothing happened!), the FBI began spinning the story the very next morning that 22,000 computers had been hit with Code Red. Considering that viruses and worms probably strike many more computers than that on any given day, 22,000 is a relatively low number. The cyber-security perception management machinery was also put into high gear in the August 1 edtion of The Washington Times. A story by Ben Barber hyped the threat posed by Palestinian computer users who have launched a so-called "cyber-Jihad" against Israeli government and corporate computers. The article states that the U.S. government-funded firms RAND and iDefense are urging the United States to adopt the same cyber defenses as those used in Israel. And the article gives us the potential next phase of the U.S. government's perception management campaign: Palestinian sites will start distributing viruses aimed at the United States -- one Palestinian site is blamed for distributing the Love Bug and Melissa viruses. If one remembers, however, Love Bug originated in the Philippines while Melissa came from Trenton, New Jersey. They are a long way off from Nablus and Ramallah on the West Bank. Even in pseudo cyber-war, the truth is the greatest casualty! -- Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From gtaylor@efa.org.au Thu Aug 2 06:18:35 2001 From: gtaylor@efa.org.au (Greg Taylor) Date: Thu, 02 Aug 2001 16:18:35 +1000 Subject: [LINK] (fwd) Why the "Code Red" worm is a red herring Message-ID: <4.3.2.7.1.20010802161522.04b03fd8@pop.gil.com.au> Forwarded from Declan's Politech list. Wayne Madsen is a former NSA spy who now wears a white hat (working for EPIC), and he knows a thing or two about these matters. Greg ------------------------------------------------------- From: WMadsen777@aol.com Date: Wed, 1 Aug 2001 15:01:06 EDT Subject: Code Red = Red Herring Update CODE RED ­ A RED HERRING Wayne Madsen 30 July 2001 Washington, DC Here we go again folks. The White House, NSA, and National Infrastructure Protection Center (NIPC) are warning of a dangerous new Internet worm called "Code Red." We've been here before. Just last year, we were all treated to the impending doom caused by a series of "Distributed Denial of Service Attacks" that resulted in a host of web sites going down. Imagine the disruption to the nation's infrastructure caused by someone's failure to auction off their great grandmother's curios on e-Bay. Conveniently, a few weeks after the dreaded attacks on the dot coms (many of which are now dot gones ­ and it wasn't a result of hackers), President Clinton hosted a cyber-security roundtable at the White House. The gloom and doom sayers pointed out why the nation was on the verge of an "electronic Pearl Harbor." Chief among them was Richard Clarke, the National Security Council's "Dr. Strangelove" of cyber-security. However, it is not an e-Pearl Harbor we must be concerned about but an e-Reichstag Fire. Back in 1933, Hitler's Propaganda Minister Joseph Goebbels, a pioneer of perception management, hired a bunch of Nazi hooligans to burn down the Reichstag. The next day, while the German Parliament was still smoldering, the Nazis passed the Reichstag Decree, which effectively relegated the German Constitution and all of its civil liberty provisions to the toilet. But would the United States take advantage of such a situation in cyber-space to advance a secret agenda? They've probably already done so. Back in 1988, the Internet was treated to its first worm. Programmed and launched by Robert Morris, Jr., the worm crippled hundreds of thousands of computers connected to the Internet. It just so happened that young Mr. Morris's dad was the Chief Scientist at NSA ­ during a period when the agency was feverishly trying to test the vulnerabilities of various operating systems and application programs. But that was then, and Code Red is now. We are told that Code Red only affects web sites relying on Windows NT and Windows 2000. Of course, why would any self-respecting 24-hour cable news network want to show a housewife trying to struggle with a virus-infected home computer operating Windows 95? Better to capture viewers' attention with hordes of computer programmers and managers wrestling with downed web sites at Ford, Xerox, Charles Schwab, and Amazon.com. And that's the way the government (and apparently Microsoft) wants it. Microsoft, the humbled post-anti trust suit corporate giant, seems to be cozying up with the Feds and their cyber-security agenda as of late. At a recent Interagency Technical Forum at the National Institute of Standards and Technology (NIST), Microsoft's director of Mobile Code Security revealed that Microsoft now maintains a full-time resident office at NSA headquarters with a fully-cleared staff. Even the term Code Red is a red herring. Just like Distributed Denial of Service attack, it is more out of the Pentagon's lexicon than that of computer crackers. Code Red is just too campy ­ seems like it belongs in the same league with the movies "Deep Impact" and "Armageddon." But Code Red is just the kind of term that might impress our otherwise attention deficit disordered President. Computer crackers, of course, like to be a bit more original and artsy, opting for terms like "Melissa," "Back Orifice," and "Michaelangelo" How many original code names ever came out of NSA? "Echelon," for example. Boring! Now Code Red, that's something that could have been conjured up by the Faulkners of the Fort! Why the Code Red hoopla? Well, in a few weeks, President Bush (with Dick Cheney looming over his shoulder) will be issuing a new Executive Order on Cyber-Security. He will appoint an inter-agency Cybersecurity and Continuity of Operations Board and his current cyber-security guru Clarke stands a good chance of being selected chairman. If so, Clarke will have transcended three administrations in essentially the same executive branch job ­ a record surpassed only by FBI Director J. Edgar Hoover. And tomorrow NIPC head Ron Dick gets a jump start on things with a press conference on cyber security at the National Press Club. Hyping Code Red is a sure fire way to ensure the conference is covered by all the talking head networks. And it does not hurt that today, while FBI Director designate Robert Mueller is fielding some questions on what the FBI will do on cyber security during his Senate conformation hearings, Code Red is a backdrop. Coming on the heels of the G8 Summit in Genoa, Code Red also bolsters one of the items on the agenda of the leaders. It was at the G8 Summit in Lyon in 1996, that the leaders first put cyber crime on their docket, a decision that was ultimately manifested in the Council of Europe's soon-to-be-enacted Cyber Crime Treaty. When enacted, the treaty will enable police agencies to reach beyond borders to seize Internet communications record traffic. The anti-globalization Genoa Social Forum got a taste of what is to come when Italian police stormed their headquarters and seized computer disks and Inte rnet traffic records. This past April, the FBI, acting on behalf of the Canadian police, seized similar records from the Independent Media Center in Seattle after the Summit of the Americas in Quebec. Not to be outdone by his peers, British Prime Minister Tony Blair ­ who resembles Big Brother more and more every day ­ hurried back to London to urge Parliament to pass a bill that would equate computer hacking with terrorism. Perception Management actually was part and parcel of the agenda of the same coterie of Pentagon brass and Beltway Bandits who dreamt up information warfare in the first place. They knew to be successful, the public would have to be force fed large diets of disinformation and sensationalized news. Ah, Dr. Goebbels would be so proud of them. So in the meantime, we should all head for hills. Because just like Y2K, our government says our American Way of life is threatened by unknown computer toxins. Time to erect our Computer Defense Shield. Fear is the greatest weapon but the truth is the greater defense! POSTSCRIPT: Not getting the media bounce from the 8:00 PM EST Code Red meltdown hour on July 31 (nothing happened!), the FBI began spinning the story the very next morning that 22,000 computers had been hit with Code Red. Considering that viruses and worms probably strike many more computers than that on any given day, 22,000 is a relatively low number. The cyber-security perception management machinery was also put into high gear in the August 1 edtion of The Washington Times. A story by Ben Barber hyped the threat posed by Palestinian computer users who have launched a so-called "cyber-Jihad" against Israeli government and corporate computers. The article states that the U.S. government-funded firms RAND and iDefense are urging the United States to adopt the same cyber defenses as those used in Israel. And the article gives us the potential next phase of the U.S. government's perception management campaign: Palestinian sites will start distributing viruses aimed at the United States -- one Palestinian site is blamed for distributing the Love Bug and Melissa viruses. If one remembers, however, Love Bug originated in the Philippines while Melissa came from Trenton, New Jersey. They are a long way off from Nablus and Ramallah on the West Bank. Even in pseudo cyber-war, the truth is the greatest casualty! ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- From rick@praxis.com.au Thu Aug 2 06:31:00 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Thu, 2 Aug 2001 16:31:00 +1000 (EST) Subject: [LINK] Code Red - a Red Herring. In-Reply-To: <3B68EB88.8CB8A824@austarmetro.com.au> Message-ID: Looks like the Red Herring is a Red Herring ... On Thu, 2 Aug 2001, Bernard Robertson-Dunn wrote: > Seen on Politech Yup. [schnippe] > would any self-respecting 24-hour cable news network want to show a > housewife trying to struggle with a virus-infected home computer operating > Windows 95? Better to capture viewers' attention with hordes of computer > programmers and managers wrestling with downed web sites at Ford, Xerox, > Charles Schwab, and Amazon.com. Amazon.com runs on Unix using Apache/Stronghold. Schwab runs on Solaris using Netscape-Enterprise. Interestingly, the websites for Ford USA, Ford Canada and Ford UK were offline when I first checked five minutes ago. But now: Ford.com, Ford.ca and For.co.uk are running Microsoft-IIS on Windows 2000. Well, 1 out 3 ain't good. I presume the Ford sites are bouncing around their respective ops rooms like rubber balls. > POSTSCRIPT: > > Not getting the media bounce from the 8:00 PM EST Code Red meltdown hour on > July 31 (nothing happened!), the FBI began spinning the story the very next > morning that 22,000 computers had been hit with Code Red. Considering that > viruses and worms probably strike many more computers than that on any > given day, 22,000 is a relatively low number. Crap. My home network and a that of a fellow worker are getting hit with the exploit all day today. The exploit looks like this: GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a Cheeries, Rick W _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From rick@praxis.com.au Thu Aug 2 06:38:28 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Thu, 2 Aug 2001 16:38:28 +1000 (EST) Subject: [LINK] Code Red - a Red Herring. In-Reply-To: Message-ID: On Thu, 2 Aug 2001, Rick Welykochy wrote: > I presume the Ford sites are bouncing around their respective ops rooms > like rubber balls. Further to this, for a shocking graph of Ford.com's recent performance: _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From Rik.Harris@fulcrum.com.au Thu Aug 2 06:50:17 2001 From: Rik.Harris@fulcrum.com.au (Rik Harris) Date: Thu, 2 Aug 2001 16:50:17 +1000 Subject: [LINK] VoIP not dead In-Reply-To: <9BD4AE8C2EB1D311982700508BA2498901573A4F@EXCHANGE_AU>; from Chirgwin, Richard on Thu, Aug 02, 2001 at 12:11:59PM +1000 References: <9BD4AE8C2EB1D311982700508BA2498901573A4F@EXCHANGE_AU> Message-ID: <20010802165017.K1882@fulcrum.com.au> On Thu, Aug 02, 2001 at 12:11:59PM +1000, Chirgwin, Richard wrote: > Glen, > > I am now a user of VoIP - against my will, it was a corporate > decision...it's not dead but it damn well should be. Shot and buried at > midnight in an umarked grave is my vote. ... some not very good experiences deleted ... This all sounds like a criticism of an implementation, not of the technology. Of course, many of the cost justifications for VoIP assume a cheap implementation where that usually needs the words "and nasty" appended. We too have tried VoIP and found it unsuitable *for us*. Our cost/benefit analysis directed us to a more traditional PBX rather than persuing VoIP further. But I'm not going to bit-bucket the entire technology just because the cost/benefit to do VoIP properly doesn't yet work for a company in our current circumstances. > One of the IT industry's worst habits is to pitch emerging technologies on > the basis of "buy now, we'll make it work sometime". I agree with you on this point. IT vendor hype does sometimes outstrip reality. > OTOH, the VoIP system has needed an NT+SQL Server expert, a telephony > expert, a router expert, and some weeks of installation, implementation, > tuning, complaining, promises, and "it will get better when we upgrade the > routers". Again, implementation. Many PBX vendors are incorporating VoIP into their products and most, if not all, of this detail is hidden in exactly the same way their inter-PBX trunking protocols are hidden - fairly open, but most people don't have to worry about it. Telco vendors are generally better at doing this than IT vendors ;-) rik. -- ~ Specialists in IT Infrastructure ~ * Managed Services * Consulting * Product Supply & Support * Rik Harris The Fulcrum Group of Companies Chief Technology Officer Level 8, 628 Bourke Street ph: +61-3-8601-6100 Melbourne VIC 3000 fx: +61-3-8601-6199 Australia From peterc@arquebus.com.au Thu Aug 2 07:01:31 2001 From: peterc@arquebus.com.au (Peter J. Cherny) Date: Thu, 02 Aug 2001 17:01:31 +1000 Subject: [LINK] Code Red In-Reply-To: <3B68EB88.8CB8A824@austarmetro.com.au> Message-ID: <3.0.5.32.20010802170131.00b4b330@203.20.87.97> The messages I've seen posted on Link suggest that CodeRed has not been an issue in the last 24hrs. THIS IS NOT CORRECT ! see http://www.caida.org/analysis/security/code-red/aug1-live-hosts.gif On my own (local) couple of /24s, I'm seeing >10 probes/sec, not insignificant accross a couple B channels ! From rick@praxis.com.au Thu Aug 2 07:33:23 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Thu, 02 Aug 2001 17:33:23 +1000 Subject: [LINK] Code Red - a Red Herring. References: Message-ID: <3B690243.1980A5A7@praxis.com.au> Rick Welykochy wrote: > [schnippe] > > > would any self-respecting 24-hour cable news network want to show a > > housewife trying to struggle with a virus-infected home computer operating > > Windows 95? Better to capture viewers' attention with hordes of computer > > programmers and managers wrestling with downed web sites at Ford, Xerox, > > Charles Schwab, and Amazon.com. > > Amazon.com runs on Unix using Apache/Stronghold. > Schwab runs on Solaris using Netscape-Enterprise. and Xerox runs on Solaris using Netscape-Enterprise. > Well, 1 out 3 ain't good. Make that 1 out of 4. -- _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From jbiddle@farroad.com Thu Aug 2 09:11:20 2001 From: jbiddle@farroad.com (John Biddle) Date: Thu, 2 Aug 2001 19:11:20 +1000 Subject: [LINK] Motor Vehicle Software Systems Message-ID: <363E5F11E821D54490272C2533E1BF78B9CF@FARROAD-SRV1.farroad.com> This is a multi-part message in MIME format. ---------------------- multipart/mixed attachment Anthony wrote: > Currently, the engineers and researchers working on these applications are > very switched on folks, critically aware of safety, redundancy and so on. > However if dopes from business-software markets get involved, we will almost > certainly see people killed and injured Perhaps it's already (almost) happened here! Subaru Australia has recently been recalling the Vehicle Dynamics Control firmware in the newish Subaru Outback H6 (all wheel drive). This software is used to automatically apply power & braking independently to each wheel to counter the effects of over-aggressive driving habits (not mine, of course). The intended outcome is to maintain stability of the vehicle under slippery conditions. The system tries to measure the load on each wheel, rotation speed, incline etc. & uses all of this instantaneously to actively control the wheel systems (or so i have read in my owner's manual). The problem, it appears, from reading the recall letter, is that when the (pre-recall) vehicle is used for towing a heavy trailer downhill on a bend, the software mistakenly thinks that it is undergoing a completely different manoevre & produces an effect similar to driving on oily glass with three flat tires. I was told by Subaru Australia that the software & whole system had been tested successfully in thousands of situations, except for, it appears, the one described above. Perhaps the Subaru web design team have been job sharing in engineering? john w biddle far road pty ltd aspiration to experience -----Original Message----- From: owner-link@www.anu.edu.au [mailto:owner-link@www.anu.edu.au]On Behalf Of Anthony Healy Sent: 02 August, 2001 10:10 AM To: Link List Subject: RE: [LINK] Motor Vehicle Software Systems Grant wrote: > Ford Motor Co. produces a car with a defect. The defect turns out > be a possible source of injury. The result: Ford is *legally liable* > to recall and fix said vehicles. Probably won't be far off. Software is moving fast into cars and trucks for: 1. in-car systems such as navigation, email and other horrors 2. driving automation including lane-keeping and collision avoidance 3. drive-by-wire, analagous to aviation's fly-by-wire Currently, the engineers and researchers working on these applications are very switched on folks, critically aware of safety, redundancy and so on. However if dopes from business-software markets get involved, we will almost certainly see people killed and injured. Regards, Tony Healy -------- Now the trouble comes when you can't think of any new features, so you put in the paperclip, and then you take out the paperclip, and you try to charge people both times, and they aren't falling for it. Joel Eschler(www.joelonsoftware.com) ---------------------- multipart/mixed attachment A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 5500 bytes Desc: not available Url : http://mailman.anu.edu.au/pipermail/link/attachments/4cf766bf/attachment.bin ---------------------- multipart/mixed attachment-- From luke@burton.net Thu Aug 2 11:18:35 2001 From: luke@burton.net (Luke Burton) Date: Thu, 2 Aug 2001 21:18:35 +1000 (EST) Subject: [LINK] Where's the blame? (was: Code Red (again!): call to lurking journos) In-Reply-To: Message-ID: On Thu, 2 Aug 2001, Saliya Wimalaratne wrote: > News on the J's this morning mentioned Code Red; no MS or IIS. > News on commercial TV night-before-last and last night mentioned Code Red, > no MS or IIS. The press seem to have also been unusually reticent when it comes to allocating blame. I mean, we simply haven't had worms of this magnitude propagate through anything but a Microsoft system. Yet I haven't read of anyone being pissed off at MS because of it. The FBI is out there issuing joint statements with MS. Hello? MS: We wrote some software which we spoon fed to as many vendors as possible using our massive market leverage. We don't allow anyone to vet our source code, but we encouraged a lot of people to put their trust in us anyway. Our software routinely falls victims to this current type of exploit. This one is particularly cunning, and in fact it may be attacking your servers now, FBI. It also apparently attacks the white house - I hear they went to the trouble of moving their IP address, but that won't stop the massive internet congestion that results from the worm. A lot of money will probably be lost through bandwidth reductions and link downtime. We released a patch, but the 'plug-and-play' facilities on which we sell our software have attracted a lot of users who aren't likely to frequently monitor zero day patches for security holes and take appopriate action. This all okay with you, and the general public? FBI: Yes. General Public: Huh? Hackers are attacking the whitehouse!! Cletus, get my rifle! Come on! Accountability for software screw-ups is nigh! Bring on the lawsuit and the lethal injection. -- Luke Burton | <- You must be smarter than this stick to ride the Internet From david@braue.com Thu Aug 2 11:17:42 2001 From: david@braue.com (David Braue) Date: Thu, 2 Aug 2001 21:17:42 +1000 Subject: [LINK] RE: [Oz-ISP] Code Red (again!): call to lurking journos In-Reply-To: Message-ID: <001401c11b44$bfc88480$3f2ea4cb@brasd1.vic.optushome.com.au> The mainstream media are completely unaware of the real problem with Code Red and other viruses, and so rely on sensationalist press releases from antivirus vendors with a real interest in selling more product. This is why mainstream media was running tips on how to avoid Code Red, and why they invariably show talking heads from the vendors when less biased sources would have had something more helpful to say. Unfortunately that's how the news sometimes gets out there, and when it comes to tech many mainstream journos don't have the skills to filter the truth from the marketing. David -----Original Message----- From: majordomo-owner@koala.aussie.net [mailto:majordomo-owner@koala.aussie.net] On Behalf Of Saliya Wimalaratne Sent: Thursday, 2 August 2001 8:47 AM To: aussie-isp@aussie.net Cc: link@www.anu.edu.au Subject: [Oz-ISP] Code Red (again!): call to lurking journos People, "Code Red" has, of course, hit the news. It would have been good to 'get it right' to begin with; but it's not too late. Here are two sound-bites that you can *and should* use when reporting on this virus: "Code Red ONLY affects Microsoft Windows machines running Microsoft Internet Information Server." and "MOST home-users will not be running Microsoft Internet Information Server, so they should not be at risk" I haven't seen "Microsoft" or "IIS" mentioned in ANY of the news reports about this virus, which can mean one of two things: 1) you don't know the truth 2) you're scared to tell the truth - (1) has been removed from the list of options. Who's going to be a *real* journalist ? Regards, Saliya ---- Email "unsubscribe aussie-isp" to majordomo@aussie.net to be removed. From thealy@magna.com.au Thu Aug 2 14:55:54 2001 From: thealy@magna.com.au (Anthony Healy) Date: Fri, 3 Aug 2001 00:55:54 +1000 Subject: [LINK] Motor Vehicle Software Systems In-Reply-To: <363E5F11E821D54490272C2533E1BF78B9CF@FARROAD-SRV1.farroad.com> Message-ID: This is a multi-part message in MIME format. ---------------------- multipart/mixed attachment Great case study. > Subaru Australia has recently been recalling the Vehicle Dynamics > Control firmware in the newish Subaru Outback H6 (all wheel > drive). This software is used to automatically apply power & > braking independently to each wheel to counter the effects of > over-aggressive driving habits (not mine, of course). The > intended outcome is to maintain stability of the vehicle under > slippery conditions. > > The system tries to measure the load on each wheel, rotation > speed, incline etc. & uses all of this instantaneously to > actively control the wheel systems (or so i have read in my > owner's manual). > > The problem, it appears, from reading the recall letter, is that > when the (pre-recall) vehicle is used for towing a heavy trailer > downhill on a bend, the software mistakenly thinks that it is > undergoing a completely different manoevre & produces an effect > similar to driving on oily glass with three flat tires. > > I was told by Subaru Australia that the software & whole system > had been tested successfully in thousands of situations, except > for, it appears, the one described above. ---------------------- multipart/mixed attachment A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1909 bytes Desc: not available Url : http://mailman.anu.edu.au/pipermail/link/attachments/4c8105d8/winmail.dat ---------------------- multipart/mixed attachment-- From jmorris@intercode.com.au Thu Aug 2 15:09:30 2001 From: jmorris@intercode.com.au (James Morris) Date: Fri, 3 Aug 2001 01:09:30 +1000 (EST) Subject: [LINK] RE: [Oz-ISP] Code Red (again!): call to lurking journos In-Reply-To: <001401c11b44$bfc88480$3f2ea4cb@brasd1.vic.optushome.com.au> Message-ID: On Thu, 2 Aug 2001, David Braue wrote: > The mainstream media are completely unaware of the real problem with > Code Red and other viruses, and so rely on sensationalist press releases > from antivirus vendors with a real interest in selling more product. > This is why mainstream media was running tips on how to avoid Code Red, > and why they invariably show talking heads from the vendors when less > biased sources would have had something more helpful to say. > Unfortunately that's how the news sometimes gets out there, and when it > comes to tech many mainstream journos don't have the skills to filter > the truth from the marketing. > If The Register can get it right, then why not the deep-pocketed and somewhat more highly resourced media organisations? And since when was ignorance a valid excuse when it comes to journalism, regardless of resources? - James -- James Morris From foconno1@bigpond.net.au Thu Aug 2 18:07:34 2001 From: foconno1@bigpond.net.au (Frank O'Connor) Date: Fri, 3 Aug 2001 04:07:34 +1000 Subject: [LINK] RE: [Oz-ISP] Code Red (again!): call to lurking journos In-Reply-To: References: Message-ID: I don't think it is 'ignorance' ... I think it is simple self interest. Over the years, after 50,000 off operating system and application family specific viruses, worms and the like, I have come to the conclusion that the mainstream IT media cares a tad more for its advertising dollar than it does for reporting the facts. They also care more about the possibility of legal repercussions from a party that has a bottomless pit of resources with respect to litigation and the like . We don't have any Katherine Graham's and Washington Post's in Australia. We don't have media organisations that tell it as it is. We have a spineless collection of self interested publishers who generally abrogate their responsibilities to report news, and invariably editorialise in favour of the status quo and/or their advertising clients ... even if that status quo or client now and then has some real and costly deficiencies that can and should be reported. To my mind, journalism generally is way past it's hey day ... and not only IT journalism ... and has lost most of the respect it ever accrued with the general public. Politicians, lawyers and journalists. :) And in case anyone thinks I'm being unreasonable ... amongst other things I'm a journalist myself. Regards, At 1:09 AM +1000 3/8/01, James Morris wrote: >On Thu, 2 Aug 2001, David Braue wrote: > >> The mainstream media are completely unaware of the real problem with >> Code Red and other viruses, and so rely on sensationalist press releases >> from antivirus vendors with a real interest in selling more product. >> This is why mainstream media was running tips on how to avoid Code Red, >> and why they invariably show talking heads from the vendors when less >> biased sources would have had something more helpful to say. >> Unfortunately that's how the news sometimes gets out there, and when it >> comes to tech many mainstream journos don't have the skills to filter >> the truth from the marketing. >> > >If The Register can get it right, then why not the deep-pocketed and >somewhat more highly resourced media organisations? > >And since when was ignorance a valid excuse when it comes to journalism, >regardless of resources? > > >- James >-- >James Morris > -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From david@braue.com Thu Aug 2 11:17:42 2001 From: david@braue.com (David Braue) Date: Thu, 2 Aug 2001 21:17:42 +1000 Subject: [LINK] RE: [Oz-ISP] Code Red (again!): call to lurking journos In-Reply-To: Message-ID: <001401c11b44$bfc88480$3f2ea4cb@brasd1.vic.optushome.com.au> The mainstream media are completely unaware of the real problem with Code Red and other viruses, and so rely on sensationalist press releases from antivirus vendors with a real interest in selling more product. This is why mainstream media was running tips on how to avoid Code Red, and why they invariably show talking heads from the vendors when less biased sources would have had something more helpful to say. Unfortunately that's how the news sometimes gets out there, and when it comes to tech many mainstream journos don't have the skills to filter the truth from the marketing. David -----Original Message----- From: majordomo-owner@koala.aussie.net [mailto:majordomo-owner@koala.aussie.net] On Behalf Of Saliya Wimalaratne Sent: Thursday, 2 August 2001 8:47 AM To: aussie-isp@aussie.net Cc: link@www.anu.edu.au Subject: [Oz-ISP] Code Red (again!): call to lurking journos People, "Code Red" has, of course, hit the news. It would have been good to 'get it right' to begin with; but it's not too late. Here are two sound-bites that you can *and should* use when reporting on this virus: "Code Red ONLY affects Microsoft Windows machines running Microsoft Internet Information Server." and "MOST home-users will not be running Microsoft Internet Information Server, so they should not be at risk" I haven't seen "Microsoft" or "IIS" mentioned in ANY of the news reports about this virus, which can mean one of two things: 1) you don't know the truth 2) you're scared to tell the truth - (1) has been removed from the list of options. Who's going to be a *real* journalist ? Regards, Saliya ---- Email "unsubscribe aussie-isp" to majordomo@aussie.net to be removed. From jwhit@PrimeNet.Com Thu Aug 2 20:39:54 2001 From: jwhit@PrimeNet.Com (Jan Whitaker) Date: Fri, 03 Aug 2001 06:39:54 +1000 Subject: [LINK] Red alert (The Economist) In-Reply-To: <3B68E7B6.533E4DE2@austarmetro.com.au> Message-ID: <5.0.2.1.0.20010803063922.05dc2020@pop.primenet.com> At 03:40 PM 2/08/01 +1000, Bernard Robertson-Dunn wrote: >Red alert >Aug 1st 2001 > >From The Economist Global Agenda >http://www.economist.com/agenda/displayStory.cfm?story_id=718547 > >Organisations around the world have scrambled to protect their computers >against a malicious program called Code Red, but so far the alert has >turned out to be more hype than horror. One day, however, Internet >saboteurs may succeed in causing mayhem Is this perhaps because they are set to activate later in the month? I heard that in some stories. Jan JLWhitaker Associates Melbourne, Victoria, Australia jwhit@primenet.com -- http://www.primenet.com/~jwhit/whitentr.htm From Richard.Chirgwin@informa.com.au Thu Aug 2 23:00:57 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Fri, 3 Aug 2001 09:00:57 +1000 Subject: [LINK] VoIP not dead Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A59@EXCHANGE_AU> Rik, I agree that I'm suffering from implementation hassles. That was (partly) my point, though - to claim equivalence, VoIP should reproduce PBX implementation. But out in the corporate real-world, VoIP can't claim equivalence if it needs three times the PBX staff for three times the time, plus constant care and feeding forever. Set-and-forget is the PBX rule. >> OTOH, the VoIP system has needed an NT+SQL Server expert, a telephony >> expert, a router expert, and some weeks of installation, implementation, >> tuning, complaining, promises, and "it will get better when we upgrade the >> routers". > >Again, implementation. Many PBX vendors are incorporating VoIP into >their products and most, if not all, of this detail is hidden in >exactly the same way their inter-PBX trunking protocols are hidden - >fairly open, but most people don't have to worry about it. Telco >vendors are generally better at doing this than IT vendors ;-) Fair comment. Still, features once on a special-purpose lump of hardware - which admittedly IT people hate because it's not "open" - are migrating piecemeal to a generic server, and my phone doesn't have alt-ctrl-del keys. That's part of the technology's "paradigm shift" after all: that VoIP moves telephony into the world of openness (and General Protection Faults at address 00xx003F!). Upside, anyone can make software for VoIP. Downside, anyone can make software for VoIP. [BTW: This refers not to the home user making an Internet call, but to the "hey, ditch the PBX and get IP phones instead" pitch.] Richard -----Original Message----- From: Rik Harris [mailto:Rik.Harris@fulcrum.com.au] Sent: Thursday, 2 August 2001 16:50 To: Chirgwin, Richard; Link List Subject: Re: [LINK] VoIP not dead On Thu, Aug 02, 2001 at 12:11:59PM +1000, Chirgwin, Richard wrote: > Glen, > > I am now a user of VoIP - against my will, it was a corporate > decision...it's not dead but it damn well should be. Shot and buried at > midnight in an umarked grave is my vote. ... some not very good experiences deleted ... This all sounds like a criticism of an implementation, not of the technology. Of course, many of the cost justifications for VoIP assume a cheap implementation where that usually needs the words "and nasty" appended. We too have tried VoIP and found it unsuitable *for us*. Our cost/benefit analysis directed us to a more traditional PBX rather than persuing VoIP further. But I'm not going to bit-bucket the entire technology just because the cost/benefit to do VoIP properly doesn't yet work for a company in our current circumstances. > One of the IT industry's worst habits is to pitch emerging technologies on > the basis of "buy now, we'll make it work sometime". I agree with you on this point. IT vendor hype does sometimes outstrip reality. > OTOH, the VoIP system has needed an NT+SQL Server expert, a telephony > expert, a router expert, and some weeks of installation, implementation, > tuning, complaining, promises, and "it will get better when we upgrade the > routers". Again, implementation. Many PBX vendors are incorporating VoIP into their products and most, if not all, of this detail is hidden in exactly the same way their inter-PBX trunking protocols are hidden - fairly open, but most people don't have to worry about it. Telco vendors are generally better at doing this than IT vendors ;-) rik. -- ~ Specialists in IT Infrastructure ~ * Managed Services * Consulting * Product Supply & Support * Rik Harris The Fulcrum Group of Companies Chief Technology Officer Level 8, 628 Bourke Street ph: +61-3-8601-6100 Melbourne VIC 3000 fx: +61-3-8601-6199 Australia From thealy@magna.com.au Thu Aug 2 23:17:57 2001 From: thealy@magna.com.au (Anthony Healy) Date: Fri, 3 Aug 2001 09:17:57 +1000 Subject: [LINK] Media coverage of Code Red In-Reply-To: Message-ID: > If The Register can get it right, then why not the deep-pocketed and > somewhat more highly resourced media organisations? You're not implying that commercial television is interested in journalism, surely? Also, anyone relying on Channel 9 for news about Code Red should remember that ninemsn is a joint venture with Microsoft. Not that I'm implying this would affect the news judgement of a television news editor. No way. Regards, Tony Healy -------- Fighter pilots hated to declare an emergency, because it triggered a complex and very public set of events back at the field. This reluctance would drive flight controllers crazy. They would see a ship beginning to drift off the radar, and know the pilot was probably struggling with engine failure at low altitude. "Longstick, do you want to declare an emergency?" This would rouse him. "Negative, Longstick is not declaring an emergency." Kaboom. Adapted from Tom Wolfe: The Right Stuff From brd@austarmetro.com.au Thu Aug 2 23:25:38 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Fri, 03 Aug 2001 09:25:38 +1000 Subject: [LINK] Canberra Times - Correction Message-ID: <3B69E171.95E12517@austarmetro.com.au> The Canberra Times 3/8/01 Page 2 Correction Most One Nation supporters are "average Australians", not "average astray aliens", as the editorial on Tuesday quoted the Prime Minister as saying. The error began with voice-recognition technology, and was missed by the author and sub-editors. -- Nothing is ever a total loss; it can always serve as a bad example. -- unknown Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From brd@austarmetro.com.au Thu Aug 2 23:34:49 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Fri, 03 Aug 2001 09:34:49 +1000 Subject: [LINK] Finance has lost the plot Message-ID: <3B69E399.EB422F6D@austarmetro.com.au> Finance has lost the plot Canberra Times 3 August 2001 http://canberra.yourguide.com.au/detail.asp?class=your%20say&subclass=general&category=editorial%20opinion&story_id=73277 Wittingly or unwittingly, the Minister for Finance and Administration, John Fahey, and, separately, his department, have put their fingers on the source of what is beginning to look a formidable indictment of political and managerial incompetence in Government. Faced with a devastating Auditor-General's report which shows that an ideologically driven decision to sell much of the Commonwealth's office property has been a financial disaster which will in time cost the Commonwealth dearly, the department says that its job was to implement Government policy, not to protect the overall interests of the Commonwealth. The minister responds by accusing the auditor of exceeding his brief: selling the property was a policy decision, and it was no part of the auditor's role to second-guess policy. Even were this true, the retort would be that the auditor's investigation showed that Finance flopped in implementing the policy. The Government may have raised a billion or so by selling assets, but even had the full proceeds been invested in Commonwealth bonds, within 10 years or so the rents the Commonwealth is paying in leaseback agreements would exceed the interest. It is far from the only debacle involving the same minister and the same department. Like many of the others, moreover, its base is in ideology. The forced outsourcing of information technology, against reasoned opposition from most agencies, was pushed through by a minister and a department convinced that they knew better. A department which lectures other agencies on good management and accountability systems completely dropped the ball with the sale of business units of the former Department of Administrative Services. Now criminal proceedings for one instance of outright fraud are over, there ought to be a public inquiry into how high the incompetence and mismanagement went. There have been other disasters as well. Close ministerial involvement sometimes excuses an agency for the consequences of bad policy. It could hardly be a defence here. Finance, from the top at least, has shown every indication of being as ideologically driven as its minister. The bad ideas, in short, are as much its own. Finance itself did not listen to numerous warnings of the risks it was taking; even now it is all too typical of its approach to accountability that it simply rejects the auditor's criticisms. In any event, even the implementation of the ideas was flawed, and this made things worse. John Fahey and his colleagues must wear the primary responsibility for bad policy, but it would not be fair to assume, for example, that he intended that the divestment of DAS agencies occur in such a way that left Government open to enormous fraud and an almost complete lack of proper supervision. There is nothing wrong with modern government deciding that some functions can be performed more efficiently and more cheaply in the private sector. A competent government will be continually market-testing its operations to see how best value for the taxpayer can be obtained; there can be as much ideology in flatly refusing to countenance outsourcing. The tests, however, should be fair, not artificially stacked to lead to an outcome. John Fahey says that Government decided that it should not be in the property management business. This betrays a lack of real understanding. Owning or renting, buying from within or without, Government is in the property management business, just as it is in the employment business, the IT business, and the transport business. Government must seek best value for the taxpayer; however it organises it, it is bad business when that value is not there. -- If all the economists in the world were laid end to end, it wouldn't be a bad thing. -- Perceptive Person, quoted by Peter Lynch. Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From Roger.Clarke@xamax.com.au Thu Aug 2 23:46:35 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Fri, 3 Aug 2001 09:46:35 +1000 Subject: [LINK] Link Institute: auDA v. Elz ?! Message-ID: If ever there was an issue that the Link Institute should weigh in on, it's this one. After reading the article, note the last para. Can anyone provide briefings on this one, from *both* auDA's and Elz's perspective, and maybe from a few other angles as well? Name controller doubts auDA's ability The Sydney Morning Herald Date: 03/08/2001 http://www.smh.com.au/news/0108/03/text/biztech21.html Kirsty Needham The reclusive Internet pioneer Mr Robert Elz has finally broken his silence. After a stand-off with the Federal Government and Australia's new domain name body lasting several months, Mr Elz has outlined the reasons why he does not want to hand over his control of Australia's Internet addressing system to auDomain Australia. After ignoring repeated communications from the Government and auDA, which plan to open up the domain name system to commercial competition, and the American based, Internet Assigned Numbers Authority, it has been revealed that Mr Elz this week replied to an email from IANA. IANA is the international body set up by the late Mr Jon Postel, who co-developed the technical protocol that enabled computers to talk to one another to form the Internet. It is believed Mr Elz said he did not have confidence in auDA's ability to run the domain name system or determine policy. AuDA chief executive Mr Chris Disspain would not comment on the matter, other than to say auDA had been asked by IANA to respond to several points that had been raised by Mr Elz. Industry sources suggest the stoush may draw to an end within weeks but tipped that unless Mr Elz relinquished his control, it would be taken from him. Once again, Mr Elz could not be reached for comment. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From lannet@lannet.com.au Fri Aug 3 00:11:36 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Fri, 3 Aug 2001 10:11:36 +1000 (EST) Subject: [LINK] Canberra Times - Correction In-Reply-To: <3B69E171.95E12517@austarmetro.com.au> Message-ID: Very Freudian though. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Fri, 3 Aug 2001, Bernard Robertson-Dunn wrote: > The Canberra Times > 3/8/01 > Page 2 > Correction > > Most One Nation supporters are "average Australians", not "average astray > aliens", as the editorial on Tuesday quoted the Prime Minister as saying. > > The error began with voice-recognition technology, and was missed by the > author and sub-editors. > > From Rik.Harris@fulcrum.com.au Fri Aug 3 00:11:34 2001 From: Rik.Harris@fulcrum.com.au (Rik Harris) Date: Fri, 3 Aug 2001 10:11:34 +1000 Subject: [LINK] VoIP not dead In-Reply-To: <9BD4AE8C2EB1D311982700508BA2498901573A59@EXCHANGE_AU>; from Chirgwin, Richard on Fri, Aug 03, 2001 at 09:00:57AM +1000 References: <9BD4AE8C2EB1D311982700508BA2498901573A59@EXCHANGE_AU> Message-ID: <20010803101134.M1882@fulcrum.com.au> Richard, > I agree that I'm suffering from implementation hassles. That was (partly) my > point, though - to claim equivalence, VoIP should reproduce PBX > implementation. I really didn't want to say this directly and I definately want this statement to be considered a general statement, not referring to your specific implementation or implementors. It is not the technology at fault here, it is the fact that the openness attracts cowboy and corner-cutting implementations. Traditional telephony has many, many years of experience under its belt and the implementation market is somewhat closed (i.e. you can't do it without being accredited by the vendor). > But out in the corporate real-world, VoIP can't claim equivalence if it > needs three times the PBX staff for three times the time, plus constant care > and feeding forever. Set-and-forget is the PBX rule. The resourcing you use for an implementation is dependent on the value you expect out of the end product. If you expect to get three times the value, then there's really no problem having three times the staff to implement. Like any serious implementation, a PBX or VoIP installation needs to: a) use the appropriate product(s), b) have an appropriate architecture, c) be correctly sized, d) have sufficient resilience (redundancy, clustering, whatever), and e) be appropriately implemented (level of planning, testing, etc) to meet the business needs. When all of these are met, then the outcome should be appropriate. However, when all of these are met, your simple cost justification is often no longer sound (at least for some organisations with current products). There are VoIP systems that can be implemented as set-and-forget (or at least close to the way some traditional PBXs can). They're just not the simple, cheap ones. Our PBX implementation was not a small, simple job. I don't expect anything different on serious VoIP implementations either. > [BTW: This refers not to the home user making an Internet call, but to the > "hey, ditch the PBX and get IP phones instead" pitch.] Yep. rik. -- ~ Specialists in IT Infrastructure ~ * Managed Services * Consulting * Product Supply & Support * Rik Harris The Fulcrum Group of Companies Chief Technology Officer Level 8, 628 Bourke Street ph: +61-3-8601-6100 Melbourne VIC 3000 fx: +61-3-8601-6199 Australia From foon@ninemsn.com.au Fri Aug 3 00:10:26 2001 From: foon@ninemsn.com.au (Johann Kruse) Date: Fri, 3 Aug 2001 10:10:26 +1000 Subject: [LINK] Media coverage of Code Red Message-ID: <0E9704BAE88FE44CA11EE5089FE7AD7A3BAF21@syd-exchange-01.9msn.net> ninemsn doesn't provide any news stories to Channel 9's news department. Nor do we get news from them.. we actually get our news feeds from AAP. Unfortunately the stories aren't online anymore, but I recall that ninemsn's news specifically mentioned that the worm only affects computers running Microsoft IIS 4/5. Johann -----Original Message----- From: Anthony Healy [mailto:thealy@magna.com.au] Sent: Friday, 3 August 2001 9:18 AM To: James Morris; Link Institute Subject: [LINK] Media coverage of Code Red > If The Register can get it right, then why not the deep-pocketed and > somewhat more highly resourced media organisations? You're not implying that commercial television is interested in journalism, surely? Also, anyone relying on Channel 9 for news about Code Red should remember that ninemsn is a joint venture with Microsoft. Not that I'm implying this would affect the news judgement of a television news editor. No way. Regards, Tony Healy -------- Fighter pilots hated to declare an emergency, because it triggered a complex and very public set of events back at the field. This reluctance would drive flight controllers crazy. They would see a ship beginning to drift off the radar, and know the pilot was probably struggling with engine failure at low altitude. "Longstick, do you want to declare an emergency?" This would rouse him. "Negative, Longstick is not declaring an emergency." Kaboom. Adapted from Tom Wolfe: The Right Stuff From thealy@magna.com.au Fri Aug 3 00:11:12 2001 From: thealy@magna.com.au (Anthony Healy) Date: Fri, 3 Aug 2001 10:11:12 +1000 Subject: [LINK] Re: Media coverage of Code Red In-Reply-To: Message-ID: Mate, look it's not true that we pull our stories. We're 100 percent professional journalists here. We don't bend for anyone. Howard. Beazley. No-one. That's a judgement call mate. Look, the average punter out there doesn't want to hear Microsoft this, Microsoft that. They really don't. At the end of the day, mate, do you know why I can't leave it in? Footage. We can't get footage of them. They're in America. If their headquarters were here in Sydney, we would get footage and we could leave it in. Look that's a very cheap shot mate. I just happen to share the same judgement as the executive producer, and he happens to have similar views to the managing director, who happens to think like the owner. From rick@praxis.com.au Fri Aug 3 00:42:20 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Fri, 03 Aug 2001 10:42:20 +1000 Subject: [LINK] Finance has lost the plot References: <3B69E399.EB422F6D@austarmetro.com.au> Message-ID: <3B69F36C.24AD392B@praxis.com.au> Bernard Robertson-Dunn contributed: > Finance has lost the plot > Canberra Times > 3 August 2001 > http://canberra.yourguide.com.au/detail.asp?class=your%20say&subclass=general&category=editorial%20opinion&story_id=73277 > > Wittingly or unwittingly, the Minister for Finance and Administration, John > Fahey, and, separately, his department, have put their fingers on the > source of what is beginning to look a formidable indictment of political > and managerial incompetence in Government. Faced with a devastating > Auditor-General's report which shows that an ideologically driven decision > to sell much of the Commonwealth's office property has been a financial > disaster which will in time cost the Commonwealth dearly, the department > says that its job was to implement Government policy, not to protect the > overall interests of the Commonwealth. The minister responds by accusing > the auditor of exceeding his brief: selling the property was a policy > decision, and it was no part of the auditor's role to second-guess policy. [SNIP] Like many Aussies, it's not that I disklike paying taxes. What really bothers me is what these buffoons do with our money. _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From Roger.Clarke@xamax.com.au Fri Aug 3 00:54:00 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Fri, 3 Aug 2001 10:54:00 +1000 Subject: [LINK] Canberra Times - Correction In-Reply-To: References: Message-ID: Bernard Robertson-Dunn: >> Most One Nation supporters are "average Australians", not "average astray >> aliens", as the editorial on Tuesday quoted the Prime Minister as saying. Did you see that Vietnamese-Australian comedian from Yagoona on SBS last night? When there was all that kerfuffle about Hanson forming her One Nation party, he figured he'd form his own as well, all by himself, called One Asian. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From Roger.Clarke@xamax.com.au Fri Aug 3 00:50:28 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Fri, 3 Aug 2001 10:50:28 +1000 Subject: (Non-)Archival of News [Was RE: [LINK] Media coverage of Code Red] In-Reply-To: <0E9704BAE88FE44CA11EE5089FE7AD7A3BAF21@syd-exchange-01.9msn.net> References: <0E9704BAE88FE44CA11EE5089FE7AD7A3BAF21@syd-exchange-01.9msn.net> Message-ID: "Johann Kruse" : >Unfortunately the stories aren't online anymore, but I recall that >ninemsn's news specifically mentioned that the worm only affects >computers running Microsoft IIS 4/5. Boy, we occasionally discuss the loss of history through the non-archival of news reports; but turnaround that short is new to me, and frightening. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From brd@austarmetro.com.au Fri Aug 3 01:18:34 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Fri, 03 Aug 2001 11:18:34 +1000 Subject: [LINK] Australia "worst hit" by worm's resurgence Message-ID: <3B69FBEA.26819A21@austarmetro.com.au> Australia "worst hit" by worm's resurgence By Rachel Lebihan, ZDNet Australia 02 August 2001 http://www.zdnet.com.au/news/breakingnews/story/0,2000020826,20252341,00.htm The virulent Code Red worm continues its march with statistics indicating Australia could be worst hit by the latest round of infections. Contrary to earlier predictions that the worm had been stamped out, it is actually on the rampage, according to e-security provider Janteknology. "It appears Code Red is on the rampage…there has been an increase to the rolling seven-day attack [of all malicious] incidents," Janteknology's Glenn Miller told ZDNet. According to statistics which Miller sourced from security monitoring company securityfocus.com, Australia has seen the greatest increase in its rolling seven-day incident numbers, with 64,000 incidents reported here by 1 p.m Thursday, double yesterday's 30,000-plus figure, according to Miller. And the number one attack type is the ASAPI Buffer Overflow, which is what the Code Red exploits. "A reasonable percentage of that will be attributable to Code Red," Miller said. "Either that or there's a hell of a massive movement of malicious code out there…and that doesn't make sense." Janteknology itself has been the target of 52 probes in the past 24 hours, all of which have been Code Red probes, the company says. On average, the company experiences some four or five probes a day -- none of which have been Code Red in the past few days -- and is now getting four or five Code Red probes an hour. "Australian organisations could well be the least protected in the world, in light of the reported surge in local attacks, compared with the US and Europe -- which are holding steady -- and Africa and South America, which have seen a reduction in attacks," Janteknology said in a statement. Symantec said it couldn't confirm Janteknology's findings. "There's speculation that there's another variant out there," Symantec representative David Banes said. "Or it could be existing copies [of the worm] that haven't been cleaned up." -- You're using a keyboard! How quaint! -- unknown Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From thealy@magna.com.au Fri Aug 3 02:08:00 2001 From: thealy@magna.com.au (Anthony Healy) Date: Fri, 3 Aug 2001 12:08:00 +1000 Subject: [LINK] Media coverage of Code Red In-Reply-To: <0E9704BAE88FE44CA11EE5089FE7AD7A3BAF21@syd-exchange-01.9msn.net> Message-ID: > ninemsn doesn't provide any news stories to Channel 9's news department. > Nor do we get news from them.. we actually get our news feeds from AAP. Thanks for this, but, but it's not relevant to cynicism about television news. Also, I am not alleging that certain decisions were made in this situation, but that an informed viewer would be aware of the environment. I stand 100 percent behind the fact that the environment has non-relevant impacts on news. I wrote: > Also, anyone relying on Channel 9 for news about Code Red should > remember that ninemsn is a joint venture with Microsoft. Not that I'm > implying this would affect the news judgement of a television news > editor. No way. Regards, Tony Healy -------- This ease of use gave the Microsoft program manager a favorable impression of the program right off the bat. Now, when Microsoft gets a favorable impression of a program right off the bat, they shell out $150 million or so. Joel Eschler ( www.joelonsoftware.com ) From at@ah.net Fri Aug 3 02:19:41 2001 From: at@ah.net (Adam Todd) Date: Fri, 03 Aug 2001 12:19:41 +1000 Subject: [LINK] Australia "worst hit" by worm's resurgence In-Reply-To: <3B69FBEA.26819A21@austarmetro.com.au> Message-ID: <5.1.0.14.0.20010803121859.0445b2e0@pop> >According to statistics which Miller sourced from security monitoring >company securityfocus.com, Australia has seen the greatest increase in its >rolling seven-day incident numbers, with 64,000 incidents reported here by >1 p.m Thursday, double yesterday's 30,000-plus figure, according to Miller. I can not IMAGINE 64,000 IT people reporting CodeRed to ANYONE. Where do they get these figures? 64,000 ... oh yeah, not hard to imagine. Sheesh. From alanh@necrom.Aus.Sun.COM Fri Aug 3 03:03:15 2001 From: alanh@necrom.Aus.Sun.COM (Alan Hargreaves - Senior Tech Support Specialist) Date: Fri, 3 Aug 2001 13:03:15 +1000 (EST) Subject: [LINK] Australia "worst hit" by worm's resurgence In-Reply-To: <5.1.0.14.0.20010803121859.0445b2e0@pop> from Adam Todd at "Aug 3, 2001 12:19:41 pm" Message-ID: <200108030303.f7333FM22152@vesvi.aus.sun.com> And of course, the people being quoted have no vested interest whatsoever in making sure that a security problem gets more headlines in Australia do they? Especially when they get their company's name listed as "monitoring" the problem. alan. > > >According to statistics which Miller sourced from security monitoring > >company securityfocus.com, Australia has seen the greatest increase in its > >rolling seven-day incident numbers, with 64,000 incidents reported here by > >1 p.m Thursday, double yesterday's 30,000-plus figure, according to Miller. > > I can not IMAGINE 64,000 IT people reporting CodeRed to ANYONE. > > Where do they get these figures? 64,000 ... oh yeah, not hard to imagine. > > Sheesh. > > From dchia@atlantic.gse.rmit.edu.au Fri Aug 3 04:45:31 2001 From: dchia@atlantic.gse.rmit.edu.au (David Chia) Date: Fri, 03 Aug 2001 14:45:31 +1000 Subject: [LINK] (FWD) ccTLD Operators Withdraw From ICANN Advisory Body (Re: Link Institute: auDA v. Elz ?! ) Message-ID: <3B6A2C6B.B3061468@atlantic.gse.rmit.edu.au> Forwarded without comment. However, interesting to note the last para of this report wrt to that from SMH. http://www.adlawbyrequest.com/industry/ccTLDRevolt61101.shtml [The Online Advertising & Marketing Law Report] [Image] [Current Issue] Search Past Industry Issues: ccTLD Operators Withdraw From ICANN Advisory Body Archives June 11, 2001 [In the Courts] An international group of country code Top Level Domain (ccTLD) operators announced last [Legislation] week that it would no longer participate in International Corporation for Assigned Names and Numbers' policymaking process. The group [Regulators] claims that ICANN's Domain Name Supporting Organization (DNSO) has not been responsive [International] to the needs of ccTLD administrators. The announcement, which was made at ICANN's recent public board meeting in Stockholm, [Industry] Sweden, follows on the heels of recent moves by ICANN and the World Intellectual Property A Look Back Organization to convince ccTLD operators to At The Year 2000 establish tighter standards for domain name registration. Why This Matters: The ccTLDs' decision to withdraw from ICANN's day-to-day policymaking process will make it difficult for ICANN to influence how ccTLD administrators operate their domains. Without such influence, ccTLD operators will be able to operate without oversight and, potentially, beyond the reach of the international intellectual property regime. From dchia@atlantic.gse.rmit.edu.au Fri Aug 3 05:43:37 2001 From: dchia@atlantic.gse.rmit.edu.au (David Chia) Date: Fri, 03 Aug 2001 15:43:37 +1000 Subject: [LINK] (FWD) Welcome to the parallel universe (Balancing Act News) Message-ID: <3B6A3A09.6DEBFB47@atlantic.gse.rmit.edu.au> http://www.balancingact-africa.com/news/back/balancing-act12.html Related developement in South Africa. It is strange that they used the term "parallel universe" as I did before. Forwarded without any other comment. If our correspondent is "off the mark" or you have factual amendments, mail them to us and we will include them in subsequent News Updates. If you'd like to contribute, write and let us know. The South African government is not involved at the moment but they are aware that some fee needs to be paid. However it is highly likely that they are mostly ignorant on the whole issue and relevant processes here. There is a move to attempt to educate the Department of Communications on the domains and registries etc. However the consensus from within the internet community appears to be that government should not be involved at all. Mike Lawrie has support both within the ccTLD community and the South African Internet community. However it is possible that the situation can and will be misunderstood by those outside of the process. From gordon.keith@marine.csiro.au Fri Aug 3 05:52:16 2001 From: gordon.keith@marine.csiro.au (Gordon Keith) Date: Fri, 3 Aug 2001 15:52:16 +1000 Subject: [LINK] Case law as open source In-Reply-To: References: Message-ID: <0108031552160E.00855@ryan-lap-hf> On Fri, 27 Jul 2001 15:41, Anthony Healy wrote: > > People wonder how programmers could make a living in an environment > > where most software was open source and anyone could write their > > own code. Lawyers don't seem to be starving even though case law is > > open source and anyone is entitled to defend themselves. > > The difference is that case law is the input to the work that lawyers > do for a particular client, whereas source code is the output of the > work that programmers do. > > If you have the case law, you still need the lawyer to do the work > for you. But if you have the source code, you no longer need to pay a > programmer to do the work for you, or to pay the particular > programmer who did the original work. I think you're correct in the short term, but I can't help thinking that you may not be in the medium to long term. We are already seeing that people are hard pressed to find a good reason for upgrading to the latest version of popular software and software companies are trying all sorts of things to get people to upgrade. I suspect that with all the free software around the future for companies to sell mass market software is limited. Why should people fork out for MS Office when Star Office is more than enough for 99% of users? The future for companies to customise software for particular applications and/or particular clients, however, shows no such limits. So, much like lawyers can make a living from servicing particular client needs, so too will programmers in the future. I don't think they'll do it selling programs, but selling programming services. Even now many software companies are making a good proportion of there incoming by selling annual support, rather than software. Someone has already said that more than 70% of software development is currently for in-house projects. I don't think that effort will shrink if a large proportion of the current shrink wrap market is replaced by open source, in fact I would expect to grow because a) money otherwise spend on shrink wrap software becomes available, and b) it becomes possible to integrate your companies applications directly into the desktop software (you have the source). Regards Gordon From dchia@atlantic.gse.rmit.edu.au Fri Aug 3 06:09:56 2001 From: dchia@atlantic.gse.rmit.edu.au (David Chia) Date: Fri, 03 Aug 2001 16:09:56 +1000 Subject: [LINK] (FWD) The Opinion over the Tasman Message-ID: <3B6A4034.849FB4CD@atlantic.gse.rmit.edu.au> http://listserver.isocnz.org.nz/pipermail/isocnz-l/2001-July/005409.html Critically, getting the support of the ccTLDs is now a major proof of ICANN's acceptability to and by the global net community. Regards Peter Dengate Thrush Interim Chair InternetNZ 64 4 499 8959 64 21 49 9888 fax 64 4 471 0672 And, http://listserver.isocnz.org.nz/pipermail/isocnz-l/2001-July/005415.html > > > > Critically, getting the support of the ccTLDs is now a major proof of > > ICANN's acceptability to and by the global net community. > > So thats why most of the ICANN board attended the ccTLD sessions at > Stockholm, after generally ignoring the ccTLD's at all previous > meetings? They did that in Melbourne, but not quite the same in Stockholm, which, in the main, was disappointing from a cc perspective. Andrew McGlaughlin, the ICANN staffer working on cc contracts wasn't at the meeting, and little progress was made between us. We made progress on our own, including the vote to withdraw from the DNSO. Regards Peter Dengate Thrush Interim Chair InternetNZ 64 4 499 8959 64 21 49 9888 fax 64 4 471 0672 From peterc@arquebus.com.au Fri Aug 3 06:27:23 2001 From: peterc@arquebus.com.au (Peter J. Cherny) Date: Fri, 03 Aug 2001 16:27:23 +1000 Subject: [LINK] Australia "worst hit" by worm's resurgence In-Reply-To: <200108030303.f7333FM22152@vesvi.aus.sun.com> References: <5.1.0.14.0.20010803121859.0445b2e0@pop> Message-ID: <3.0.5.32.20010803162723.00d68c80@203.20.87.97> >... >Where do they get these figures? 64,000 ... oh yeah, not hard to imagine. >... Well, I've seen circa 8K unique hosts in the last two days on a small net ! >... >whatsoever in making sure that a security problem gets more headlines >in Australia do they? Especially when they get their company's name >listed as "monitoring" the problem. >... Maybe a new acronym YAOSC-FLFP "Yet Another Oz Security Consulting Firm Looking For Free Publicity" From jeff.evans@dsd.vic.gov.au Fri Aug 3 06:35:54 2001 From: jeff.evans@dsd.vic.gov.au (jeff.evans@dsd.vic.gov.au) Date: Fri, 3 Aug 2001 17:35:54 +1100 Subject: [LINK] Web Measurement Standards Message-ID: Given earlier threads on Link re statistical claims made about the Net this must be a good move... or is it? Cheers Jeff Web Measurement Standards For Comment Internet Industry Initiative Media Release 31 July 2001. "At a meeting of the Internet Industry Initiative (III) Steering Committee today in Sydney, two significant milestones was announced in the development of online web measurement standards...." I N T E R N E T  I N D U S T R Y  I N I T I A T I V E* WEB MEASUREMENT STANDARD DEFINITIONS As at 30th July, 2001 Following is a set of web measurement standard definitions ratified for comment by the Internet Industry Initiative Steering Committee on Monday 30th July, 2001. These standard definitions will make it easier for advertisers and publishers to have greater confidence in site and user information. This will enable them to make more informed choices'. Guidelines are currently in development and will be released in due course. Your comments on these standards and guidelines are invited to be submitted by August 14th 2001 to Paul Dovas, Audit Bureau of Circulations by email, paul@auditbureau.org.au or by fax on (02) 9956 8220. Note: These definitions are intended to be read in conjunction with the proposed guidelines for interpretation and implementation. From me@Tony-Barry.emu.id.au Fri Aug 3 09:13:12 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 19:13:12 +1000 Subject: [LINK] Lessig on Sklyarov and the DMCA Message-ID: From slashdot - >Lessig on Sklyarov and the DMCA > >Posted 07/31/2001 - 1:13am EDT [Discussion] >Law professor Lawrence Lessig (of DeCSS fame) has written an >excellent piece >http://www.nytimes.com/auth/login?URI=http://www.nytimes.com/2001/07/30/opinion/30LESS.html&OQ=searchpvQ3DnytToday >for the NYT that breaks down exactly what's wrong with the DMCA and >the Sklyarov arrest in very simple, straightforward terms. This is a >link to send out to your non-techie friends and family, who may not >understand what all the fuss is over. Here's his main point, in a >nutshell: > >The D.M.C.A. outlaws technologies designed to circumvent other >technologies that protect copyrighted material. It is law protecting >software code protecting copyright. The trouble, however, is that >technologies that protect copyrighted material are never as subtle >as the law of copyright. Copyright law permits fair use of >copyrighted material; technologies that protect copyrighted material >need not. Copyright law protects for a limited time; technologies >have no such limit. > >Well, there you go; he hit the nail on the head. This should help >some of the folks who naively equate intellectual property law with >traditional property law. (This kind if mistake is at the root of >the fallacious and oversimplified "Napster = shoplifting" analogy >that you see used in many debates). -Hannibal -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From karl.auer@id.ethz.ch Fri Aug 3 10:12:42 2001 From: karl.auer@id.ethz.ch (Auer, Karl James) Date: Fri, 3 Aug 2001 12:12:42 +0200 Subject: [LINK] Australia "worst hit" by worm's resurgence Message-ID: > -----Original Message----- > From: Bernard Robertson-Dunn [mailto:brd@austarmetro.com.au] > -- > You're using a keyboard! How quaint! > -- unknown It's a garbled version of Scotty's remark when faced with a mouse and keyboard in the Star Trek movie where they go back in time to get a whale... sorry, can't remember the name of the movie. He starts out by confidently speaking to the computer; told he should "use the mouse" he picks it up and starts speaking into it as if it were a microphone. Realising it still isn't working, he puts the mouse down and mutters "how quaint" as he starts working (properly this time) with mouse and keyboard... Regards, K. From dchia@atlantic.gse.rmit.edu.au Fri Aug 3 11:30:27 2001 From: dchia@atlantic.gse.rmit.edu.au (David Chia) Date: Fri, 03 Aug 2001 21:30:27 +1000 Subject: [LINK] (FWD) Australian Internet Body Seeks Return Of ".au" ccTLD (Re: Link Institute: auDA v. Elz ?!) Message-ID: <3B6A8B53.8F5CEAEA@atlantic.gse.rmit.edu.au> http://www.adlawbyrequest.com/international/au61801.shtml The last sentence seems to have explained a lot. Why This Matters: When scientists first created the domain name system, the U.S. bodies that administered the Internet did not consider ccTLDs to be the property of their respective countries. Long after many ccTLDs were assigned to private individuals, Australian representative to ICANN Paul Twomey suggested that two-letter country codes should be considered the sovereign property of national governments. Several countries have recently asked ICANN to force private ccTLD administrators to turn over the codes. If ICANN acts, it would in effect grant ownership of all ccTLDs to national governments. From me@Tony-Barry.emu.id.au Fri Aug 3 12:34:06 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 22:34:06 +1000 Subject: [LINK] Linux takes on big jobs Message-ID: Extracted item for information. Source:Edupage, July 30, 2001 - - - - - LINUX TAKES ON BIG JOBS The Linux operating system is being used for more and more mission-critical business applications. Last week, Korean Air announced that its flight crew scheduling and daily revenue accounting systems were being moved to Linux. Linux has been running Newell Rubbermaid's Multi Router Traffic Grapher on its mainframe for almost a year. Winnebago Industries saved 70 percent of its software licensing costs for e-mail by using Linux operating on an IBM mainframe. Mainframe Linux has been downloaded from the Web roughly 3,000 times, and 10 of those downloads are running mission-critical systems, said Giga Information Group analyst David Mastrobattista. (Interactive Week, 23 July 2001) -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From me@Tony-Barry.emu.id.au Fri Aug 3 12:31:39 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 22:31:39 +1000 Subject: [LINK] Government Online: third report released Message-ID: >Date: Fri, 3 Aug 2001 16:07:17 +1000 (EST) >From: owner-all@minister.dcita.gov.au >subject: New Ministerial Media Release >Sender: owner-all@minister.dcita.gov.au >To: tony > >The following Ministerial Media Release is available at: > >Page located at: http://www.dcita.gov.au/cgi-bin/graphics.pl?path=5897 > >Government Online: third report released >Australia remains at the head of the field in the information economy >according to results of the third round of the Government Online survey >released today by Senator Ian Campbell, Parliamentary Secretary to the >Minister for Communications, Information Technology and the Arts. >Media contact: >Georgia-Kate Schubert, Senator Campbell's office, 02 6277 3955 or 0419 265 >234 > > >----------------------------------------------------------------------- >To REMOVE yourself from this mailing list, send an E-Mail message to: >majordomo@minister.dcita.gov.au and in the message BODY, include a line >containing: unsubscribe all (or the name of the mailing list you want to be >removed from). You may also use the Web form at www.dcita.gov.au in the >Newsroom. -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From me@Tony-Barry.emu.id.au Fri Aug 3 12:36:12 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 22:36:12 +1000 Subject: [LINK] Congress not likely to change dmca Message-ID: Extracted item for information. Source:Edupage, July 30, 2001 - - - - - CONGRESS NOT LIKELY TO CHANGE DMCA While programmers, technologists, and consumer advocates rail against the Digital Millennium Copyright Act (DMCA), insiders believe that there is little chance of changing the law. Approved unanimously in both the House and Senate in 1998, the DMCA has received continued support from Congress and its corporate lobbyists. Leaders of the technology and intellectual property rights committees on both sides of Congress say they approve of the law in its current form. Legal challenges to the law, including free speech arguments, have not fared well either, as shown in the case of the recording industry against the online magazine 2600, which failed in a bid to publish code that can unscramble DVD copy protection. Currently, many opposed to the DMCA in its current form are in an uproar over the arrest of a Russian programmer accused of creating and disseminating software to circumvent file-copying protections on e-books. Although Adobe, the software firm that first sought the programmer's arrest, has since reversed its calls for prosecution, observers say the government is likely to press forward with its case. (Wired News, 25 July 2001) -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From me@Tony-Barry.emu.id.au Fri Aug 3 12:39:41 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 22:39:41 +1000 Subject: [LINK] Net traffic booms Message-ID: Extracted item for information. Source: THE NET NEWS From Alan Farrelly July 31, 2001 - - - - - NET TRAFFIC BOOMS US Internet traffic is growing by an annual factor of four, according to Lawrence Roberts, respected boss of switch manufacturer Caspian Networks. It's the first accurate data-based assessment of Internet volume since 1996, when the US government controlled the network. Internet traffic expanded by a factor of 2.7 until January 2000, when it jumped to 3.6. So far this year expansion has been a factor of 4, which Roberts expects will remain steady through 2008. Roberts is an Internet guru who was in charge of developing Arpanet, precursor to the Net in 1964. -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From me@Tony-Barry.emu.id.au Fri Aug 3 12:44:51 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 22:44:51 +1000 Subject: [LINK] CD seal broken Message-ID: Extracted item for information. Source: THE NET NEWS From Alan Farrelly August 2, 2001 - - - - - CD SEAL BROKEN The latest encryption designed to stop CDs from being copied has already been broken. See http://www.cdfreaks.com/document.php3?Doc=48 -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From me@Tony-Barry.emu.id.au Fri Aug 3 12:42:46 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 22:42:46 +1000 Subject: [LINK] Newspapers rethink net Message-ID: Extracted item for information. Source: THE NET NEWS From Alan Farrelly July 31, 2001 - - - - - NEWSPAPERS RETHINK NET A study by the Pew Centre for Civic Journalism says the Internet is forcing newspapers to reassess their role and increase interactivity with readers. Describing it as a sea change, the biggest shift has been to invite audiences not only to comment on the newspaper, but to participate in it. 80% of newspapers provide readers with reporters' emails, and have created email, voice-mail and Web site news tip lines. 70% offer readers ways to publish their own ideas in addition to letters to the editor. See http://www.pewcenter.org/doingcj/spotlight/index.php -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From me@Tony-Barry.emu.id.au Fri Aug 3 12:47:34 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Fri, 3 Aug 2001 22:47:34 +1000 Subject: [LINK] Gambling conviction upheld Message-ID: Extracted item for information. Source: THE NET NEWS From Alan Farrelly August 2, 2001 - - - - - GAMBLING CONVICTION UPHELD A US federal appeals has upheld a conviction against a man who ran an Internet sports gambling operation - outside the USA. The fact that Jay Cohen's World Sports Exchange is based in Antigua hasn't stopped the US courts from sentencing him to 21 months in jail for illegally accepting bets from Americans over the Internet and by telephone. Cohen says he will appeal again. -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From at@ah.net Fri Aug 3 13:02:48 2001 From: at@ah.net (Adam Todd) Date: Fri, 03 Aug 2001 23:02:48 +1000 Subject: [LINK] (FWD) Australian Internet Body Seeks Return Of ".au" ccTLD (Re: Link Institute: auDA v. Elz ?!) In-Reply-To: <3B6A8B53.8F5CEAEA@atlantic.gse.rmit.edu.au> Message-ID: <5.1.0.14.0.20010803230204.03a0dae0@pop> > representative to ICANN Paul Twomey suggested that > two-letter country codes should be considered the "I can see we can't control this from here so I'll take back to my country the advice that we need to find another way." Australian Delegate (not me) at the IFWP in Singapore, August 1998. I'll leave it up to you to work out whom :) And YES - I have it on Video tape From sneakums@zork.net Fri Aug 3 14:01:51 2001 From: sneakums@zork.net (Sean Neakums) Date: Fri, 03 Aug 2001 15:01:51 +0100 Subject: [LINK] CD seal broken In-Reply-To: (Tony Barry's message of "Fri, 3 Aug 2001 22:44:51 +1000") References: Message-ID: <6un15hjl80.fsf@zork.zork.net> >>>>> "TB" == Tony Barry writes: TB> Source: THE NET NEWS TB> CD SEAL BROKEN TB> The latest encryption designed to stop CDs from being copied TB> has already been broken. See TB> http://www.cdfreaks.com/document.php3?Doc=48 MacroVision SafeAudio does *not* use encryption of any kind whatsoever. CDs with SafeAudio are mastered with deliberately introduced errors that are corrected by audio CD players but cause data CD readers to return audio with gaps and corruption. It is my opinion that CDs that have had the SafeAudio process applied to them are sold damaged, and that software that copes with this damage and enables people to rips their own CDs for their own use as they have always done is to be welcomed. -- ///////////////// | | The spark of a pin | left blank. | dropping, falling feather-like. \\\\\\\\\\\\\\\\\ | | There is too much noise. From Dish.TV@web.anu.edu.au Fri Aug 3 21:44:24 2001 From: Dish.TV@web.anu.edu.au (Dish.TV@web.anu.edu.au) Date: Sat, 4 Aug 2001 07:44:24 +1000 (EST) Subject: [LINK] Special Dish TV Offer Message-ID: <200108032144.f73LiNg13374@web.anu.edu.au> ---------------------- multipart/mixed attachment An HTML attachment was scrubbed... URL: http://mailman.anu.edu.au/pipermail/link/attachments/f517db28/attachment.htm ---------------------- multipart/mixed attachment-- From jwhit@PrimeNet.Com Fri Aug 3 20:50:15 2001 From: jwhit@PrimeNet.Com (Jan Whitaker) Date: Sat, 04 Aug 2001 06:50:15 +1000 Subject: [LINK] Finance has lost the plot In-Reply-To: <3B69E399.EB422F6D@austarmetro.com.au> Message-ID: <5.0.2.1.0.20010804064814.02f37560@pop.primenet.com> At 09:34 AM 3/08/01 +1000, Bernard Robertson-Dunn wrote: >It is far from the only debacle involving the same minister and the same >department. Like many of the others, moreover, its base is in ideology. The >forced outsourcing of information technology, against reasoned opposition >from most agencies, was pushed through by a minister and a department >convinced that they knew better. A department which lectures other agencies >on good management and accountability systems completely dropped the ball >with the sale of business units of the former Department of Administrative >Services. Now criminal proceedings for one instance of outright fraud are >over, there ought to be a public inquiry into how high the incompetence and >mismanagement went. There have been other disasters as well. It's a pity this story is in the Canberra Times. It needs to be in every capital city major, regional minor and national newspaper!! I was speaking with a fellow member of the Link Institute the other evening at dinner about the short memories of most people. How do we keep the looooonnnnngggg list of debacles in front of the public and not have them suffer from information overload and disbelief that it ever could have gone that far or things been done sooooo badly? Jan JLWhitaker Associates Melbourne, Victoria, Australia jwhit@primenet.com -- http://www.primenet.com/~jwhit/whitentr.htm From rick@praxis.com.au Fri Aug 3 22:28:26 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Sat, 04 Aug 2001 08:28:26 +1000 Subject: [LINK] Finance has lost the plot References: <5.0.2.1.0.20010804064814.02f37560@pop.primenet.com> Message-ID: <3B6B258A.3C1C68DF@praxis.com.au> Jan Whitaker wrote: > It's a pity this story is in the Canberra Times. It needs to be in every > capital city major, regional minor and national newspaper!! > > I was speaking with a fellow member of the Link Institute the other evening > at dinner about the short memories of most people. How do we keep the > looooonnnnngggg list of debacles in front of the public and not have them > suffer from information overload and disbelief that it ever could have gone > that far or things been done sooooo badly? San Francisco addressed this very issue years ago with a "Dob in a Polly" website, which was very popular. Perhaps the LINK Institute should consider launching a similar venture on an off-shore server. _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From jwhit@PrimeNet.Com Fri Aug 3 21:01:38 2001 From: jwhit@PrimeNet.Com (Jan Whitaker) Date: Sat, 04 Aug 2001 07:01:38 +1000 Subject: [LINK] Stages of development of a program Message-ID: <5.0.2.1.0.20010804065841.02f3fd50@pop.primenet.com> Roger raised the problem of journalistic enamorement (sic?) of new developments on a privacy advocacy list we're both on along with other linkers. Apologies for cross posting my reply, but I thought my link institute colleagues might appreciate it as well. There must be something about 'new' or at least 'popularly available' changes in doing things: [politician think] stage 1 - miracle 'cure'/fix stage 2 - wait, there's more? if we just add this little bit it will also solve that problem? stage 3 - uh-oh, you mean there are things we should think about at the *same* *time* ? stage 4 - what do you mean it really doesn't solve that original problem AND it causes Cancer!?! stage 5 - well we can eliminate the cancer causing by removing that bit, and still use this little bit over here and get some improvement stage 6 - hey, this works great, LOTS of people are doing this stage 7 - wait, hold on, we can't provide all this, we don't have the budget - stop relying on this stage 8 - what do you mean, the public are demanding an increase in the budget and the opposition is using it as an election issue? stage 9 - start distancing ourselves from this one, it's dynamite stage 10 - cancel that program - it never did work anyway Cheers, Jan JLWhitaker Associates Melbourne, Victoria, Australia jwhit@primenet.com -- http://www.primenet.com/~jwhit/whitentr.htm From weights454@myrealbox.com Fri Aug 3 04:51:11 2001 From: weights454@myrealbox.com (weights454@myrealbox.com) Date: 3 Aug 2001 06:51:11 +0200 Subject: [LINK] Looking for foreign investors 964310 Message-ID: <0996814120.0645937888@smtp.myrealbox.com> ======================================================================= We apologize, but this offer does not apply to the following countries at this time: United States, India, Pakistan. ======================================================================= Currency Trading Made Simple! Do You Have The Yen To Be a A Millionaire? 200% return in less than 90 days! Unique Strategy Trading in the International Currency Markets! Largest MarketPlace in the World! Get our Reports, Charts and Strategies on the U.S. Dollar vs Japanese yen and euro. Example: A $5,000 Investment in the Euro vs the dollar, "properly positioned", on 9/29/00 could have returned $12,500.00 on 10/19/00. If you live outside the United States, please contact us today for your FREE information packet on Currency Trading. http://www.u1.pp.ru/user534/curr/default.html ======================================================================= We apologize, but this offer does not apply to the following countries at this time: United States, India, Pakistan. ======================================================================= Removal Instructions: To be removed from our "in house" mailing list mailto:swtmm96@myrealbox.com and you will automatically be removed from future mailings. You have received this email by either requesting more information on one of our opportunities or someone may have used your email address. If you received this email in error, please accept our apologies. (Any attempts to disrupt the removal email address etc., will not allow us to be able to retrieve and process the remove requests.) ====================================================================== ******* From john.black@free.fr Sat Aug 4 10:56:21 2001 From: john.black@free.fr (JohnB) Date: Sat, 4 Aug 2001 20:56:21 +1000 Subject: [LINK] CD seal broken In-Reply-To: <6un15hjl80.fsf@zork.zork.net>; from sneakums@zork.net on Fri, Aug 03, 2001 at 03:01:51PM +0100 References: <6un15hjl80.fsf@zork.zork.net> Message-ID: <20010804205621.A529@lanesbry.com> www.blindwrite.com - reads cd images with no sanity checking, so it can duplicate "damaged" CDs. On Friday, 03 Aug 2001 at 15:01, Sean Neakums wrote: > >>>>> "TB" == Tony Barry writes: > > TB> Source: THE NET NEWS > TB> CD SEAL BROKEN > TB> The latest encryption designed to stop CDs from being copied > TB> has already been broken. See > TB> http://www.cdfreaks.com/document.php3?Doc=48 > > MacroVision SafeAudio does *not* use encryption of any kind > whatsoever. CDs with SafeAudio are mastered with deliberately > introduced errors that are corrected by audio CD players but cause > data CD readers to return audio with gaps and corruption. > > It is my opinion that CDs that have had the SafeAudio process applied > to them are sold damaged, and that software that copes with this > damage and enables people to rips their own CDs for their own use as > they have always done is to be welcomed. > > -- > ///////////////// | | The spark of a pin > | left blank. | dropping, falling feather-like. > \\\\\\\\\\\\\\\\\ | | There is too much noise. From ben-mcginnes@iname.com Sat Aug 4 12:01:31 2001 From: ben-mcginnes@iname.com (Ben McGinnes) Date: Sat, 4 Aug 2001 22:01:31 +1000 Subject: [LINK] Talk is cheap In-Reply-To: <200108011442.AAA24690@wobbly.bofh.net.au>; from darius@bofh.net.au on Thu, Aug 02, 2001 at 12:42:19AM +1000 References: <200108011442.AAA24690@wobbly.bofh.net.au> Message-ID: <20010804220131.C16624@mail.enternet.com.au> Kevin Littlejohn(darius@bofh.net.au)@Thu, Aug 02, 2001 at 12:42:19AM +1000: > > Heh. See, the difference is, you could always slap the village idiot in the > stocks and pelt them with rotten fruit... Unfortunately it is no longer politically correct to do this. Or is that socially acceptable? > Question for the more politically-savvy amongst you: Why can't we vote for > who gets what portfolio? Why can't we insist that someone with half a clue > technically be put in charge of the IT portfolio? Perhaps for the same reason that military commanders are rarely, if ever, turning to politics to become Ministers of Defence. The theory, I believe, is that the Minister is supposed to operate from the perspective of acting on behalf of the constituents and the government (i.e. to carry out its policies). It is the role of permanent secretaries and other speicalists within the department to make sure that Minister is fully appraised of the details relating to his/her portfolio. There are two main reasons for doing it this way: 1) If holding a Ministerial position or responsibility over a given portfolio is restricted to professional training and history as well as democratic mandate, then it defeats the purpose of a free and open democratic process in which anyone may run for office within their society/community. 2) There is a somewhat lesser view that encouraging only those with a particular professional background to take on a particular political role (e.g. the IT portfolio) will also serve to encourage either an "old boys" type network and/or even corruption between the portfolio holder and members of the industry s/he was previously a part of. Of course the second view is rarely, if ever, used as an argument against allowing someone who happens to fall into that category from pursuing a political career. It is just something often kept in mind. Though a good example to consider here is Dr. Wooldridge (sp?), in particular in relation to those medical scanners which were subsidised and the surrounding controversy. Regards, Ben From me@karmanaut.com Sat Aug 4 13:50:45 2001 From: me@karmanaut.com (viveka) Date: Sat, 4 Aug 2001 23:50:45 +1000 Subject: [LINK] Talk is cheap In-Reply-To: <20010804220131.C16624@mail.enternet.com.au> References: <200108011442.AAA24690@wobbly.bofh.net.au> <20010804220131.C16624@mail.enternet.com.au> Message-ID: > > Question for the more politically-savvy amongst you: Why can't we vote for >> who gets what portfolio? Why can't we insist that someone with half a clue >> technically be put in charge of the IT portfolio? > >Perhaps for the same reason that military commanders are rarely, if ever, >turning to politics to become Ministers of Defence. The theory, I >believe, is that the Minister is supposed to operate from the perspective >of acting on behalf of the constituents and the government (i.e. to carry >out its policies). It is the role of permanent secretaries and other >speicalists within the department to make sure that Minister is fully >appraised of the details relating to his/her portfolio. I figure that it's a holdover from the tradition that constituencies are necessarily geographic. This of course reflects reality rather less well now than it did when regions were first represented by their local lords at Westminster. I have more in common with the members of the link institute than I have with the people who live on my street. V. -- | Viveka Weiley, Karmanaut. http://www.karmanaut.com | http://www.planet-earth.org | http://www.MacWeb3D.org | | hypermedia | virtual worlds | human interface | truth | beauty From thealy@magna.com.au Sat Aug 4 14:23:10 2001 From: thealy@magna.com.au (Anthony Healy) Date: Sun, 5 Aug 2001 00:23:10 +1000 Subject: [LINK] FYI - Politician caught reading restricted data of opponent Message-ID: For interstate folk - http://www.smh.com.au/news/0108/05/national/national1.html Senior Labor MP under investigation, By Alex Mitchell, State Political Editor A computer hacking scandal is set to rock State Parliament after the discovery that a senior Labor MP's computer has been used to hack into Opposition computers to read private documents ... From thealy@magna.com.au Sat Aug 4 14:24:22 2001 From: thealy@magna.com.au (Anthony Healy) Date: Sun, 5 Aug 2001 00:24:22 +1000 Subject: [LINK] Case law as open source In-Reply-To: <0108031552160E.00855@ryan-lap-hf> Message-ID: Gordon Quite a lot of complex issues in this. I'll defer my response for a few months. I'm putting together a paper on these sorts of things. - tony > -----Original Message----- > From: owner-link@www.anu.edu.au [mailto:owner-link@www.anu.edu.au]On > Behalf Of Gordon Keith > Sent: Friday, 3 August 2001 3:52 PM > To: Anthony Healy; Link List > Subject: Re: [LINK] Case law as open source > > > On Fri, 27 Jul 2001 15:41, Anthony Healy wrote: > > > People wonder how programmers could make a living in an environment > > > where most software was open source and anyone could write their > > > own code. Lawyers don't seem to be starving even though case law is > > > open source and anyone is entitled to defend themselves. > > > > The difference is that case law is the input to the work that lawyers > > do for a particular client, whereas source code is the output of the > > work that programmers do. > > > > If you have the case law, you still need the lawyer to do the work > > for you. But if you have the source code, you no longer need to pay a > > programmer to do the work for you, or to pay the particular > > programmer who did the original work. > > I think you're correct in the short term, but I can't help thinking > that you may not be in the medium to long term. > > We are already seeing that people are hard pressed to find a good > reason for upgrading to the latest version of popular software and > software companies are trying all sorts of things to get people to > upgrade. > > I suspect that with all the free software around the future for > companies to sell mass market software is limited. Why should people > fork out for MS Office when Star Office is more than enough for 99% of > users? > > The future for companies to customise software for particular > applications and/or particular clients, however, shows no such limits. > > So, much like lawyers can make a living from servicing particular > client needs, so too will programmers in the future. I don't think > they'll do it selling programs, but selling programming services. > > Even now many software companies are making a good proportion of there > incoming by selling annual support, rather than software. > > Someone has already said that more than 70% of software development is > currently for in-house projects. I don't think that effort will shrink > if a large proportion of the current shrink wrap market is replaced by > open source, in fact I would expect to grow because a) money otherwise > spend on shrink wrap software becomes available, and b) it becomes > possible to integrate your companies applications directly into the > desktop software (you have the source). > > Regards > Gordon > From danny@anatomy.usyd.edu.au Sat Aug 4 14:53:13 2001 From: danny@anatomy.usyd.edu.au (Danny Yee) Date: Sun, 5 Aug 2001 00:53:13 +1000 Subject: [LINK] Talk is cheap In-Reply-To: ; from me@karmanaut.com on Sat, Aug 04, 2001 at 11:50:45PM +1000 References: <200108011442.AAA24690@wobbly.bofh.net.au> <20010804220131.C16624@mail.enternet.com.au> Message-ID: <20010805005313.A27313@anatomy.usyd.edu.au> viveka wrote: > I figure that it's a holdover from the tradition that constituencies > are necessarily geographic. This of course reflects reality rather > less well now than it did when regions were first represented by > their local lords at Westminster. I have more in common with the > members of the link institute than I have with the people who live on > my street. If we get the list membership up to 100 000, maybe we can ask the Electoral Commission to constitute us as Australia's first virtual electorate :-). Danny. From rick@praxis.com.au Sat Aug 4 23:31:30 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Sun, 05 Aug 2001 09:31:30 +1000 Subject: [LINK] VeriSign Japan defaced Message-ID: <3B6C85D2.14723015@praxis.com.au> This is a bit of a worry ... -------- Original Message -------- Subject: [defaced-commentary] VeriSign Japan defaced Date: Sat, 4 Aug 2001 14:56:51 -0600 (MDT) From: security curmudgeon On August 4, 2001, the Japanese site for VeriSign Inc. was compromised and defaced by a group known as "Delta Force Pakistan". Visitors to the site were greeted with a picture of a stone angel and the name of the group instead of VeriSign's regular page. Given the nature of VeriSign's business, the defacers had a chance to make a good statement about the state of net security and trust. Unfortunately, they were only able to muster up a page for the typical petty dick-waving with no real message. About VeriSign: VeriSign Consulting helps enterprises manage the complex technical requirements of large-scale networks and Internet infrastructures, enabling rapid delivery of high value products and services and safe exchange of sensitive data over the Internet. Consulting services include architecture and design, implementation, Web presence, monitoring, and management solutions. VeriSign's Web Site Trust Services: As an e-commerce business, you must deliver the highest levels of trust and security so your customers can be certain that your site is genuine, and that the information they send you via Web browsers, and other devices stays private and confidential. VeriSign's Site Trust Services offer you the power to secure and e-commerce-enable your site, giving you the most trustworthy Web experience possible. Mirror: http://defaced.alldas.de/mirror/2001/08/04/www2.verisign.co.jp/ Webserver: Microsoft-IIS/4.0 - The information and commentary is Copyright 2001, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. From rick@praxis.com.au Sun Aug 5 02:33:28 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Sun, 05 Aug 2001 12:33:28 +1000 Subject: [LINK] Article: Why the Age of Internet Innocence is Over Message-ID: <3B6CB078.D8A2B0C4@praxis.com.au> Why the Age of Internet Innocence is Over by Robert X. Cringely Some interesting observations and propositions, and even a conspiracy theory on Win XP and raw sockets: ''Programmers who ought to be familiar with Microsoft's plans have suggested that the real motive for raw socket support is for Microsoft to use Windows XP to exploit a bad situation, to deliberately make things worse. According to these programmers, Microsoft wants to replace TCP/IP with a proprietary protocol -- a protocol owned by Microsoft -- that it will tout as being more secure. Actually, the new protocol would likely be TCP/IP with some of the reserved fields used as pointers to proprietary extensions, quite similar to Vines IP, if you remember that product from Banyan Systems. I'll call it TCP/MS. ...'' As they say in the school grounds, them's fightin' words! Cheers Rick W _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From karin.geiselhart@rmit.edu.au Sun Aug 5 04:19:56 2001 From: karin.geiselhart@rmit.edu.au (Karin Geiselhart) Date: Sun, 05 Aug 2001 14:19:56 +1000 Subject: [LINK] First Call for DIAC-02 Submissions Message-ID: <4.3.2.7.0.20010805141906.00ae9a20@ems.rmit.edu.au> > > >/// Please forward to interested people, lists, newsgroups. Thank you! > >Shaping the Network Society: > Patterns for Participation, Action, and Change >http://www.cpsr.org/conferences/diac02/ > >May 16-19, 2002 > Seattle, Washington, USA > > >Tomorrow's information and communication infrastructure is being >shaped today. > > But by whom and to what ends? > >Researchers, community workers, social activists, educators and >students, journalists, artists, policymakers, and citizens are all >concerned about the shape that this new infrastructure will take. > > Will it meet the needs of all people? > Will it help the citizenry address current and future issues? > Will it promote democracy, social justice, sustainability? > > Will the appropriate research be conducted? > Will equitable policies be enacted? > > >Symposium Aims > >A "public sphere" where people learn about, discuss, and deliberate >on important issues, such as increasing economic disparity, >militarization, environmental degradation, racism or sexism, is >critical to our future. > >Clearly, information and communication technology--and the uses to >which it is put--is central to any effort that helps empower people to >effectively look at and resolve our collective concerns. > >At the same time, giant media conglomerates and computer companies are >rapidly increasing their control of the information and communication >infrastructure upon which this public sphere depends. Governments, >too, are often part of this problem; instead of promoting access and >two-way access to this infrastructure, they actively or passively >discourage civic sector uses. > >Civil society is responding in a million ways. The opportunities and >challenges offered by a global "network society" are too great to be >ignored. > >The Shaping the Network Society symposium is designed to aid in these >efforts by providing a forum and a platform for these critical issues. >And, through the use of "patterns," we hope that this conference will >help inject organization, motivation, and inspiration into the >evolution of an information and communication infrastructure that >truly meets today's -- and tomorrow's -- urgent needs. > >Please join us in Seattle (and beyond) in May 2002 for this exciting >and important event! > >DIAC-02 > >This event will be the eighth biannual Directions and Implications of >Advanced Computing (DIAC) symposium. A variety of events are planned >ranging from invited speakers, panel discussions, and pattern >presentations to numerous opportunities for informal working sessions >-- both planned and spontaneous -- on various topics. Also, as with >previous DIAC symposia, we will do our best to provide a few >surprises ... > >Pattern Orientation > >To promote bridge-building, we are soliciting "patterns," instead of >abstracts, that will be developed into full papers for this symposium. >A "pattern" is a careful description of a solution or suggestion for >remedying an identified problem in a given context that can be used >to help develop and harness communication and information technology >in ways that affirm human values. > >The information contained in patterns is similar to that in >traditional abstracts or papers, but it is arranged in a common >structure in order to inspire scholars and practitioners to think >about their work in terms of social implications and actual social >engagement; build networks that include research, practice, and >advocacy; and facilitate the integration of all submitted patterns >into a coherent network of patterns, or "pattern language," that will >form a useful and compelling knowledge structure which can help spur >additional research, solutions, and activism. As a result, individual >patterns are exciting because each is, in essence, a small theory >about some part of the communication and information universe. In >addition, since the individual patterns will be stored in an online >database, the overall strategy opens myriad possibilities that will >allow us as a community to synthesize the patterns into a collectively >constructed body that creates new opportunities for collaboration and >deliberation. > >We believe that the "pattern" orientation will be beneficial and >thought-provoking for all participants. If you are tempted to submit >a pattern, we encourage you to do so. Although this approach may >require different thinking, we believe that it will be worth the >effort. > >Patterns can be submitted for consideration for presentation at the >Shaping the Network Society conference, or simply to be published on >the web site and as a contribution to the knowledge structure. > > >Developing and Submitting Patterns > > Patterns are SOLUTIONS to PROBLEMS in a given CONTEXT. > > Patterns can be observable actions, empirical findings, > hypotheses, theories, social or media critiques, case studies, > or "best practices"; indeed, any template or crystallized or > distilled knowledge in some area that will help people in the > field--researchers, practitioners, journalists, policymakers, > artists, citizens. > > Patterns exist at all levels; they can be "global" as well as > "local," theoretical as well as practical. > > Patterns are the springboard for discussion, research, and > activism. > > >The primary elements needed to develop a pattern for submission are: > >- The name or TITLE of the pattern (brief, one-ten words). >- A succinct statement of the essence of the PROBLEM in one or two > sentences. >- A DISCUSSION section (300-600 words) that describes the background > of the problem, evidence for its proposed solution, and the range of > ways that the solution can be applied. >- The SOLUTION to the problem is presented in a summary form that > describes the field of physical and social relationships which are > required to solve the stated problem, in the stated context. >- An optional descriptive image can be used to provide a visual > representation of your pattern and/or an optional summary image can > show a pictorial representation (diagram) of the solution. Although > these IMAGES are an optional element, we encourage you to include > them to supply useful information that is difficult to provide in > words and to make your pattern page more attractive and consistent > with other patterns. > >Complete details on pattern submission, including example patterns, >are available for further clarification at the symposium web site: >http://www.cpsr.org/conferences/diac02/ > >The preferred way to submit patterns is through the pattern intake >site, which can be accessed from the symposium site or directly at: >http://www.cpsr.org/conferences/diac02/pattern.cgi. If you cannot >access the intake site, please send your pattern as email text (no >attachments) to docrod99@hotmail.com. Please consult the help page, >http://www.cpsr.org/conferences/diac02/patterns/help.html, for >guidance on an e-mail submission. > > >Important Dates > > December 1, 2001 Deadline for pattern submission for conference > consideration > January 15, 2002 Feedback to conference pattern submitters > (accept/reject decision) > March 15, 2002 Full papers (based on accepted patterns) due > April 15, 2002 Last day to submit patterns for database inclusion > only > May 16-19, 2002 Shaping the Network Society Symposium > > >Sponsors > >Public Sphere Project of Computer Professionals for > Social Responsibility (CPSR) > >National Communication Association Task Force on the Digital Divide > > >Program Committee > >Abdul Alkalimet (US), Alain Ambrosi (Canada), Ann Bishop (US), >Kwasi Boakye-Akyeampong (Ghana), Rod Carveth (US), Andrew Clement >(Canada), Fiorella de Cindio (Italy), Peter Day (UK), Susana >Finquelievich (Argentina), Mike Gurstein (Canada), Harry Hochheiser >(US), Toru Ishida (Japan), Susan Kretchmer (US), Brian Loader (UK), >Geert Lovink (Netherlands, Australia), Richard Lowenberg (US), Peter >Mambrey (Germany), Peter Miller (US), Kenneth Pigg (US), Scott >Robinson (Mexico), Partha Pratim Sarker (Bangladesh), Doug Schuler >(US), David Silver (US), Sergei Stafeev (Russia), Erik Stolterman >(Sweden) and Peter Van den Besselaar (Netherlands). > >Other invaluable assistance > >Noriko Okazaki (graphics), Robin Oppenheimer (advisor), Scott Rose >(web technology). > > > -- >Susan Evoy * Managing Director >http://www.cpsr.org/ >Computer Professionals for Social Responsibility >P.O. Box 717 * Palo Alto * CA * 94302 >Phone: (650) 322-3778 * >Email: evoy@cpsr.org >Join/Renew online: >https://swww.igc.apc.org/cpsr/sec-membership-form.html > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: cpsr-announce-unsubscribe@cpsr.org >For additional commands, e-mail: cpsr-announce-help@cpsr.org > >------- End of forwarded message ------- >___________________________________________________________ >hosted by Vancouver Community Network http://www.vcn.bc.ca Karin Geiselhart Post-Doctoral Research Fellow in Electronic Commerce School of Business Information Technology RMIT University Melbourne ph 03 9925 1352 fax 03 9925 5482 http://www.bf.rmit.edu.au/kgeiselhart From at@ah.net Sun Aug 5 06:00:04 2001 From: at@ah.net (Adam Todd) Date: Sun, 05 Aug 2001 16:00:04 +1000 Subject: [LINK] Article: Why the Age of Internet Innocence is Over In-Reply-To: <3B6CB078.D8A2B0C4@praxis.com.au> Message-ID: <5.1.0.14.0.20010805155921.034a9120@pop> > of the reserved fields used as pointers to proprietary extensions, > quite similar to > Vines IP, if you remember that product from Banyan Systems. I'll call > it TCP/MS. ...'' > >As they say in the school grounds, them's fightin' words! Bah. Netbios != NetBUIE TCP/IP != TCP/MS What else is new. From at@ah.net Sun Aug 5 05:58:29 2001 From: at@ah.net (Adam Todd) Date: Sun, 05 Aug 2001 15:58:29 +1000 Subject: [LINK] VeriSign Japan defaced In-Reply-To: <3B6C85D2.14723015@praxis.com.au> Message-ID: <5.1.0.14.0.20010805155804.037b8490@pop> At 09:31 5/08/01 +1000, Rick Welykochy wrote: >This is a bit of a worry ... > > >-------- Original Message -------- >Subject: [defaced-commentary] VeriSign Japan defaced >Date: Sat, 4 Aug 2001 14:56:51 -0600 (MDT) >From: security curmudgeon > >On August 4, 2001, the Japanese site for VeriSign Inc. was compromised and >defaced by a group known as "Delta Force Pakistan". It's not the first time Verisign have been defaced or hacked. Surprised it took so long to take out the Japanese servers. From stephen@melbpc.org.au Sun Aug 5 12:54:33 2001 From: stephen@melbpc.org.au (Stephen Loosley) Date: Sun, 05 Aug 2001 22:54:33 +1000 Subject: [LINK] Fwd: Seeking ed videoconferences Message-ID: <4.3.2.7.2.20010805223622.00ab5960@popa.melbpc.org.au> Hi all .. Interested in an ed-videoconference? -- Date: Sat, 04 Aug 2001 09:02:05 -0500 From: Scott Walker Organization: Our Lady of the Lake University To: DEOS-L@lists.psu.edu, dist-ed@explode.unsw.edu.au, s-asia-it@apnic.net, TxDLA-Forum@txdla.org, ed_tech@egroups.com Subject: EP ST U seeks P or T w/ISDN VC for short or long term relationship!! [or...All dressed up & no place to go] Reply-To: Scott Walker EDUCATION PROFESSOR IN A SMALL TEXAS UNIVERSITY SEEKS PROFESSOR OR TEACHER WITH ISDN VIDEOCONFERENCE CAPABILITY AS A GUEST SPEAKER At Our Lady of the Lake University in Texas I am teaching a new class, "Technology for Teaching" this fall for undergraduate students enrolled in our teacher education program. By way of this message I am seeking education technology practitioners and instructors (at any grade/education level) who would like to "come in" (by videoconference) as a guest speaker. -OR- An entire class (elementary - grad. school) that could come in to have a videoconference dialogue. ======================== SUBJECT: Open, but related to education technology. (Corporate training topics welcome from corporate trainers.) PURPOSE: To 1) demonstrate the use and capabilities of using videoconference technology; and to 2) bring in a guest speaker or guest "classroom" to gain an outside perspective on the subject to enhance student learning. TIME: Class runs from August 28, 2001 to November 29, 2001 Tuesdays and/or Thursdays 2:15 p.m. to 3:15 p.m. Central Time (Chicago, Dallas, San Antonio, Mexico City) LONG DISTANCE FEE: I will initiate the call and therefore absorb any long-distance fees (including international long distance) VIDEOCONFERENCE REQUIREMENT: ISDN (H.320) capable videoconference OR an MCU I can dial into via ISDN to reach your site. STIPEND FOR SPEAKER: None...this would be out of the goodness of your heart and for the advancement of knowledge!! (I am willing to reciprocate and speak in your class via vid. conf., for what it's worth.) CONTACT PERSON: Scott Walker, walks@lake.ollusa.edu INTERESTED PERSONS: Anyone interesting in pursuing this idea, please reply directly to me rather than bothering everyone on this discussion group. [[Please pass this message on to potential interested parties.]] ========================= Regards, Scott Walker -- Our Lady of the Lake University Education Technology Coordinator 411 SW 24th St. San Antonio, Texas, USA 78207 Univ. Office +210 434-6711 X304 Home Office +512 392-1930 Fax +603 719-9542 -- Cheers all .. Stephen Loosley From mikal@stillhq.com Sun Aug 5 13:35:49 2001 From: mikal@stillhq.com (Michael Still) Date: Sun, 5 Aug 2001 23:35:49 +1000 Subject: [LINK] Australia "worst hit" by worm's resurgence In-Reply-To: <3B69FBEA.26819A21@austarmetro.com.au> Message-ID: On Fri, 3 Aug 2001, Bernard Robertson-Dunn wrote: > According to statistics which Miller sourced from security monitoring > company securityfocus.com, Australia has seen the greatest increase in its > rolling seven-day incident numbers, with 64,000 incidents reported here by > 1 p.m Thursday, double yesterday's 30,000-plus figure, according to Miller. > And the number one attack type is the ASAPI Buffer Overflow, which is what > the Code Red exploits. Just thought I would point out that securityfocus.com is not an Australian company and has been on the scene for years -- they run the bugtraq mailing list that much of this stuff is first reported on. A reliable source I would think. Then again, 64,000 is a very round number. Mikal -- Michael Still (mikal@stillhq.com) From Richard.Chirgwin@informa.com.au Sun Aug 5 23:09:13 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Mon, 6 Aug 2001 09:09:13 +1000 Subject: [LINK] Talk is cheap Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A79@EXCHANGE_AU> Keven's question: > Question for the more politically-savvy amongst you: Why can't we vote for > who gets what portfolio? Why can't we insist that someone with half a clue > technically be put in charge of the IT portfolio? I don't like the 'cult of the ignorant' either. Journalists will often argue that they should not need expertise to report on a particular topic; and I disagree. But in politics... 1) We can't guarantee that expertise - or claimed expertise - equals good decision making. The famous Westpac CS87 etc debacles of a decade ago were conceived by experts. 2) So to insist on expertise in the body politic - technical expertise, I mean here - also demands assessment criteria. And, 3) Even then, find me five experts who agree on the detail. Look, for example, at Link's own debates about (say) digital certificates. Were Link to act as an advisory body for an expert cabinet member, I reckon he/she would end up schizophrenic ... It would be nice to see stronger intellectual content in Canberra, I agree. Sad fact - here I'm talking research, not opinion, but I don't have the citations in front of me - the sad fact is that people don't follow someone vastly smarter than they; they prefer representatives who look, think and act (or seem to) as they do. RC -----Original Message----- From: Ben McGinnes [mailto:ben-mcginnes@iname.com] Sent: Saturday, 4 August 2001 22:02 To: Kevin Littlejohn Cc: link@www.anu.edu.au Subject: Re: [LINK] Talk is cheap Kevin Littlejohn(darius@bofh.net.au)@Thu, Aug 02, 2001 at 12:42:19AM +1000: > > Heh. See, the difference is, you could always slap the village idiot in the > stocks and pelt them with rotten fruit... Unfortunately it is no longer politically correct to do this. Or is that socially acceptable? > Question for the more politically-savvy amongst you: Why can't we vote for > who gets what portfolio? Why can't we insist that someone with half a clue > technically be put in charge of the IT portfolio? Perhaps for the same reason that military commanders are rarely, if ever, turning to politics to become Ministers of Defence. The theory, I believe, is that the Minister is supposed to operate from the perspective of acting on behalf of the constituents and the government (i.e. to carry out its policies). It is the role of permanent secretaries and other speicalists within the department to make sure that Minister is fully appraised of the details relating to his/her portfolio. There are two main reasons for doing it this way: 1) If holding a Ministerial position or responsibility over a given portfolio is restricted to professional training and history as well as democratic mandate, then it defeats the purpose of a free and open democratic process in which anyone may run for office within their society/community. 2) There is a somewhat lesser view that encouraging only those with a particular professional background to take on a particular political role (e.g. the IT portfolio) will also serve to encourage either an "old boys" type network and/or even corruption between the portfolio holder and members of the industry s/he was previously a part of. Of course the second view is rarely, if ever, used as an argument against allowing someone who happens to fall into that category from pursuing a political career. It is just something often kept in mind. Though a good example to consider here is Dr. Wooldridge (sp?), in particular in relation to those medical scanners which were subsidised and the surrounding controversy. Regards, Ben From hartr@redhat.com Mon Aug 6 00:23:20 2001 From: hartr@redhat.com (hartr@redhat.com) Date: Mon, 6 Aug 2001 10:23:20 +1000 (EST) Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <6ulml5o2el.fsf@zork.zork.net> Message-ID: <200108060023.f760NNI05010@bree.brisbane.redhat.com> On 31 Jul, Sean Neakums wrote: > And let's try not to confuse `commercial' and `proprietary', please. When talking about Linux, there is a real problem if the distinction is not made. Linux is most definitely a COMMERCIAL operating system, but it is likelwise most definitely not PROPRIETARY. -- Robert Hart hartr@redhat.com Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia Tel +61 (0)7 3872 4808 Fax +61 (0)7 3257 4800 From thealy@magna.com.au Mon Aug 6 00:35:15 2001 From: thealy@magna.com.au (Anthony Healy) Date: Mon, 6 Aug 2001 10:35:15 +1000 Subject: [LINK] Talk is cheap In-Reply-To: <20010804220131.C16624@mail.enternet.com.au> Message-ID: > Why can't we vote for who gets what portfolio? Why can't > we insist that someone with half a clue > technically be put in charge of the IT portfolio? Yes. In the same way that attorney-generals have to be trained lawyers. - tony From thealy@magna.com.au Mon Aug 6 00:46:34 2001 From: thealy@magna.com.au (Anthony Healy) Date: Mon, 6 Aug 2001 10:46:34 +1000 Subject: [LINK] Talk is cheap In-Reply-To: <9BD4AE8C2EB1D311982700508BA2498901573A79@EXCHANGE_AU> Message-ID: Richard mentioned in passing: > 1) We can't guarantee that expertise - or claimed expertise - equals good > decision making. The famous Westpac CS87 etc debacles of a decade ago were > conceived by experts. Actually Westpac's CS90 debacle is a good example of Australian management incompetence. They blew $125 million on it in the end. But it wasn't run by experts. In the late '80s and early to mid 90's there was a fad in business, eagerly reported by BRW every few months and taught at management schools, that IT projects were best managed by "business experts" and marketing departments, who of course knew more about IT than the "IT department." CS90 was one such project. By the mid 90's, managing directors had started to realise that projects run by business geniuses never worked, were hated by users, overran their budgets enormously and so on, and they finally started appointing expert technologists to run projects. - tony From brd@austarmetro.com.au Mon Aug 6 00:48:42 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Mon, 06 Aug 2001 10:48:42 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat Message-ID: <3B6DE96A.F44C4CC7@austarmetro.com.au> Code Red puts Microsoft in hot seat By Dan Verton 6 August, 2001 8:37 Washington, U.S. It was a scene that would be familiar to officials at Bridgestone/Firestone Inc. An executive from Microsoft watched as a government official told a gathering of reporters that there was a serious problem with a Microsoft product. Ronald Dick, director of the U.S. Federal Bureau of Investigation's National Infrastructure Protection Center, this week warned that the Code Red computer worm was spreading rapidly across the Internet for the third time in less than three weeks. It was taking advantage of a vulnerability discovered in the Web server software that runs on Microsoft's popular Windows 2000 and NT operating systems. The health of the Internet and e-commerce was at stake, the government warned. But unlike the case with faulty tires from Firestone, Microsoft's problem wasn't life-threatening, and it didn't lead to a massive product recall. Instead, it cost businesses around the world more than US$1 billion, according to some estimates, and hundreds of man-hours to fix. That has led some users and experts to argue that it's time to demand more secure software from vendors. "Do we have to wait until someone gets killed?" asked Jack Ring, owner of Innovation Management, an IT consulting firm in Scottsdale, Ariz., in a letter to Computerworld. "[It] must be nice to be a billionaire, but can it feel good when the billion is what others are losing by using your products?" Because of the security issues associated with Microsoft software, "we are looking at other technologies," said a chief technology officer at a pharmaceutical supply company in the Northeast who requested anonymity. "There are other Web servers out there. Microsoft's customers have to demand better software." Robert Odom, chief operating officer at AFAB International Inc., a security equipment reseller in Fort Lauderdale, Fla., said that because of security concerns, his company has completely removed Microsoft Outlook from its systems and has removed "as much of [Internet Explorer] as we can." Microsoft issued 100 security bulletins last year related to its software and 42 so far this year, according to information on its Web site. Even so, Steve Lipner, manager of Microsoft's Security Response Center and chief of the Secure Windows Initiative, said the company undertakes a massive effort to find security flaws in products "before they get out the door." The centerpiece of the effort, said Lipner, is a program called Prefix. It scans the entire code base of the Windows operating system and all Office products for potential vulnerabilities. When one is found, Prefix identifies the "offending coding practice that caused the vulnerability," he said. It's an effort that represents a "significant investment" across the company and one that "absolutely has commitment from the top," Lipner said. That begs the question of how yet another flaw in Microsoft's Internet Information Services software made it out the door. "Security and software development are human endeavors where mistakes are going to happen," Lipner said. Yet there is concern because critical services such as the Federal Aviation Administration, medical services and the electric power grid are increasingly using commercial software. And the fear, based on the Microsoft experience, is that some of this software could be unreliable and full of security holes. It's only a matter of time before consumers and businesses start to demand more reliable and secure software, said Dave McCurdy, executive director of the Internet Security Alliance in Arlington, Va. "When health and safety concerns are raised, then there are going to be higher expectations of accountability," he said. "People have every right to expect reliable, secure software," said Jay Nickson, a security trainer at Ronin Software Group in West Chesterfield, N.H. He added that developers should be responsible if errors in their software result in lost profits, lost hours or bodily harm. He even suggested that it might be time for a "software users' bill of rights." But Alan Paller, director of the SANS Institute, a security research organization in Bethesda, Md., said that's a long shot. A routine check of the terms of the agreement included with every shrink-wrapped package of software from Microsoft and other developers would show that users "have no rights at all," he said. -- A man will fight harder for his interests than for his rights. -- Napoleon Bonaparte Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From glen.turner@aarnet.edu.au Mon Aug 6 01:19:22 2001 From: glen.turner@aarnet.edu.au (Glen Turner) Date: Mon, 06 Aug 2001 10:49:22 +0930 Subject: [LINK] FYI - Politician caught reading restricted data of opponent References: Message-ID: <3B6DF09A.18171ACA@aarnet.edu.au> > http://www.smh.com.au/news/0108/05/national/national1.html Which varies in significant detail from the account on ABC's AM, especially regarding the MP's computing skills. And come to think of it, what MP would have the time? None of the coverage so far has excluded the most likely scenario: MP's PC poorly maintained by central IT area, gets scanned and hacked through well-known hole, then goes on the scan the parliamentary network from the soft side of the firewall. Somewhere between 40-50% of the PCs would be have Liberal Party users. The only fact that contradicts this common scenario is the claim that documents were copied. This claim has been accepted without question by the coverage to date, but is at the core of the issue in determining if the incident is simply poor maintenance by IT staff or hacking with intent. The coverage also hasn't asked how the breach was discovered. Again, this is a significant point, as a user noticing unusual activity on their PC is a world different to someone noticing a ALP figure with copies of inter-Liberal e-mails. In short, the SMH and ABC have let themselves be used for distributing press releases on a topic where they should be treading carefully. Regards, Glen -- Glen Turner Network Engineer (08) 8303 3936 Australian Academic and Research Network glen.turner@aarnet.edu.au http://www.aarnet.edu.au/ -- The revolution will not be televised, it will be digitised From ian.johnston@infobrokers.com.au Mon Aug 6 03:38:21 2001 From: ian.johnston@infobrokers.com.au (Ian Johnston) Date: Mon, 6 Aug 2001 11:38:21 +0800 Subject: [LINK] Link Institute: auDA v. Elz ?! Message-ID: Roger Clark wrote: > If ever there was an issue that the Link Institute should weigh in on, it's this one. After reading the article, note the last para. > Can anyone provide briefings on this one, from *both* auDA's and Elz's perspective, and maybe from a few other angles as well? Roger As a member of the auDA Name Policy and Competition Model Advisory Panels (one of 50+ members) for the last year, I have seen only one written communication between auDA and Robert Elz. Regarding the report in The Sydney Morning Herald article -- "It is believed Mr Elz said he did not have confidence in auDA's ability to run the domain name system or determine policy." -- a submission to auDA in March 2001 by Robert provides an insight to his concerns at that time. Robert expressed views in his submission in response to the Second Public Consultation Report of the auDA Name Policy Advisory Panel . He was critical of the *draft* policy set out in the Report. I agreed with some of his views and built upon them in SETEL's submission to auDA and in Name Panel debate / discussions. I'm not aware of any written response to Robert from auDA that addressed the specific points in his submission. The Name Policy Advisory Panel discussed his submission, along with many others, in formulating its final report. For an auDA perspective on redelegation see: - auDA posting of 30 May 2001 - auDA Media Release of 7 June 2001: auDA requests ICANN to re-delegate .au - auDA posting of 12 June 2001 at . The following article of 5 June 2001 triggered a DNS List discussion . There was some robust debate and questioning of auDA's actions on this List. To the credit of auDA's CEO, there was frank and open discussion over a number of days on the List. The archive to the List is not accessible at this stage (it's not where it's supposed to be!). I've copied this email to the DNS List and auDA's CEO and the Name Panel. Others may wish to comment. (I'm unable to respond to any postings until this evening.) Ian Johnston, Policy Consultant Small Enterprise Telecommunications Centre Limited (SETEL) PO Box 58 Jamison ACT 2614 Australia 02 6251 7848 (B) 02 6251 7835 (F) 0413 990 112 (M) www.setel.com.au mailto:ian.johnston@setel.com.au SETEL is a national association advancing and representing the interests of Australian small businesses as consumers of telecommunications and electronic commerce. -----Original Message----- From: owner-link@www.anu.edu.au [mailto:owner-link@www.anu.edu.au]On Behalf Of Roger Clarke Sent: 03 August, 2001 7:47 AM To: link@www.anu.edu.au Subject: [LINK] Link Institute: auDA v. Elz ?! Importance: High If ever there was an issue that the Link Institute should weigh in on, it's this one. After reading the article, note the last para. Can anyone provide briefings on this one, from *both* auDA's and Elz's perspective, and maybe from a few other angles as well? Name controller doubts auDA's ability The Sydney Morning Herald Date: 03/08/2001 http://www.smh.com.au/news/0108/03/text/biztech21.html Kirsty Needham The reclusive Internet pioneer Mr Robert Elz has finally broken his silence. After a stand-off with the Federal Government and Australia's new domain name body lasting several months, Mr Elz has outlined the reasons why he does not want to hand over his control of Australia's Internet addressing system to auDomain Australia. After ignoring repeated communications from the Government and auDA, which plan to open up the domain name system to commercial competition, and the American based, Internet Assigned Numbers Authority, it has been revealed that Mr Elz this week replied to an email from IANA. IANA is the international body set up by the late Mr Jon Postel, who co-developed the technical protocol that enabled computers to talk to one another to form the Internet. It is believed Mr Elz said he did not have confidence in auDA's ability to run the domain name system or determine policy. AuDA chief executive Mr Chris Disspain would not comment on the matter, other than to say auDA had been asked by IANA to respond to several points that had been raised by Mr Elz. Industry sources suggest the stoush may draw to an end within weeks but tipped that unless Mr Elz relinquished his control, it would be taken from him. Once again, Mr Elz could not be reached for comment. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From rha@juggernaut.com.au Mon Aug 6 01:54:35 2001 From: rha@juggernaut.com.au (Richard Archer) Date: Mon, 6 Aug 2001 11:54:35 +1000 Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <200108060023.f760NNI05010@bree.brisbane.redhat.com> References: <200108060023.f760NNI05010@bree.brisbane.redhat.com> Message-ID: At 10:23 AM +1000 6/8/01, hartr@redhat.com wrote: >On 31 Jul, Sean Neakums wrote: > >> And let's try not to confuse `commercial' and `proprietary', please. > >When talking about Linux, there is a real problem if the distinction is >not made. Linux is most definitely a COMMERCIAL operating system, but it >is likelwise most definitely not PROPRIETARY. Concise Oxford English Dictionary: commercial: 1. adj. of, engaged in, bearing on, commerce; interested in financial return rather than artistry [...] 3. Hence ~ism n., ~ize v.t., make (merely) commercial, derive commercial profit from [...] I would question whether Linux is commercial. Sure, the RedHat release is a commercial operating system and there are other commercial systems built around the linux kernel. Linux itself seems to me to favour artistry over financial return and not be designed merely to generate a profit. Certainly the roots of linux are non-commercial, as are many of the additional software packages that make up a complete linux installation. ...R. From eric.scheid@ironclad.net.au Mon Aug 6 02:27:23 2001 From: eric.scheid@ironclad.net.au (Eric Scheid) Date: Mon, 6 Aug 2001 12:27:23 +1000 Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria Message-ID: <200108060227.f762RRg13540@web.anu.edu.au> An anti-virus company dumps a bucket on the FBI and other "security experts" ... ------------------------------------------- Australian businesses have dealt sensibly with the return of the Code Red worm, which has sparked panic in the US and UK, according to Paul Ducklin, Sydney-based head of global support at anti-virus company Sophos PLC. [snip] "Code Red is important and it is important to fix it, but no way is it going to cause Internet meltdown," he said. The hype surrounding Code Red could have unwelcome effects on other security matters, according to Ducklin. As with the year 2000 issue, users who have been told to expect dire effects and then do not see them can be led into a false sense of security. Also, the focus on Code Red may distract users from other attacks. [snip] The FBI and other "security experts" are to blame for the overreaction, Ducklin said. "Amid this FBI-induced hysteria, people are forgetting about the SirCam worm," he said. "(With SirCam) unlike Code Red, there is no single patch that can protect all users." http://arn.idg.com.au/arndb.nsf/tibco_stories/F5DAB62EC2D0A6C0CA256A9F00825 190 ------------------------------------------- Some of the assertions are a bit wacky though, such as making the distinction between assembly code and high level language, but I'm willing to believe that this was journalistic mangling of quotes. e. ______________________________________________________________________ eric@ironclad.net.au i r o n c l a d n e t w o r k s information architect http://www.ironclad.net.au/ From lannet@lannet.com.au Mon Aug 6 02:34:20 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Mon, 6 Aug 2001 12:34:20 +1000 (EST) Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: <3B6DE96A.F44C4CC7@austarmetro.com.au> Message-ID: Is this correct. Surely users, even licencees as opposed to purchasers, have the right to a product that is of "merchantable quality". Or am I assuming that the law is not that simplistic. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Mon, 6 Aug 2001, Bernard Robertson-Dunn wrote: > But Alan Paller, director of the SANS Institute, a security research > organization in Bethesda, Md., said that's a long shot. A routine check of > the terms of the agreement included with every shrink-wrapped package of > software from Microsoft and other developers would show that users "have no > rights at all," he said. From m.lean@qut.edu.au Sun Aug 5 22:51:53 2001 From: m.lean@qut.edu.au (Michael Lean) Date: Mon, 06 Aug 2001 08:51:53 +1000 Subject: [LINK] Dell opts out of linux Message-ID: <4.3.2.7.2.20010806085105.00a93860@pop.qut.edu.au> ---------------------- multipart/alternative attachment Linkers, for info - Mike >DELL DROPS LINUX ON PCs >Dell Computer says it no longer will offer the option of installing Linux >on its PCs, citing lack of consumer enthusiasm for the alternative >operating system. "We started offering it about a year ago in anticipation >of spill-over demand from servers," says a Dell spokeswoman. "But we've >seen pretty flat demand." Dell will continue to offer workstations and >servers featuring Linux software from Red Hat. (Reuters 2 Aug 2001) >http://dailynews.yahoo.com/h/nm/20010802/tc/tech_dell_linux_dc_2.html ---------------------- multipart/alternative attachment An HTML attachment was scrubbed... URL: http://mailman.anu.edu.au/pipermail/link/attachments/dc2fd9f6/attachment.htm ---------------------- multipart/alternative attachment-- From rick@praxis.com.au Mon Aug 6 02:48:15 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Mon, 6 Aug 2001 12:48:15 +1000 (EST) Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: <3B6DE96A.F44C4CC7@austarmetro.com.au> Message-ID: On Mon, 6 Aug 2001, Bernard Robertson-Dunn contributed: > Code Red puts Microsoft in hot seat > By Dan Verton > 6 August, 2001 8:37 > Washington, U.S. [SNIPPE] > "People have every right to expect reliable, secure software," said Jay > Nickson, a security trainer at Ronin Software Group in West Chesterfield, > N.H. He added that developers should be responsible if errors in their > software result in lost profits, lost hours or bodily harm. He even > suggested that it might be time for a "software users' bill of rights." > > But Alan Paller, director of the SANS Institute, a security research > organization in Bethesda, Md., said that's a long shot. A routine check of > the terms of the agreement included with every shrink-wrapped package of > software from Microsoft and other developers would show that users "have no > rights at all," he said. I would have thought that user's rights are covered by expectations of suitability of purpose as enshrined in consumer rights legislation, not by a shrink-wrapped licence the consumer cannot read before purchasing a product. It is a conflict of interest for the software supplier to dictate the rights of the purchaser. -rickw _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From lannet@lannet.com.au Mon Aug 6 03:02:53 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Mon, 6 Aug 2001 13:02:53 +1000 (EST) Subject: [LINK] Dell opts out of linux In-Reply-To: <4.3.2.7.2.20010806085105.00a93860@pop.qut.edu.au> Message-ID: I beleive that this is not the case with Dell Australia -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Mon, 6 Aug 2001, Michael Lean wrote: > Linkers, > for info - > Mike > > >DELL DROPS LINUX ON PCs > >Dell Computer says it no longer will offer the option of installing Linux > >on its PCs, citing lack of consumer enthusiasm for the alternative > >operating system. "We started offering it about a year ago in anticipation > >of spill-over demand from servers," says a Dell spokeswoman. "But we've > >seen pretty flat demand." Dell will continue to offer workstations and > >servers featuring Linux software from Red Hat. (Reuters 2 Aug 2001) > >http://dailynews.yahoo.com/h/nm/20010802/tc/tech_dell_linux_dc_2.html From Richard.Chirgwin@informa.com.au Mon Aug 6 03:50:36 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Mon, 6 Aug 2001 13:50:36 +1000 Subject: [LINK] FYI - Politician caught reading restricted data of opp onent Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A84@EXCHANGE_AU> Glen, >the most likely scenario: MP's PC poorly maintained by central IT area, >gets scanned and hacked through well-known hole, then >goes on the scan the parliamentary network from the >soft side of the firewall I'd probably suggest your scenario is the second-most likely. What we do know: 1) Everyone used the same network - not even segmented by party affiliation, it seems. 2) Probably everybody has the same username policy. 3) Oh look, here's a post-it note with Richard Chirgwin's password on it. Wonder what he's doing... While everybody said "files copied from the MP's PC", it's more likely that the files were copied from the user's personal folder on a network drive (IMNSHO). I'd bet, after all, that the average MP thinks the G: drive is on his/her machine, because the C: drive is. So my "most likely" is that someone got the password for another user, and read through their files and e-mails. RC -----Original Message----- From: Glen Turner [mailto:glen.turner@aarnet.edu.au] Sent: Monday, 6 August 2001 11:19 To: Link Institute Subject: Re: [LINK] FYI - Politician caught reading restricted data of opponent > http://www.smh.com.au/news/0108/05/national/national1.html Which varies in significant detail from the account on ABC's AM, especially regarding the MP's computing skills. And come to think of it, what MP would have the time? None of the coverage so far has excluded the most likely scenario: MP's PC poorly maintained by central IT area, gets scanned and hacked through well-known hole, then goes on the scan the parliamentary network from the soft side of the firewall. Somewhere between 40-50% of the PCs would be have Liberal Party users. The only fact that contradicts this common scenario is the claim that documents were copied. This claim has been accepted without question by the coverage to date, but is at the core of the issue in determining if the incident is simply poor maintenance by IT staff or hacking with intent. The coverage also hasn't asked how the breach was discovered. Again, this is a significant point, as a user noticing unusual activity on their PC is a world different to someone noticing a ALP figure with copies of inter-Liberal e-mails. In short, the SMH and ABC have let themselves be used for distributing press releases on a topic where they should be treading carefully. Regards, Glen -- Glen Turner Network Engineer (08) 8303 3936 Australian Academic and Research Network glen.turner@aarnet.edu.au http://www.aarnet.edu.au/ -- The revolution will not be televised, it will be digitised From Roger.Clarke@xamax.com.au Mon Aug 6 03:53:31 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Mon, 6 Aug 2001 13:53:31 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: References: Message-ID: >On Mon, 6 Aug 2001, Bernard Robertson-Dunn wrote: > >> But Alan Paller, director of the SANS Institute, a security research >> organization in Bethesda, Md., said that's a long shot. A routine check of >> the terms of the agreement included with every shrink-wrapped package of >> software from Microsoft and other developers would show that users "have no >> rights at all," he said. Howard Lowndes >Is this correct. Surely users, even licencees as opposed to purchasers, >have the right to a product that is of "merchantable quality". Or am I >assuming that the law is not that simplistic. s.71(1) of the Trade Practices Act, at: http://www.austlii.edu.au/cgi-bin/disp.pl/au/legis/cth/num_act/tpa1974149/s71.html "Where a corporation supplies (otherwise than by way of sale by auction or sale by competitive tender) goods to a consumer in the course of a business, there is an implied condition that the goods supplied under the contract for the supply of the goods are of merchantable quality ..." At: http://www.austlii.edu.au/au/legis/cth/num_act/tpa1974149/s4.html#goods ""goods" includes ... (d) gas and electricity" But since one intangible (electricity) is expressly *in*cluded, the courts would presumably infer that other intangible things (such as data and software) are intended by Parliament to be *ex*cluded, because if they were to be within-scope then they should have been listed there. This of course needs deeper treatment by (a) a lawyer, and (b) one who knows contract and trade practices case law. Do http://www.gtlaw.com.au, http://www.msj.com.au or similar sources offer a relevant article? But my understanding is that software is either not subject to the merchantable quality criterion at all (my dim memory is that contract law imposed *some* level of responsibility, even before the Trade Practices Act), or that software is subject to it to such a limited extent that an action on those grounds would be very difficult to win. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From rha@juggernaut.com.au Mon Aug 6 04:00:31 2001 From: rha@juggernaut.com.au (Richard Archer) Date: Mon, 6 Aug 2001 14:00:31 +1000 Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria In-Reply-To: <200108060227.f762RRg13540@web.anu.edu.au> References: <200108060227.f762RRg13540@web.anu.edu.au> Message-ID: >"Code Red is important and it is important to fix it, but no way is it >going to cause Internet meltdown," he said. Just a quick check point here. This comment was probably written before the new CodeRedII worm was discovered, and even so it is written with a great lack of foresight. The CodeRedII worm was first reported in the wild at about 01:00 this morning. Since then my web server has been scanned by 3817 unique hosts infected with this new worm. All of those machines can be remotely exploited by anyone knowing the IP address of the infected machines or anyone mass scanning for the presence of the worm. For more about the CRII worm, see the eEye analysis at http://www.securityfocus.com/archive/75/201877 I wonder how long it will be before we start seeing script kiddies taking control of a couple of hundred of these servers each and launching massive denial of service attacks. We haven't even scratched the surface of the implications this IIS vulnerability yet. And on a related note, in the article Bernard forwarded to the list: >the Secure Windows Initiative, said the company undertakes a massive effort >to find security flaws in products "before they get out the door." > >The centerpiece of the effort, said Lipner, is a program called Prefix. It >scans the entire code base of the Windows operating system and all Office >products for potential vulnerabilities. When one is found, Prefix >identifies the "offending coding practice that caused the vulnerability," So, it seems M$ relies on a *piece of software* to scan source files looking for vulnerabilities. What a completely ridiculous way of performing a security audit! And I'd hazard a guess that the authors of the scanner are the same people that are coding all these horrible security flaws into the OS. Anyone else see something wrong with this picture? M$ should be shot, as should any system administrator running a publicly accessible IIS server, patched or not. ...Richard. From brd@austarmetro.com.au Mon Aug 6 03:59:55 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Mon, 06 Aug 2001 13:59:55 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat References: <3B6DE96A.F44C4CC7@austarmetro.com.au> Message-ID: <3B6E163B.772757CC@austarmetro.com.au> >Code Red puts Microsoft in hot seat >By Dan Verton >6 August, 2001 8:37 >Washington, U.S. Sorry. As Roger pointed out, I forgot to include the URL: http://computerworld.idg.com.au/idg2.nsf/All/569E5B4834D33EC74A256A9D00760EBC!OpenDocument&n=Sections&c=Networking -- Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From brd@austarmetro.com.au Mon Aug 6 04:05:41 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Mon, 06 Aug 2001 14:05:41 +1000 Subject: [LINK] Code Red floods helpdesks, not Internet Message-ID: <3B6E1795.B74D6111@austarmetro.com.au> Code Red floods helpdesks, not Internet By Joris Evers 6 August, 2001 8:52 Amsterdam http://computerworld.idg.com.au/idg2.nsf/All/4B6FC7E9F31B15864A256A9D00462491!OpenDocument&n=Sections&c=Open+Systems The widely publicized Code Red worm may not have caused a significant slowdown of the Internet, but it did flood technical support phone lines at antivirus companies, several European antivirus software vendors said Friday. Many Internet users who were in fact immune to Code Red were scared by the alert that was sent out Sunday by a number of U.S. government and private organizations, the vendors said. The alert -- headlined "A Very Real and Present Threat to the Internet: July 31 Deadline For Action" -- predicted Code Red would cause sporadic but widespread outages of the Internet. "Our tech support line received many calls from home users who are not affected but heard about Code Red and were very scared, hollow scares," said Dennis Zenkin, spokesman for Moscow-based antivirus vendor Kaspersky Lab Ltd. "We have been getting thousands and thousands of phone calls. It is a real shame, that imaginative alert from the FBI (the U.S Federal Bureau of Investigation). The title reads like a John Grisham novel," seconded Graham Cluley, senior technical consultant at Abingdon, England-based Sophos PLC. Helpdesk agents at F-Secure Corp., an Espoo, Finland-based antivirus vendor, also received a much higher than normal number of calls, said Mikko Hypponen, manager of antivirus research. "Lots of people called and said they had disconnected their computer from the Internet and wanted to know when it would be safe to hook it back up. Many of these people were typical consumers running Windows 98. The only thing they could notice from Code Red is a slowdown of the Internet," he said. A Web site administrator at a relatively large Finnish company, who was called in to work at 3 A.M. to protect his servers, also called Hypponen for advice. "The chief executive officer had seen something on CNN about Code Red and called the Web master. His systems were all Linux-based, so he really had nothing to worry about," said Hypponen. Code Red is a self-propagating worm that exploits a flaw in Internet Information Server (IIS), a part of Microsoft Corp.'s Windows 2000 and Windows NT server software. It scans the Internet for vulnerable systems and infects these systems by installing itself. A patch for the flaw has been available since mid-June. All three European vendors blame the panic on the unprecedented joint alert and the often incomplete media attention it received. The alert was issued by, among others, the FBI's National Infrastructure Protection Center, the Computer Emergency Response Team (CERT Coordination Center), the SANS Institute and Microsoft Corp. "I am very skeptical about warnings that predict Internet meltdowns. They have done more harm than good. They needed to make clear that this didn't affect home users. I think that many people that downloaded the patch are home users," said Sophos' Cluley. "This issue is difficult to solve," commented Hypponen, who said he approves of the way the alert was issued, but said he would have picked a different headline. "People that don't have any understanding of the topic will freak out, no matter how detailed your announcement is." The vendors are afraid that, because the Internet did not go down, the alert will negatively reflect on the antivirus community. "The average person on the street will forget that the announcement came from the FBI and Microsoft and see this as another example of the antivirus industry warning for something that turns out to be a nonevent," said Cluley. Hypponen agreed, but said it is clear that the antivirus industry wasn't involved in the alerting for the virus. "Typically it is the antivirus industry that is blamed for touting a virus to get more sales. The alert had an accurate view, although it was very Tom Clancy-like." -- You can observe a lot by just watching -- Yogi Berra Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From cas@taz.net.au Mon Aug 6 04:16:40 2001 From: cas@taz.net.au (Craig Sanders) Date: Mon, 6 Aug 2001 14:16:40 +1000 Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <200108060023.f760NNI05010@bree.brisbane.redhat.com> References: <6ulml5o2el.fsf@zork.zork.net> <200108060023.f760NNI05010@bree.brisbane.redhat.com> Message-ID: <20010806141640.C1658@taz.net.au> On Mon, Aug 06, 2001 at 10:23:20AM +1000, hartr@redhat.com wrote: > On 31 Jul, Sean Neakums wrote: > > > And let's try not to confuse `commercial' and `proprietary', please. > > When talking about Linux, there is a real problem if the distinction is > not made. Linux is most definitely a COMMERCIAL operating system, but it > is likelwise most definitely not PROPRIETARY. wrong. there are several non-commercial, non-proprietary linux distributions around. the most obvious example is, of course, Debian GNU/Linux. "redhat" may be a commercial operating system, but "linux" isn't. even for redhat, it's more accurate to call it a "commercial redistribution of linux & tools" than a "commercial operating system". and, given that RH is also available for free download it's probably even more accurate to call it semi-commercial...but if you as a representative of RH want to call your product "commercial", i'm not going to dispute it. > Robert Hart hartr@redhat.com > Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia for shame, there's a lot more to the linux world than just redhat. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From lannet@lannet.com.au Mon Aug 6 04:16:05 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Mon, 6 Aug 2001 14:16:05 +1000 (EST) Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: Message-ID: I suppose this last is basically on the grounds that the supplier has little or no influence upon the circumstances under which the software is used. However this might not apply in NSW given the recent case over the supply of a wood chipper. The question is: How much is it beyond the influence of the software supplier if the user installs the software with the default settings, and does not change from the default settings. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Mon, 6 Aug 2001, Roger Clarke wrote: > > But my understanding is that software is either not subject to the > merchantable quality criterion at all (my dim memory is that contract > law imposed *some* level of responsibility, even before the Trade > Practices Act), or that software is subject to it to such a limited > extent that an action on those grounds would be very difficult to win. From lannet@lannet.com.au Mon Aug 6 04:19:08 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Mon, 6 Aug 2001 14:19:08 +1000 (EST) Subject: [LINK] FYI - Politician caught reading restricted data of opp onent In-Reply-To: <9BD4AE8C2EB1D311982700508BA2498901573A84@EXCHANGE_AU> Message-ID: Or another scenario is that the Lib's PC was infected by SirCam and sent out a .doc or .xls as a double extension attachment to the Lab's PC, and in fact what the Lab MP is looking at is not a .doc file but a .doc.exe with the latter extension hidden. IAW, it's all a big beat up caused by ignorance. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Mon, 6 Aug 2001, Chirgwin, Richard wrote: > Glen, > > >the most likely scenario: MP's PC poorly maintained by central IT area, > >gets scanned and hacked through well-known hole, then > >goes on the scan the parliamentary network from the > >soft side of the firewall > > I'd probably suggest your scenario is the second-most likely. What we do > know: > 1) Everyone used the same network - not even segmented by party affiliation, > it seems. > 2) Probably everybody has the same username policy. > 3) Oh look, here's a post-it note with Richard Chirgwin's password on it. > Wonder what he's doing... > > While everybody said "files copied from the MP's PC", it's more likely that > the files were copied from the user's personal folder on a network drive > (IMNSHO). I'd bet, after all, that the average MP thinks the G: drive is on > his/her machine, because the C: drive is. So my "most likely" is that > someone got the password for another user, and read through their files and > e-mails. From Richard.Chirgwin@informa.com.au Mon Aug 6 04:26:13 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Mon, 6 Aug 2001 14:26:13 +1000 Subject: [LINK] MS Passport analysed Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A87@EXCHANGE_AU> Linkers, An interesting - warning, and *long* - discussion of the shortcomings of Microsoft's Passport at: http://avirubin.com/passport.html It draws the conclusion (among others) that: >As e-commerce proliferates, the need for a tool to help users manage authentication and personal information across a >variety of sites becomes increasingly critical. Passport is an ambitious attempt to meet this need while requiring no >changes to existing browsers and servers. However, the system carries significant risks to users that are not made >adequately clear in the technical documentation available. Richard Chirgwin From hartr@redhat.com Mon Aug 6 04:40:11 2001 From: hartr@redhat.com (hartr@redhat.com) Date: Mon, 6 Aug 2001 14:40:11 +1000 (EST) Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: Message-ID: <200108060440.f764eFI05527@bree.brisbane.redhat.com> On 6 Aug, Richard Archer wrote: > I would question whether Linux is commercial. Sure, the RedHat release > is a commercial operating system and there are other commercial systems > built around the linux kernel. Since there have been many organisations who have been using Linux as part of their commercial set up for many years (a large, readily identified group is ISPs), I would suggest that the commercial use of Linux has been very well established - and that before players such as Red Hat cam on the scene. I would agree that open source projects in general (and Linux in particular) is not driven by the same marketing imperatives as proprieatary software, but this does not make Linux non-commercial (just better software :-). -- Robert Hart hartr@redhat.com Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia Tel +61 (0)7 3872 4808 Fax +61 (0)7 3257 4800 From glen.turner@aarnet.edu.au Mon Aug 6 04:40:10 2001 From: glen.turner@aarnet.edu.au (Glen Turner) Date: Mon, 06 Aug 2001 14:10:10 +0930 Subject: [LINK] Dell opts out of linux References: <4.3.2.7.2.20010806085105.00a93860@pop.qut.edu.au> Message-ID: <3B6E1FAA.7B412A2A@aarnet.edu.au> Michael Lean quoted: > > > DELL DROPS LINUX ON PCs > > Dell Computer says it no longer will offer the option of installing Linux > > on its PCs, citing lack of consumer enthusiasm for the alternative > > operating system. > > http://dailynews.yahoo.com/h/nm/20010802/tc/tech_dell_linux_dc_2.html Note that corporate customers (ie, orders of 50+) can still specify Linux on desktop PCs and notebooks. Special orders can also specify Linux, these orders are usually technical workstations such as those used for animation, design and engineering (ie, big margin items). Dell continues to offer Red Hat Linux on its servers to retail customers (ie, orders of 1+). In short, Dell USA can't make a quid selling Linux on its lowest margin machines as orders are too low for decent economies of scale. Howard Lowndes replied: > I beleive that this is not the case with Dell Australia Dell USA and Dell Asia Pacific operate as seperate arms of the company. For example, the factories in USA and Malaysia use differing component manufacturers and offer differing standard configurations. Dell USA has dropped Linux from the standard configuration for low-end PCs. I imagine Dell AP will look at the figures and sell Linux on retail desktop PCs as long as Dell AP make a quid from the sale. My understanding from a contact at Dell USA is that product development will continue to test against Linux (so they don't lose corporate sales), so a retail customer can buy a PC with no OS and install Red Hat Linux with a reasonable expectation of it working. Of course, then the support problems are the customer's and not Dell's. Regards, Glen Disclosure: Dell AP have used some of my writings in their systems' documentation. No money or equipment changed hands (worse luck!). From gbayley@ausmac.net Mon Aug 6 04:44:00 2001 From: gbayley@ausmac.net (Grant Bayley) Date: Mon, 6 Aug 2001 14:44:00 +1000 (EST) Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria In-Reply-To: Message-ID: On Mon, 6 Aug 2001, Richard Archer wrote: > The CodeRedII worm was first reported in the wild at about 01:00 > this morning. Since then my web server has been scanned by 3817 unique > hosts infected with this new worm. I don't really want to argue the point, but it started doing the rounds alot earlier than 0100 this morning. 210.90.244.61 - - [04/Aug/2001:22:49:47 +1000] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u007 8%u0000%u00=a HTTP/1.0" 302 216 "-" "-" 4 the.wiretapped.net "-" (Time is shown in AEST. Code Red showed up as "NNN", Code Red II as "XXX"). This log entry is from Wiretapped.net) > All of those machines can be remotely exploited by anyone knowing > the IP address of the infected machines or anyone mass scanning for > the presence of the worm. For more about the CRII worm, see the eEye > analysis at http://www.securityfocus.com/archive/75/201877 And this potential exploitation is anything new? > I wonder how long it will be before we start seeing script kiddies > taking control of a couple of hundred of these servers each and > launching massive denial of service attacks. We haven't even scratched > the surface of the implications this IIS vulnerability yet. I summarised this situation for workmates this morning... The first time Code Red turned up, it showed up the sloppy sysadmins that hadn't been doing their jobs and patching their systems (the argument that someone threw up the other day that it takes a while to roll out a patch is moot when the vulnerability and patch are many months old). You simply couldn't have missed media coverage and technical discussion of Code Red unless you were buried 6 foot deep in cement. The second time it appeared showed up the _real_ morons. The ones that don't even _try_ to do their job, or the companies with no clue of the (challenging) Internet environment they operate in. I prefer to think of it like the DSD guy at the recent UNSW Continuing Legal Education seminars did - that all these pokey viruses and things that people get so hung up worrying about are just "noise". Grant ------------------------------------------------------- Grant Bayley gbayley@ausmac.net -IT Manager @ FNL Communications (www.fnl.com.au) -Admin @ AusMac Archive, Wiretapped.net, 2600 Australia www.ausmac.net www.wiretapped.net www.2600.org.au ------------------------------------------------------- From hartr@redhat.com Mon Aug 6 04:45:21 2001 From: hartr@redhat.com (hartr@redhat.com) Date: Mon, 6 Aug 2001 14:45:21 +1000 (EST) Subject: [LINK] Dell opts out of linux In-Reply-To: <4.3.2.7.2.20010806085105.00a93860@pop.qut.edu.au> Message-ID: <200108060445.f764jPI05535@bree.brisbane.redhat.com> On 6 Aug, Michael Lean wrote: > Linkers, > for info - > Mike > >>DELL DROPS LINUX ON PCs >>Dell Computer says it no longer will offer the option of installing Linux >>on its PCs, citing lack of consumer enthusiasm for the alternative >>operating system. "We started offering it about a year ago in anticipation >>of spill-over demand from servers," says a Dell spokeswoman. "But we've >>seen pretty flat demand." Dell will continue to offer workstations and >>servers featuring Linux software from Red Hat. (Reuters 2 Aug 2001) >>http://dailynews.yahoo.com/h/nm/20010802/tc/tech_dell_linux_dc_2.html Sigh - let's get a couple of things clear here as this makes it sound like Dell is retreating completely from Linux - which is simply not the case. 1) Dell US is announcing that it will no longer supply Red Hat Linux on its desktop and laptop PCs. 2) Dell US is still preloading Red Hat Linux on its workstation and server class hardware. 3) Dell ANZ has said that it will continue to offer Red Hat Linux on desktop and laptops as well as continuing to sell Red Hat Linux preloaded on workstation and server class hardware. -- Robert Hart hartr@redhat.com Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia Tel +61 (0)7 3872 4808 Fax +61 (0)7 3257 4800 From thealy@magna.com.au Mon Aug 6 04:45:33 2001 From: thealy@magna.com.au (Anthony Healy) Date: Mon, 6 Aug 2001 14:45:33 +1000 Subject: [LINK] Not liable for anything In-Reply-To: Message-ID: > I would have thought that user's rights are covered by expectations of > suitability of purpose as enshrined in consumer rights legislation, not > by a shrink-wrapped licence the consumer cannot read before purchasing > a product. It is a conflict of interest for the software supplier > to dictate the rights of the purchaser. As a matter of interest, are you guys familiar with the attempts by large software making businesses to gather even greater enforceable rights than they currently enjoy in the US? I am not sure how this would affect Australia, however I think we can guess. http://www.acm.org/usacm/copyright/ucita.cacm.htm Quote: ... software vendors may modify the terms of the license, with only email notification. They may remotely disable the software if they decide that the terms of the license have been violated. There is no need for court approval, and it is unlikely that the manufacturer would be held liable for any harm created by the shutdown, whether or not the shutdown was groundless. (The mere existence of such mechanisms is likely to enable denial of service attacks from anywhere.) Since a small contractor probably will have a contract that holds him or her liable for damages, the little guy may be forced to pay for damages resulting from buggy commercial software. Furthermore, the small business owner may be unable to sell the software portion of the business to another company, because most shrink-wrap licenses require the permission of the software vendor before a transfer of software can occur. Very few manufacturers of other products have the chutzpah to disclaim all liability for any damage whatsoever caused by defects in their products, and most states restrict the effectiveness of such disclaimers. Software vendors base their non-liability claim on the notion that they are selling only licenses, not `goods'.... When most people learn of UCITA, they assume that the unreasonable components of software licenses won't survive court challenges. But because there is very little relevant case law, UCITA could make it difficult for courts to reverse the terms of a shrink wrap license. From Roger.Clarke@xamax.com.au Mon Aug 6 04:55:00 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Mon, 6 Aug 2001 14:55:00 +1000 Subject: [LINK] RFI: The auDA-Elz Standoff Message-ID: To: CEO, auDA G'day Chris I'm one of the many people who watch Internet policy in Australia. I stress that I am *not* well-informed or up-to-date on this matter, and that I'm making no judgements about the rights and wrongs. A lot of us have been concerned about how long it's taken to nail down a revised set of institutional arrangements and procedures that balance the various interests; but we've understood that real progress was being made. I was very concerned when I saw the Kirsty Needham report in the SMH last Friday 3 August, especially the implied threat that "unless Mr Elz relinquished his control, it would be taken from him". My RFI to the link list from last Friday is reproduced below. Naturally I presume that a few things have been lost in the translation (even a quality broadsheet's reporters are mostly inadequately trained, and often don't get complicated Internet matters quite right). I'm also well aware that getting Robert Elz to participate in public processes has never been easy. It also appears that there may be some personal conflicts; but these are of far less importance than the orderly management of the name-space, and need to be stripped away to enable the problems to be solved. On the other hand, I gather from: http://www.auda.org.au/panel/name/submissions/elz.html (March 2001) that Robert submitted that: "As best I can tell the panel has made no attempt to determine what the current goals for the AU domain name system are or were, nor what policy was put in place to meet those goals". That's a matter of serious concern. If it were a reasonable statement, then it would clearly be sufficient cause for delay in transfer of the delegation - the last thing that the community needs is to embed adhoccery in what is meant to be a rational management structure and process. Ian Johnston provided some valuable background to the problem in his posting to the link list late this morning (which he cc'd to you). But the material he mustered doesn't go as far as to identify the sticking-points. I believe it would be extremely beneficial to all concerned if you would state publicly: - what you understand to be the specific issues that cause Robert Elz to be obstructing the transfer. I appreciate that you may not be in a position to speak on his behalf; but you can still state what you understand his concerns to be; and - what responses auDA has provided to address those concerns. Of course, if you've already done what I'm asking, but in a venue that I (and many other linkers) are not tapped into (e.g. names@auda.org.au or dns@auda.org.au), then a URL or an electronic copy of your previous communications would be much appreciated. Thanks for your assistance in this vital matter! I've taken the liberty of cc'ing the link list of Internet policy-watchers, Tony Hill as CEO of ISOC-au, and Robert Elz. Regards ... Roger Clarke -----Original Message----- From: owner-link@www.anu.edu.au [mailto:owner-link@www.anu.edu.au]On Behalf Of Roger Clarke Sent: 03 August, 2001 7:47 AM To: link@www.anu.edu.au Subject: [LINK] Link Institute: auDA v. Elz ?! Importance: High If ever there was an issue that the Link Institute should weigh in on, it's this one. After reading the article, note the last para. Can anyone provide briefings on this one, from *both* auDA's and Elz's perspective, and maybe from a few other angles as well? Name controller doubts auDA's ability The Sydney Morning Herald Date: 03/08/2001 http://www.smh.com.au/news/0108/03/text/biztech21.html Kirsty Needham The reclusive Internet pioneer Mr Robert Elz has finally broken his silence. After a stand-off with the Federal Government and Australia's new domain name body lasting several months, Mr Elz has outlined the reasons why he does not want to hand over his control of Australia's Internet addressing system to auDomain Australia. After ignoring repeated communications from the Government and auDA, which plan to open up the domain name system to commercial competition, and the American based, Internet Assigned Numbers Authority, it has been revealed that Mr Elz this week replied to an email from IANA. IANA is the international body set up by the late Mr Jon Postel, who co-developed the technical protocol that enabled computers to talk to one another to form the Internet. It is believed Mr Elz said he did not have confidence in auDA's ability to run the domain name system or determine policy. AuDA chief executive Mr Chris Disspain would not comment on the matter, other than to say auDA had been asked by IANA to respond to several points that had been raised by Mr Elz. Industry sources suggest the stoush may draw to an end within weeks but tipped that unless Mr Elz relinquished his control, it would be taken from him. Once again, Mr Elz could not be reached for comment. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From rick@praxis.com.au Mon Aug 6 05:01:14 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Mon, 6 Aug 2001 15:01:14 +1000 (EST) Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: <3B6E163B.772757CC@austarmetro.com.au> Message-ID: On Mon, 6 Aug 2001, Bernard Robertson-Dunn wrote: > >Code Red puts Microsoft in hot seat > >By Dan Verton > >6 August, 2001 8:37 > >Washington, U.S. > > Sorry. As Roger pointed out, I forgot to include the URL: > > http://computerworld.idg.com.au/idg2.nsf/All/569E5B4834D33EC74A256A9D00760EBC!OpenDocument&n=Sections&c=Networking In that article: "Microsoft issued 100 security bulletins last year related to its software and 42 so far this year, according to information on its Web site. " Those numbers are far too low. MS only publishes bulletins for exploits for which it has a fix. If one follows BUGTRAQ and other security alert services, MS has been informed of many more exploits than the 142 touted above, but often fails to take action. Such exploits are *not* found on their website, and reportage like the above misleads the uninformed customer who would assume that only 142 exploits have been discovered in all of MS's products in the past 18 months. Balderdash! Rgds Rick W _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From hartr@redhat.com Mon Aug 6 05:05:15 2001 From: hartr@redhat.com (hartr@redhat.com) Date: Mon, 6 Aug 2001 15:05:15 +1000 (EST) Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <20010806141640.C1658@taz.net.au> Message-ID: <200108060505.f7655KI05579@bree.brisbane.redhat.com> On 6 Aug, Craig Sanders wrote: > On Mon, Aug 06, 2001 at 10:23:20AM +1000, hartr@redhat.com wrote: >> On 31 Jul, Sean Neakums wrote: >> >> > And let's try not to confuse `commercial' and `proprietary', please. >> >> When talking about Linux, there is a real problem if the distinction is >> not made. Linux is most definitely a COMMERCIAL operating system, but it >> is likelwise most definitely not PROPRIETARY. > > wrong. > > there are several non-commercial, non-proprietary linux distributions > around. the most obvious example is, of course, Debian GNU/Linux. > > "redhat" may be a commercial operating system, but "linux" isn't. even > for redhat, it's more accurate to call it a "commercial redistribution > of linux & tools" than a "commercial operating system". > > and, given that RH is also available for free download it's probably > even more accurate to call it semi-commercial...but if you as a > representative of RH want to call your product "commercial", i'm not > going to dispute it. You are failing to grasp the point that Linux being 'commercial' or not is determined by its USE; wether the organisation using it paid for it or not is irrelevant. Linux (and please note I never referred to Red Hat Linux in my post - just Linux) has been *commercial* (ie people using it for commercial activity) since well before there was a Red Hat! > >> Robert Hart hartr@redhat.com >> Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia > > for shame, there's a lot more to the linux world than just redhat. Never said there wasn't - that's the real beauty of the open source world... ...and for the future, please note that the company name is Red Hat - two words, with capitals? Tks -- Robert Hart hartr@redhat.com Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia Tel +61 (0)7 3872 4808 Fax +61 (0)7 3257 4800 From jasonb@ce.com.au Mon Aug 6 05:39:06 2001 From: jasonb@ce.com.au (jasonb@ce.com.au) Date: Mon, 6 Aug 2001 15:39:06 +1000 (EST) Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria In-Reply-To: Message-ID: > I don't really want to argue the point, but it started doing the rounds > alot earlier than 0100 this morning. > I have logs showing hit attempts against my servers on Saturday. Since then we have had over 2000 attempts against our servers, and 5000+ attempts that bouced off the firewall as invalid requests. The rate of hits is increasing and most are from unique IP addresses. This tends to suggest the problem will get worse before it gets better, I only worry that the volume of this rubbish may start impacting our users. When will people learn ? Cheers Jason. --- Jason Ball Electronic Commerce Specialist Corporate Express Australia Ltd Phone: +61 2 9335 0374 Fax: +61 2 9335 0753 Email: jason.ball@ce.com.au From Roger.Clarke@xamax.com.au Mon Aug 6 05:52:07 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Mon, 6 Aug 2001 15:52:07 +1000 Subject: [LINK] RE: The auDA-Elz Standoff In-Reply-To: References: Message-ID: G'day Chris Chris replied: >Thank you for your email. The matter is presently in process with IANA and >it would not be appropriate, at this stage, for me to comment which is why I >made no comment when I was asked by the SMH. As I'm sure you will >appreciate, auDA is not the only party involved in this process and thus we >cannot unilaterally provide information however, we will do so as soon as we >are able. > >Chris Disspain >CEO - auDA >ceo@auda.org.au >+61-3-9226-9495 >www.auda.org.au Thanks for the promptness of your reply; but the content gives the observer cold comfort. Pleading that it's "inappropriate to comment" is a ducking manoeuvre of limited credibility. And to say that "auDA is not the only party involved in this process and thus we cannot unilaterally provide information" is also unconvincing. The onus is already on you to answer the *published* criticism that the goals are not adequately defined, and hence there is no yardstick against which the appropriateness of the policies can be measured. The position you're adopting is the same as it would be if you had something to hide and hoped that your opponents could be seen off without coming clean. I urge you to get information into the open now, and preclude the public turning against auDA and lobbying IANA, simply because you decline to answer criticisms. Regards ... Roger Clarke -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From jmorris@intercode.com.au Mon Aug 6 06:07:02 2001 From: jmorris@intercode.com.au (James Morris) Date: Mon, 6 Aug 2001 16:07:02 +1000 (EST) Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria In-Reply-To: Message-ID: It's interesting to note that Microsoft use (or did use) Unix-based systems to protect themselves from viruses, as described in this knowledge base article: "How Microsoft Ensures Virus-Free Software" "Disks are duplicated on a variety of industrial strength, quality focused systems. Most of these systems are UNIX-based. The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows- based, and Macintosh-based viruses. " http://www.google.com/search?q=cache:OIzlUFpB0s0:support.microsoft.com/support/kb/articles/Q80/5/20.ASP Although, if a customer called Microsoft and asked how to protect themselves from viruses, I wonder if they'd be told anything like this. - James -- James Morris From ceo@auda.org.au Mon Aug 6 06:30:59 2001 From: ceo@auda.org.au (Chris Disspain) Date: Mon, 6 Aug 2001 16:30:59 +1000 Subject: [LINK] RE: The auDA-Elz Standoff In-Reply-To: Message-ID: Roger, "Pleading that it's "inappropriate to comment" is a ducking manoeuvre of limited credibility." That is an assumption on your part. I disagree. It is not for me to publish comments that may or may not have been made by another person to IANA. If Mr Elz wishes to publish, that is a matter for him. "The onus is already on you to answer the *published* criticism that the goals are not adequately defined, and hence there is no yardstick against which the appropriateness of the policies can be measured." With respect, this was a submission to the Names Panel by Robert Elz and given that this was an independent public panel it is not for auDA to comment on any submissions made. No doubt the Panel considered this submission in coming to its final report the recommendations of which have been approved by the Board. "The position you're adopting is the same as it would be if you had something to hide and hoped that your opponents could be seen off without coming clean." Again, this is an assumption on your part. I do not look at this as a situation where there are 'opponents'. I repeat, it is not for auDA to publish third party communication. Regards Chris Disspain CEO - auDA ceo@auda.org.au +61-3-9226-9495 www.auda.org.au -----Original Message----- From: Roger Clarke [mailto:Roger.Clarke@xamax.com.au] Sent: Monday, 6 August 2001 15:52 To: Chris Disspain Cc: link@www.anu.edu.au; Robert Elz; Tony Hill, Exec Director, ISOC-AU Subject: RE: The auDA-Elz Standoff Importance: High G'day Chris Chris replied: >Thank you for your email. The matter is presently in process with IANA and >it would not be appropriate, at this stage, for me to comment which is why I >made no comment when I was asked by the SMH. As I'm sure you will >appreciate, auDA is not the only party involved in this process and thus we >cannot unilaterally provide information however, we will do so as soon as we >are able. > >Chris Disspain >CEO - auDA >ceo@auda.org.au >+61-3-9226-9495 >www.auda.org.au Thanks for the promptness of your reply; but the content gives the observer cold comfort. Pleading that it's "inappropriate to comment" is a ducking manoeuvre of limited credibility. And to say that "auDA is not the only party involved in this process and thus we cannot unilaterally provide information" is also unconvincing. The onus is already on you to answer the *published* criticism that the goals are not adequately defined, and hence there is no yardstick against which the appropriateness of the policies can be measured. The position you're adopting is the same as it would be if you had something to hide and hoped that your opponents could be seen off without coming clean. I urge you to get information into the open now, and preclude the public turning against auDA and lobbying IANA, simply because you decline to answer criticisms. Regards ... Roger Clarke -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From rha@juggernaut.com.au Mon Aug 6 06:38:32 2001 From: rha@juggernaut.com.au (Richard Archer) Date: Mon, 6 Aug 2001 16:38:32 +1000 Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria In-Reply-To: References: Message-ID: At 2:44 PM +1000 6/8/01, Grant Bayley wrote: >I don't really want to argue the point, but it started doing the rounds >alot earlier than 0100 this morning. My error. Serves me right for believing what I read. Or not paying enough attention. Hits of the CodeRedII worm on my server so far: 16017 Number of unique IP addresses doing the scanning: 4616 Breakdown by hour: scans hosts 04 Aug 21:00+ 9 9 04 Aug 22:00+ 48 44 04 Aug 23:00+ 98 96 05 Aug 00:00+ 171 109 05 Aug 01:00+ 212 152 05 Aug 02:00+ 290 183 05 Aug 03:00+ 307 172 05 Aug 04:00+ 230 154 05 Aug 05:00+ 305 147 05 Aug 06:00+ 262 145 05 Aug 07:00+ 248 165 05 Aug 08:00+ 288 168 05 Aug 09:00+ 376 219 05 Aug 10:00+ 284 176 05 Aug 11:00+ 285 197 05 Aug 12:00+ 345 236 05 Aug 13:00+ 396 249 05 Aug 14:00+ 355 225 05 Aug 15:00+ 376 252 05 Aug 16:00+ 421 280 05 Aug 17:00+ 389 270 05 Aug 18:00+ 452 292 05 Aug 19:00+ 404 285 05 Aug 20:00+ 439 305 05 Aug 21:00+ 445 327 05 Aug 22:00+ 437 273 05 Aug 23:00+ 383 258 06 Aug 00:00+ 469 296 06 Aug 01:00+ 488 293 06 Aug 02:00+ 369 288 06 Aug 03:00+ 368 258 06 Aug 04:00+ 369 271 06 Aug 05:00+ 327 240 06 Aug 06:00+ 297 216 06 Aug 07:00+ 319 250 06 Aug 08:00+ 351 260 06 Aug 09:00+ 410 297 06 Aug 10:00+ 562 414 06 Aug 11:00+ 632 526 06 Aug 12:00+ 657 546 06 Aug 13:00+ 619 509 06 Aug 14:00+ 658 529 06 Aug 15:00+ 671 557 06 Aug 16:00+ 196 158 The overnight slow-down is interesting. Perhaps this could be due to infected home machines on cable that get shut down for the night. The CRII worm tries to scan "nearby" IP address space, so the hosts scanning my server are likely to be geographically nearby too. The surge in activity at start of business this morning is also worth noting. ...Richard. From Roger.Clarke@xamax.com.au Mon Aug 6 06:59:51 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Mon, 6 Aug 2001 16:59:51 +1000 Subject: [LINK] Fwd: RE: The auDA-Elz Standoff Message-ID: ceo@auda.org.au (Chris Disspain): >I repeat, it is not for auDA to publish third party communication. Well, over to you, 'Link Institute'. Is it a matter of concern that auDA is simply not prepared to provide any information to the public about: (a) the basis of the spat over the delegation of the power over the .au domains? and (b) whether or not it has addressed what it perceives to be the incumbent's concerns? A further concern is: if this is the level of openness from the auDA executive while it's trying to get the power it was formed to acquire, what can we expect once it's succeeded?? And it doesn't seem as if auDA is in any position to criticise Robert Elz for being reclusive and hard to get information out of, when it's doing exactly the same thing. What's more, auDA is adopting that stance as a policy (well, at least as a policy of its CEO. The policy may or may not have the support of the Board). And this despite the fact that it's an organisation with explicit public responsibilities, rather than a person who's performing a public role in his spare time. I'm trying not to form negative views about the stance of the auDA executive on the question of re-delegation; but I'm finding it difficult to remain even-handed in the current circumstances. Is anyone talking to IANA about public concerns about (a) the extent to which Robert Elz's stubbornness is justified, and (b) auDA's recalcitrance? [Yes, I do recall Keating v. Mahathir. Macquarie (p.1439 of my copy) says "resisting authority or control; not obedient or compliant; ...". If the view is mine alone, then I'm not an authority and the word is inappropriate; but if the relevant public that auDA is supposed to represent feels like I do, then the use of 'recalcitrance' is justified] -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From Richard.Chirgwin@informa.com.au Mon Aug 6 07:08:27 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Mon, 6 Aug 2001 17:08:27 +1000 Subject: [LINK] Australia "worst hit" by worm's resurgence Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573A94@EXCHANGE_AU> When I read this, I thought it was release-driven, but it wasn't until this arvo that I noticed the original release. In the interests of media deconstruction, Linkers can now compare the source material with the ZDNet story... >Code Red on the Rampage! >Contrary to current reports > >Contrary to current news coverage suggesting that the Code Red threat is all but gone: > >· The worm actually appears to be on the rampage, with statistics indicating that >Australia could possibly be the worst hit. > >· According to security monitoring company securityfocus.com, the rolling seven-day >average for all incidents for Australia is now (at 1pm Sydney time) 64,000, double >yesterday's 30,000-odd. According to the company, the No 1 attack type is the ASAPI >Buffer Overflow, which is the attack that Code Red mounts. > >· According to incidents.org, a total of 149,000 servers have been infected. The >company is one of the few security monitoring organisations that has gone on the record >saying it suspects the attacker is Code Red. > >· Janteknology itself has been the target of 52 probes in the past 24 hours, all of >which have been Code Red probes. On average, the company experiences some four or five >probes a day, none of which have been Code Red in the past few days. > >· Australian organisations could well be the least protected in the world, in light of >the reported surge in local attacks, compared with the US and Europe (which are holding >steady) and Africa and South America (which have seen a reduction in attacks). > >About Janteknology > >Janteknology is a Sydney, Australia-based distributor of high-quality software products >in the IT Security and Communication sectors. These are distributed in Australia and >New Zealand solely by a system of Electronic Product Distribution - e-distribution - >and sold through an extensive network of resellers. The company was established in >1994, primarily as a systems integrator, but has since elected to focus entirely on its >software portfolio. For more information visit the company's website at www.janteknology.com.au This release follows the format preferred for a news site target. For print publications (except dailies) a text format of around 200 words is normal. This is more a "throwaway" - toss it up to the wires, get a few pars, forgotten almost immediately. The level of research common for this kind of story is indicated by the near-verbatim reproduction of two or three paragraphs of the press release. Richard Chirgwin -----Original Message----- From: Bernard Robertson-Dunn [mailto:brd@austarmetro.com.au] Sent: Friday, 3 August 2001 11:19 To: Link Subject: [LINK] Australia "worst hit" by worm's resurgence Australia "worst hit" by worm's resurgence By Rachel Lebihan, ZDNet Australia 02 August 2001 http://www.zdnet.com.au/news/breakingnews/story/0,2000020826,20252341,00.htm The virulent Code Red worm continues its march with statistics indicating Australia could be worst hit by the latest round of infections. Contrary to earlier predictions that the worm had been stamped out, it is actually on the rampage, according to e-security provider Janteknology. "It appears Code Red is on the rampage...there has been an increase to the rolling seven-day attack [of all malicious] incidents," Janteknology's Glenn Miller told ZDNet. According to statistics which Miller sourced from security monitoring company securityfocus.com, Australia has seen the greatest increase in its rolling seven-day incident numbers, with 64,000 incidents reported here by 1 p.m Thursday, double yesterday's 30,000-plus figure, according to Miller. And the number one attack type is the ASAPI Buffer Overflow, which is what the Code Red exploits. "A reasonable percentage of that will be attributable to Code Red," Miller said. "Either that or there's a hell of a massive movement of malicious code out there...and that doesn't make sense." Janteknology itself has been the target of 52 probes in the past 24 hours, all of which have been Code Red probes, the company says. On average, the company experiences some four or five probes a day -- none of which have been Code Red in the past few days -- and is now getting four or five Code Red probes an hour. "Australian organisations could well be the least protected in the world, in light of the reported surge in local attacks, compared with the US and Europe -- which are holding steady -- and Africa and South America, which have seen a reduction in attacks," Janteknology said in a statement. Symantec said it couldn't confirm Janteknology's findings. "There's speculation that there's another variant out there," Symantec representative David Banes said. "Or it could be existing copies [of the worm] that haven't been cleaned up." -- You're using a keyboard! How quaint! -- unknown Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From Roger.Clarke@xamax.com.au Mon Aug 6 07:30:30 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Mon, 6 Aug 2001 17:30:30 +1000 Subject: [LINK] Fwd: Pennywize announces new FREE service Message-ID: Today's unfiltered spam includes an ad from Pennywize. Why am I suspicious of a supplier that has HTML like the following: Accounts Disabled
0
Brute force attacks blocked
0

Okay, maybe, just maybe, (a) it means something, and (b) the zero was generated server-side by a meaningful algorithm ... But "Pennywize... will completely protect your whole site from the minute you turn it on" is also a tad disconcerting. >To: roger.clarke@anu.edu.au >Date: Mon, 06 Aug 2001 15:44:54 +1000 >From: "Pennywize Sales" >Subject: Pennywize announces new FREE service > >Pennywize is proud to announce its new free service for webmasters. >This new free service makes means that every webmaster with a pay >site can now afford to be protected against password traders and >dictionary attacks. > >The free service includes the following features: > > o Complete FREE to sign up - no credit card needed > o You can protect as many sites as you like > o Instant access once you sign up > o Get all your sites protected within 5 minutes of signing up > >Pennywize is the leading password trader protection software for >webmasters. It is used on over 1,000 websites world wide, and is >recommended by many ISP and billing companies to their clientele. >It currently works with Apache web servers only although there is a >Windows beta being tested currently. If you would like to >participate in this testing, please contact us. > >For more information, please goto http://www.pennywize.com > > >Pennywize > -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From rw@firstpr.com.au Mon Aug 6 07:48:46 2001 From: rw@firstpr.com.au (Robin Whittle) Date: Mon, 06 Aug 2001 17:48:46 +1000 Subject: [LINK] Telstra Dedicated Modem and Optus Cable modem installation Message-ID: <3B6E4BDE.23C8D98@firstpr.com.au> Dear Linkers, Since July 1997, I have been very happy with the cost-effective, super-reliable Telstra Internet Dedicated Modem service. Now I have described how I connect my RedHat 7.1 system and LAN to this excellent service. I have also just connected my system so that HTTP and FTP browsing is done via a Squid proxy server running on my main Linux machine, which accesses external sites via my Optus@Home cable modem service (via the local Optus@Home caching proxy servers). The two services complement each other to a large degree. The Optus service is damn fast, and has no real cost per traffic - since as I wrote to Link in April, it seems that one can download 570 Megs a day. It cannot be used to run servers. It costs about $75 a month The Telstra Dedicated Modem service requires a phone line, and uses a 56kbps modem to give me a small subnet of IP addresses. It costs $550 to set up, and then $0.209 per Megabyte received with a minimum monthly fee of $22. Its features include: * Extraordinary reliability. * Unlike cable modems, the service does not depend on there being power in the area. * Ability to move house and still keep the service (see notes below on POPs). * The service is available from POPs in capital cities and many regional centres, so it is widely available to people outside the big cities. * A fixed subnet of IP addresses. Mine have not changed in 4 years. So it is fine to run a nameserver, web server, mail server etc. * Web access to Telstra's reverse lookup database so you can give each of your IP addresses whatever name you like when someone does a reverse lookup on it. * Free backup mail server. (Essential for me, since I am running my own mailserver.) * Free primary and secondary nameserver services. (I run my own primary, and the Telstra nameserver is its backup.) * The bandwidth to Telstra's routers is not subject to any competition with other customers, as it is with the shared HFC cable modem approach. * Ability to run any service, including HTTPS / SSL / TLS encrypted services to your own premises. * No "residential only" nonsense! * Low recurrent cost, depending on traffic volumes. * No marketing rubbish whatsoever. I have documented how I did all this, with the Optus@Home connection, squid setup, routing, and my use of ipchains for packet filtering, at: http://www.firstpr.com.au/sys-admin/TI-Optus@Home/ The system works really well. I get Google results on screen 1.0 seconds after clicking the "Search" button. (Actually, the last packet arrives from the Optus cache about 0.87 seconds after squid sent its first packet out.) Download speeds vary, but can be half a Megabyte a second. - Robin From cas@taz.net.au Mon Aug 6 07:46:06 2001 From: cas@taz.net.au (Craig Sanders) Date: Mon, 6 Aug 2001 17:46:06 +1000 Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <200108060505.f7655KI05579@bree.brisbane.redhat.com> References: <20010806141640.C1658@taz.net.au> <200108060505.f7655KI05579@bree.brisbane.redhat.com> Message-ID: <20010806174606.D1658@taz.net.au> On Mon, Aug 06, 2001 at 03:05:15PM +1000, hartr@redhat.com wrote: > On 6 Aug, Craig Sanders wrote: > > On Mon, Aug 06, 2001 at 10:23:20AM +1000, hartr@redhat.com wrote: > >> When talking about Linux, there is a real problem if the distinction is > >> not made. Linux is most definitely a COMMERCIAL operating system, but it > >> is likelwise most definitely not PROPRIETARY. > > > > wrong. > > > > there are several non-commercial, non-proprietary linux distributions > > around. the most obvious example is, of course, Debian GNU/Linux. > > > > "redhat" may be a commercial operating system, but "linux" isn't. even > > for redhat, it's more accurate to call it a "commercial redistribution > > of linux & tools" than a "commercial operating system". > > You are failing to grasp the point that Linux being 'commercial' or > not is determined by its USE; wether the organisation using it paid > for it or not is irrelevant. i "failed to grasp" that point because it's a steaming pile of bovine excrement. FYI, it is possible to recover from public mistakes with grace and dignity...that would have been a far better reponse than tediously refusing to acknowledge your mistakes, redefining terms and mangling the language in a futile attempt to "prove" that you were right all along. > Linux (and please note I never referred to Red Hat Linux in my post - i know. you said "Linux is most definitely a COMMERCIAL operating system", which is just plain wrong. i pointed out that what you said may apply to the redhat distribution of linux, but it doesn't apply to linux in general. > just Linux) has been *commercial* (ie people using it for commercial > activity) since well before there was a Red Hat! yawn. the term "commercial OS" never has meant what you're trying to claim it does, and never will. > ...and for the future, please note that the company name is Red Hat - > two words, with capitals? you spell it how you like it, i'll spell it however i can be bothered. in the dialect of written english i use (unix geek ascii), it is perfectly legitimate to eschew the use of capital letters except for acronyms or emphasis. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From cas@taz.net.au Mon Aug 6 09:05:42 2001 From: cas@taz.net.au (Craig Sanders) Date: Mon, 6 Aug 2001 19:05:42 +1000 Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria In-Reply-To: References: <200108060227.f762RRg13540@web.anu.edu.au> Message-ID: <20010806190542.E1658@taz.net.au> On Mon, Aug 06, 2001 at 02:00:31PM +1000, Richard Archer wrote: > And on a related note, in the article Bernard forwarded to the list: > > >the Secure Windows Initiative, said the company undertakes a massive effort > >to find security flaws in products "before they get out the door." > > > >The centerpiece of the effort, said Lipner, is a program called Prefix. It > >scans the entire code base of the Windows operating system and all Office > >products for potential vulnerabilities. When one is found, Prefix > >identifies the "offending coding practice that caused the vulnerability," > > So, it seems M$ relies on a *piece of software* to scan source files > looking for vulnerabilities. What a completely ridiculous way of > performing a security audit! much as i hate to defend microsoft for anything, programs to scan source code for common vulnerabilities and coding mistakes are useful tools. in fact, there are several tools like that in the free software world. they're certainly not the only auditing that should be done, but such tools can automate the finding of many common problems. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From cas@taz.net.au Mon Aug 6 09:17:51 2001 From: cas@taz.net.au (Craig Sanders) Date: Mon, 6 Aug 2001 19:17:51 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: References: Message-ID: <20010806191751.F1658@taz.net.au> On Mon, Aug 06, 2001 at 01:53:31PM +1000, Roger Clarke wrote: > At: > http://www.austlii.edu.au/au/legis/cth/num_act/tpa1974149/s4.html#goods > ""goods" includes ... (d) gas and electricity" > > But since one intangible (electricity) is expressly *in*cluded, the > courts would presumably infer that other intangible things (such > as data and software) are intended by Parliament to be *ex*cluded, > because if they were to be within-scope then they should have been > listed there. why is software an "intangible"? for that matter, why are electricity and gas "intangibles"? the legislation you quote there doesn't seem to define them as such, it just lists them as explicitly included. i thought that "intangibles" were things like "good will" and "reputation", or things that don't have a precise dollar value. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From ed@isoc-au.org.au Mon Aug 6 09:16:57 2001 From: ed@isoc-au.org.au (Tony Hill) Date: Mon, 6 Aug 2001 19:16:57 +1000 Subject: [LINK] RE: The auDA-Elz Standoff In-Reply-To: Message-ID: Further discussion of the redelegation for .au has been prompted by a Sydney Morning Herald report that Robert Elz has responded to the formal request from IANA. Thanks to Roger Clarke for bring this report to the attention of Link List members. The SMH report suggests that Robert commented negatively on the auDA proposal for redelegation of .au to auDA. I must say that I agree with Roger, that in general journalists have difficulty grasping the dimensions of Internet issues particularly Internet policy. The motivation of some journalists has more to do with creating news than progressing community understanding. In the case of domain name policy in Australia, we have fortunately been making significant progress of recent times. ISOC-AU has been working hard in this context on three fronts: 1 to maximise transparency in domain name policy making in Australia 2 to ensure that all stakeholders with an interest have the opportunity for input 3 to speed the introduction of competition in the interests of Internet users and the Australian community We have welcomed the imminent implementation of competition following the establishment of auDA and nearly 12 months of work by the names and competition panels. See ISOC-AU news releases on this topic at http://www.isoc-au.org.au. These news releases have previously been circulated to Link. My understanding is that we have not previously been able to achieve such significant progress in discussion of these issues. Accordingly, I can understand that Robert may wish to carefully consider whether he supports redelegation or not in these circumstances. The immense increase in popularity of the Internet and its importance as a personal and business tool, mean that we have moved into a greater realm of complexity. The onus is on all of us to make sure that those who have views about domain name policy are listened to. In this context, if there is one lesson we can learn from international domain name processes then it is the importance of transparency in decision making. The positive results of all this work are close at hand. For the first time, we are on verge of implementation of competition in supply of domain name services in Australia. It is essential that we do not blow this opportunity. The .au space is truly the presence of Australian culture and business on the Net. This point was brought home forcefully to me in Sweden this year where .se provides an access point to Swedish language, cultural and business resources; similarly for .ca in the case of Canada. We need to ensure that .au provides a similar resource for Australia and that there is a competitive regime for provision of domain name services that serves the interests of Internet users. I am not arguing that the result should be competition at any price. In fact, the situation is quite the reverse. The auDA process has demonstrated high transparency. Minutes of all panel meetings are available on the auDA web site together with the interim and final reports of the panels - see http://www.auda.org.au All who presented views to those processes have been listened to. As a committed participant in those processes, I can tell you that the thinking of all involved was *shifted* and in my view *improved* as a result of participation. We now have a better proposal as a result of this collective work. Naturally, the opportunity to contribute and discussion does not go away with the completion of the panel's work, but those who would contribute now, should take the time to consider the work that has been done so far. Ian Johnston provided a very useful set of links to relevant information sources. Pejorative comments in this context are particularly unhelpful, from whatever quarter - yes, I can come clean and say that I am anti flame wars :) What are the results? - the competition model can provide significant benefit to Internet users by introducing competition between registrars. It should be implemented as soon as possible. We do not want anything to delay this process. - the competition model has little chance of implementation unless redelegation goes ahead, while giving Robert Elz the opportunity to make a considered judgement. - there is a real prospect of introducing new second level domains and opening up access to existing second level domains such as .id.au to provide greater benefit to Internet users. - the recommendations of the names panel provide a sound base for implementation of competition (interestingly they endorse and build on the structure that Robert Elz and others put in place) It is essential that these changes are introduced as a package. You can't have the benefits of one without the others. In my view, the evidence is there to allow redelegation to go ahead. But I can understand that Robert would want to consider the circumstances carefully before endorsing redelegation. There is a real decision to be taken. It should be taken on the basis of evidence and if Robert seeks any additional information it should be provided and his views should be carefully considered. After all, he was a key architect of the .au DNS structure, and this structure has been strongly endorsed by the current process. The redelegation process needs to follow the IANA policy under ICANN. This process emphasises the desirability of all parties coming to their own agreement. In the event, that this positive conclusion is not possible, then IANA may take a decision. I think Australia should be able to reach its own resolution of these matters. auDA is not at liberty to publicly share documents that have been provided to IANA. I have provided the above information to assist in wider discussion of the models and would be happy to continue such discussion while people are interested. In the end, the stability of the DNS is of paramount concern. Australian participation in the unitary DNS is also essential. Unless the system works, no one will be able to use it! regards, Tony Hill -- | Tony Hill ed@isoc-au.org.au Executive Director | | icq 103707971 Internet Society of Australia (ISOC-AU) | | Tel +61 2 6257 5544 PO Box 152 | | Mobile 041 212 8755 Civic Square ACT 2608 Australia | | Fax +61 2 6262 9938 www.isoc-au.org.au | | The Internet is for Everyone! | -----Original Message----- From: owner-link@www.anu.edu.au [mailto:owner-link@www.anu.edu.au]On Behalf Of Chris Disspain Sent: Monday, 6 August 2001 4:31 PM To: Roger Clarke Cc: link@www.anu.edu.au; Robert Elz; Tony Hill, Exec Director, ISOC-AU Subject: [LINK] RE: The auDA-Elz Standoff [snip] From eric.scheid@ironclad.net.au Mon Aug 6 10:03:37 2001 From: eric.scheid@ironclad.net.au (Eric Scheid) Date: Mon, 6 Aug 2001 20:03:37 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat Message-ID: <200108061003.f76A3kg25278@web.anu.edu.au> From: Roger Clarke (6/8/01 1:53 PM) >But my understanding is that software is either not subject to the >merchantable quality criterion at all (my dim memory is that contract >law imposed *some* level of responsibility, even before the Trade >Practices Act), or that software is subject to it to such a limited >extent that an action on those grounds would be very difficult to win. The recent developments in the area of unconscionable conduct in contract negotiations may also be interesting. Simplistically (IANAL): where a supplier has an overwhelming advantage in provision of some good/service, they may not use that advantage to extract excessive concessions in negotiations. If they do so, various provisions of the contract, despite being agreed to by both parties, may become null and void. A bakery franchise got done for that in Melbourne recently, which is the case IIRC which has opened up the possibilities. I would be willing to suggest that the typical shrink wrap license of today could likely fall under the definition of unconscionable conduct especially for "industry standard (de facto or de jeure)" software, at least to my layman mind. Thus, even if the goods/services were of merchantible quality, and even if both parties agreed to the contract, the court could void those provisions which are outrageous. IANAL though. e. ______________________________________________________________________ eric@ironclad.net.au i r o n c l a d n e t w o r k s information architect http://www.ironclad.net.au/ From lannet@lannet.com.au Mon Aug 6 10:03:39 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Mon, 6 Aug 2001 20:03:39 +1000 (EST) Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: <20010806191751.F1658@taz.net.au> Message-ID: IMO neither gas nor electricity are intangibles. They can both be detected and precisely measured, this latter is something that is not possible with software. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com On Mon, 6 Aug 2001, Craig Sanders wrote: > On Mon, Aug 06, 2001 at 01:53:31PM +1000, Roger Clarke wrote: > > At: > > http://www.austlii.edu.au/au/legis/cth/num_act/tpa1974149/s4.html#goods > > ""goods" includes ... (d) gas and electricity" > > > > But since one intangible (electricity) is expressly *in*cluded, the > > courts would presumably infer that other intangible things (such > > as data and software) are intended by Parliament to be *ex*cluded, > > because if they were to be within-scope then they should have been > > listed there. > > why is software an "intangible"? > > for that matter, why are electricity and gas "intangibles"? > > the legislation you quote there doesn't seem to define them as such, it > just lists them as explicitly included. > > i thought that "intangibles" were things like "good will" and > "reputation", or things that don't have a precise dollar value. > > craig > > From danny@anatomy.usyd.edu.au Mon Aug 6 10:15:35 2001 From: danny@anatomy.usyd.edu.au (Danny Yee) Date: Mon, 6 Aug 2001 20:15:35 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: <20010806191751.F1658@taz.net.au>; from cas@taz.net.au on Mon, Aug 06, 2001 at 07:17:51PM +1000 References: <20010806191751.F1658@taz.net.au> Message-ID: <20010806201535.B16767@anatomy.usyd.edu.au> Craig Sanders wrote: > why is software an "intangible"? Packaged software is very tangible. But it makes some sense for the "software" to be distinguished (abstracted) from the packaging and media, and then maybe that abstraction is intangible... > for that matter, why are electricity and gas "intangibles"? I know an electrical engineer who gave expert evidence on this. I think the theory is that mains electricity is a service and not a "product" because (with AC current) it's not clear that there are even any electrons being exchanged. Gas, on the other hand, is surely 100% and unequivocably a tangible product, even if low temperatures and high pressures are needed to get it into touchable form. > i thought that "intangibles" were things like "good will" and > "reputation", or things that don't have a precise dollar value. I suspect the legal definition goes by physical "touchability", along with the Latin derivation of "tangible". Danny. From cas@taz.net.au Mon Aug 6 10:28:38 2001 From: cas@taz.net.au (Craig Sanders) Date: Mon, 6 Aug 2001 20:28:38 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat In-Reply-To: <20010806201535.B16767@anatomy.usyd.edu.au> References: <20010806191751.F1658@taz.net.au> <20010806201535.B16767@anatomy.usyd.edu.au> Message-ID: <20010806202838.A12246@taz.net.au> On Mon, Aug 06, 2001 at 08:15:35PM +1000, Danny Yee wrote: > Craig Sanders wrote: > > why is software an "intangible"? > > Packaged software is very tangible. But it makes some sense for the > "software" to be distinguished (abstracted) from the packaging and > media, and then maybe that abstraction is intangible... yes, there's a difference between the packaging/media and the software itself....but software is just another "machine", isn't it? or, more precisely, part of a machine. does it really matter whether a machine is implemented with cogs and gears or by shifting bits around? is a mechanical program (i.e. the precise arrangement of gears, levers, springs, cogs, timers, etc) fundamentally different from a software program (the precise arrangemnt of bits and bytes - which are just an abstract representation of electrons)? whether it's on a macro- or a micro- scale, you're still arranging physical items into a particular configuration in order to accomplish certain tasks. > > for that matter, why are electricity and gas "intangibles"? > > I know an electrical engineer who gave expert evidence on this. interesting... craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From Roger.Clarke@xamax.com.au Mon Aug 6 10:48:58 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Mon, 6 Aug 2001 20:48:58 +1000 Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] In-Reply-To: <200108061038.UAA04355@draal.apex.net.au> References: <200108061038.UAA04355@draal.apex.net.au> Message-ID: Eric Scheid draws attention to: Trade Practices Act s. 51AC - Unconscionable conduct in business transactions >http://www.accc.gov.au/smallbus/unconscionable_conduct.htm -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From Roger.Clarke@xamax.com.au Mon Aug 6 10:53:02 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Mon, 6 Aug 2001 20:53:02 +1000 Subject: [LINK] 'Intangible' {Was: Code Red puts Microsoft in hot seat] In-Reply-To: <20010806191751.F1658@taz.net.au> References: <20010806191751.F1658@taz.net.au> Message-ID: >On Mon, Aug 06, 2001 at 01:53:31PM +1000, Roger Clarke wrote: >> At: >> http://www.austlii.edu.au/au/legis/cth/num_act/tpa1974149/s4.html#goods >> ""goods" includes ... (d) gas and electricity" >> >> But since one intangible (electricity) is expressly *in*cluded, the >> courts would presumably infer that other intangible things (such >> as data and software) are intended by Parliament to be *ex*cluded, >> because if they were to be within-scope then they should have been >> listed there. >Three expressions of doubt about the description of software as 'intangible'. The term 'intangible' as a generic for such things as "good will" and "reputation" (not to mention establishment costs) is an accounting usage, with some meaning in commercial law. I didn't intend it in that technical sense, sorry. Try 'non-material' maybe. I was looking for a generic that could be juxtaposed against chattels. Do you *really* want to resort to those splendid terms 'choses in action' cf. 'choses in possession'?? See: http://www.anu.edu.au/people/Roger.Clarke/EC/ETCU.html#IPG Brendan Scott or someone similar, could you possibly sort this out for us? -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From rw@firstpr.com.au Mon Aug 6 11:28:42 2001 From: rw@firstpr.com.au (Robin Whittle) Date: Mon, 06 Aug 2001 21:28:42 +1000 Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] References: <200108061038.UAA04355@draal.apex.net.au> Message-ID: <3B6E7F6A.1119D183@firstpr.com.au> I don't think it is reasonable to sue Microsoft on grounds of unconscionable conduct because there was a bug in their IIS web server. Complex software has all sorts of potential problems. As far as I know, Microsoft responded quickly to the problem with a patch - and it is up to people who use the software to keep an eye on security updates. Microsoft has free mailing lists, web pages etc. for this purpose. This is not an unreasonable arrangement in the case of IIS, since it is sold to network administrators and other people who run computers connected permanently to the Net, and any such person should take their security responsibilities seriously. Since many people who know almost nothing about computers have heard about Code Red now, and the thing is still proliferating, this means that there are a large number of people connecting computers to the net and running servers who have not a single clue about computer security. While perhaps Microsoft could and should do more to clue these people up or make it harder for them to deploy every bit of software by default without thinking about it, I don't think this cluelessness is Microsoft's fault. I may not know the whole story - what is it about Microsoft's actions which are supposedly unconscionable regarding IIS and Code Red? What I think *could* be regarded as unconscionable conduct is the default setting of Windows to hide the extension of filenames for types it recognises, and to do this when Outlook Express presents an emailed attachment to the user. This *actively* works against the ability of the user to understand the security implications of clicking the attachment. SirCam and other worms/viruses replicate a *lot* faster because of this dumb (I believe culpably wrong) default behaviour of the operating system, because they name an attachment "PrettyGirl.JPG.exe" and the Microsoft software - by default and without any security cautions - presents this to the user as: "PrettyGirl.JPG". - Robin From rick@praxis.com.au Mon Aug 6 12:42:40 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Mon, 06 Aug 2001 22:42:40 +1000 Subject: [LINK] Code Red puts Microsoft in hot seat References: <3B6DE96A.F44C4CC7@austarmetro.com.au> Message-ID: <3B6E90C0.995F7836@praxis.com.au> Bernard Robertson-Dunn submitted this: > Code Red puts Microsoft in hot seat > By Dan Verton > 6 August, 2001 8:37 > Washington, U.S. > > It was a scene that would be familiar to officials at Bridgestone/Firestone > Inc. An executive from Microsoft watched as a government official told a > gathering of reporters that there was a serious problem with a Microsoft > product. Blah blah blah ... But the article did not mention this: Subject: [Oz-ISP] Transparent Proxy servers being messed up by Code Red II > Code Red and it's new (and quite different) derivative, Code Red II, > have a nasty side effect for those of us running transparent proxy > servers. > > It tends to bring them down (out of service). [SNIP] > If you are running a transparent proxy, these requests will be > captured and re-issued by your transparent proxy. For each of these > queries, one connect table entry will be used up as your proxy tries > to open a tcp connection to the destination host concerned. > Additional buffer space and other resources will be consumed in > buffering the pending request from the worm-compromised system while > your server waits, in vain, for the request to complete, before > eventually timing it out. > > While its doing this, the compromised hosts are making other similar > attempts - up to 600 in parallel, per compromised host, in the case > of some variations of the latest worm. > > Think about what you think the concurrent connection handling > capabilities of your proxy are, and imagine how quickly those > resources will be chewed up and blocked by even half a dozen > compromised hosts inside your downstream customer base. > > Oops. > > So you can blame Microsoft's lax coding practices, again, this time > for costing you the money you'll blow in extra downloads, due to > needing to turn your transparent proxy off until this particular worm > blows over. _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From rha@juggernaut.com.au Mon Aug 6 12:45:58 2001 From: rha@juggernaut.com.au (Richard Archer) Date: Mon, 6 Aug 2001 22:45:58 +1000 Subject: [LINK] RE: The auDA-Elz Standoff In-Reply-To: References: Message-ID: At 7:16 PM +1000 6/8/01, Tony Hill wrote: >- the competition model can provide significant benefit to Internet >users by introducing competition between registrars. It should be >implemented as soon as possible. We do not want anything to delay this >process. Indeed the competition model while not ideal is probably the best outcome that can be expected in the existing situation. It should certainly be implemented as soon as possible, and work should continue to introduce further competition if required. While we're talking about the competition model, I have not seen addressed the concerns about the impact of the competition model on the currently free and well-serviced domains such as .asn.au and .id.au. Is the auDA going to impose a levy on domain registrations and renewals within these domains? And if so how is an increase in fees for such domains justifiable? >- the competition model has little chance of implementation unless >redelegation goes ahead, while giving Robert Elz the opportunity to make >a considered judgement. I mildly agree with most of what Tony has said up to this point, however I find this comment baffling. Why is it that kre can't retain the delegation of .AU and authority for the Australian DNS while still allowing implementation of the core of the competition policy? Apart from the few comments in the policy that fall squarely into the wishful thinking category such as "Only auDA will have authority for setting domain name policy for .au.", the policy contained within the document appears to be delegate-neutral. Or was it the intention of the competition panel to force kre to redelegate the .AU domain to auDA by devising a competition policy that had redelegation as a prerequisite? >- there is a real prospect of introducing new second level domains and >opening up access to existing second level domains such as .id.au to >provide greater benefit to Internet users. Greater benefit how, exactly? Oh do you mean by allowing registrants to "protect their online corporate identity" three times as strongly by being able to register a .com.au, .biz.au and a .firm.au domain name? The only people benefiting from more 2LDs will be registrars. And auDA as they presumably take a cut of each domain name registration fee. >It is essential that these changes are introduced as a package. You >can't have the benefits of one without the others. Of course you can. Just because you don't get two benefits at once doesn't mean one benefit isn't worth having. >In the end, the stability of the DNS is of paramount concern. This is indeed very true. I note that under kre's supervision the Australian DNS has been very stable, and I for one am willing to believe that if kre has reservations about the process or the outcome of the auDA policy making that there are almost certainly some very real issues to be concerned about. ...R. From dasssa@ozemail.com.au Mon Aug 6 13:01:51 2001 From: dasssa@ozemail.com.au (Dassa) Date: Mon, 6 Aug 2001 23:01:51 +1000 Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] In-Reply-To: <3B6E7F6A.1119D183@firstpr.com.au> Message-ID: |> -----Original Message----- |> From: owner-link@www.anu.edu.au [mailto:owner-link@www.anu.edu.au]On |> Behalf Of Robin Whittle |> Sent: Monday, August 06, 2001 9:29 PM |> To: Link mailing list |> Cc: Roger Clarke |> Subject: Re: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in |> hot seat] |> |> What I think *could* be regarded as unconscionable conduct is the |> default setting of Windows to hide the extension of filenames for types |> it recognises, and to do this when Outlook Express presents an emailed |> attachment to the user. This *actively* works against the ability of |> the user to understand the security implications of clicking the |> attachment. SirCam and other worms/viruses replicate a *lot* faster |> because of this dumb (I believe culpably wrong) default behaviour of the |> operating system, because they name an attachment "PrettyGirl.JPG.exe" |> and the Microsoft software - by default and without any security |> cautions - presents this to the user as: "PrettyGirl.JPG". Hello Robin How is this any different to expecting users of more powerful software to be aware of and keep their systems updated with the latest security patches. Couldn't it be expected that users of an operating system would be aware of the security implications of the default settings? There is plenty of documentation covering this aspect. Where does one draw the line, are not all users to be treated the same? Isn't it more a case of people not reading the documentation they are supplied with. No doubt the majority are guilty of that, even system administrators :). Personally, I feel we are too quick to try and shift responsibility from ourselves. Darryl (Dassa) Lynch. From sneakums@zork.net Mon Aug 6 13:39:50 2001 From: sneakums@zork.net (Sean Neakums) Date: Mon, 06 Aug 2001 14:39:50 +0100 Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <200108060505.f7655KI05579@bree.brisbane.redhat.com> (hartr@redhat.com's message of "Mon, 6 Aug 2001 15:05:15 +1000 (EST)") References: <200108060505.f7655KI05579@bree.brisbane.redhat.com> Message-ID: <6uitg1tihl.fsf@zork.zork.net> >>>>> "h" == hartr writes: h> On 6 Aug, Craig Sanders wrote: >> and, given that RH is also available for free download it's >> probably even more accurate to call it semi-commercial...but if >> you as a representative of RH want to call your product >> "commercial", i'm not going to dispute it. h> You are failing to grasp the point that Linux being h> 'commercial' or not is determined by its USE; wether the h> organisation using it paid for it or not is irrelevant. `Commercial' always means `sold for money' when contrasted with `proprietary'; even if that is not how you choose to use the word, that is how I intended it when I brought up the distinction between `commercial' and `proprietary'. -- ///////////////// | | The spark of a pin | left blank. | dropping, falling feather-like. \\\\\\\\\\\\\\\\\ | | There is too much noise. From karl.auer@id.ethz.ch Mon Aug 6 14:07:08 2001 From: karl.auer@id.ethz.ch (Auer, Karl James) Date: Mon, 6 Aug 2001 16:07:08 +0200 Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] Message-ID: Many people Microsoft is actively selling to are not professional or are not disciplined enough to read the MOUNTAIN of bumph delivered with server software. It is probably more appropriate that Microsoft (or Oracle or whoever) be the one to produce graded documentation, with the important security stuff on page ONE, not buried in "Appendix F: Other considerations". Instead, Page One is typically a "Quick Start Guide", to "get you up and running as quickly as possible". How many people will read the next 537 pages? Microsoft sells its products at least in part by touting their "simplicity", "user friendliness" and "ease of use", so I think they are definitely busy hoisting themselves with their own petard on this one. But leaving documentation aside, the fundamental mistake - and I believe it is LONG past time that this mistake should have been recognised and rectified - is that Microsoft delivers products (MANY products) with highly insecure "features" and switches them ON by default. The list is well-nigh endless - hiding filename extensions, running executable attachments in mailers and unchecked access rights for application macros are just the well-publicised tip of the iceberg. NO non-blindingly-obvious feature should be on by default. "Ease of use" should mean "easy to find and switch on, with a helpful warning before you do so as to the security implications". And the ease of switching a feature on should be inversely proportional to the damage it can do when enabled. Not that Microsoft stands alone in its shame - many Linux distributions still come with (among others) ident, ftp, telnet, ssh, web and samba servers enabled and running by default. Regards, K. > -----Original Message----- > From: Dassa [mailto:dasssa@ozemail.com.au] > Subject: RE: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] > How is this any different to expecting users of more powerful > software to be aware of and keep their systems updated with the latest security > patches. Couldn't it be expected that users of an operating system would > be aware of the security implications of the default settings? There is > plenty of documentation covering this aspect. Where does one draw the > line, are not all users to be treated the same? > > Isn't it more a case of people not reading the documentation they are > supplied with. From at@ah.net Mon Aug 6 14:40:27 2001 From: at@ah.net (Adam Todd) Date: Tue, 07 Aug 2001 00:40:27 +1000 Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] In-Reply-To: <3B6E7F6A.1119D183@firstpr.com.au> References: <200108061038.UAA04355@draal.apex.net.au> Message-ID: <5.1.0.14.0.20010807003442.034a9ec0@pop> >While perhaps Microsoft could and should do more to clue these people up >or make it harder for them to deploy every bit of software by default >without thinking about it, I don't think this cluelessness is >Microsoft's fault. I can think of a zillion analogies to argue this point. But then, it comes back to the opposite, if we legislate against Football because a kid gets a spinal injury, then next week we'll legislate you can't have a back yard pool because a kid drowns, then we'll legislate you can't have a computer because you might get an electric shock ... However, I do feel the Microsoft has let itself down by trying to create software that is far more complex on the most incorrect platform to develop it upon. If Microsoft were to work with Industry, rather than try and create proprietary solutions, then such problems are less likely to occur. I can only IMAGINE what might have happened if I were to detail publicly the RedHat bug I copped so much flakt from so few individual last year. It was thanks to the advice form the MANY to keep my mouth shut that RedHat itself still exists as a product today. How long until the exploit is found is something I can't guess, and no doubt when people drop their ego (Microsoft included) and start working together rather than hamming each other in the corner, these exploit problems will cease to be problems. There has been discussion about creating a "counter-worm" for the CodeRed work that actually goes back to the exploited server and removes CodeRed, blocks the hole and issues itself to the next server to try and exploit it. I'm not sure where the development for this yet yet. On Friday PM I had <3000 attempts. By 9AM this morning I had 11,000. Just now I have 18744. Interesting. Maybe if I get time I'll break it down by hour :) From at@ah.net Mon Aug 6 14:33:53 2001 From: at@ah.net (Adam Todd) Date: Tue, 07 Aug 2001 00:33:53 +1000 Subject: [LINK] RE: The auDA-Elz Standoff In-Reply-To: References: Message-ID: <5.1.0.14.0.20010807003313.034aad50@pop> >complexity. The onus is on all of us to make sure that those who have >views about domain name policy are listened to. In this context, if >there is one lesson we can learn from international domain name >processes then it is the importance of transparency in decision making. Strangely enough, those who have the most experience in relation to Domain Policy are NOT being listened to. In fact some are told they single handedly destroyed the previous attempt. At any rate ... From rw@firstpr.com.au Mon Aug 6 15:44:50 2001 From: rw@firstpr.com.au (Robin Whittle) Date: Tue, 07 Aug 2001 01:44:50 +1000 Subject: [LINK] Adam Todd's destructive and no-doubt false allegations again References: <200108061038.UAA04355@draal.apex.net.au> <5.1.0.14.0.20010807003442.034a9ec0@pop> Message-ID: <3B6EBB72.7144F189@firstpr.com.au> I am responding to Adam Todd's message, responding to one of mine: Re: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoftin hot seat] Adam, You just reminded my why I vowed never to read your messages on Link again. I was not alone - many other people did the same, I am sure. I normally do not read your stuff - but in this case, it was possible that you were responding to one of mine, so I gave you the benefit of the doubt. Silly me. You wrote: > I can only IMAGINE what might have happened if I were to detail > publicly the RedHat bug I copped so much flakt from so few individual > last year. It was thanks to the advice form the MANY to keep my > mouth shut that RedHat itself still exists as a product today. How > long until the exploit is found is something I can't guess, and no > doubt when people drop their ego (Microsoft included) and start > working together rather than hamming each other in the corner, these > exploit problems will cease to be problems. You are repeating the same allegations which caused such trouble and even resulted in press coverage (as if your allegations might be true) whenever it was last year. The logic is inexorable: IF you are committed to a better world, in which software is more reliable, and people are protected from any existing bugs (as you claim to be). AND IF you believe you have found a problem with a program. THEN It is your duty to report the problem to the vendor/author *immediately*. There is no other honourable option. Having done so (which, has been stated by Red Hat representatives, you didn't) you should then expect the vendor, within a few days, to either: 1 - Convince you that your bug report has no substance. or 2 - Show to you and the world that they have identified the problem, fully characterised it, documented all the risks, produced an update to solve the problem and made all this publicly available If they fail to do one of the above, then your only honourable option (since hackers could have found the fault and could be developing exploits or compromising systems right how - you wouldn't necessarily know) is go public on BugTraq with a full description of everything you know about the bug. That is a moderated list and is central to the efforts of all decent people to improve software and protect computer systems and personal privacy from attack. The moderator there is well placed to judge the merits of the problem you report and whether or not it is wise to publicise it on BugTraq. To my understanding, your allegations have never been proved in any way at all. You have provided no details or evidence whatsoever - despite repeated requests. Your reference to multiple people who support you has never been proven either. Because this is a respected, public, well-archived list - with lurking journos (who aren't always smart enough to see the pattern of tangled and vexatious thinking which I believe underlies most of your output), your statements on this list gain far more credibility than they deserve. Specifically, your statements on Link gain credibility and exposure because we tolerate your presence on this list. It is my impression that you are unique in contributors to this list in having created far more noise than signal. Link is Tony's list. Its up to him how he directs discussion, and how he controls membership. He has been very trusting running a high-profile list with no moderation or membership criteria. Everyone but you (and a few spammers) have respected Tony's trust in humanity. You have deliberately abused his trust - and ours. The generally high signal to noise ratio of Link is well known, and rather remarkable. It is a testimony to all contributors to list except yourself. I believe you *use* the energy we put into link as an accellerant for your own ejaculations into the minds of other people. That's your game - you like inserting parts of yourself (things you dream up) into the minds of others. I think it is an appalling game, since it is evident that your mind is capable of following higher principles. You demonstrate your understanding of higher principles and the better thinking of other people in the sophisticated way you deliberately destroy those principles and fight that clearer thinking with your own perverse injections. You trade on the good reputation of Link. You use and sully the good reputation developed by all other members of this list since 1993. I believe that Link is an important discussion forum. What we discuss here has the potential to make life better for all Australians, and to exert positive influence the world over. There are many powerful reasons why I think that Link should be protected from the kinds of writing which you contribute. You should have your own mailing list - and periodically (like once every 6 months) post to link and other mailing lists inviting people to join you. Let people comment on those lists then on your character and infamous history, and on how they are happy you are not a member of those lists any more. It is the same in other mailing lists - any public mailing list without moderation is beholden to every single disturbed, malicious or erratic individual who chooses to plague it. After a while, most members get to know who the idiot is and studiously ignore that person. There is a jabbering, intelligent idiot known as Antiorp (his latest incarnation is integer@www.god-emil.dk) who consistently spams a number of Digital Signal Processing lists with his unreadable cryptic off-topic doggerel (though, like you, he is reputed to very occasionally say something of value). He has been at it for three or more years - and I recall hearing reports of how that one person (due to faulty or absent moderation on those lists) caused the demise of one or more mailing lists. I recall reading the same about you - an entire list which closed itself down, and re-established itself with a new rule: that you could not be a member. (This is an unsubstantiated allegation from me, since I don't remember the details - but I think it was an Australian ISP list a few years ago. I will cheerfully withdraw my accusation and give you my apologies in public if no-one substantiates what I have just stated in the next week.) But you are worse than an obscurantist neo-fascist gadfly like Antiorp. You don't just trade off, disrupt and destroy the good energy of this mailing list. You use the platform of Link to posture in public and launch extremely serious allegations about a commercial product which millions of people trust their businesses and personal information to - Red Hat Linux. By using the credibility *we* give you by foolishly tolerating your presence on Link, you insert your tripe into the minds of people far and wide by getting your corrosive drivel archived on this list and printed in papers - where the credibility of Link is cited as evidence of the seriousness of your false allegations. For the sake of Link, its members, the important matters we discuss here, and for the sake of Red Hat and any other company, product or person you might target in the future, I believe you should be prevented from posting to this list entirely. Alternatively, if it suits Tony, perhaps you could be permitted to post on a a strictly moderated basis. This sort of thing is presumably easy to set up on a modern mailing list like GNU Mailman. I don't know how easy it is on Tony's Majordomo. But anyway, I think you thoroughly deserve to be given the bums-rush and banished from this good list forever. I run a busy, serious, 1150 member mailing list of my own. Every now and again, a miscreant like you makes me realise how important it is to have a strong, principled moderation policy. If Link was my list, you would have been banned long ago - I generally don't read your stuff, but your inflammatory, damaging and *entirely* unsubstantiated allegations about a security problem with Red Hat Linux would have given me no other option. - Robin From rha@juggernaut.com.au Mon Aug 6 22:08:04 2001 From: rha@juggernaut.com.au (Richard Archer) Date: Tue, 7 Aug 2001 08:08:04 +1000 Subject: [LINK] Re: Red Hat Vulnerability In-Reply-To: <5.1.0.14.0.20010807003442.034a9ec0@pop> References: <200108061038.UAA04355@draal.apex.net.au> <5.1.0.14.0.20010807003442.034a9ec0@pop> Message-ID: At 12:40 AM +1000 7/8/01, Adam Todd wrote: >I can only IMAGINE what might have happened if I were to detail publicly >the RedHat bug I copped so much flakt from so few individual last >year. It was thanks to the advice form the MANY to keep my mouth shut >that RedHat itself still exists as a product today. How long until the >exploit is found is something I can't guess Are you implying that this vulnerability in Red Hat still exists today? I'm running a fully patched RH 6.1 system in a production environment. If you know of a vulnerability on that server, I want to know about it and NOW! ...Richard. From me@karmanaut.com Mon Aug 6 22:58:17 2001 From: me@karmanaut.com (viveka) Date: Tue, 7 Aug 2001 08:58:17 +1000 Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] In-Reply-To: References: Message-ID: At 11:01 PM +1000 6/8/01, Dassa wrote: >|> What I think *could* be regarded as unconscionable conduct is the >|> default setting of Windows to hide the extension of filenames for types >|> it recognises [...] because they name an attachment "PrettyGirl.JPG.exe" >|> and the Microsoft software - by default and without any security >|> cautions - presents this to the user as: "PrettyGirl.JPG". > >Hello Robin > >How is this any different to expecting users of more powerful software to >be aware of and keep their systems updated with the latest security >patches. Couldn't it be expected that users of an operating system would >be aware of the security implications of the default settings? There is >plenty of documentation covering this aspect. Where does one draw the >line, are not all users to be treated the same? There is a control group that we can use to measure this population of ordinary users: the Macintosh user population. Mac users very rarely read manuals. The setup instructions for a new Mac are a two-page booklet with four large illustrations, indicating that you plug the thing in, then turn it on. I'm not trying to start an OS war here; I regularly use MacOS, Windows, IRIX, FreeBSD, GNU/Linux and BeOS myself. They all have good reasons to exist. I've used and administered Macs for 10 years. I have never once seen a Macintosh virus in the wild. If anything, Mac users are *more* clueless than Windows users about security matters, but it doesn't become a problem, because the OS has a transparent conceptual model. Microsoft has targeted their OS at non-technical users ever since the Windows 95 marketing campaign. There are different expectations for a piece of consumer electronics, as compared to a piece of industrial equipment. This is why you rarely see yellow tape marking the safety boundaries around the edges of a VCR. The default operation of Windows 95/98/2000/ME should not allow your machine to become the source of a DDOS attack without you knowing about it, even (especially) if you're a non-technical user. This is possible, as demonstrated by the operation of the Mac OS. Regards, V. -- Viveka Weiley, Karmanaut. { http://www.karmanaut.com | http://www.planet-earth.org http://www.MacWeb3D.org | http://sydney.siggraph.org.au } hypermedia, virtual worlds, human interface, truth, beauty. From vivienne.teoh@detya.gov.au Mon Aug 6 23:01:54 2001 From: vivienne.teoh@detya.gov.au (TEOH,Vivienne) Date: Tue, 7 Aug 2001 09:01:54 +1000 (EST) Subject: FW: [LINK] Fwd: Seeking ed videoconferences Message-ID: <200108062301.f76N1sG16084@name-ext.deetya.gov.au> I have passed this on to the Education Network Australia (EdNA) News people who have a service to advertise such items. See below. Welcome to the EdNA News & Views Email Alert - 13 July 2001 http://www.edna.edu.au This service aims to feature topical information and debate of interest to the Australian education community, promote and publicise EdNA Online projects and developments and highlight news from our stakeholders. This service does not seek to be comprehensive or authoritative and views expressed here are not necessarily the views of EdNA Online or any of its stakeholders. Vivienne Teoh -----Original Message----- From: TEOH,Vivienne Sent: Tuesday, 7 August 2001 8:54 To: 'EdNA News and Views' Subject: FW: [LINK] Fwd: Seeking ed videoconferences This may be interest to the EdNA community Vivienne Teoh -----Original Message----- From: Stephen Loosley [mailto:stephen@melbpc.org.au] Sent: Sunday, 5 August 2001 22:55 To: link@www.anu.edu.au Cc: acselsic-l@yahoogroups.com; eModerators@yahoogroups.com; Scott Walker Subject: [LINK] Fwd: Seeking ed videoconferences Hi all .. Interested in an ed-videoconference? -- Date: Sat, 04 Aug 2001 09:02:05 -0500 From: Scott Walker Organization: Our Lady of the Lake University To: DEOS-L@lists.psu.edu, dist-ed@explode.unsw.edu.au, s-asia-it@apnic.net, TxDLA-Forum@txdla.org, ed_tech@egroups.com Subject: EP ST U seeks P or T w/ISDN VC for short or long term relationship!! [or...All dressed up & no place to go] Reply-To: Scott Walker EDUCATION PROFESSOR IN A SMALL TEXAS UNIVERSITY SEEKS PROFESSOR OR TEACHER WITH ISDN VIDEOCONFERENCE CAPABILITY AS A GUEST SPEAKER At Our Lady of the Lake University in Texas I am teaching a new class, "Technology for Teaching" this fall for undergraduate students enrolled in our teacher education program. By way of this message I am seeking education technology practitioners and instructors (at any grade/education level) who would like to "come in" (by videoconference) as a guest speaker. -OR- An entire class (elementary - grad. school) that could come in to have a videoconference dialogue. ======================== SUBJECT: Open, but related to education technology. (Corporate training topics welcome from corporate trainers.) PURPOSE: To 1) demonstrate the use and capabilities of using videoconference technology; and to 2) bring in a guest speaker or guest "classroom" to gain an outside perspective on the subject to enhance student learning. TIME: Class runs from August 28, 2001 to November 29, 2001 Tuesdays and/or Thursdays 2:15 p.m. to 3:15 p.m. Central Time (Chicago, Dallas, San Antonio, Mexico City) LONG DISTANCE FEE: I will initiate the call and therefore absorb any long-distance fees (including international long distance) VIDEOCONFERENCE REQUIREMENT: ISDN (H.320) capable videoconference OR an MCU I can dial into via ISDN to reach your site. STIPEND FOR SPEAKER: None...this would be out of the goodness of your heart and for the advancement of knowledge!! (I am willing to reciprocate and speak in your class via vid. conf., for what it's worth.) CONTACT PERSON: Scott Walker, walks@lake.ollusa.edu INTERESTED PERSONS: Anyone interesting in pursuing this idea, please reply directly to me rather than bothering everyone on this discussion group. [[Please pass this message on to potential interested parties.]] ========================= Regards, Scott Walker -- Our Lady of the Lake University Education Technology Coordinator 411 SW 24th St. San Antonio, Texas, USA 78207 Univ. Office +210 434-6711 X304 Home Office +512 392-1930 Fax +603 719-9542 -- Cheers all .. Stephen Loosley Notice: The information contained in this e-mail message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient any use, disclosure or copying of this e-mail is unauthorised. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and delete all copies of this transmission together with any attachments. From Roger.Clarke@xamax.com.au Tue Aug 7 00:00:46 2001 From: Roger.Clarke@xamax.com.au (Roger Clarke) Date: Tue, 7 Aug 2001 10:00:46 +1000 Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] In-Reply-To: References: Message-ID: viveka : > ... I've used and administered Macs for 10 years. I have never >once seen a Macintosh virus in the wild. ... I've *once* had one (which came in an attachment from a Singaporean student, and which took some modest effort to get rid of). That's despite intensive use since the second boatload in April 1984, Internet-connected since 1990 at work and 1993 at home. And yes I've been very slack about virus-protection as a result, i.e. despite being a 30-year industry-veteran, I'm a clueless user! Did you like the NSW Labor MPs explanation about having been a trained programmer and IT manager in the 1980s, but being a clueless user now? Admittedly it was an attempt to escape the gallows over the apparent insider-hacking in the NSW Parliament; but it was more credible than most things pollies say! -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 From hartr@redhat.com Tue Aug 7 00:13:50 2001 From: hartr@redhat.com (hartr@redhat.com) Date: Tue, 7 Aug 2001 10:13:50 +1000 (EST) Subject: [LINK] Re: Unix {Was: Looking for some Web server statistics] In-Reply-To: <6uitg1tihl.fsf@zork.zork.net> Message-ID: <200108070013.f770DrI07368@bree.brisbane.redhat.com> Hi Postings on this topic are getting a bit heated which is certainly not what I had intended - nor do I want to get further involved with splitting hairs over the definition of the term 'commercial' when applied to Linux as I don't think that we will get anywhere useful. There is obviously a diversity of opinion - as is frequently the case in such discussions. -- Robert Hart hartr@redhat.com Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia Tel +61 (0)7 3872 4808 Fax +61 (0)7 3257 4800 From dazza@zip.com.au Tue Aug 7 00:25:47 2001 From: dazza@zip.com.au (DaZZa) Date: Tue, 7 Aug 2001 10:25:47 +1000 (EST) Subject: [LINK] Re: Red Hat Vulnerability In-Reply-To: Message-ID: On Tue, 7 Aug 2001, Richard Archer wrote: > >I can only IMAGINE what might have happened if I were to detail publicly > >the RedHat bug I copped so much flakt from so few individual last > >year. It was thanks to the advice form the MANY to keep my mouth shut > >that RedHat itself still exists as a product today. How long until the > >exploit is found is something I can't guess > > Are you implying that this vulnerability in Red Hat still exists today? > I'm running a fully patched RH 6.1 system in a production environment. > > If you know of a vulnerability on that server, I want to know about it > and NOW! {snort} Good luck in geting your demands met. He won't tell you because there _isn't_ a common vulnerability of the type he states. But if you pay him enough he'll tell you that in person. DaZZa From rick@praxis.com.au Tue Aug 7 00:51:41 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Tue, 07 Aug 2001 10:51:41 +1000 Subject: [LINK] counterpoint: Australia, Singapore avoid Code Red hysteria References: Message-ID: <3B6F3B9D.72984A42@praxis.com.au> James Morris wrote: > "How Microsoft Ensures Virus-Free Software" > > "Disks are duplicated on a variety of industrial strength, quality focused > systems. Most of these systems are UNIX-based. The UNIX-based duplication > systems used in manufacturing are impervious to MS-DOS-based, Windows- > based, and Macintosh-based viruses. " > > http://www.google.com/search?q=cache:OIzlUFpB0s0:support.microsoft.com/support/kb/articles/Q80/5/20.ASP > > Although, if a customer called Microsoft and asked how to protect > themselves from viruses, I wonder if they'd be told anything like this. Conjecture: no. It would not be in their best business interests to promote disk duplication using another O/S. In spite of their supposed obligation to "top quality service" (ha ha ha) I would posit that Microsoft would advice using the Windows O/S for that task, and "ensure all virii and worms had been removed from the system beforehand". _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From rachel@excitehome.com.au Tue Aug 7 00:59:22 2001 From: rachel@excitehome.com.au (Rachel Polanskis) Date: Tue, 7 Aug 2001 10:59:22 +1000 (EST) Subject: [LINK] Re: Red Hat Vulnerability In-Reply-To: Message-ID: On Tue, 7 Aug 2001, Richard Archer wrote: Forget it Richard. AT Aint Telling. The bug doesn't exist, AFAIK. It's just yet another attention getting device from Link's esteemed paranoic. rachel > At 12:40 AM +1000 7/8/01, Adam Todd wrote: > > >I can only IMAGINE what might have happened if I were to detail publicly > >the RedHat bug I copped so much flakt from so few individual last > >year. It was thanks to the advice form the MANY to keep my mouth shut > >that RedHat itself still exists as a product today. How long until the > >exploit is found is something I can't guess > > Are you implying that this vulnerability in Red Hat still exists today? > I'm running a fully patched RH 6.1 system in a production environment. > > If you know of a vulnerability on that server, I want to know about it > and NOW! > > ...Richard. > -- Rachel Polanskis Optus/Excite@Home UNIX Administrator 100 Harris Street IT Operations Pyrmont, Sydney NSW rachel@excitehome.com.au Ph: (+61 2) 900 51144 From rick@praxis.com.au Tue Aug 7 01:24:21 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Tue, 07 Aug 2001 11:24:21 +1000 Subject: [LINK] Federal judge releases Dmitry Sklyarov on $50,000 bail (fwd) Message-ID: <3B6F4345.F43EF0AD@praxis.com.au> -------- Original Message -------- Subject: FC: Federal judge releases Dmitry Sklyarov on $50,000 bail Date: Mon, 6 Aug 2001 15:45:47 -0400 From: Declan McCullagh http://www.wired.com/news/politics/0,1283,45870,00.html Adobe E-Book Hacker Released Wired News Report 11:40 a.m. Aug. 6, 2001 PDT SAN JOSE, California -- Dmitry Sklyarov is out on bail. A federal magistrate judge ordered that the Russian programmer -- whose arrest last month on copyright infringement charges sparked worldwide protests -- be freed Monday on $50,000 bail. After a 30-minute bail hearing, U.S. Magistrate Judge Edward A. Infante released Sklyarov but said he must remain in Northern California under the supervision of a local friend, Sergei Osoakine. Joseph Burton, Sklyarov's defense attorney, said he was "ecstatic" that his client would be released. Sklyarov's passport remains in the hands of the U.S. Attorney's office, and a pre-trial hearing is set for Aug. 23. [...] From brd@austarmetro.com.au Tue Aug 7 02:02:16 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Tue, 07 Aug 2001 12:02:16 +1000 Subject: [LINK] Code Red worm Message-ID: <3B6F4C28.9206812F@austarmetro.com.au> >From what I have read about the weakness in IIS that is exploited by the Code Red worm, the problem seems to be an unchecked buffer. By overloading the buffer, the worm intoduces malicious code into the server that ends up being executed. Can anyone comment on the extent of prior knowledge or level of expertise that someone would need to identify this weakness and be able to exploit it? Another way of putting this question is : would someone need access to the source code, or is it sufficient to only have the executable and a debugger? Do people really spend their time pouring over MBytes of executable code reverse engineering an application and looking for ways to sunvert it? I can see how professional security people (especially the likes of the NSAs, GCHQs, DIOs etc) might, but amateur hackers? -- Is a computer language with goto's totally Wirth-less? -- unknown Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From hartr@redhat.com Tue Aug 7 02:09:01 2001 From: hartr@redhat.com (hartr@redhat.com) Date: Tue, 7 Aug 2001 12:09:01 +1000 (EST) Subject: [LINK] Let's Sue Microsoft [Was: Code Red puts Microsoft in hot seat] In-Reply-To: <5.1.0.14.0.20010807003442.034a9ec0@pop> Message-ID: <200108070209.f77294I07587@bree.brisbane.redhat.com> On 7 Aug, Adam Todd wrote: > I can only IMAGINE what might have happened if I were to detail publicly > the RedHat bug I copped so much flakt from so few individual last > year. It was thanks to the advice form the MANY to keep my mouth shut > that RedHat itself still exists as a product today. How long until the > exploit is found is something I can't guess, and no doubt when people drop > their ego (Microsoft included) and start working together rather than > hamming each other in the corner, these exploit problems will cease to be > problems. Linkers I am not going to regurgitate to the list the extensive prior communication on this subject. It's all in the archives and my email to Adam Todd and the link list of 19 May 2000 is probably a good place to start the link archive search surrounding this still unsubstantiated claim. All I would add is that neither I personally, Red Hat as an organisation (as far as I can trace) or the Linux community (again as far as I can trace) have still not been given any sort of information by Adam Todd as to the nature of this supposed compromise to the Linux kernel. Adam - you make statements about 'working together' and yet you have repeatedly refused to do just this, despite many invitations made publicly (see the archives) and privately and which I now repeat here: Send me the details of this supposed compromise and it will be investigated immediately. I believe that somewhere in the New Testament is the line: "By their actions shall ye know them." upon which you might like to ponder if you fail to provide the information you claim to have. -- Robert Hart hartr@redhat.com Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia Tel +61 (0)7 3872 4808 Fax +61 (0)7 3257 4800 From rick@praxis.com.au Tue Aug 7 02:31:24 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Tue, 07 Aug 2001 12:31:24 +1000 Subject: [LINK] Code Red worm References: <3B6F4C28.9206812F@austarmetro.com.au> Message-ID: <3B6F52FC.694FAAD4@praxis.com.au> Bernard Robertson-Dunn wrote: > Can anyone comment on the extent of prior knowledge or level of expertise > that someone would need to identify this weakness and be able to exploit > it? A good knowledge of assembler and machine code, and the inner workings of the stack and C are required. > Another way of putting this question is : would someone need access to the > source code, or is it sufficient to only have the executable and a > debugger? No source code required. I read a a very long and detailed description of how to exploit a buffer overflow by installing your own bit of code into a system to obtain 'root' access. I cannot find the paper again, but the following web page contains similar details: A quick look at the above will show you how complex and detailed buffer overflow exploiting can be. Not for the faint hearted. > Do people really spend their time pouring over MBytes of executable code > reverse engineering an application and looking for ways to sunvert it? I > can see how professional security people (especially the likes of the NSAs, > GCHQs, DIOs etc) might, but amateur hackers? Not really. From what I've read, crackers apply techniques similar to those indicated in the above web page. Hours of playing with long buffers, submitting trial exploits to a server, and finally coming up with an exploit. At the end of the day, the exploit itself is usually elegantly short, but it takes hours of work discovering it. > -- > Is a computer language with goto's totally Wirth-less? > -- unknown Pascal-less too. Cheers Rick W _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From rw@firstpr.com.au Tue Aug 7 03:40:23 2001 From: rw@firstpr.com.au (Robin Whittle) Date: Tue, 07 Aug 2001 13:40:23 +1000 Subject: [LINK] Why do people exploit code? Was: Code Red worm References: <3B6F4C28.9206812F@austarmetro.com.au> Message-ID: <3B6F6327.D3E58405@firstpr.com.au> In "Re: [LINK] Code Red worm" Bernard Robertson-Dunn wrote: > Another way of putting this question is : would someone need access to > the source code, or is it sufficient to only have the executable and a > debugger? The source would be nice, but a debugger and disassembler will do. A good supply of tea and chocolate cake would help too. I imagine it is pretty easy to find a buffer overflow - just send a very long command to the program and see if it crashes. > Do people really spend their time pouring over MBytes of executable > code reverse engineering an application and looking for ways to > subvert it? Hell yes! I have disassembled code and run it in debuggers just to fix pesky bugs in ordinary software. If I was handier with Windows debuggers, I would have fixed by now the way Netscape Composer's HTML line length limiting code deletes whitespace characters after long URLs - a problem which drives my nuts. I have in fact spent hours searching the code for the instance of the constant which sets the line length limit - but I never found it. I am sure I could if I spent the time with a debugger to find it. It is possible to search a program for a likely constant, then make multiple versions each with a change to a different instance of the putative variable. Then you run them and see what they do! It can be fun! I once did this to modify a CPM operating system which ran on a Z-80 card in an AppleII. I can't remember the change - but it was to do with making it run multiple users or similar. It was a paying job - I sold 32 bits of information for $100, in about 1982 or so - 16 bits of address of where to make the change, and then two new bytes to change the constant in the program. > I can see how professional security people (especially the likes of > the NSAs, GCHQs, DIOs etc) might, but amateur hackers? My sociobiological perspective on this is that adolescent and young adult males in particular are keen to develop ways of infiltrating, controlling and destroying things. Its all good basic warrior development stuff. Hence the lively interest in explosives and ballistics held by many good mature citizens of today, when they were in there teens (and sometimes lingering a little . . . ). Also, as I alluded to in my assessment of Adam Todd's output on this list, there can be a certain fascination (which I need hardly point out has deep resonances with reproductive success) with *inserting things* . . . especially where they are not entirely welcome, but sort of fit . . . I heard of one schoolboy team who methodically pinched keys from building sites and built up an impressive portfolio of assets - dozens of recently built houses to which they had the keys. I don't know if they were ever used for malicious purpose - they probably weren't. I once made a clay impression of my school's master keys - but never used them for anything. I prefer not to detail my explosives experiments in public - but they make lively after-dinner conversation! I can think of quite a few upstanding, respected citizens of today who developed means of destroying things and then generally left it at that - though one trusted and respected member of society told me how (as an adolescent) he blew up his neighbour's letter box and then offered to rebuild it for her as a paying job. If I was 14 to 24 or so, I can imagine being fascinated by finding and exploiting weaknesses in widely used software. So I think it is perfectly natural and in many ways healthy that certain people investigate these things. Launching a benign virus could even be considered a charitable act. If the virus made users and programmers more aware of computer security issues, so they took actions to prevent their systems, it could in fact be a good thing. Launching genuinely destructive viruses and worms is a different matter. But still, these things have to happen, I believe. Sooner or latter, users and computer systems have to evolve to become more resistant to viruses and other security threats. It seems this does not happen without the sort of prodding which only occurs when there are widespread and destructive infections and attacks - and even then, it seems that it will take forever until the more hard-to-change people actually take computer security seriously. I can see viruses and the like getting a lot worse before they get better. Also, just as glaziers are sometimes found to be paying criminals (rock throwing youths - or in Victoria, the police) to break shop and car windows, it is tempting to think that the anti-virus industry has a financial interest in new nasty viruses emerging. But I suspect that there is quite enough action from the young warrior volunteer types to make it unnecessary to encourage any virus development with cash - and also, a single proven case of such payment would surely be the death-knell for the company. - Robin From cas@taz.net.au Tue Aug 7 04:08:26 2001 From: cas@taz.net.au (Craig Sanders) Date: Tue, 7 Aug 2001 14:08:26 +1000 Subject: [LINK] Code Red worm In-Reply-To: <3B6F4C28.9206812F@austarmetro.com.au> References: <3B6F4C28.9206812F@austarmetro.com.au> Message-ID: <20010807140826.A5367@taz.net.au> On Tue, Aug 07, 2001 at 12:02:16PM +1000, Bernard Robertson-Dunn wrote: > From what I have read about the weakness in IIS that is exploited by > the Code Red worm, the problem seems to be an unchecked buffer. By > overloading the buffer, the worm intoduces malicious code into the > server that ends up being executed. > > Can anyone comment on the extent of prior knowledge or level of > expertise that someone would need to identify this weakness and be > able to exploit it? not a lot. you don't need to know a lot about security or programming (or anything at all really) to run an exploit script written by someone else. while there are some exceptions, most script kiddies don't have the faintest clue about what they're doing. the brighter ones are able to make trivial changes to scripts to suit their current needs or to find new vulnerabilities to take advantage of with the same exploit code. > Another way of putting this question is : would someone need access to > the source code, or is it sufficient to only have the executable and a > debugger? not even that. buffer overflow exploits are so well known that all you need is a target host to attack, some "payload" code, and a bit of imagination to find the holes by trial and error. a bit of imagination plus a bit of scripting can automate trying millions of combinations of buffer overflow attempts in just a few hours. > Do people really spend their time pouring over MBytes of executable code > reverse engineering an application and looking for ways to sunvert it? I > can see how professional security people (especially the likes of the NSAs, > GCHQs, DIOs etc) might, but amateur hackers? yep, but as noted above it's not necessary to do that to find and exploit a vulnerability. craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From gordon.keith@marine.csiro.au Tue Aug 7 04:42:45 2001 From: gordon.keith@marine.csiro.au (Gordon Keith) Date: Tue, 7 Aug 2001 14:42:45 +1000 Subject: [LINK] Code Red worm In-Reply-To: <3B6F4C28.9206812F@austarmetro.com.au> References: <3B6F4C28.9206812F@austarmetro.com.au> Message-ID: <01080714424500.03322@moo-hf> On Tue, 7 Aug 2001 12:02, Bernard Robertson-Dunn wrote: > Can anyone comment on the extent of prior knowledge or level of > expertise that someone would need to identify this weakness and be > able to exploit it? > > Another way of putting this question is : would someone need access > to the source code, or is it sufficient to only have the executable > and a debugger? I am not a security expert, but my understanding is that anyone with patience could do it. My understanding is that a buffer overflow exploit consists of two parts: the buffer overflow and the exploit. To find a buffer overflow you just need to be able to throw unusually long strings at a program until it does something unexpected, eg crashes. This can be done manually on someone else's machine, (eg telnet to port 80 on any IIS server and type nonsense - if the machine crashes you have probably found a buffer overflow) but is probably easier to do by writing a program, and faster if you attack your own machine. Knowing the functionality of the program you are attacking can give some hints as to where strings may be provided and may be handled as special cases. Good documentation should provide a reason list of possibilities to try. Once you have found a buffer overflow you need to be able to exploit it. This involves putting a string of executable code in exactly the right place in the buffer. Not all buffer overflows are exploitable. Getting exploit code should be fairly straightforward, as there are so many exploits out there I'm sure a bit of code that will give you access to the system wouldn't be too hard to find. Some ability with machine level programming is needed to write a successful exploit in the first place. The hard part is putting the exploit code in exactly the right place in the buffer for the code to execute correctly and not just crash. An executable, a debugger and a knowledge of the machine architecture would be very useful. On the other hand, a bit of patience (you may need to wait for a reboot between attempts) and just sequentially putting the exploit code at successive locations in the buffer should eventually work. In summary the extent of prior knowledge required is knowing where you give the program a string, and what sorts of strings might be treated as special cases. In IIS you need to know how to do a HTTP GET. The fact that strings starting with /default.ida? are treated in a special way gives you a search area that is tractable. Regards Gordon From karin.geiselhart@rmit.edu.au Tue Aug 7 05:04:18 2001 From: karin.geiselhart@rmit.edu.au (Karin Geiselhart) Date: Tue, 07 Aug 2001 15:04:18 +1000 Subject: [LINK] policy portal In-Reply-To: <5.1.0.14.2.20010807090415.00acb880@tomw.net.au> Message-ID: <4.3.1.20010807144550.00b83240@ems.rmit.edu.au> >article in the Australian today > > thanks for that, Tom. ah, a policy portal is truly an idea whose time has come. Great to see someone like Richard pick up the ball and run with it so well. A more detailed outline of what might be in a policy portal is on my web site, based on talks at the Health Infomatics Conference and a paper for IT and economic development in New Hampshire. Now, will someone please start using the phrase 'democratic dividend from IT'? K Karin Geiselhart Post-Doctoral Research Fellow in Electronic Commerce RMIT University Melbourne Australia ph 03 9925 1352 fax 03 9925 5482 http://www.bf.rmit.edu.au/kgeiselhart From thealy@magna.com.au Tue Aug 7 05:08:54 2001 From: thealy@magna.com.au (Anthony Healy) Date: Tue, 7 Aug 2001 15:08:54 +1000 Subject: [LINK] Code Red worm In-Reply-To: <3B6F4C28.9206812F@austarmetro.com.au> Message-ID: > From what I have read about the weakness in IIS that is exploited by the > Code Red worm, the problem seems to be an unchecked buffer. By overloading > the buffer, the worm introduces malicious code into the server that ends up > being executed. > > Can anyone comment on the extent of prior knowledge or level of expertise > that someone would need to identify this weakness and be able to exploit > it? > > Another way of putting this question is : would someone need access to the > source code, or is it sufficient to only have the executable and a > debugger? You wouldn't need the source code to find a weakness like this. You wouldn't even need a debugger. You would normally need to be a C/C++ programmer, with Windows engineering expertise. You would not necessarily need to be a very good one. > Do people really spend their time pouring over MBytes of executable code > reverse engineering an application and looking for ways to subvert it? I > can see how professional security people (especially the likes of > the NSAs, GCHQs, DIOs etc) might, but amateur hackers? Describing it as poring over megabytes of executable code is not quite correct. It would be more like testing. You would test various expected weakness points. More detail than you really wanted to know ------------------------------------------ Buffer overflow vulnerabilities arise because 'C' and C++ depend on strings (text) to be terminated by the null character. If a string is submitted that is not properly terminated, then it will write into memory space not intended for it. A well designed application will check the length of submitted strings precisely to ensure this can't happen, and truncate any excessively long strings. But this is a check that is sometimes not applied. If such an overly long string is successfully submitted, then the excess part of the string, which the application is not expecting, can be made to do things it has no business doing. In that case, the data in the excess part of the string functions not as a string, but as something else. And here I'm not sure what goes on. Regards, Tony Healy -------- To the Bear, there was nothing so beautiful as a formation landing of helicopters - not only for the physical beauty of the formation's geometric order, but for the determination and purpose they showed, driving downward into whatever might lay ahead. There was no need for them to be so close, and yet, because they were, they were a beautiful sight, those ten ships driving down as one. The diamonds glistened, as the sun caught the rotor blades, like the patterns on a snake's back. Adapted from William Holland: Let a Soldier Die From gbayley@ausmac.net Tue Aug 7 05:14:53 2001 From: gbayley@ausmac.net (Grant Bayley) Date: Tue, 7 Aug 2001 15:14:53 +1000 (EST) Subject: [LINK] Why do people exploit code? Was: Code Red worm In-Reply-To: <3B6F6327.D3E58405@firstpr.com.au> Message-ID: > > Do people really spend their time pouring over MBytes of executable > > code reverse engineering an application and looking for ways to > > subvert it? > > Hell yes! We've actually got a speaker organised for the October 2600 Australia seminars that will be covering this exact topic. Some related things have already been covered, such as debugging with the GNU debugger (though this was primarily with source-available and debugging-enabled binaries) and buffer overflow techniques. (Although experienced in these other areas, the speaker's specialty is reverse engineering and debugging closed source binaries). The details for the October seminars aren't online yet, but generally they're on the second saturday of the month in a room at the University of Technology in Sydney. http://www.2600.org.au/seminars/ Grant From me@Tony-Barry.emu.id.au Tue Aug 7 07:32:19 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Tue, 7 Aug 2001 17:32:19 +1000 Subject: [LINK] Adam Todd's destructive and no-doubt false allegations again In-Reply-To: <3B6EBB72.7144F189@firstpr.com.au> References: <200108061038.UAA04355@draal.apex.net.au> <5.1.0.14.0.20010807003442.034a9ec0@pop> <3B6EBB72.7144F189@firstpr.com.au> Message-ID: At 1:44 AM +1000 7/8/01, Robin Whittle wrote: > >Link is Tony's list. Well it's the members list really. >Its up to him how he directs discussion, I sometimes nudge but I hope I never direct. >and how >he controls membership. If the membership had to be controlled I think the list might suffer. > >You have deliberately abused his trust - and ours. Sometimes things are said in haste. Once is fine, twice is a worry and three times is a problem. Tony -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From me@Tony-Barry.emu.id.au Tue Aug 7 08:24:41 2001 From: me@Tony-Barry.emu.id.au (Tony Barry) Date: Tue, 7 Aug 2001 18:24:41 +1000 Subject: [LINK] E-books said to be "utterly unneeded" Message-ID: Linkers I hate to say "I told you so" ... :-) Tony E-BOOKS SAID TO BE "UTTERLY UNNEEDED" According to publishing consultant Jim Lichtenberg, the e-book business is floundering: "There's no standardization in technology. It's all a big mess. This is like having a car in 1905. It breaks down constantly, which means you have to travel with your own mechanic--and since there are no roads, there's nowhere to go anyway." Prize-winning novelist Kurt Vonnegut agrees: "The e-book is a ridiculous idea. The printed book is so satisfactory, so responsive to our fingertips. So much of this new stuff is utterly unneeded." But a spokesman for Random House [see Honorary Subscriber section below] thinks that reports of the demise of the e-book is greatly exaggerated, and that its potential is yet to be realized.(Los Angeles Times 6 Aug 2001) http://www.latimes.com/business/la-080601ebooks.story -- phone +61 2 6241 7659 mailto:me@Tony-Barry.emu.id.au http://purl.oclc.org/NET/Tony.Barry From rick@praxis.com.au Tue Aug 7 06:49:59 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Tue, 7 Aug 2001 16:49:59 +1000 Subject: [LINK] Adam Todd's destructive and no-doubt false allegations again Message-ID: Robin Whittle wrote: > I recall reading the same about you - an entire list which > closed itself down, and re-established itself with a new rule: that you > could not be a member. (This is an unsubstantiated allegation from me, > since I don't remember the details - but I think it was an Australian > ISP list a few years ago. I will cheerfully withdraw my accusation and > give you my apologies in public if no-one substantiates what I have just > stated in the next week.) The list was the DNS in Australia mailing list. I was a member of both the old list which was shutdown for the reason you give, and the new list which was created, again for the reason you give. An argument about the viability and reasonableness of the Confederate (read Alternate) DNS system arose on the list, and blossomed into name-calling, abusive invective and threats of legal action (the "libel gambit" so often used when push comes to shove) that the list moderators shut it down and started fresh, less one member. Rgds Rick W _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer From rick@praxis.com.au Tue Aug 7 09:49:37 2001 From: rick@praxis.com.au (Rick Welykochy) Date: Tue, 07 Aug 2001 19:49:37 +1000 Subject: [LINK] Adam Todd's destructive and no-doubt false allegationsagain References: Message-ID: <3B6FB9B1.4CBDC255@praxis.com.au> Rick Welykochy wrote: > > The list was the DNS in Australia mailing list. I was a member of both the etc.etc. The above was sent: Date: Tue, 7 Aug 2001 16:49:59 +1000 and Robin recieved his Cc: promptly. It is now some three hours later. Is LINK getting tired so early on in the evening? -rickw _____________________________________________ Rick Welykochy || Praxis Services Pty Limited "It is practically impossible to teach good programming style to students that have had prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration." - Dijkstra From luke@burton.net Tue Aug 7 10:50:30 2001 From: luke@burton.net (Luke Burton) Date: Tue, 7 Aug 2001 20:50:30 +1000 (EST) Subject: [LINK] Incorrect reporting: Now it's a can of worms as Code Red II slides in back door Message-ID: http://www.smh.com.au/news/0108/07/national/national15.html The article titled "Now it's a can of worms as Code Red II slides in back door", by Kirsty Needham, contains alarming misrepresentations which could lead readers to false conclusions. Principally, the article claims that "Code Red II opens a "back door" on any Internet computer it infects, allowing hackers to remotely seize control of the machine." This statement is missing a completely crucial caveat. This is that the worm *only infects computers running Microsoft Internet Information Server*. The vast majority of computers on the internet are not directly affected by this worm, at all. The only repurcussions for an average internet user would be traffic slowdowns due to worm activity, or an inability to access defaced websites. Hence this statement gives people wihout MS IIS the impression that their computers may be directly attacked by the worm, when they will not be. The most interesting fact of the Code Red worm has been overlooked. If Microsoft's IIS was not ridden with security holes, this problem would not have arisen. Servers running alternative operating systems are not affected. Servers running the vastly more popular Apache open source webserver are not affected. If Ford were to produce a popular car which could be broken into very easily, people would be angry at Ford. Ford's name would be mentioned in the articles which discussed the problem. There may even be lawsuits involved. Yet in this article, no mention is made of the fact that the worm is dependant on the shortcomings of a particular vendor - Microsoft. In fact, one might also draw the following analogy. Say the Sydney Morning Herald claimed that 'all cars' were affected by an easy security breach, but in fact the only cars that were affected were models by Ford. Manufacturers like Mitsubishi may be upset, since this draws their name through the mud. You would probably have to print a retraction of your article which made incorrect claims, and apologise to other car manufacturers who may have felt they were being falsely targeted. Is the Sydney Morning Herald willing to print a retraction to *this* article? Regards, Luke Burton. -- Luke Burton | <- You must be smarter than this stick to ride the Internet From foconno1@bigpond.net.au Tue Aug 7 12:19:46 2001 From: foconno1@bigpond.net.au (Frank O'Connor) Date: Tue, 7 Aug 2001 22:19:46 +1000 Subject: [LINK] E-books said to be "utterly unneeded" In-Reply-To: References: Message-ID: Mmmm ... you picked another turkey long before the market did. They should get you into the product testing process before they go ahead with developing these things. It'd save them a heap of unnecessary expense. :) On the e-book fiasco ... Mmmm. Three or four different and incompatible standards ... all of which have tiny title ranges, I find HTML so much more readable and accessible, the copy protection process is a really inconvenient one, and the pricing of product is ridiculously expensive compared to paper product (it should be so much cheaper.) And besides that ... like many others ... I prefer hard copy for serious relaxation and browsing. I think they better go back to the drawing board with the concept before its a goer with Joe Public. Regards, At 6:24 PM +1000 7/8/01, Tony Barry wrote: >Linkers > >I hate to say "I told you so" ... :-) > >Tony > >E-BOOKS SAID TO BE "UTTERLY UNNEEDED" >According to publishing consultant Jim Lichtenberg, the e-book business is >floundering: "There's no standardization in technology. It's all a big >mess. This is like having a car in 1905. It breaks down constantly, which >means you have to travel with your own mechanic--and since there are no >roads, there's nowhere to go anyway." Prize-winning novelist Kurt Vonnegut >agrees: "The e-book is a ridiculous idea. The printed book is so >satisfactory, so responsive to our fingertips. So much of this new stuff is >utterly unneeded." But a spokesman for Random House [see Honorary >Subscriber section below] thinks that reports of the demise of the e-book >is greatly exaggerated, and that its potential is yet to be realized.(Los >Angeles Times 6 Aug 2001) >http://www.latimes.com/business/la-080601ebooks.story >-- >phone +61 2 6241 7659 >mailto:me@Tony-Barry.emu.id.au >http://purl.oclc.org/NET/Tony.Barry -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From Russell.Ashdown@Ashdown.net.au Tue Aug 7 13:17:22 2001 From: Russell.Ashdown@Ashdown.net.au (Russell Ashdown) Date: Tue, 7 Aug 2001 23:17:22 +1000 Subject: [LINK] Ask not: "For whom the bell tolls?" Message-ID: <3B707702.16136.B7F6A22@localhost> I am at a loss to understand the reason for the vitriol being spewed from the postings of an individual I had previously held in some regard. But, having read the post, I was not at all surprised to hear the other member of the "Adam Todd Hate Society" chirp in. "The organ grinder plays the tune and the monkey dances." To propose to the Link List that any poster be censored is a denial of the purpose for which (I think) the Link List exists - not only exists, but a denial of the reason that the Link List IS held in such high regard by many professionals both in Australia and elsewhere in the world. It is a free forum of ideas for professionals and others, allowing a free exchange and debate of current issues. It is because of the vitriolic posting of Robin Whittle and the goading follow-up by Rick Welykochy that I am compelled to post this document in defence of Adam Todd's right to post, not necessarily in defence of his various postings. In my opinion, such vitriolic responses to posts that the respondent finds personally disagreeable are naive and counter productive. In the words of Viscount St. Albans: "The punishing of wits enhances their authority, and a forbidden writing is thought to be a certain spark of truth that flies up in the faces of them who seek to tread on it. Whether Adam Todd was or was not banned from a list, I for one would not know, and for all that it matters, I don't care a hoot; except, that if it is true that Adam or anyone else for that matter has been summarily excluded from any list, I can be sure that that list would be the worse for it. For all the presumed high ideals brought to bear to excuse the censoring of individuals, when it comes to the crunch, it is nothing less than suppression of the thoughts of one by another. In presuming to censor, the list has certainly devalued discussion and debate and in my view, such a list would not be worth participating in. While Robin Whittle may disagree with the postings of Adam Todd, he seems unable to respond other than in an acrimonious and sarcastic manner which to my mind destroys his credibility. The word censor is defined as an active participant in the deletion of facts that are harmful to their cause: Writers of such acrimonious posts are no better than blundering clowns of the first order, but they are feeding an environment of intolerance that, in effect, promotes the crushing of ideas, instead of meeting them in the marketplace of ideas with better ones. Perhaps they can think of no better ideas to put forth in contradiction of the positions they are attempting dispute? No doubt this is the reason behind much of the caustic vitriol: No real idea of how to respond intellectually. To quote Dieter Hildebrandt - "Censorship is secret recommendation through public prohibition". To those of you who believe that this is none of your business, since it does not affect you, I will remind you of the Roman slogan 'Hodie mihi, cras tibi' ('Me today, you tommorrow'). Who is the next one to be censored? You? Russell Ashdown "I may disagree with what you say but I will defend to the death your right to say it." Lets get on with the debate and allow ALL to be heard. From karl.auer@id.ethz.ch Tue Aug 7 13:44:39 2001 From: karl.auer@id.ethz.ch (Auer, Karl James) Date: Tue, 7 Aug 2001 15:44:39 +0200 Subject: [LINK] Ask not: "For whom the bell tolls?" Message-ID: By far the simplest method of dealing with irritants such as Adam Todd is to put a procmail filter or other filter in place, and bin unwanted messages. From your point of view, his postings will simply cease to be (except for the odd quote), and a great peace will descend upon you. While this is NOT necessarily the best way to deal with SPAM, it is the best way to deal with voices you do not want to hear. It is (IMHO) the only acceptable form of "censorship". Regards, K. > -----Original Message----- > From: Russell Ashdown [mailto:Russell.Ashdown@Ashdown.net.au] > Subject: [LINK] Ask not: "For whom the bell tolls?" > > To propose to the Link List that any poster be censored is a denial > of the purpose for which (I think) the Link List exists From luke@burton.net Tue Aug 7 22:17:02 2001 From: luke@burton.net (Luke Burton) Date: Wed, 8 Aug 2001 08:17:02 +1000 (EST) Subject: [LINK] Ask not: "For whom the bell tolls?" In-Reply-To: Message-ID: On Tue, 7 Aug 2001, Auer, Karl James wrote: > By far the simplest method of dealing with irritants such as Adam Todd > is to put a procmail filter or other filter in place I think the point Robin was stabbing at was that Adam is leveraging the credibility of LINK to put forward his own ideas - ideas which appear to be totally fabricated with no basis in reality. It's something like a MP using Parliamentary Question Time as a forum for discussing his or her belief in UFOs, or crystal healing. The fact that it's said in a particular place will lend credibility to the idea in the minds of those who don't know any better. I'm not weighing in on either side of this, but I think it's obvious that you can't censor someone on any list. I respect Adam's right to post. However, someone has to decide whether the list is being abused. I haven't followed the history of the alleged RedHat security flaw to make any definitive statement on that. But obviously that is the angle from which this problem must be approached. > While this is NOT necessarily the best way to deal with SPAM, it is the > best way to deal with voices you do not want to hear. It is (IMHO) the > only acceptable form of "censorship". Of course - we all deserve the right to 'not listen'. Unless you're trying to watch a program on commercial television, in which case you get the advertising noise whether you like it or not. L8r Luke. -- Luke Burton | <- You must be smarter than this stick to ride the Internet From rha@juggernaut.com.au Tue Aug 7 22:15:02 2001 From: rha@juggernaut.com.au (Richard Archer) Date: Wed, 8 Aug 2001 08:15:02 +1000 Subject: [LINK] Ask not: "For whom the bell tolls?" In-Reply-To: <3B707702.16136.B7F6A22@localhost> References: <3B707702.16136.B7F6A22@localhost> Message-ID: At 11:17 PM +1000 7/8/01, Russell Ashdown wrote: >the Link List IS held in such >high regard by many professionals both in Australia and elsewhere >in the world. Thus Robin's point. By posting his messages to the Link list the high regard for the usual content of the list "rubs off" on Adam's totally undeserving postings. The only possible option is for people who understand the topics Adam is discussing to post refutations to Adam's factually incorrect remarks to ensure people reading the thread and the archive are aware that Adam's remarks are not accepted as correct by the list. Then of course Adam posts even more messages in response which all need to be refuted as well. It's not long before the thread degenerates into a tit for tat flame war covering no new ground and with none of the postings being up to the standard we expect from a Link posting. Simply filtering Adam's posts to the trash is unacceptable, as that leaves Adams remarks standing unrefuted both on the list and in the archive. While it is true that Link is a free and open forum, it is held in high regard simply because the overall content of postings is of high quality. I personally would regret the inevitable decline of the quality of Link postings if it became necessary to respond to each of Adams postings refuting his rambling arguments, but I will post such messages if necessary. Fortunately Adam's postings rarely contain anything of a factual nature. >except, that if it is true that Adam or anyone else for that matter >has been summarily excluded from any list, I can be sure that that >list would be the worse for it. I can categorically assure you that the list Adam was banned from was not the worse for the event. The list was the IIA's DNS discussion list back in 1998. The DNS list was created to discuss the formation of ADNA and to canvass opinion on the direction of the .AU domain. At the time Adam was heavily involved in AURSC, which was a similar thing to the registry running the .sex root domain now, where there are many new top-level-domains but you have to configure your machine to use their name servers. I'll leave discussion of the merits of splitting the DNS into many self-contained and overlapping entities for another time. Anyway, Adam invited a couple of his alternate-DNS friends along to this mailing list, presumably for moral support. Between them Adam Todd, Jim Fleming and Jeff Williams posted 366 messages to the DNS list in the 6 weeks prior to it's demise. In the one week from 16 June to 23 June they posted an amazing 193 messages to the list. Add to those messages the subsequent replies and flames and believe me, the list was *busy*. And the sad fact is the messages posted by these three were completely off-topic, off-charter and, IMHO, designed purely to lead the discussion astray. The few people who were trying to discuss the AU DNS reform were completely drowned out by the deluge of "junk" posts. As a result, the list members voted to create a new list excluding Todd. This was done and the discussion got back on-track and the list happily chugs along to this day. I'd be happy to send anyone a zipped archive of the list traffic during that time... just ask :) ...Richard. From Richard.Chirgwin@informa.com.au Tue Aug 7 22:51:44 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Wed, 8 Aug 2001 08:51:44 +1000 Subject: [LINK] E-books said to be "utterly unneeded" Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573AB6@EXCHANGE_AU> Frank, >the pricing of product is ridiculously expensive compared to paper product (it should >be so much cheaper.) The price difference is even greater when you take into account the restriction of purchaser's rights ... ie, you don't buy an e-book, you license it; you can't resell it to a second-hand bookshop; it's probably illegal to give it away or lend it to a friend; and you can't guarantee that an e-book you own and read today will still be on your shelf and available to your children in 20 years' time. Publishers are keen on e-books *because* they offer the chance to ratchet up the revenue streams - the idea of a pay-per-view, for example. As for usability ... for some reason, both e-books and their advocates consistently gloss over research which consistently rates print ahead of screen for readability and comprehension. (Empirical evidence: how many times do we see Link debates get overheated because someone misread or misunderstood something?) But for me, the big issue remains the curtailment of my rights. I don't want to claim some unfettered right to copy everything, nor do I advocate the abandonment of copyright. But I do want to OWN the things I purchase... Richard Chirgwin "It's easy to be blinded by their essential uselessness by the sheer achievement of getting them to work at all. In other words - and this is the rock-solid foundation on which the [Sirius Cybernetics Corporation] is built - their fundamental design flaws are obscured by their superficial design flaws." Douglas Adams, So Long and Thanks for All the Fish. -----Original Message----- From: Frank O'Connor [mailto:foconno1@bigpond.net.au] Sent: Tuesday, 7 August 2001 22:20 To: Tony Barry Cc: link@www.anu.edu.au Subject: Re: [LINK] E-books said to be "utterly unneeded" Mmmm ... you picked another turkey long before the market did. They should get you into the product testing process before they go ahead with developing these things. It'd save them a heap of unnecessary expense. :) On the e-book fiasco ... Mmmm. Three or four different and incompatible standards ... all of which have tiny title ranges, I find HTML so much more readable and accessible, the copy protection process is a really inconvenient one, and the pricing of product is ridiculously expensive compared to paper product (it should be so much cheaper.) And besides that ... like many others ... I prefer hard copy for serious relaxation and browsing. I think they better go back to the drawing board with the concept before its a goer with Joe Public. Regards, At 6:24 PM +1000 7/8/01, Tony Barry wrote: >Linkers > >I hate to say "I told you so" ... :-) > >Tony > >E-BOOKS SAID TO BE "UTTERLY UNNEEDED" >According to publishing consultant Jim Lichtenberg, the e-book business is >floundering: "There's no standardization in technology. It's all a big >mess. This is like having a car in 1905. It breaks down constantly, which >means you have to travel with your own mechanic--and since there are no >roads, there's nowhere to go anyway." Prize-winning novelist Kurt Vonnegut >agrees: "The e-book is a ridiculous idea. The printed book is so >satisfactory, so responsive to our fingertips. So much of this new stuff is >utterly unneeded." But a spokesman for Random House [see Honorary >Subscriber section below] thinks that reports of the demise of the e-book >is greatly exaggerated, and that its potential is yet to be realized.(Los >Angeles Times 6 Aug 2001) >http://www.latimes.com/business/la-080601ebooks.story >-- >phone +61 2 6241 7659 >mailto:me@Tony-Barry.emu.id.au >http://purl.oclc.org/NET/Tony.Barry -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From lannet@lannet.com.au Tue Aug 7 22:59:48 2001 From: lannet@lannet.com.au (Howard Lowndes) Date: Wed, 8 Aug 2001 08:59:48 +1000 (EST) Subject: [LINK] [Esa-l]Adobe PDF files can be used as virus carriers (fwd) Message-ID: Just when you thought .pdf files might be safe from virii, welcome to the latest bombshell. -- Howard. LANNet Computing Associates Contact detail at http://www.lannetlinux.com ---------- Forwarded message ---------- Date: Tue, 7 Aug 2001 14:26:08 -0700 (PDT) From: John D. Hardin To: Email Security Announce list Subject: [Esa-l]Adobe PDF files can be used as virus carriers (fwd) Oh, joy. How do we deal with *this*? -- John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/ jhardin@impsec.org pgpk -a finger://gonzo.wolfenet.com/jhardin 768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- In 1998 more than three times as many people in the US were killed by incompetent physicians than were killed by handguns, yet the President of the A.M.A. is adopting "gun safety" as his platform. ----------------------------------------------------------------------- 1183 days until the Presidential Election ---------- Forwarded message ---------- Date: Tue, 7 Aug 2001 11:44:20 -0400 From: Richard M. Smith To: bugtraq@securityfocus.com Subject: Adobe PDF files can be used as virus carriers Hello, This is an interesting development. Zulu, a virus writer from South America, appears to have discovered that Adobe PDF files can be used to carry computer viruses. The attached description gives the details. His little trick uses a PDF file to bypass the new security feature of Outlook which automatically deletes dangerous file attachments. With this security feature, all VBScript attachments are deleted because they might be computer viruses. However with Zulu's trick, a malicious VBScript file can instead be hidden inside a PDF file which Outlook considers safe. I don't believe that the anti security research and reverse engineering provisions of the DCMA apply here, but given Adobe's recent action against Dmitry Sklyarov, I recommend a bit of caution by anyone looking into this potential security problem in Adobe Acrobat Reader. A conversation with a lawyer might be prudent. Another interesting question is if Adobe formatted eBooks can also act as computer virus carriers. Richard M. Smith CTO, Privacy Foundation http://www.privacyfoundation.org ==================================================================== http://www.coderz.net/zulu/outlook.pdfworm.txt Virus Name: OUTLOOK.PDFWorm Author: Zulu Origin: Argentina VBScript worm. It uses OUTLOOK to send itself in a PDF (portable document format) file (first using this file type). When opened using Acrobat it will show an image with a minor game. Showing the solution to this game involves doing a double click to a file annotation, which after a warning will run a VBS, VBE or WSF file (depending of the worm version). The VBScript file will create and show a JPG file with the solution to the game and it will try to find the PDF file to spread it. This is necessary because when the link is used, Acrobat will create the VBS, VBE or WSF file in Windows' temporary directory and it will run this file, so this VBScript file doesn't know the path of the PDF file to spread. Then it will start the spreading code using a way of using OUTLOOK not seen before in any worm (spreading details can be found in the features section of this file). The password for changing the security options of the PDF file is "OUTLOOK.PDFWorm". This worm is designed to be a proof of concept, it has bad spreading capabilities, only the necessary to be called a worm. Also, because file annotations are only available in the full version of Acrobat, this worm will not run in Acrobat Reader. Features: - Uses the PDF extension, not seen before in any virus/worm. - OUTLOOK spreading using new code, not the classic Melissa's code and it's variations like the one from Freelink. This new method will get addresses from the recipients of all emails in any OUTLOOK folder and from all address book entries (but taking the first three addresses of each contact, not just the first like most OUTLOOK worms). This new method is based in the possibility of reaching contacts from OUTLOOK folders instead of using the objects designed to read address books. So the code will look inside all OUTLOOK folders, and if the items inside them are emails or contacts, it will get those addresses. Subject, body and attachment name will be selected from some random choices. Also, it will limit the amount of emails to 100. It will be run only once in each computer since it uses the registry to check if it was already run. - Good social engineering. I even think that this PDF file would be manually sent by many of those users that are never tired of sending stupid jokes. :) - To find the PDF file, if Word is installed it will use it to do the search, if Word is not installed, it will search for the file using VBScript code looking in many common paths and all subdirectories of those paths. Both methods will look for PDF files with their size similar to the original worm copy. - Uses script encoding (in version 1.1 and 1.2). - The VBScript file shows a JPG file when run, so it will show what the user expects. Background information: I was starting another project, much bigger and with good spreading capabilities. But that was very delayed because of time problems, so I decided to try with PDF files first and then continue with the other worm when I have time. I saw four possibilities: - Using JavaScript with "mailMsg" method. It would only work in the full version of Acrobat. By using the "mailMsg" method (which uses MAPI) I could send an email message when the document is opened (page open action). But the problem was that I was not able of getting email addresses to send the message to. - Using the Acrobat menu. It would only work in the full version of Acrobat. I could use the "Send Mail..." menu option, calling it when the document is opened (page open action). That would open a window from the default email client with the attachment already added. Here the problem was how to send the necessary keys to send the message that was already opened in that window. - Using open file action. It would work in Acrobat and in Acrobat Reader. It displays a warning. By creating an open file action when the document is opened I could run any file with any code inside it. But the problem was that I had no file to run. This method could work for a trojan that runs "FORMAT.COM", but not for a worm. - Using a file annotation. It would only work in the full version of Acrobat. It displays a warning. Creating a file annotation with my file embedded inside the PDF file I could run my code. Acrobat would create the embedded file in the temporary directory and it would run the file from there. This has two problems. One was knowing the path of the PDF file, this was solved by searching the file in the hard disk since looking in the task name would only give the file name, not the full path. The other problem is that it's not possible to open a file annotation automatically when the PDF file is opened since there is no action to do that and it seems that there is no way of getting the file using JavaScript code, so it was necessary that the user manually double clicked the file annotation. This last problem was not solved. _______________________________________________ E-mail Security Announce list mailing list E-mail Security Announce list@spconnect.com http://www.spconnect.com/mailman/listinfo/esa-l From NSMITH@nla.gov.au Tue Aug 7 23:04:16 2001 From: NSMITH@nla.gov.au (Nick Smith) Date: Wed, 8 Aug 2001 09:04:16 +1000 Subject: [LINK] E-books said to be "utterly unneeded" Message-ID: <35A0BC67FA1AD311B18E0090277A418703BC40D6@mirkwood.nla.gov.au> It's a little early to tell, wouldn't you say? There's a big difference between a technology that develops slowly and a technology that the market ignores and will disappear forever (such as WAP). Let's have this conversation again in 5 years. When you're developing a product to supplant another product that has been successful for 500 years (and even thousands of years depending on how you define the book), you have to give it time. I expect that there will be a significant parallel market for paper books for at least 20 years (maybe 30 or 40) and there will always be a niche market for paper books. It's premature to say that the e-book has flatlined simply because Publishing Consultant, Jim Lichtenberg and Kurt Vonnegut say so. AKAIK KV has given retired from *all* writing. Timequake was his last novel. Hardly someone looking to the future. The article itself is interesting. 'This is like having a car in 1905.' And look where the car is now. Despite the fact that horses are so satisfactory and responsive to our fingertips... Nick -- ========================================================= Nick Smith Executive Officer :: Australian Digital Alliance Copyright Advisor :: Australian Libraries Copyright Committee PO Box E202 \\ Kingston ACT 2604 Ph: 02 6262 1273 \\ Fax: 02 6273 2545 Email: nsmith@nla.gov.au \\ Web: www.digital.org.au ========================================================= > ---------- > From: Frank O'Connor[SMTP:foconno1@bigpond.net.au] > Sent: Tuesday, 7 August 2001 22:19 > To: Tony Barry > Cc: link@www.anu.edu.au > Subject: Re: [LINK] E-books said to be "utterly unneeded" > > Mmmm ... you picked another turkey long before the market did. They > should get you into the product testing process before they go ahead > with developing these things. It'd save them a heap of unnecessary > expense. :) > > On the e-book fiasco ... Mmmm. Three or four different and > incompatible standards ... all of which have tiny title ranges, I > find HTML so much more readable and accessible, the copy protection > process is a really inconvenient one, and the pricing of product is > ridiculously expensive compared to paper product (it should be so > much cheaper.) And besides that ... like many others ... I prefer > hard copy for serious relaxation and browsing. > > I think they better go back to the drawing board with the concept > before its a goer with Joe Public. > > Regards, > > At 6:24 PM +1000 7/8/01, Tony Barry wrote: > >Linkers > > > >I hate to say "I told you so" ... :-) > > > >Tony > > > >E-BOOKS SAID TO BE "UTTERLY UNNEEDED" > >According to publishing consultant Jim Lichtenberg, the e-book business > is > >floundering: "There's no standardization in technology. It's all a big > >mess. This is like having a car in 1905. It breaks down constantly, which > >means you have to travel with your own mechanic--and since there are no > >roads, there's nowhere to go anyway." Prize-winning novelist Kurt > Vonnegut > >agrees: "The e-book is a ridiculous idea. The printed book is so > >satisfactory, so responsive to our fingertips. So much of this new stuff > is > >utterly unneeded." But a spokesman for Random House [see Honorary > >Subscriber section below] thinks that reports of the demise of the e-book > >is greatly exaggerated, and that its potential is yet to be realized.(Los > >Angeles Times 6 Aug 2001) > >http://www.latimes.com/business/la-080601ebooks.story > >-- > >phone +61 2 6241 7659 > >mailto:me@Tony-Barry.emu.id.au > >http://purl.oclc.org/NET/Tony.Barry > > > -- > ************************ > Apathy is a great cause for concern > ... but who cares? > ************************ > From foconno1@bigpond.net.au Tue Aug 7 23:33:34 2001 From: foconno1@bigpond.net.au (Frank O'Connor) Date: Wed, 8 Aug 2001 09:33:34 +1000 Subject: [LINK] Ask not: "For whom the bell tolls?" In-Reply-To: References: <3B707702.16136.B7F6A22@localhost> Message-ID: Mmmm It's a bit tough to refute something that has never been specified, except in VERY general terms (ie. 'There's a security hole in Red Hat LINUX'), that cannnot be validated or substantiated one way or the other because it has not been specified and that the author of the comment refuses to specify or expand on ... but continues to blithely mention without substantiating. LINK is a list that's respected ... but it will only continue to maintain that respect if we don't become perceived as unsubstantiated rumour mongers and are willing to support and substantiate any product assertions and opinions we may make. Otherwise we're just another FUD marketing list, and perhaps should give it all up. Otherwise we get into "Are you sure the sky is falling Chicken Little?" types of arguments ... and personally I find that unproductive and a waste of time. I have no axe to grind with respect to LINUX one way or the other ... I've used it, it's OK, it seems to work as advertised, and as a server OS for specific tasks and applications it's a good alternative to some of the mainstream ones. That said it is in use by a number of sites on the Net, and IF there is an undocumented security hole in it then detailed information on that security hole should be made available before one is going to assert that it exists. Otherwise, it's just unsubstantiated FUD and can safely be filtered to my Trash. Regards, At 8:15 AM +1000 8/8/01, Richard Archer wrote: >At 11:17 PM +1000 7/8/01, Russell Ashdown wrote: > >>the Link List IS held in such >>high regard by many professionals both in Australia and elsewhere >>in the world. > >Thus Robin's point. By posting his messages to the Link list the high >regard for the usual content of the list "rubs off" on Adam's totally >undeserving postings. > >The only possible option is for people who understand the topics Adam >is discussing to post refutations to Adam's factually incorrect remarks >to ensure people reading the thread and the archive are aware that >Adam's remarks are not accepted as correct by the list. Then of course >Adam posts even more messages in response which all need to be refuted >as well. It's not long before the thread degenerates into a tit for tat >flame war covering no new ground and with none of the postings being up >to the standard we expect from a Link posting. > >Simply filtering Adam's posts to the trash is unacceptable, as that >leaves Adams remarks standing unrefuted both on the list and in the >archive. > >While it is true that Link is a free and open forum, it is held in high >regard simply because the overall content of postings is of high >quality. I personally would regret the inevitable decline of the >quality of Link postings if it became necessary to respond to each of >Adams postings refuting his rambling arguments, but I will post such >messages if necessary. > >Fortunately Adam's postings rarely contain anything of a factual nature. > > >>except, that if it is true that Adam or anyone else for that matter >>has been summarily excluded from any list, I can be sure that that >>list would be the worse for it. > >I can categorically assure you that the list Adam was banned from was >not the worse for the event. > >The list was the IIA's DNS discussion list back in 1998. The DNS list >was created to discuss the formation of ADNA and to canvass opinion on >the direction of the .AU domain. > >At the time Adam was heavily involved in AURSC, which was a similar >thing to the registry running the .sex root domain now, where there are >many new top-level-domains but you have to configure your machine to >use their name servers. I'll leave discussion of the merits of >splitting the DNS into many self-contained and overlapping entities for >another time. > >Anyway, Adam invited a couple of his alternate-DNS friends along to >this mailing list, presumably for moral support. > >Between them Adam Todd, Jim Fleming and Jeff Williams posted 366 >messages to the DNS list in the 6 weeks prior to it's demise. In the >one week from 16 June to 23 June they posted an amazing 193 messages to >the list. Add to those messages the subsequent replies and flames and >believe me, the list was *busy*. And the sad fact is the messages posted >by these three were completely off-topic, off-charter and, IMHO, >designed purely to lead the discussion astray. The few people who were >trying to discuss the AU DNS reform were completely drowned out by the >deluge of "junk" posts. > >As a result, the list members voted to create a new list excluding Todd. >This was done and the discussion got back on-track and the list happily >chugs along to this day. > >I'd be happy to send anyone a zipped archive of the list traffic during >that time... just ask :) > > ...Richard. -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From Hans.Groenewegen@infotech.monash.edu.au Tue Aug 7 23:07:01 2001 From: Hans.Groenewegen@infotech.monash.edu.au (Hans W. Groenewegen) Date: Wed, 08 Aug 2001 09:07:01 +1000 Subject: [LINK] Ask not: "For whom the bell tolls?" References: <3B707702.16136.B7F6A22@localhost> Message-ID: <3B707495.349BEF3B@lib.monash.edu.au> Thank you for that, Russell. I believe that the vehemence of Robin's reply to Adam was unwarranted and offensive. Hans. Russell Ashdown wrote: > > I am at a loss to understand the reason for the vitriol being spewed > from the postings of an individual I had previously held in some > regard. But, having read the post, I was not at all surprised to > hear the other member of the "Adam Todd Hate Society" chirp in. > > "The organ grinder plays the tune and the monkey dances." > > To propose to the Link List that any poster be censored is a denial > of the purpose for which (I think) the Link List exists - not only > exists, but a denial of the reason that the Link List IS held in such > high regard by many professionals both in Australia and elsewhere > in the world. It is a free forum of ideas for professionals and others, > allowing a free exchange and debate of current issues. > > It is because of the vitriolic posting of Robin Whittle and the > goading follow-up by Rick Welykochy that I am compelled to post > this document in defence of Adam Todd's right to post, not > necessarily in defence of his various postings. > > In my opinion, such vitriolic responses to posts that the respondent > finds personally disagreeable are naive and counter productive. In > the words of Viscount St. Albans: "The punishing of wits enhances > their authority, and a forbidden writing is thought to be a certain > spark of truth that flies up in the faces of them who seek to tread > on it. > > Whether Adam Todd was or was not banned from a list, I for one > would not know, and for all that it matters, I don't care a hoot; > except, that if it is true that Adam or anyone else for that matter > has been summarily excluded from any list, I can be sure that that > list would be the worse for it. For all the presumed high ideals > brought to bear to excuse the censoring of individuals, when it > comes to the crunch, it is nothing less than suppression of the > thoughts of one by another. In presuming to censor, the list has > certainly devalued discussion and debate and in my view, such a > list would not be worth participating in. > > While Robin Whittle may disagree with the postings of Adam Todd, > he seems unable to respond other than in an acrimonious and > sarcastic manner which to my mind destroys his credibility. > > The word censor is defined as an active participant in the deletion > of facts that are harmful to their cause: Writers of such > acrimonious posts are no better than blundering clowns of the first > order, but they are feeding an environment of intolerance that, in > effect, promotes the crushing of ideas, instead of meeting them in > the marketplace of ideas with better ones. Perhaps they can think > of no better ideas to put forth in contradiction of the positions they > are attempting dispute? No doubt this is the reason behind much > of the caustic vitriol: No real idea of how to respond intellectually. > To quote Dieter Hildebrandt - "Censorship is secret > recommendation through public prohibition". > > To those of you who believe that this is none of your business, > since it does not affect you, I will remind you of the Roman slogan > 'Hodie mihi, cras tibi' ('Me today, you tommorrow'). Who is the next > one to be censored? You? > > Russell Ashdown > > "I may disagree with what you say but I will defend to the death > your right to say it." Lets get on with the debate and allow ALL to > be heard. -- Hans W. Groenewegen, Tel.: +61 3 9905 2672 Deputy University Librarian, Fax : +61 3 9905 2610 Monash University Library, Wellington Road. E-mail: Clayton. Victoria 3168. hans.groenewegen@lib.monash.edu.au Australia ---------------------------------------------------------------- From foconno1@bigpond.net.au Tue Aug 7 23:42:09 2001 From: foconno1@bigpond.net.au (Frank O'Connor) Date: Wed, 8 Aug 2001 09:42:09 +1000 Subject: [LINK] E-books said to be "utterly unneeded" In-Reply-To: <35A0BC67FA1AD311B18E0090277A418703BC40D6@mirkwood.nla.gov.au> References: <35A0BC67FA1AD311B18E0090277A418703BC40D6@mirkwood.nla.gov.au> Message-ID: Mmmm ... but that was Tony's original point (12-18 months ago). The bottom line is that the marketers didn't really think this incarnation of the e-book through, that the licensing and other copy protection provisions are needlessly restrictive, that it fails (at the moment) to compete on features like price and convenience with its paper based counterpart, and that broadly speaking the e-book software fails on a number of features that one would regard as standard in the average paper book alternative. The bottom line is that the marketers saw an opportunity to 'get something for nothing' and failed to seriously think the product through. I have no doubt that within five or 10 years e-books will be popular ... but Joe Public will have to be weaned onto them, they will have to provide a much more useful feature set (compared to their paper alternatives, the pricing and licensing needs to be seriously examined and the marketers need to seriously look at 're-adjusting' their product specifications before it becomes a better alternative than paper on a cost-benefit and convenience analysis. Regards, At 9:04 AM +1000 8/8/01, Nick Smith wrote: >It's a little early to tell, wouldn't you say? > >There's a big difference between a technology that develops slowly and a >technology that the market ignores and will disappear forever (such as WAP). > >Let's have this conversation again in 5 years. When you're developing a >product to supplant another product that has been successful for 500 years >(and even thousands of years depending on how you define the book), you have >to give it time. I expect that there will be a significant parallel market >for paper books for at least 20 years (maybe 30 or 40) and there will always >be a niche market for paper books. > >It's premature to say that the e-book has flatlined simply because >Publishing Consultant, Jim Lichtenberg and Kurt Vonnegut say so. AKAIK KV >has given retired from *all* writing. Timequake was his last novel. Hardly >someone looking to the future. > >The article itself is interesting. 'This is like having a car in 1905.' And >look where the car is now. Despite the fact that horses are so satisfactory >and responsive to our fingertips... > >Nick >-- >========================================================= >Nick Smith >Executive Officer :: Australian Digital Alliance >Copyright Advisor :: Australian Libraries Copyright Committee >PO Box E202 \\ Kingston ACT 2604 >Ph: 02 6262 1273 \\ Fax: 02 6273 2545 >Email: nsmith@nla.gov.au \\ Web: www.digital.org.au >========================================================= > >> ---------- >> From: Frank O'Connor[SMTP:foconno1@bigpond.net.au] >> Sent: Tuesday, 7 August 2001 22:19 >> To: Tony Barry >> Cc: link@www.anu.edu.au >> Subject: Re: [LINK] E-books said to be "utterly unneeded" >> >> Mmmm ... you picked another turkey long before the market did. They >> should get you into the product testing process before they go ahead >> with developing these things. It'd save them a heap of unnecessary >> expense. :) >> >> On the e-book fiasco ... Mmmm. Three or four different and >> incompatible standards ... all of which have tiny title ranges, I >> find HTML so much more readable and accessible, the copy protection >> process is a really inconvenient one, and the pricing of product is >> ridiculously expensive compared to paper product (it should be so >> much cheaper.) And besides that ... like many others ... I prefer >> hard copy for serious relaxation and browsing. >> >> I think they better go back to the drawing board with the concept >> before its a goer with Joe Public. >> >> Regards, >> >> At 6:24 PM +1000 7/8/01, Tony Barry wrote: >> >Linkers >> > >> >I hate to say "I told you so" ... :-) >> > >> >Tony >> > >> >E-BOOKS SAID TO BE "UTTERLY UNNEEDED" >> >According to publishing consultant Jim Lichtenberg, the e-book business > > is > > >floundering: "There's no standardization in technology. It's all a big > > >mess. This is like having a car in 1905. It breaks down constantly, which >> >means you have to travel with your own mechanic--and since there are no >> >roads, there's nowhere to go anyway." Prize-winning novelist Kurt >> Vonnegut >> >agrees: "The e-book is a ridiculous idea. The printed book is so >> >satisfactory, so responsive to our fingertips. So much of this new stuff >> is >> >utterly unneeded." But a spokesman for Random House [see Honorary >> >Subscriber section below] thinks that reports of the demise of the e-book >> >is greatly exaggerated, and that its potential is yet to be realized.(Los >> >Angeles Times 6 Aug 2001) >> >http://www.latimes.com/business/la-080601ebooks.story >> >-- >> >phone +61 2 6241 7659 >> >mailto:me@Tony-Barry.emu.id.au >> >http://purl.oclc.org/NET/Tony.Barry >> >> >> -- >> ************************ >> Apathy is a great cause for concern >> ... but who cares? >> ************************ >> -- ************************ Apathy is a great cause for concern ... but who cares? ************************ From ddb@adminserver.canberra.edu.au Tue Aug 7 23:53:39 2001 From: ddb@adminserver.canberra.edu.au (Darrell Burkey) Date: Wed, 08 Aug 2001 09:53:39 +1000 Subject: [LINK] Telstra Dedicated Modem and Optus Cable modem installation References: <3B6E4BDE.23C8D98@firstpr.com.au> Message-ID: <3B707F83.79449D39@adminserver.canberra.edu.au> Glad to see someone document this. It is a fairly standard method to create a commercial grade permanent connection to the net that many people are not aware of. Essentially you become your own ISP and this is in fact exactly how an ISP does connect to the net. I too have been very pleased with the service for over two years and now use this method for non-profit and community groups who need the reliability and performance of a permanent connection that can be used for anything they like. I have been doing this work with a group called Computing Assistance Support and Assistance (CASE) http://www.case.org.au and have a paper about the technique online that might supplement Robin's paper nicely. It's an explanation of the difference between a dial-up and a permanent connection and why/why not someone might want to go down this path. I tried to write it for the average non technical type of person but I'm not sure if I succeeded given the complexity of the topic. The paper is located at: http://www.case.org.au/docs/connect.htm for those interested. Robin Whittle wrote: > > Dear Linkers, > > Since July 1997, I have been very happy with the cost-effective, > super-reliable Telstra Internet Dedicated Modem service. Now I have > described how I connect my RedHat 7.1 system and LAN to this excellent > service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Darrell Burkey Ph +61 2 6201 5042 IT Systems Training Officer Fax +61 2 6201 5391 Corporate Services Division Mbl 0408 622 647 University of Canberra, ACT 2601 www.canberra.edu.au AUSTRALIA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "University of Canberra 30 Years Making The Difference" From carl@xena.ipaustralia.gov.au Wed Aug 8 00:02:10 2001 From: carl@xena.ipaustralia.gov.au (Carl Makin) Date: Wed, 8 Aug 2001 10:02:10 +1000 (EST) Subject: [LINK] Code Red worm In-Reply-To: Message-ID: On Tue, 7 Aug 2001, Anthony Healy wrote: > If such an overly long string is successfully submitted, then the excess > part of the string, which the application is not expecting, can be made to > do things it has no business doing. In that case, the data in the excess > part of the string functions not as a string, but as something else. And > here I'm not sure what goes on. There is a very good paper at; http://www.mcs.csuhayward.edu/~simon/security/boflo.html "A Comparative Analysis of Methods of Defense against Buffer Overflow Attacks" That includes; ------------ Cut Here -------------- 2. What is a Buffer Overflow Attack? A buffer overflow occurs in a program when the program stores more information in an array, the buffer, than the space reserved for it. This causes the areas adjacent to the buffer to be overwritten, corrupting the values previously stored there. Buffer overflows are always programming errors which are typically introduced into a program because the programmer failed to anticipate that the information copied into the buffer by the program may exceed its size. Unfortunately, as we shall soon see, buffer overflow programming errors are quite common because of certain widely used and dangerous C programming practices. Once a buffer overflow vulnerability is present in a program inadequate testing may not uncover it, so that the vulnerability may lurk in the program hidden , undiscovered and silent for years. This potentially opens up the program to be the target of a sudden attack which exploits the vulnerability to gain unauthorized access to a system. A buffer overflow may happen accidentally during the execution of a program. When this happens, however, it is very unlikely that it will lead to a security compromise of the system. Most often the clobbering of information in areas adjacent to the buffer will cause the program to crash or produce obviously incorrect results. In a buffer overflow attack, on the other hand, the objective of the attacker is to use the vulnerability to corrupt information in a carefully designed way in order to execute attack code previously planted by the attacker. If this succeeds, the attacker effectively hijacked the control of the program. Once control is transferred to the attack code, it grants unauthorized access to the attacker. Typically the attack code just spawns a shell, which allows the attacker to execute arbitrary commands on the system. ------------ Cut Here -------------------- See also; http://commons.somewhere.com/buzz/2000/Definition.Buffer.Overfl.html and http://docs.linux.cz/secure-programs/Secure-Programs-HOWTO-5.html and for those that want *more* detail; http://www.deathfield.com/info/papers/buffer2.htm "Writing buffer overflow exploits - a tutorial for beginners" where the author goes through creating one step by step. Carl. From cas@taz.net.au Wed Aug 8 00:44:49 2001 From: cas@taz.net.au (Craig Sanders) Date: Wed, 8 Aug 2001 10:44:49 +1000 Subject: [LINK] E-books said to be "utterly unneeded" In-Reply-To: <9BD4AE8C2EB1D311982700508BA2498901573AB6@EXCHANGE_AU> References: <9BD4AE8C2EB1D311982700508BA2498901573AB6@EXCHANGE_AU> Message-ID: <20010808104449.A15351@taz.net.au> On Wed, Aug 08, 2001 at 08:51:44AM +1000, Chirgwin, Richard wrote: > > the pricing of product is ridiculously expensive compared to paper > > product (it should be so much cheaper.) > > The price difference is even greater when you take into account the > restriction of purchaser's rights ... ie, you don't buy an e-book, you > license it; > you can't resell it to a second-hand bookshop; that limitation is hard to avoid. unless you have an original publisher's CD containing the e-book, there's no way to distinguish a copy from an original. > it's probably illegal to give it away or lend it to a friend; probably true, but unenforcable. > and you can't guarantee that an e-book you own and read today will > still be on your shelf and available to your children in 20 years' > time. because proprietary file formats generally don't last more than a few years. fortunately, for any given proprietary format it is almost inevitable that someone will figure out a method for converting it to an open format. > Publishers are keen on e-books *because* they offer the chance to > ratchet up the revenue streams - the idea of a pay-per-view, for > example. fortunately, that idea is as doomed as any other idea based on digital content protection. there is no such thing as security when the users have physical access to the media and the player. copy protection schemes don't stop anyone from copying anything. digital watermarking is nothing but high-tech snake oil. "content-scrambling system" is a cryptographic joke. etc. > As for usability ... for some reason, both e-books and their advocates > consistently gloss over research which consistently rates print ahead > of screen for readability and comprehension. (Empirical evidence: > how many times do we see Link debates get overheated because someone > misread or misunderstood something?) that's an important point. reading a paper book using reflected light is so much easier on the eyes than reading a screen with emitted light...especially if the ebook readers do the standard-but-stupid thing of using black text on a white background (this is one of the main reasons i don't like using GUI applications - too much white glare). > But for me, the big issue remains the curtailment of my rights. I > don't want to claim some unfettered right to copy everything, nor do I > advocate the abandonment of copyright. But I do want to OWN the things > I purchase... precisely. i would quite happily download & purchase an e-book in the morning before i got on the tram to work IFF i had the same rights to it as i do with a printed book, and if the purchase price reflected the difference in publishing costs (i.e. without expensive printing and distribution costs, the price should be much lower than for a real book). $3 to $5 would be perfectly reasonable for tram-fodder. one book would probably last 2 to 4 half-hour tram trips, adding about $1 per day to my transport costs. (and if there were ebook terminals on trams, i could buy another book when i finished the current one saving me from staring at the same boring view out the window :) i'd store all my purchased e-books on my computer (backing them up to tape along with all my other data as a safeguard against disaster) and transfer them to an e-book player as i needed them....or sometimes i'd read them on my computer because my monitor will undoubtedly be better than an ebook display. i wouldn't want to buy a dedicated ebook player, though. i'd prefer to have something like a palm pilot which happened to be capable of displaying ebooks (as well as an mp3 player module, and a mobile phone module). in short, the idea/technology itself isn't a dud - it's the business model which dooms it to failure. as for "copyright", it's either dead or mortally wounded. i'd like to see the whole intellectual property system either scrapped or reinvented from scratch. it doesn't work any more, it doesn't serve the need it was created for (i.e. to encourage creativity by granting a limited term monopoly to creators) and it is subject to enormous abuse (e.g. software patents in the US, perpetual extension of copyright by adding 15 years to it every 10 years or so, theft/conversion of the english language to private property by trademarking every word and phrase). craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From Fred.Pilcher@act.gov.au Wed Aug 8 01:12:25 2001 From: Fred.Pilcher@act.gov.au (Pilcher, Fred) Date: Wed, 8 Aug 2001 11:12:25 +1000 Subject: [LINK] Ask not: "For whom the bell tolls?" Message-ID: <9F7F0A389219D411BDA900A0C9F2D6140430EE8E@cal013.dpa.act.gov.au> Hans responded to Russell, saying: > Thank you for that, Russell. I believe that the vehemence of Robin's > reply to Adam was unwarranted and offensive. Robin's postings are usually models of decorum, rationality and value. Surely LINK can tolerate, even welcome, the odd deviation from one such? Fred From brd@austarmetro.com.au Wed Aug 8 01:36:20 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Wed, 08 Aug 2001 11:36:20 +1000 Subject: [LINK] Code Red worm References: Message-ID: <3B709794.7308DD67@austarmetro.com.au> OK, we have established that a buffer overflow occurs when more data is put into a space than it was designed to hold, and the excess code is subsequently executed as code. Would it not be a good idea for an operating system to separate code and data? Like in some of the operating systems I programmed in the mid 1970s? Windows is still a toy operating system and it sometimes worries me that the world is becoming so dependent on such a poorly architected environment, and that includes both the hardware and software. The 1970s systems had separate registers for the operating system and user space. A benefit for both security and performance. -- Windows is a 32 bit addon to a 16 bit GUI running on an 8 bit extension to a 4 bit O/S made by a 2 bit company that can't stand 1 bit of competition. -- unknown Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From brd@austarmetro.com.au Wed Aug 8 02:40:50 2001 From: brd@austarmetro.com.au (Bernard Robertson-Dunn) Date: Wed, 08 Aug 2001 12:40:50 +1000 Subject: [LINK] Goverment gambling on an SMS future Message-ID: <3B70A6B2.897E1387@austarmetro.com.au> Goverment gambling on an SMS future By Cass Warneminde 07 August 2001 ZDNet http://www.zdnet.com.au/news/commentary/story/0,2000020822,20252953,00.htm If you need further proof of the Howard Government's hypocritical and fundamentally flawed approach to online gambling in Australia, take a look at the recent story "Telstra playing the SMS money game" . It outlines plans by the telco to introduce what it calls an SMS-aided "game". Respected industry analyst Paul Budde, however, has labelled it a form of gambling. I tend to agree with Budde on this one. Under the scheme, Telstra's mobile customers are able to sign up to play an interactive game based on television ratings winner "Who Wants to be a Millionaire". A cash prize of AU$100,000 is dangled in front of punters as they answer questions via SMS, and of course pay 30 cents a pop each time they do so. Claiming a user base of around five million Australians (who are world renowned for their love of a bet), it's no wonder the carrier is excited by the prospect of what promises to be quite a tidy little earner. Sounds like gambling to me. What irks me about this plan is that Howard is more than happy to send Australian online gambling operations offshore, rather than allow them to "further corrupt" our society, yet is more than happy to allow a plan like this one to go ahead. Basically, what Howard is saying is that if his technology-stifling Government doesn't get a piece of the pie, then nobody's allowed to eat. Do you think Telstra's plan would get a green light, or at least be free of the scrutiny placed on other electronic gambling forums, if the Government didn't own the majority of the company and is therefore able to pocket some of the proceeds? No way! Chalk up another one for the Federal Government's transparent policy of greed and ignorance. -- Here's something to think about: How come you never see a headline like "Psychic Wins Lottery." -- Comedian Jay Leno Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From Richard.Chirgwin@informa.com.au Wed Aug 8 02:49:13 2001 From: Richard.Chirgwin@informa.com.au (Chirgwin, Richard) Date: Wed, 8 Aug 2001 12:49:13 +1000 Subject: [LINK] Code Red worm Message-ID: <9BD4AE8C2EB1D311982700508BA2498901573AB9@EXCHANGE_AU> Bernard, >Would it not be a good idea for an operating system to separate code and >data? Alternatively, since everyone knows the operating system doesn't separate code from data, wouldn't it be good programming practice for application developers to do so? So that if a long string arrives in a short buffer, it can't get treated as code? (Happy to be shot by any app devs if there's a reason this is impossible.) Richard Chirgwin -----Original Message----- From: Bernard Robertson-Dunn [mailto:brd@austarmetro.com.au] Sent: Wednesday, 8 August 2001 11:36 To: Link Subject: Re: [LINK] Code Red worm OK, we have established that a buffer overflow occurs when more data is put into a space than it was designed to hold, and the excess code is subsequently executed as code. Would it not be a good idea for an operating system to separate code and data? Like in some of the operating systems I programmed in the mid 1970s? Windows is still a toy operating system and it sometimes worries me that the world is becoming so dependent on such a poorly architected environment, and that includes both the hardware and software. The 1970s systems had separate registers for the operating system and user space. A benefit for both security and performance. -- Windows is a 32 bit addon to a 16 bit GUI running on an 8 bit extension to a 4 bit O/S made by a 2 bit company that can't stand 1 bit of competition. -- unknown Regards brd Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au From jasonb@ce.com.au Wed Aug 8 03:13:44 2001 From: jasonb@ce.com.au (jasonb@ce.com.au) Date: Wed, 8 Aug 2001 13:13:44 +1000 (EST) Subject: [LINK] Code Red worm In-Reply-To: <3B709794.7308DD67@austarmetro.com.au> Message-ID: On Wed, 8 Aug 2001, Bernard Robertson-Dunn wrote: > OK, we have established that a buffer overflow occurs when more data is put > into a space than it was designed to hold, and the excess code is > subsequently executed as code. I believe Operating Systems vendors should take more responsibility with respect to buffer overflows. It is possible for an operating system to enforce policies to make it extremely difficult, if not impossible to exploit a buffer overflow. Unfortunately people will write bad code, and buffer overflows will continue to exist. However because a buffer overflow exists does not mean it should be possible to exploit that overflow. As Link is not a technical list I'm trying to keep this simple. I hope I don't go too far (or not far enough). -- Most modern languages store statically sized variables (or buffers) in the application stack, where dynamically allocated variables are usually stored in the application heap. Note that this is not necessarily the case for all languages (ie Java). Most buffer overflows occur when a statically sized variable (or buffer) is 'overflowed' with more data than the size allocation for that variable, and should only happen if the programmer has failed to ensure adequate bounds checking on that variable. As these statically sized variables are stored on the application stack, any overflow is also written to the stack. If this overflow should happen to include code and the appropriate registers, offsets and program counters it may be executed. As a result we have a classic exploit via buffer overflow. Note that for this overflow to occur it must be possible to execute code that is stored on the stack rather than in the application region or the heap. Operating systems can enforce a no-execute policy on the stack space, as a result making stack based buffer overflows impossible (or extremely difficult). The application will still crash, but an exploit should not occur. Unfortunately it seems most operating systems are not capable of enforcing a 'non-executable stack' policy and this includes the Microsoft platforms and most forms of Unix. There are patches available for Linux to solve this problem by enforcing a non-executable stack policy. If we are lucky these paches will eventually become a part of the standard linux kernel, and other vendors can implement similar capabilities in their own products. For Linux users look at the 'grsecurity' patches at http://www.getrewted.net/ also the lids patches at http://www.lids.org Similar patches may be available for other platforms. I am not aware of any. -- --- Jason Ball Electronic Commerce Specialist Corporate Express Australia Ltd Phone: +61 2 9335 0374 Fax: +61 2 9335 0753 Email: jason.ball@ce.com.au From gordon.keith@marine.csiro.au Wed Aug 8 03:18:57 2001 From: gordon.keith@marine.csiro.au (Gordon Keith) Date: Wed, 8 Aug 2001 13:18:57 +1000 Subject: [LINK] Code Red worm In-Reply-To: <3B709794.7308DD67@austarmetro.com.au> References: <3B709794.7308DD67@austarmetro.com.au> Message-ID: <01080813185703.13564@moo-hf> On Wed, 8 Aug 2001 11:36, Bernard Robertson-Dunn wrote: > Would it not be a good idea for an operating system to separate code > and data? Like in some of the operating systems I programmed in the > mid 1970s? Yes, but in this case it wouldn't be very useful as the problem is actually at a lower level, the machine architecture. The intel (et al) chip designs are based around the idea of using a program stack. Data local to procedures, the program counter and stack pointer are all placed on a single stack (one stack per process). Buffer overflow exploits involve overwriting the program counter on the machine stack. To use another method for procedure calls which used a separate stack to protect the program counter from data would be possible, but would require specially written compilers and would be much less efficient as you would have to program the software to do what is now done in hardware. It is possible to design hardware that is not succeptible to buffer overflows, it just wouldn't be compatible with existing intel code. Linux is just as prone as Windows to buffer overflows, on the same hardware. However, it limits the damage a buffer overflow can do, by limiting the access each process has. On windows, virtually all server processes run as root equivalent. Apache has much less buffer overflows than IIS because the code has undergone a lot more inspection. Regards Gordon From cas@taz.net.au Wed Aug 8 03:36:37 2001 From: cas@taz.net.au (Craig Sanders) Date: Wed, 8 Aug 2001 13:36:37 +1000 Subject: [LINK] Ask not: "For whom the bell tolls?" In-Reply-To: <3B707495.349BEF3B@lib.monash.edu.au> References: <3B707702.16136.B7F6A22@localhost> <3B707495.349BEF3B@lib.monash.edu.au> Message-ID: <20010808133637.D15351@taz.net.au> On Wed, Aug 08, 2001 at 09:07:01AM +1000, Hans W. Groenewegen wrote: > Thank you for that, Russell. I believe that the vehemence of Robin's > reply to Adam was unwarranted and offensive. adam todd's posts are unwarranted and offensive. i've been on several lists that he is on for several years now and i can't think of one instance where he has ever posted anything relevant or interesting. like many people on these lists, i've been ignoring him for years (unfortunately, kill-files don't work because you still have to see the replies to his inane comments). it seems that his sole reason for posting anything anywhere is for self-promotion (of either his business or his ego or both)...which gets very tiresome very quickly. i'm quite convinced that he doesn't care at all whether people are talking with him or telling him to shut up and go away - the only thing that matters is that he's getting some attention. based on my observations of his behaviour over the last few years, his general technique is to latch onto the current topic of conversation and use it as a vehicle to big-note himself. if nobody has paid any attention to him for a while, he will attempt to stir up activity by creating some event or lame protest or organisation....which generally gets ignored so he can later use it to smugly say "i tried to do something about months ago but everyone else was too lazy to get involved" as with his redhat security scare, he's not averse to making dramatic and mysterious claims and then refusing to substantiate them in any way. the air of mystery allows him to keep the whole thing alive much longer than it deserves. every country has their net.kooks and AT is one of ours, alas. looking on the bright side, he's strictly minor league compared to some of the net.kooks out there....while he's an annoying waste of time & bandwidth, he usually manages to be coherent (however this reduces the humour value of his kooky postings somewhat and presents the risk that newbies might mistake him for someone to be taken seriously). craig -- craig sanders Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch From rw@firstpr.com.au Wed Aug 8 03:47:58 2001 From: rw@firstpr.com.au (Robin Whittle) Date: Wed, 08 Aug 2001 13:47:58 +1000 Subject: [LINK] Ask not: "For whom the bell tolls?" References: <3B707702.16136.B7F6A22@localhost> Message-ID: <3B70B66E.21C2E7A0@firstpr.com.au> I am responding to parts of what Russell Ashdown wrote and continuing my arguments for why I believe Adam Todd should be prevented from writing to Link. Russell, I perceive your approach as reflecting trends which might be called "absolutism" regarding freedom of speech, and a simplistic characterisation of standards and limits in a mailing list as constituting "censorship". These trends, combined with a reluctance by mailing list owners (which is very understandable) to become involved in controlling who writes to the list, or in controlling what they write, means that there can be a vacuum of leadership and proper standards setting, which results in the degradation and misuse of mailing lists. I think all these contribute to low expectations of standards of conduct on lists and on the Net in general - so people overall expect less of themselves and of each other, and simply tolerate things which I think they should not tolerate. I agree that there is an advantage in a totally unmoderated, uncontrolled mailing list. In such a list, it is possible that the wildest abuses and the greatest excesses may occur - but this carries with it the advantage that you know for sure that no-one is being prevented (by list rules) from saying anything. So you can breath easily and assume you are getting the straight poop from everyone on the list, without them fearing exclusion or moderation by the list owner. But I think that there are other costs with such an approach. Firstly many people who might otherwise post or read the list do not, because of the low signal-to-noise ratio. Another cost - the one I am concerned about regarding Adam Todd's recent repetition of his serious and un-supported claims about Red Hat - is that such a policy enables the energy, prominence and credibility of the list to be used to give unwarranted power to the writings of anyone at all who chooses to post something to the list. In my view, the best approach for a list is a clearly stated set of principles which does not (to the mind of most or all potential "genuine" list members - however defined) constitute a barrier to freedom-of-speech within the defined topic areas of the list. Then, if these standards are enforced, the list can largely or entirely (if the list has per-message moderation) be protected from misuse - and so can fully support the discussions it is intended to carry. I assume that the Link mailing list has a formal or informal policy or guideline that it is not to be used for repeatedly making unsubstantiated allegations which have serious repurcussions beyond this list. This seems to me to be a common-sense assumption, but if I am wrong, then the fact should be formally admitted by Tony Barry and by people who think they know what the standards of this list are, or should be. Just because no such rule is formally stipulated does not mean that it does not, or should not exist. To formally state every common-sense rule, by anticipating a great variety of contrary behaviours, would be tiresome and impractical. Russell, if it is your understanding that Link has no limits and should have no limits on how it is used, then please state so explicitly. If someone posted to Link a hundred times a day, or a thousand, or posted large volumes of off-topic material, or material which offended you and others, or posted material which created legal and ethical problems for the list owner (such as by using the list to publish material which revealed private information, or which was in contempt of court, was libellous, gave away passwords, credit card numbers etc.), or material which instructed people on crime or other things you regard as anti-social (computer hacking, racist/sexist diatribes etc.) or in which they continued to do anything at all on a repeated basis against the wishes of the list owner and/or the majority or entirety of the current membership (including such atrocities as sentences which go on and on and on . . . . ) would you then be calling for that person to be prevented from posting to the list? I think you would. If so, then your apparent (to my understanding) position of absolutism regarding no limits on what can be posted to Link is not in fact the case. If so, then you do believe (as I do) that Link and any other decent mailing list should have standards and that people should be banned from writing to the list if they repeatedly violate those standards. If this is the case, then our disagreement is not about whether Link should have standards and should be able to exclude people, but whether or not Adam Todd (with his repetition of his Red Hat allegations) has in fact exceeded the limits which Link should properly have. If you and I agree that he has, then I think you would agree with me that he should be prevented from posting to the list. (Maybe give him another go after a few years - I like to think that people grow wiser over time.) > I am at a loss to understand the reason for the vitriol being spewed > from the postings of an individual I had previously held in some > regard. I thought I explained myself clearly. Quite a few people who wrote to me share my concerns. I also thought I was being rather polite about a person who I perceive as being primarily focused on disrupting other people's thoughts and discussions, rather than helping anyone achieve anything of substance. If people who know Adam Todd better than I do wrote to me with presumably well-informed