|
| Authored by: Anonymous on Saturday, August 23 2003 @ 10:35 PM EDT |
| John, the 8/19/03 motion by Red Hat just means that out-of-state attorneys are
asking the judge to let them be on this case. It's nothing important. You'll
see in the IBM case that SCO did the same thing to get Boies and staff on that
case, because they don't normally practice in Utah. Lawyers can only practice
in the states where they are licensed, but they can temporarily be in another
state by means of this sort of motion.
I don't think there is any significance to the 8/25 date. Thanks for the tip
that the 25th is the day. I forgot.
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Saturday, August 23 2003 @ 10:48 PM EDT |
| And now for your amusement...
ScamSource
2003 (ogg)
ScamSource
2003 (mp3)
Z[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Saturday, August 23 2003 @ 10:50 PM EDT |
| The above are released under the Creative Commons License.
http://creativecommons.org
/licenses/by-sa/1.0/
Z[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Saturday, August 23 2003 @ 10:53 PM EDT |
| Wierd stuff going on fer sure.
I was actually loading a page from Caldera when everything went down.
Rand[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Saturday, August 23 2003 @ 10:55 PM EDT |
| Well, as of Adrian [ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Saturday, August 23 2003 @ 10:59 PM EDT |
| Oops lets try that again.
Well, as of 21 Aug they were running Linux. I'm placing bets right now
that in the morning it'll be runnin UnixWare, with Apache, no doubt.
Adrian[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Saturday, August 23 2003 @ 11:03 PM EDT |
| JG, technical note, want formating? Use standard html tags. Seems to work, bunch
of us had to figure this out.
PJ, isn't the rule(court, postal) 30 days to respond?
And, no response -- you lose?
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Saturday, August 23 2003 @ 11:13 PM EDT |
| Looking for this?
http://stage.caldera.com/pro
fservices/linux/
More here:
http://216.239.41.104/search?hl=en&lr=&ie=ISO-8859-1&q=site%3Astage
.caldera.com+linux
Michael Chaney[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:15 AM EDT |
| John,
It isn't possible to be perfect. I didn't see it either. I've posted the
correction. The important thing is that you corrected as soon as you knew.
Thanks.
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:48 AM EDT |
| pj this article is a little over the top. Previous articles have focused on
effectively dissecting and refuting the FUD/misteps emanating from the Sco
camp.
But trying to connect why their server is not responding, stock is up and a 3
week old anonymous post on a blog is just unhealthy speculation. They could be
out making crop circles or dancing naked in a mars is coming ritual but it
wouldn't impact on the case until they issue a press release blaming linux and
the GPL.
You have provided the research and clarity missing from the mainstream press and
Sco endlessly changing allegations. Please don't go weird on me!
Take care,
monkymind[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 02:01 AM EDT |
All of the machines mentioned in the blog have an address like
c7pub-XXX-XXX-XXX-XXX.center7.com when doing a reverse lookup on their IP
adresses. This also suggests that all three websites are colocated in one
datacenter. www.sco.com must be "down for maintainance".
MathFox[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 02:59 AM EDT |
| Muah. So is the consenus that SCOX are probably
- Replacing Linux by UnixWare (getting the servers up again will take time and
lotsa Jolt Cola)
- Combing through their websites to get any incrimination stuff off, like they
do in '1984'. It is probably safer for them to be back with a minimum website
come Monday
Actually, if their websites are down because any of the above they really suck.
I always try to have no downtime when I do stuff like that of course I don't
always succeed because I'm more or less the only Sysop in the company 8-/
This must then be a real panic attack manoeuver. I see the request from McBride.
"CEO requests that all the websites be taken down NOW under penalty of
firing"
Will the wayback machine have a deep copy of www.sco.com?
El Tonno[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 03:52 AM EDT |
maybe a certain attorney said to take all that stuff down if you dont want to
have to pay our fees?
a lot of their case has really been disputed by their own selves.just a
theory.
brenda banks[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 04:19 AM EDT |
| Not much info but hadn't seen it linked yet ...
http://theinquirer.net/?article=111
80
basically states, "But there's no indication what the problems might be that are
downing www.sco.com and www.caldera.com."
Will
w_ready99[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 04:49 AM EDT |
| El Tonno: I already checked Wayback, they have *nothing* from www.sco.com for
any time this calendar year. The last www.sco.com update they did was back in
October of 2002. Sigh.
John, I did my own traceroute here, and my results differ somewhat from yours
(which is not that remarkable in itself, since we're probably not in the same
neck of the woods). Tracing to www.caldera.com drops off the end of the world
when it hits (129.250.16.52); however, tracing to www.sco.com makes it through
that hop, but dies on the very next hop, at (198.173.159.254). Both of these are
verio.net routers, and I did not see Verio listed as a Canopy company on
Canopy's Web site.
By the way, I find it interesting that (a) all three companies (Canopy, Caldera,
SCO) have their Web sites hosted in a Class C block held by NFT, the Noorda
Family Trust (is it the same Noorda?), and (b) all three sites are hosted on
Linux machines. In fact, www.sco.com was on a Unix machine until August of 2002,
when they switched over.
Steve Martin[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:26 AM EDT |
It is not just www.sco.com that is down, but also their ftp server, ftp.sco.com
(216.250.140.126). Their mail server, mail.ut.caldera.com, is up.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Ph(i)Nk 0[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:37 AM EDT |
| To monkymind:
In many cases it's neccessary to evaluate what you DON'T see as well as what's
clearly visible. I personally think pj is near the mark, if not right on it with
her speculations (and I'll point out that they're very well-thought-out,
educated speculations). After all even our national defense is supported by the
speculations of "analysts"...and dare I say it, our own industry (re: the lovely
and tireless Ms. DiDio (no comparison to pj of course)). I submit that an
educated guess (or speculation if you prefer) can valuable in this context, if
only to demonstrate a reasonable point of view. FUD-clearing at it's best!
bp
Stormwind[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:38 AM EDT |
| Errr...hands got ahead of head there...or vice-versa. I meant to say that: an
educated guess (...) can be valuable ....
bp
Stormwind[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:40 AM EDT |
ir.sco.com is still half dead up.
Anonymous /. Coward[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:48 AM EDT |
| ESR seems to think it is/was a DDOS...
http://newsf
orge.com/newsforge/03/08/24/1228211.shtml?tid=17
Belzecue[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:06 AM EDT |
| SCO news mention
http://www.nypost.com/business/39
34.htm
One other thing I don't think anybody has mentioned, unlikely to be related to
the disappearance of their site, but worth considering I think
1. SCO uses their NDA presentation as a sales tool for their Linux license
(speculation, but I think likely)
2. A Fortune 500 company sees the presentation and "gee it's the same code"
(speculation), and buys a license (source: SCO press release)
3. Presentation is analyzed by Perens etc. (many sources)
4. Geeks or whoever shows the Fortune 500 CIO or whoever the Perens analysis or
some other way he finds it (speculation)
5. If I was the Fortune 500 CIO, I'd be pretty annoyed (speculation)
6. McBride says the license is non-refundable (source: press reports). There are
also some interesting clauses in the license about misrepresentation and breach
of contract (source: LWN publishing text of license)
7. SCO is not going to give the money back to Fortune 500 (speculation from
6)
8. ???
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:12 AM EDT |
| A couple of lines from the ESR Newsforge post:
"SCO/Caldera's site is being hit by a massive denial-of-service attack today.
The timing, the scuttlebutt on Slashdot and elsewhere, and the contents of my
mailbox all suggest strongly that the DOS attack was triggered by Darl McBride's
slanderous interview[2] accusing the community of being IBM's sock puppets, and
my response[3] to it."
...and...
"...I ask that the DOS attack cease immediately. Please stand down *now*. We
have better ways to win this fight."
ESR is trying to hold the high ground, and I hope his message gets out. We
certainly don't need to hand SCO any ammunition.
Steve Martin[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:12 AM EDT |
SCO news
http://www.bayare
a.com/mld/cctimes/business/6606743.htm
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:15 AM EDT |
wonder if the fireworks are fixing to start?
legal fireworks will be so satisfying.can i be so low as to gloat and enjoy this
?
yeahhhhhhhhh i can.
after all the comments about IBM defending linux it would be interesting for the
Linux group to lead the charge and would make a statement to M# also.but if they
shut up then we are going into some serious withdrawal pains here
hehehe
brenda banks[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:38 AM EDT |
| I like this comment from ESR's post:
"I'm organizing a conference call early this coming week among a few key leaders
to decide on the next stage of our response. Have patience. There is a plan
developing, which I can't talk about because the element of surprise is part of
it. We will counterattack at a time and place of our choosing and we will win."
http://newsf
orge.com/newsforge/03/08/24/1228211.shtml?tid=17
Can't wait to find out what's been cooking. :-)
SCO is gonna get plastered
MajorLeePissed[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:44 AM EDT |
| Thanks for defending me, but I don't know yet for sure if I was right to post
what I did. Monkeymind may be right in the end, but I'm hearing so many things,
I wanted everyone to be aware. I saw that Raymond says it is an attack, but
I'm still not sure about that.
I did a Whois search for Sco and Canopy and Center7 and some other Canopy
holdings. Their DNS servers are not the same, except for Center7 and SCO share
one in common. SCO's are:
Name Server: NS.CALDERASYSTEMS.COM
Name Server: NS2.CALDERASYSTEMS.COM
Name Server: C7NS1.CENTER7.COM
Name Server: NSCA.SCO.COM
Name Server: C7NS2.CENTER7.COM
Name Server: C7NS1.CENTER7.COM
Name Server: C7NS3.CENTER7.COM
Center7.com is still up and running.
I decided to try Visualroute myself, in case I was making mistakes, and for
sco.com this is the report:
IP packets are not moving from network "Verio, Inc. VHIOI-198-1/0" to network
"InterNAP Network Services, PNAP-DEN PNAP-DEN-INAP-BB-1" at hops 11-12.
XXX.XXX.140.1 sco.com NFT CENTER7-BLK
SCO is registered with Dotster. Dotster has this message on their home
page:
"Attention:
"We are very sorry for the inconvenience. Your URL Forwarding experienced
problems due to a filter being placed by our co-location hosting provider at
about 5:00 am this morning that blocked URL Forwarding traffic. Unfortunately we
were unaware of the downtime due to the fact that all forwarded sites were still
fully operational on our end. There may still be some intermittent downtime from
this morning but we are aware of the problem and our engineers are monitoring it
closely. We have been in close contact with our co-location hosting provider and
they are taking steps so an incident like this does not happen again. All sites
should now be fully operational and if your site is not, it will be in the next
12 hours. Once again we apologize for the inconvenience and We thank you for
your patience during this time."
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 07:31 AM EDT |
| If dotster, why also sco.de?
Maybe dotster use URL forwarding in a different sense from other companys, But I
thought URL forwarding generaly means they forward to a pre-existing web page
(like a page on geocities or tripod) if you don't have name servers, proper
hosting and all that stuff?
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 08:01 AM EDT |
| quatermass, sco.de, according to Visualroute, is hosted from USA, on
NFTCENTER7-BLK.
On Dotster message, it just indicates they are having some kind of a problem,
and who knows yet what the whole story is. So, I'm waiting to draw any definite
conclusion until I can reach someone there.
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 08:22 AM EDT |
pj, why do you go to the trouble of masking the IP addresses?
They are common knowledge, you know. Best,
El Tonno[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 08:53 AM EDT |
| P.J.:
If you don't have it on your list already, could you do a profile of Judge
Robinson, like the one you did on Judge Kimball?
Stuart Thayer[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 08:54 AM EDT |
piece of a traceroute for mail.sco.com:
11 den-core-01.tamerica.net (205.171.16.13) 53.092 ms 50.342 ms 52.572 ms
12 205.171.4.178 (205.171.4.178) 51.610 ms 51.596 ms 49.390 ms
13 fast-00-01.bdr01.den05.viawest.net (64.78.230.214) 64.924 ms 64.137 ms
66.129 ms
14 gige-01-m00-00.crrt02.den05.viawest.net (64.78.230.210) 62.470 ms 62.158
ms 63.188 ms
15 pos-03-01.crrt01.slc03.viawest.net (64.78.227.10) 78.921 ms 78.905 ms
79.679 ms
16 c7pub-216-250-136-74.center7.com (216.250.136.74) 78.953 ms 79.182 ms
79.161 ms
17 c7pub-216-250-136-98.center7.com (216.250.136.98) 79.953 ms 77.927 ms
79.443 ms
18 c7pub-216-250-136-254.center7.com (216.250.136.254) 76.252 ms 76.452 ms
74.759 ms
19 fgw.calderasystems.com (216.250.128.253) 77.749 ms 75.717 ms 76.452 ms
piece of traceroute for sco.com:
11 den-core-01.tamerica.net (205.171.16.13) 50.123 ms 53.303 ms 52.058 ms
12 205.171.4.178 (205.171.4.178) 53.857 ms 51.864 ms 49.861 ms
13 * * *
14 * * *
sco.com, www.sco.com, ftp.sco.com, www.sco.de and caldera.com all stop
responding at hop 12. This has been consistant for about 4 hours.
DoS? Don't know, and have no evidence.
Cease and Desist Order? Possible, at least one court in Germany has told them to
shut up.
Voluntary Site Shutdown? Possible, but they won't say anything meaningful.
20 mail.sco.com (216.250.130.37) 76.040 ms 76.211 ms 75.672 ms
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:08 AM EDT |
| It's not a Dotster issue. I spoke with them, and they did experience a DDOS
themselves yesterday, but it wasn't in any way related to sco.com. They don't
host any servers for SCO. I also reached InterNAP, and they said everything is
going through them fine. According to them, the dropoff is when it hits Qwest,
so I'm trying to reach them. Both Dotster and InterNAP told me the same thing,
independently, that from what they are seeing, while it could be a DDOS it
could be a lot of other things, including SCO working on their own servers,
etc.
El Tonno, because whether this turns out to be a DDOS or not, and I hope it
doesn't, I am sending the message that I don't want even the perception that I
approve of or ever would contribute to or condone such a thing, because I don't
and I wouldn't.
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:08 AM EDT |
| Given where the traceroute 'breaks', this is more and more looking like a
routing error than anything else. My traceroute gives a bit more useful
information:
$ /usr/sbin/traceroute www.sco.com
...
10 so-2-0-0.mp1.Denver1.Level3.net (64.159.0.241) 47.051 ms 47.184 ms 46.819
ms
11 gigabitethernet10-0.hsipaccess2.Denver1.Level3.net (64.159.3.122) 47.431 ms
!H * 48.710 ms !H
$ /usr/sbin/traceroute mail.sco.com
...
10 so-2-0-0.mp1.Denver1.Level3.net (64.159.0.241) 47.025 ms 47.127 ms 46.913
ms
11 gigabitethernet10-0.hsipaccess2.Denver1.Level3.net (64.159.3.122) 46.700 ms
47.624 ms 47.365 ms
12 fbi.den.viawest.net (166.90.152.34) 47.874 ms 47.569 ms 47.357 ms
13 gige-01-m00-00.crrt01.den02.viawest.net (216.87.71.33) 53.513 ms 47.572 ms
47.448 ms
... and so on
The !H means 'no route to host', Ie, the router doesn't know how to get to the
next hop, rather than the next hop simply not responding. www.sco.com and
mail.sco.com are in different, but adjoining class-C subnets. Given how early
the www.sco.com subnet 'breaks', it does NOT look like an near-client-router
problem, but more an intervening router problem.
Either this is just a coincidence, or someone has done a router hack to destroy
the routing for sco's first class-C. This is entirely possible through BGP
pollution, but it requires someone with access to the main routing tables to
insert false entries, or have very lax security. ie, someone's going to lose
their job over this :)
On another note, my previous comment (different thread) about ir.sco.com being
down is incorrect. It's working just fine, but is slow because it loads a lot of
its graphics from www.sco.com. Another reason for avoiding 'leeching' from other
sites :)
Chris Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:12 AM EDT |
| > quatermass, sco.de, according to Visualroute, is hosted from USA, on
NFTCENTER7-BLK.
Yes the web server is, but sco.de **domain name** shouldn't be related to
dotster at all right? I think it would be from http://www.denic.de/ - you should easily be able
to check and confirm this.
And the name servers for sco.de don't come from SCO either?
I don't know the reasons for SCO's web problems either, just trying to research
the background
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:18 AM EDT |
pj: Did you realise that the "From an employee of the 'others'" posting was
written back in March? the 08-03-2003 date is 8 March, 2003, not August 3, 2003
:) Just look at the parent page's date ordering for confirmation.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Chris
Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:21 AM EDT |
There is a short note from "daemon" on <ht
tp://www.pro-linux.de/cgi-bin/NB2/nb2.cgi?show.5876.2010.51001410019.>,
refering to a netcraft statistic <http://uptime.netcraft.com/up/graph/?site=sco.co
m&mode_u=on&mode_w=on&avg_days=30&submit=Redisplay+Graph> which seems to
indicate, that there was a server change for www.sco.com lately. It would be
quite likely that, through some inconsistencies in configurations, that led to a
malfunction resembling a dDOS-attack.
Gerhard[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:23 AM EDT |
Good catch, Gerhard.
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:34 AM EDT |
| Chris,
I have not gotten !H or !N (host, network unreachable) messages
from my traces. I do get traces that look like this:
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Which is similar behavior to sites that sit behind a Cisco LocalDirecter.
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:34 AM EDT |
| While we are at it, here's one from Europe at Sun Aug 24 18:25:37 CEST 2003
traceroute to www.sco.com (216.250.140.112), 30 hops max, 38 byte packets
1 [censored]
2 [censored]
3 [censored]
4 se-6-1-0.tra-01.bru.net.tiscali.be (62.235.1.61) 5.623 ms 5.790 ms 5.646
ms
5 ge-9-12.sw-01.bru.net.tiscali.be (62.235.3.217) 5.166 ms 5.046 ms 5.185
ms
6 ge-3-1.gsr-01.bru.net.tiscali.be (62.235.3.210) 5.136 ms 5.103 ms 5.343
ms
7 pos-2-0.gsr-01.ant.net.tiscali.be (62.235.1.13) 6.080 ms 6.015 ms 6.052
ms
8 so-2-2-0.anr10.ip.tiscali.net (213.200.69.21) 6.350 ms 6.425 ms 6.323
ms
9 so-1-0-0.was21.ip.tiscali.net (213.200.81.154) 84.243 ms 84.370 ms 84.270
ms
10 interconnect-eng.Washington1.Level3.net (209.0.227.125) 84.614 ms 85.381
ms 84.355 ms
11 so-5-0-0.gar2.Washington1.Level3.net (209.244.11.13) 84.795 ms 84.959 ms
84.898 ms
12 so-3-0-0.mp1.Denver1.Level3.net (64.159.1.113) 157.141 ms 156.568 ms
156.778 ms
13 gigabitethernet10-0.hsipaccess2.Denver1.Level3.net (64.159.3.122) 179.753
ms !H * 179.759 ms !H
Stops somewhere in denver...nearby Utah at least. Guess I have to agree with
Chris. And,
Chris, thanks for the hint about the images at ir.sco.com. I should have thought
about that
myself.
El Tonno[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:43 AM EDT |
| my traceroute to sco.com looks like this..
5 ae0-12.mpls2.Zurich1.Level3.net (213.242.66.18) 41.438 ms 136.012 ms
*
6 so-0-0-0.mp1.London2.Level3.net (212.187.128.61) 110.537 ms 111.438 ms
164.855 ms
7 so-1-0-0.bbr1.Washington1.level3.net (212.187.128.138) 308.217 ms 261.392
ms 116.524 ms
8 so-3-0-0.mp1.Denver1.Level3.net (64.159.1.113) 156.586 ms 216.394 ms
144.993 ms
9 gigabitethernet10-0.hsipaccess2.Denver1.Level3.net (64.159.3.122) 149.846
ms !H * 174.724 ms !H
So the router seems to have a problem because of the !H response. perhaps the
sco-servers don't have to be down, they are only not "online".
andre[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:49 AM EDT |
btw: man traceroute says !H means host unreachable.
andre[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:51 AM EDT |
| Hello all,
Another good utility for traceroute/whois/nslookup is Sam Spade, which is
available here if memory serves.
Garrett[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:56 AM EDT |
Still not getting !H messages from the traces.
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:24 AM EDT |
| D: Your traceroute program likely simply doesn't support it.
!H doesn't really mean 'host unreachable', but more like 'next hop unreachable'.
It might help to explain a bit how traceroute works.
While 'ping' sends out a special 'ping' packet that the final destination is
expected to respond to, traceroute instead sends out a 'UDP' packet with an
unlikely port number (The 'why' is not necessary to know). Initially, it sends
out the packet with a 'time to live' (TTL) value of '1', meaning that it will
'time out' (actually, 'distance out' is more accurate) after it gets to the
first 'hop'. The 'hop' responds with an ICMP message saying 'time to live
exceeded'. The bonus is sthat it also reports its IP address, which is why you
can see the IP addresses of all the hops. traceroute typically does this three
times, and then increases the TTL by one and repeats. This way, you can see most
of the hops along the route.
The final destination wont respond with 'time to live exceeded' because, once it
gets to where it's supposed to go, it doesn't care. Instead, it responds with
'port unreachable' because the UDP is going unanswered. 'traceroute' expects
this, of course, and just reports the RTT (round trip times) as expected.
If something goes wrong, then different ICMP messages may - not always - be sent
back. One of these is 'host unreachable', and if the traceroute program is
flexible enough (not all are), then you'll see the !H message. There are a bunch
of other messages, too, such as 'administrativly blocked' (!X) meaning it's been
firewalled off. However, it IS possible to do all sorts of stuff at the router
to change, or even just deny, messages being sent back. Ie, you might see values
for hop 5, just stars for hop 6, and the values for hop 7. 'traceroute' uses
sideeffects, rather than a proper protocol, to do its job. And, being
sideeffects, it can be worked around.
Because the mail.sco.com traceroute goes a LOT further than the www.sco.com
traceroute, this indicates that it's not the server, nor SCO's routers, that
have been switched off. And, it's not likely to be a DDoS attack. This is either
an accidental, or malicious, router misconfiguration or BGP (Border Gateway
protocol - an automatic re-routing protocol) error.
Chris Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:30 AM EDT |
| D: Your traceroute program likely simply doesn't support it.
!H doesn't really mean 'host unreachable', but more like 'next hop unreachable'.
It might help to explain a bit how traceroute works.
While 'ping' sends out a special 'ping' packet that the final destination is
expected to respond to, traceroute instead sends out a 'UDP' packet with an
unlikely port number (The 'why' is not necessary to know). Initially, it sends
out the packet with a 'time to live' (TTL) value of '1', meaning that it will
'time out' (actually, 'distance out' is more accurate) after it gets to the
first 'hop'. The 'hop' responds with an ICMP message saying 'time to live
exceeded'. The bonus is sthat it also reports its IP address, which is why you
can see the IP addresses of all the hops. traceroute typically does this three
times, and then increases the TTL by one and repeats. This way, you can see most
of the hops along the route.
The final destination wont respond with 'time to live exceeded' because, once it
gets to where it's supposed to go, it doesn't care. Instead, it responds with
'port unreachable' because the UDP is going unanswered. 'traceroute' expects
this, of course, and just reports the RTT (round trip times) as expected.
If something goes wrong, then different ICMP messages may - not always - be sent
back. One of these is 'host unreachable', and if the traceroute program is
flexible enough (not all are), then you'll see the !H message. There are a bunch
of other messages, too, such as 'administrativly blocked' (!X) meaning it's been
firewalled off. However, it IS possible to do all sorts of stuff at the router
to change, or even just deny, messages being sent back. Ie, you might see values
for hop 5, just stars for hop 6, and the values for hop 7. 'traceroute' uses
sideeffects, rather than a proper protocol, to do its job. And, being
sideeffects, it can be worked around.
Because the mail.sco.com traceroute goes a LOT further than the www.sco.com
traceroute, this indicates that it's not the server, nor SCO's routers, that
have been switched off. And, it's not likely to be a DDoS attack. This is either
an accidental, or malicious, router misconfiguration or BGP (Border Gateway
protocol - an automatic re-routing protocol) error.
Chris Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:39 AM EDT |
I'm using GNU traceroute, and am not getting any of the "unreachable"
messages. You got one, andre got one, and El Tonno got one.
Odd. No?
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:41 AM EDT |
Regarding SCOX price surge flying in the face of thier SCOForum debacle and
their "evidence" being ripped to shreds, a lot of posts on the Yahoo SCOX
message boards express the belief that this stock is being heavily manipulated.
There are a handful of shills touting the long position, some veterans warning
its all a scam, and crowd of "Linux crunchies" posting anti-FUD from this site
and others. No one I know personally, of course ;-). Flame galore....
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Greg T
Hill[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:52 AM EDT |
| (Sorry about the double post, folks... my browser likes posting old form data
sometimes)
Regarding www.sco.dom and www.sco.de. The sco.de site is in the same class-C as
sco.com, meaning that it's not housed in Germany at all, but in the same
location as the US site. And, since it's on the same class-C, it's having the
same problems as sco.com.
So... not likely to be a DoS (or DDos), not likely SCO took the servers down
themselves.
Unless, of course, SCO has told someone to screw up the routing to make it LOOK
LIKE an attack, but that's just crazytalk! :)
D: It's possible that there's something filtering the ICMP messages that come
back. I HAVE seen sites that only let certain ICMP messages through and if
that's happening with you, then you'll see the effect you're seeing: rows of
stars until hop 30, which is where traceroute gives up by default.
Chris
Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:52 AM EDT |
There is one claim supporting a dDOS. In this article posted to the comp.unix.sco.misc newsgroup, Larry
Rosenman writes "I just talked to the VIAWEST NOCC, and the SCO and CALDERA
web/FTP sites are blackholed because some lovely miscreants are DDOS'ing them.
When the attack stops, they'll lift the block at InterNAP."
Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:02 AM EDT |
| www.sco.de and www.caldera.com resolve to the same numerical address. This means
they are hosted on the same computer.
My traceroutes end:
13 sl-bb21-che-5-1.sprintlink.net (144.232.18.5) 317.875 ms 281.955 ms
267.459 ms
14 sl-gw10-che-10-0.sprintlink.net (144.232.15.166) 132.715 ms 133.131
ms 133.637 ms
15 sl-internap-100-0.sprintlink.net (160.81.54.46) 136.298 ms 136.473 ms
135.898 ms
16 * * *
didn't see any !H or the like. If there's a DOS it could run via Level3, as
the last router there has trouble.
MathFox[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:26 AM EDT |
Mw: That's interesting. It'll be the first time I've heard such a high-level ISP
taking interest in a DDoS attack, but I suppose it's possible. It'd be really
nice to try and get in touch with that NOCC ourselves :)
Chris Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:32 AM EDT |
is the usenet-post Mw posted above reliable? so, is it really a DDoS attack,
which VIAWEST remarked?
andre[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:37 AM EDT |
is it possible that this is one of the 20 computers that the virus was located
at?
just dreaming again. we love news but then when none is available it is like
we have to go dig till we find some hehehe
brenda banks[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:38 AM EDT |
One thing to remember, Viawest is a Canopy company.
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:38 AM EDT |
One thing to remember, Viawest is a Canopy company.
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:39 AM EDT |
Andre, due to the reports about the behaviour of the last hop on traceroutes, it
seems very likely, that viawest realy actively disconnected sco/caldera to
protect them from what they think to be a DOS attack.
Gerhard[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:45 AM EDT |
| hm.. so I expect tomorrow news from sco or/and viawest like: DDoS Attack on SCO,
but no evidence published due to Viawest belongs to Canopy.
brenda, hehe you're right ;). that's human, the curiosity.
andre[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:46 AM EDT |
VIAWEST? ...hmmmm... isn't it a Canopy company? Are then we suposed to believe
his word on it?
Jaime[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:53 AM EDT |
well, i expect the same business practices like SCO, but i let me surprise
tomorrow :).
andre[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:53 AM EDT |
No idea if the Usenet report is valid or not, but it would be an interesting
lead to follow for, say, a BOFH with acquaintances there to verify.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:00 PM EDT |
| Another news link (old)
http://computerworld.co.nz/webhome.nsf/UNID/1FA54B055D7DAF54CC256D810009201B
One other that is bugging me, is apart from SCO's initial reactions (Sontag told
me, We know what's our code, It's our word against his), I thought, and believe
they said they would issue a response to Perens analysis, Thursday or Friday,
and AFAIK that didn't seem to happen. Can somebody cofirm what precisely they
said about preparing a response to Perens.
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:05 PM EDT |
|
SCO said it would issue comment on the analyses on Thursday or Friday.
The story was by Mitch Wagner, internet week. I can only assume he was told by
Stowell or the SCO PR team.
r.a.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:06 PM EDT |
| No idea if the Usenet report is valid or not, but it would be an interesting
lead to follow for, say, a BOFH with acquaintances there to verify.
The gentleman who purportedly had the conversation, Larry Rosenman is, judging by his
homepage, heavily Christian. Okay, so this fact in itself is no dipstick for
truthfulness, but I'm predisposed to believe him if he says that's what they told him.
Belzecue[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:32 PM EDT |
| Stuart, yes I will give it a try. It's a good idea I should have thought of
myself.
Belzecue: I got in touch with Rosenman, and I spoke with Viawest myself. They
didn't confirm the report. That doesn't prove it isn't so, but they just
laughed when I told them what I had read and basically indicated, without
technically confirming or denying officially, that no one there would be in a
position to have given out that kind of information. I contacted Rosenman, and
he said he contacted the NOC last night, and he says that's what someone there
told him. By today, perhaps there is a policy of saying nothing. He spoke to an
engineer today at Viawest (he is one himself) who said what he was told last
night was "probably true" but he had just started his shift. I don't know what
to believe at this point, but for sure the Usenet report isn't solid ground to
stand on. As Rosenman said in his email, the saga continues.
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:39 PM EDT |
Anybody have any friends who work in SCO or another Canopy group? So we could
get some off-the-record info on what is going there now?
david l.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:43 PM EDT |
thanks pj for keeping us groklaw readers up to date :). i let this page refresh
about every five minutes ;).
andre[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:43 PM EDT |
| Thanks r.a. "SCO said it would issue comment on the analyses on Thursday or
Friday."
Although they have made some comments, it is my perception that these were
comments made earlier in the week as a sort of immediate response. So I'm still
waiting if they have something more to say?
A Larry Rosenman won a $50 gift certificate from SCO recently. Make of it what
you will. To see load this page (will take a long time unless you do it in text
mode due to images linked from sco.com)
http://www.
google.com/search?q=cache:em3nWBuDMlEJ:www.caldera.com/partners/estreet/0308/sco
forum.html+%22Larry+Rosenman%22+SCO&hl=en&ie=UTF-8
quatermass - SCO delenda
est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:43 PM EDT |
| Thanks r.a. "SCO said it would issue comment on the analyses on Thursday or
Friday."
Although they have made some comments, it is my perception that these were
comments made earlier in the week as a sort of immediate response. So I'm still
waiting if they have something more to say?
A Larry Rosenman (not sure if same one) won a $50 gift certificate from SCO
recently. Make of it what you will. To see load this page (will take a long time
unless you do it in text mode due to images linked from sco.com)
http://www.
google.com/search?q=cache:em3nWBuDMlEJ:www.caldera.com/partners/estreet/0308/sco
forum.html+%22Larry+Rosenman%22+SCO&hl=en&ie=UTF-8
quatermass - SCO delenda
est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:45 PM EDT |
| Regarding the mounting SCOX stock, I read the Usenet
thread
referred-to earlier by Mw, where 'short selling'
was mentioned to explain SCOX stock hike. Being a
bit investment-challenged (would you believe I did not
buy any stock during the dot.com boom years) I looked
for the definition and behold:
Short
Selling.
There is a situation called 'Short squeeze' whereby the stock
goes up if too many people speculate on it going down. An
explanation for the SCOX phenomenon??
El Tonno[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 12:54 PM EDT |
| Quoting myself: That's interesting. It'll be the first time I've heard such a
high-level ISP taking interest in a DDoS attack
Unless, of course, the upper-level ISP and the target of the attack are owned by
the same people... :)
Chris Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 01:26 PM EDT |
There is a little comment on the SCOX situation now on the netcraft homepage
El Tonno[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 01:41 PM EDT |
| SCO website: has any one just called caldera on the phone to ask about it?
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">david l. [ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 01:44 PM EDT |
too funny
i am so glad i scrolled down
hehehehe
brenda banks[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 01:46 PM EDT |
quatermass: Larry Rosenman's resume contains a lot of stuff under "non-job
related things" Including work
on Unix System V port to Amiga, the port of Bind to Unixware and "I've also been
one of the most prolific
reporters in SCO's Beta Programs."
Harlan[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 02:34 PM EDT |
Looking at the graphs at
http://uptime.netcraft.com/up/performance?site=www.sco.com&collector=all
there is sufficient indication for a flood attack starting Friday 22nd August
around 19:00 GMT (a few requests come through; slowly). It took at least 3.5
hour to add a filter to the routers; from 22:30 GMT www.sco.com is completely
404 (unavailable).
MathFox[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 02:49 PM EDT |
| MathFox,
Good point, but could it have been repeated reboot/crash cycles instead?
OTOH, there already were DOS attacks againts SCO in May. Didn't
know about these. I'm not a good investigative reporter.
Predictably, SCO (actually, Blake Stowell) accused the Linux-community
of committing these misdeeds.
El Tonno[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 02:54 PM EDT |
If it was a reboot-crash cycle one would expect response times for a request
that are about average. All of the response times in the "attack" interval are
above average, indicating congestion.
MathFox[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 03:13 PM EDT |
True.
Well, I guess we will know more on Monday. It's 00:14 here, I'm for bed.
El Tonno[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 03:30 PM EDT |
| MathFox,
I'm inclined to agree with your analysis, however to quote netctaft.com:
" At the moment, it is not known whether the SCO site has been successfully
attacked, intentionally taken down, has lost connectivity or has simply
broken."
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 03:54 PM EDT |
missing one piece of puzzle tho.where is the reports and
loud hollering from sco if it is a Dd0s attack? as much as they like
to scream and whine it seems they would have called a
big press conference if it was that
brenda banks[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 03:54 PM EDT |
| I don't see where the DDOS attack is? All their services are responding except
http and ftp. It could be they've just shutdown for upgrades or for any other
reason. From the Netcraft report you'll notice they've just rebuilt their apache
server. Or at least, changed the product signature to say "Apache" with no
additional product information.
If it was a DDOS attack, I'd expect other services to be unavailable, or slow
(like the mail servers) but they're not.
In a DDOS attack, you'd expect nearby servers in the block to also be slow, due
to extensive broacasts and forwarding. That's not taking place. So, IMHO, SCO
has shutdown their apache server to rebuild it, as they have been using Apache
1.3.14 and that version is vulnerable to a couple of attacks, so an upgrade
would do them good.
tamarian[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 04:04 PM EDT |
| > where is the reports and loud hollering from sco
I'd expect them to be complaining if it was an attack. I haven't seen a
complaint, so this makes me wonder.
And while there were some news reports on Thursday/Friday, I haven't seen any
*new* reports with SCO contributions after about Thursday.
None of this proves anything, just makes me wonder.
quatermass - SCO delenda
est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 04:29 PM EDT |
| News (not about web site)
http://www.i
tnews.com.au/storycontent.cfm?ID=17&Art_ID=12755
ht
tp://www.zdnet.com.au/newstech/os/story/0,2000048630,20277673,00.htm
Update: http://www.zdnet.com.au/newstech/enterprise/story/0,2000048640,20277500,00
.htm
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 04:30 PM EDT |
PJ has them running scared hehehe
they removing evidence off their site
brenda banks[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:03 PM EDT |
| Again not related to web site, but if you haven't seen these, check them out
- PJ especially
http:/
/www.aberdeen.com/ab_company/hottopics/linuxvunix/weblog.htm
Some pretty strong words, like
"destroy Linux business"
"blackmailing"
"without a shred of evidence"
"extort license fees via non-substantiated charges"
"blackmail"
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:05 PM EDT |
Oh, wow, check the title of this one
http://www.ab
erdeen.com/ab%5Fabstracts/2003/06/06030020.htm
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:16 PM EDT |
| Hmm. I wonder if SCO has retained the services of Arthur Andersen.
Their shredders are probably working overtime this weekend - including multiple
instances of BCWipe.
MajorLeePissed[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:19 PM EDT |
| tamarian: its quite possible that 'all the other serivces' are sitting on the
other class-C, and since viawest are blocking that one class-C high up in the
hierarchy, all the other services will be operating quite happily. If you want
to detail which services you're thinking of, I can check for you.
Looking at some of the netcraft graphs it seems very reasonable that SCO was
under some kind of usage that prevented queries, or sent the query times very
high, and then nothing at all. That fits in well with the explaination that they
were DoS'd or DDoS'd and then a block put in place at viawest. I wish I was
checking before that block was in place, traceroutes then would have been much
more telling.
Chris Cogdon[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:26 PM EDT |
| Attention PJ: One other thing about the code
I re-read one log of the July 21 conference call (I didn't listen so just going
by the log). Check for yourself
Laura DiDio, yes that DiDio, about question 10, asked McBride whether he could
be sure the code was not BSD or some Linux version?
McBride replied it's not BSD. And he's talking about Linux 2.4 and high-end
SMP
So if the SCO position is now, yes it's BSD, but it's ours (which it might or
might not be depending on how you read their statements), this is a reversal in
a position, at best.
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:29 PM EDT |
And it's unclear to me how 1960s/70s malloc code, or early 90s BPF, falls under
high-end SMP type stuff.
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:43 PM EDT |
That ancient malloc code might not be remarkable in itself, but it did appear in
the the Itanic subtree of the Linux kernel. Given that the bad blood between
SCO and IBM stems from Monterey, it's natural that SCO's people would be raking
for muck in the IA64 port.
Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 05:46 PM EDT |
Most likely all they are blocking are ports 21(ftp), 80(http) and 443
(https/ssl).
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:08 PM EDT |
| Mw,
Given that SCOG was shaking down some of the AT&T lisencees IBM, SUN and
Microsoft
in late 2002 and IBM called them on their bluff. SGOG had to do something,
so they came up with the convinient fiction that big blue had some how given
the linux hippies (those commie pinko rats) the keys to the store.
Read about the Trillian Project, The HA Linux Project, and The Linux Scaliblity
Project to find some of the original sponsors.
All before Itty Bitty Machines started pushing the "Linux Solution" and
supporting the project...
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:11 PM EDT |
| Mw - Except that
1. it's the Old SCO (although I guess there might some people at the New SCO who
rememer being involved) that was in Monterey.
2. According to Claybrook, IBM was the only company who was interested. Sounds
to me more like IBM rescuing SCO, after everybody else was happy to let them
drown.
3. They didn't seem too unhappy at the time
4. The law suit is against IBM. Despite SCO now saying the code is general
evidence against Linux, CNET says they were presenting it otherwise just days
ago.
5. If there is evidence of wrong-doing in this code, it doesn't seem to
implicate IBM.
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:14 PM EDT |
| MW:
6. BPF definitely, and ancient malloc code (with one line or so possibly in
dispute) doesn't really fit the "high-end SMP" type stuff McBride was presenting
it as about on July 21st
7. BPF definitely, and by the looks of it the malloc stuff, are found in BSD.
According to the transcript of July 21st that I just read, McBride told DiDio
that the examples were not BSD.
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:16 PM EDT |
| > Given that the bad blood between SCO and IBM stems from Monterey...
Caldera/SCO was never involved in Project Monterey. That was the old Santa Cruz
Operation. IBM announced that it was pulling out of Monterey, and transferring
the technologies to linux, a full nine months before Caldera purchased the UNIX
properties from Santa Cruz Operation. That's what makes so many of Caldera/SCO's
lawsuit claims ludicrous. Caldera purchased these properties months after
the Monterey cancellation was public knowledge. At the same announcement, IBM
stated that the technologies that had been contributed by IBM to Monterey would
now be going into linux. Caldera knew this. They were IBM's supplier of linux at
the time.
All these claims from Caldera about how they were tricked or surprised by IBM's
decision to move certain technologies into linux are so much rubbish. Their
claims that this behavior "devalued" the UNIX properties is also ludicrous;
Caldera knew of the Monterey cancellation AND the move toward linux months
before they closed the deal to buy the UNIX properties. If they did not
correctly factor that knowledge into the price they were willing to pay, then
that is their problem. It sounds to me like the Santa Cruz Operation got the
best of them in a price negotiation, and sold them a bag of 20- and 30-year-old
for a lot more than it was worth. That's not IBM's fault, and there's no reason
IBM should pay Caldera for their own mistake.
Bob[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:22 PM EDT |
| quartermass,
IBM has shown themselves to be tepid to lukewarm at best over the prospects
of the IA64 chip family. SCOG, views these chips, slow -- very slow selling
chips<br<
as their salvation. Big Blue, didn't and doesn't.
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 06:25 PM EDT |
| I don't get your point D?
So what? I wasn't aware of IBM being under a contractual obligation to enthuse
about IA64 chips?
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 07:02 PM EDT |
| quartermass,
My point? Good question, to put it simply, I view Blues participation
in P. Monterey as a vapor product. Their actions seem to show that I
might be correct. The ironic part is that HP, SGI and the rest of the
Trillian partners, beat BB to the punch. And SCOG is too stupid to
realize this.
q, you are very good at getting links to relevant information. And I do
apreciate your work. Try finding the following, "vaporware", FUD, and
"You can't get fired for buying ..." And you will find out who these terms
originally were coined for.
D.[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 07:03 PM EDT |
| Montavista news
http://
asia.cnet.com/newstech/industry/0,39001143,39148108,00.htm
quatermass - SCO
delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 07:14 PM EDT |
| D, I am very familiar with IBM's history, so no need to patronize
If P. Monterey was vapor, it's at least arguable why it stayed that way.
If one of the SCO's suffered, it was old SCO, not new SCO.
In any case, Old SCO was involved, not new SCO. New SCO must have known, or at
the very least should have known, Monterey was dead in the water, before they
got involved with their UNIX acquisition.
If Monterey is the cause, why wait so long?
If Monterey is the cause, why is new SCO suing, not old SCO?
And I'm still unaware of IBM being under any obligation to enthuse about IA64,
let along exclusively enthuse about IA64.
And maybe I'm dense, but I stll don't see the relevance of your "tepid to
lukewarm" comment, to any of my previous posts. So I can't figure out why you
addressed it to me.
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 07:19 PM EDT |
http://www.eweek.com/
article2/0,3959,1229507,00.asp
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 07:21 PM EDT |
quartermass and Bob: there seems to be some confusion over what Caldera
bought. Old-SCO split itself into a number of subsidiaries, and it was the
Unix-related business units (not just licenses) that Caldera bought.
That makes Scaldera, rather than Tarantella, the continuation of the business
that participated in Monterey. That's why new-SCO brought it into their
lawsuit: "On or about May 2001, IBM notified plaintiff that it refused to
proceed with Project Monterey, and that IBM considered Project Monterey to be
'dead.' In fact, in violation of its obligations to SCO, IBM chose to use and
appropriate for its own business the proprietary information obtained from SCO."
So, even if they can't ultimately trace it to IBM, the IA64 port is going to be
one of the places they will have concentrated on to find simliarities with
Linux. It's certainly true that new-SCO's findings aren't doing a very good
job of supporting the claims, but it's easy to see why that portion of
the source tree would be interesting to the company, and why any simliarities
found there would lead them to jump so quickly to allegations of plagiarism.
(monterey wasn't just an IBM-SCO thing. Pre-IBM Sequent, Compaq, Samsung,
Unisys, Bull, Acer and ICL were also on board.)
Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 07:57 PM EDT |
| Mw, I am aware of what they bought
But
> That makes Scaldera, rather than Tarantella, the continuation of the business
that participated in Monterey
is open to dispute. IBM will (already have in their filing), argued that.
Ignoring the legal side, and thinking about purely the *justice* side. If the
business units were damaged (by IBM or anybody else or any other cause), prior
to new SCO's purchase... and new SCO took that into account in the purchase
price, it's hard to argue, they suffered.
Let's say I buy a wrecked car from the scrap yard for $50. Am I going to get any
joy suing the people who wrecked it and arguing that if they hadn't, I'd have
got a mint condition classic Ferrari for $50? What about if I use the $50 scrap
metal in my business for 2 years, then turn round and say, I'm not making money,
now I realize I should have had that mint Ferrari for $50.
IA64:
- All the pre-IBM and non-IBM stuff, except possibly for IBM subsiduaries, is
NOT relevant to the SCO case which is AGAINST IBM!
- It also doesn't change the fact that SCO presented this as "proof" against IBM
(read that CNET article). If anybody is implicated, it's SGI, and possibly
HP.
- It also doesn't change the fact that SCO represented their "proof" as not
being BSD.
- Both the above two items, could be relevant to IBM's counter claims.
If I say Ian is a member of this Club, and commits this type of crime, here's
the proof... but later, when it's revealed that the "proof" is not related to
Ian at all... so I say well actually it's not about Ian, it's just some other
member of the Club.... I would still have libelled Ian... at least in the moral
sense, and quite possibly in the legal sense too.
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 08:30 PM EDT |
The SCO site is not just filtering ports (I think).
I used tcptraceroute with the destination port set at 25 (smtp)
I got the same result as others are seeing with regular traceroute.
style="height: 2px; width: 20%; margin-left: 0px; margin-right: auto;">whoever[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 08:52 PM EDT |
Ignoring the legal side, and thinking about purely the *justice*
side. If the business units were damaged (by IBM or anybody else or any other
cause), prior to new SCO's purchase... and new SCO took that into account in the
purchase price, it's hard to argue, they suffered.
The timing is very interesting there, actually. Scaldera claims that IBM
closed down the alliance in May 2001, the same month the transfer from old-SCO
to Caldera was made final. (The buyout was first announced in August 2000)
Given that version of the timeline, Caldera wouldn't have been able to figure
the ended collaboration into its purchase price.
Caldera apparently screwed up big time on the due diligence, and didn't make
sure that there was any guarantee of deliverables attached to that project.
With an aging legacy product line that was seeing a trend of decreasing revenues
over the past few years, and the cancellation of the hoped-for replacement, they
had to find a way to squeeze a return out of the purchase. Hence, SCOsource.
SCOsource never had IBM as its only target. It was set up as "a division of
SCO that will expand the licensing of the company's core intellectual property,
including the core UNIX source code." That's why contributions from SGI (or
according to some accounts, mislabeled HP contributions) are being put on
display. (The packet filter example looks like plain old confusion on
Scaldera's part, it really looks as though Scaldera may not be privy to all the
details of the BSD/USL settlement.) IBM just happens to be their biggest fish
at the moment. It's doubtful they have the resources to actually go through
with filing suits against more companies simultaneously, so they're hoping to
leverage the publicity from the IBM suit into bringing other potential sources
of license revenue into submission.
Sure it's a stupid business plan, but having seriously screwed themselves
with a stupid purchase, there really wasn't a lot left for Caldera to do,
besides sitting around quietly in the corner and going out of business.
Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:11 PM EDT |
> The timing is very interesting there, actually. Scaldera claims that IBM
closed down the alliance
in May 2001, the same month the transfer from
old-SCO to Caldera was made final.
Public
announcement of Monterey cancellation on August 28, 2000, nine months before
purchase of UNIXware by Caldera.
Bob[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:40 PM EDT |
| Re: Timing
This is from SCO's amended complaint:
58. By about May 2001, all technical aspects of Project Monterey had been
substantially completed. The only remaining tasks of Project Monterey involved
marketing and branding tasks to be performed substantially by IBM.
59. On or about May 2001, IBM notified plaintiff that it refused to proceed
with Project Monterey, and that IBM considered Project Monterey to be “dead.”
Bob's link noted
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:40 PM EDT |
| Re: Timing
This is from SCO's amended complaint:
58. By about May 2001, all technical aspects of Project Monterey had been
substantially completed. The only remaining tasks of Project Monterey involved
marketing and branding tasks to be performed substantially by IBM.
59. On or about May 2001, IBM notified plaintiff that it refused to proceed
with Project Monterey, and that IBM considered Project Monterey to be “dead.”
Bob's link noted
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:44 PM EDT |
| Blast from the past
http://www.vnunet.com/Analysis/110
9965
"We won't make Unix proprietary," said [Caldera CEO, Ransom] Love. "The future
is an open internet platform."
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:45 PM EDT |
| Yeah, the article called it "killing" and the product was renamed to AIX 5L at
that point, but that article differs from IBM's own initial L5 description (Mw [ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:48 PM EDT |
Ugh, that got mangled. IBM's initial description of L5 is in google's cache. THe IA-64 port hadn't yet been killed, still
listed as a future product, and that port would have been where SCO would be
anticipating volume revenues.
Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:50 PM EDT |
| quatermass: wonderful links. I feel sure that D was not talking down to you. I
don't get that from what he wrote, anyway.
On Project Monterey, as it happens, I'm working on an article about it. Sneak
peak at bottom line: they didn't want to go forward with it either at the time.
As
usual, history has been rewritten. There were market forces that convinced
everybody to stop, from all that I can see. If anyone has any other links
(thanks Bob) by all
means contribute. I should have it done in about a week.
Thanks to everyone for figuring out what is going on with the site being down,
or a reasonable facsimile. If accusations are made, I'll be surprised. Also
ready.
pj[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 09:55 PM EDT |
| Another PJ attention!
Another interesting thing - SCO became interested in reviving Monterey in August
2002
http://www.informat
ionweek.com/story/IWK20020830S0023
"We've got a lot of technology done from Project Monterey."
"It would be a large investment," Broughton admits.
To me at least, it certainly doesn't sound like all the technical aspects were
completed according to item 58 in their amended complaint.
quatermass - SCO
delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:06 PM EDT |
| http://ww
w.linuxworld.com.au/index.php?id=902739782&fp=2&fpid=1
Press seems to have upgraded Perens analysis from "Linux advocates" to
"experts"
http:
//www.cmpnetasia.com/ViewArt.cfm?Artid=21004&Catid=8&subcat=79
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:06 PM EDT |
Yeah, definitely doubts that the product was finished by May. This IT Week article has SCO/Caldera
announcing a 5L beta in late April 2001. And yeah, there were some remarks
later on from Ransome Love (I think it was him) about how there was plenty of
life in 32-bit after all, and that a 64-bit Unix could wait. The spin goes into
so many odd directions.
Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:33 PM EDT |
| Maybe this is what got SCO's knickers in a twist, 2.5 years after the fact
http://www.google.com/search?q=
cache:zbqiT5dR9jYJ:techupdate.zdnet.com/sp/stories/news/0,4538,2617766,00.html+C
aldera/SCO's+take+can+be+summed+up+&hl=en&ie=UTF-8
"Caldera/SCO's take can be summed up as it can see why it is time to wind up
Monterey. After all, with the advances of Project Trillian, 64-bit Linux for
Intel, there's little practical point to spending more time and effort on
advancing another 64-bit Unix. IBM's timing and presentation, however, are
another matter."
http://linuxtoday
.com/infrastructure/archives/200008/21
quatermass - SCO delenda est[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 10:42 PM EDT |
| In all fairness to SCO, big companies do sometimes take small companies for
loads of IP by "partnering' with them on development projects. The big company
usually assumes that they can either win in court or keep the small company
paying lawyers until they go out of business.
This being said, if IBM really took SCO for a ride, why isn't SCO suing IBM over
AIX rather than Linux, and why did they wait so long?
Hmmmm...
Alex Roston[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Sunday, August 24 2003 @ 11:44 PM EDT |
The SCO spin on suing IBM over LInux rather than AIX/Monterey seems to be that
IBM is promoting Linux on Intel hardware where AIX could have been sold. The
xSeries 380 from 2001 was mostly marketed as a development platform, with the
450 being their first really production-oriented Itanium system. The x450
officially shipped in May after some delays (it was originally announced to ship
at the start of 2003). This release, sans AIX, would seem to have been the
final coat of pavement over the last nail in Monterey's coffin, so that might
partially explain the suit's timing.
Mw[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Monday, August 25 2003 @ 03:16 AM EDT |
| This actually reminds me on the analysis of the latest version of the Sobig
virus.
Look at pages:
http://www.f-sec
ure.com/news/items/news_2003082300.shtml
http://www.f-secure.com/v-d
escs/sobig_f.shtml
It was supposed to download its second stage payload from one of 20 servers
around the world
at Aug 22 19:00 UTC.
Afterwards the second stage is supposed to activate.
F-secure claims that 19 of 20 machines were taken downline before 19:00UTC, one
machine was up and remained tons of requests. The 20th machine got swamped under
the requests.
There is also a mention that it will also activate on 24th August.
That provides two possibilities:
1. One of the machines was in the mentioned subnet.
2. One of the machines was one of the mentioned servers and hence the DDos.
The mention on Aug 24 may be the reason why it is still down.
Robvarga[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Monday, August 25 2003 @ 10:39 AM EDT |
| IP expert seeks clarification on some of Eben Moglen's assertions:
http://www.theregister.c
om/content/35/32479.html
Belzecue[ Reply to This | # ]
|
|
|
| Authored by: Anonymous on Thursday, August 28 2003 @ 03:01 PM EDT |
| If this whole mess is funded by Microsoft and that is why SCO is
willing to trash their future. It would seemt to me that Microsoft
would give SCO money to fund their legal costs (as they are doing) but
the pay off would be to one or more of the other Canopy Group companies.
Is anyone checking the money trail with the other Canopy Group companies?
Don
Tornquist[ Reply to This | # ]
|
|
