OSNews links to a Register story: Perens: 'Novell Is the New SCO'. “Often cast as the peacemaker in free software disputes, Bruce Perens is on the warpath. When we caught up with him, he wasn't in a mood to be charitable to Novell.”
“Novell is violating the GPL,” he tells us. “It's up to the Free Software Foundation, which owns the copyright, to pursue this. But the FSF owns the C library and the compiler outright. There isn't much Novell can do without either.”
Anticipate every press outlet will have a lot to say about this:
GrokLaw: “I've collected for you a representative sampling of reactions to the unfortunate Novell-MS alliance. First, my own: this is apparently some kind of a covenant not to sue, not a true cross licensing deal. I think that's how they plan to step over and around the GPL.”
Novell FAQ: “Because open source software is developed in a cooperative environment, some have expressed concerns that intellectual property protections could be compromised more easily in open source. Today's agreement between Novell and Microsoft provides confidence on intellectual property for Novell and Microsoft customers.”
InfoWorld
MaryJo Foley: “Reality check: Microsoft isn't waving the white flag”
Bruce Perens: “The timing of this agreement is significant. Microsoft and Novell are said to have been working on this agreement for some time, and sped up its announcement to take attention away from Oracle's recent announcement and to further depress Red Hat in the stock market… This entire agreement hinges around software patenting – monopolies on ideas that are burying the software industry in litigation – rather than innovation. If we've learned one thing from the rapid rise of Open Source, it's that intellectual property protection – the thing that Open Source dispenses with – actually impedes innovation. And the Novell-Microsoft agremeent stands as an additional impediment.”
Following my email implosion, I'm seriously considering dropping the native Mac Mail.app and using Thunderbird instead. Apples decision to go with a proprietary mail formal (emlx) rather than the standard mbox format (as an optimization for Spotlight searching) makes me a bit uncomfortable, and the serious Mail.app failure, hiding half my mail for two weeks, leaves me less confident that I can switch when I have to without losing information. Mail and its history is precious stuff.
MacOSXHints points to a converter to generate mbox files from the Apple emlx format.
In MacBook Shutdowns: Case (Finally) Closed?, Harry McCracken documents his trials and tribulations with getting his MacBook fixed. Apple doesn't seem to have been very forthcoming in admitting there was a problem. It appears the problem was with a defective sensor in a heatsink, but initial repairs were replacing the heatsink and the motherboard. Thousands suffered. Rumor mills flourished. Even a class-action lawsuit was started. It's so much better to get ahead of the press in admitting you've discovered a problem than to leave users in the dark. Some people get cranky.
Apple shipped their new MacBookPros this week, with Core 2 Duo processors, right along with Lenovo showing the Core 2 Duo CPUs on their ThinkPads. Which to pick? The “Think Different” company that make beautiful machines, or the tried-and-true-Blue Thinkpads? Sure, both ThinkPads and Macs burst into flames. It's not how you fail that matters, it's how you recover. (Links via Dan Gillmor’s Blog)
SANS Internet Storm Center, InfoCON: green is reporting New Internet Explorer and an old vulnerability, (Fri, Oct 20th). “As you probably know by now, Microsoft yesterday released the final version of Internet Explorer 7 …”
There was a great flap as Secunia grabbed the headlines by claiming that they had found a vulnerability in IE7. Not so, claims Microsoft! The vulnerability is in Outlook Express, installed by default on all Windows installations. And the flaw is a known one, seven months old. And it's unpatched.
So, how does a newer “secure” browser supporting an older, unpatched vulnerability, unfixed for over 200 days, mean we're more secure now?
SANS Internet Storm Center, InfoCON: green does a far more thorough job than I can of summarizing Microsoft patch tuesday – October 2006 STATUS, (Tue, Oct 10th). “Overview of the October 2006 Microsoft patches and their status.”
A really quick summary: exploits in asp.net, in an IE “safe” ActiveX control, PowerPoint, Excel, Word, MSXML, Office, Publisher, the Server service, IPv6 and the Object Packager (wow! Haven't used that since OLE 1.0!). MS06-056-065. Get Patching! Try OpenOffice.org. Try FireFox. Think Differently. Good luck.
OSNews is pointing to the story that Microsoft's SCO Involvement Revealed. “A declaration by SCO's backer, BayStar has revealed that the software Giant Microsoft had more links to the anti-Linux bad-boy. The declaration made by from BayStar general partner Larry Goldfarb has turned up as part of IBM's evidence to the court. Goldfarb says that Baystar had been chucking USD 50 million at SCO despite concerns that it had a high cash burn rate. He also claims that former Microsoft senior VP for corporate development and strategy Richard Emerson discussed “a variety of investment structures wherein Microsoft would 'backstop', or guarantee in some way, BayStar's investment”.
I don't think it's really a surprise that MSFT and SUN are behind the funding of SCO to take a poke at IBM and slow the adoption of Linux through FUD. If you'd like to learn more about this incredibly complex case, GrokLaw is the place to visit. But be warned: it's easy to be dragged into all the fascinating nooks and crannies of the case.
The real question for me is whether MSFT and SUN succeeded in their ventures. SUN has done a turn-around and is re-inventing themselves as the green company with better price/power/performance for the internet. MSFT has… almost shipped Vista. Linux, meanwhile, has moved, up, out and around, scaling to greater multi-CPU architectures, developing a better virtualization story, making huge progress in hardware compatibility, and fielding several worthy desktop competitors. LAMP is not a risky choice for IT; it's a question of which commercially-supported distributions and stacks to choose and ensuring the eager technicians in house get the training they need. If the SCO case cooled enthusiasm and take-up any, it gave FOSS advocates time to get their act together and pay a little closer attention to governance and provenance and licensing terms, cleaning up their houses and getting their story straight. Meanwhile, Microsoft… almost shipped Vista.
If SCO/Baystar/Microsoft/SUN thought that IBM would roll over and settle out of court, they badly miscalculated.
SANS Internet Storm Center, InfoCON: green is discussing Spam Backscatter, (Mon, Oct 9th). “Over the weekend I dealt with the rather massive after effects of a spam campaign spoofing a domain” …(more)
I'll second that! As the article goes on to indicate, many innocent mail administrators are a part of the problem by not changing naive settings of their servers. We need to encourage all the mail server software authors to change their default behaviors to fail to deliver mail silently: bounces from non-existant mail addresses are clogging the internet's pipes with replies to spoofed senders. “No such postbox” and “mailbox filled” are courteous, but since your server likely doesn't really know the sender, it's not just a waste of effort, but a an imposition on others to read your counter-spam. Let's all be a little quieter and learn more from listening than responding.
Swa Frantzen is manning the SANS Internet Storm Center, InfoCON: green desk today, and struggles to work out the exploit Microsoft documents without admitting in MS06-053 revisited ?, (Thu, Oct 5th). “When we first read MS06-053 we ended up discussing and not fully understanding what Microsoft was…” (more)… The article explores what appears to be an IE cross-site scripting exploit but with the character set UTF-7 (yes, seven! – who knew!) and some advice to webmasters to help avoid spreading the problem by echoing a bad URL back to the user.
Slashdot post: Fonality Acquires Trixbox. An anonymous reader writes “MySQL's Brian Aker has a good commentary on the big news in acquisitions today that Fonality has acquired Trixbox, the Linux Telephony distribution.” From the article: “So why is this big news? Trixbox is the distribution for telephony on Linux today. They have put together a vertical Linux distribution dedicated to telephony. It combines Asterisk with a web based interface backed by MySQL, integrated into the SugarCRM solution. As Redhat today is the LAMP of the IT Enterprise and Web Framework, (Linux, Apache, MySQL, Perl/PHP), Trixbox is the LAMP stack of the Telephony market, Linux , Asterisk, MySQL, Perl/PHP.”
Good news. I saw TrixBox (nee Asterisk @ Home) demonstrated at the MonadLUG group by Tim Lind, who's gone on to do a couple of very successful Asterisk installs, and it's on my “I'd really like to try that out if only I had more time” list.