Sidebar

Industry Notes from the Underground

Commentary
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

HP Indemnifies Linux Customers

On October 1, 2003, Hewlett-Packard began indemnifying its Linux customers against any future action from the SCO Group. This means that if your company has obtained and loaded Linux from HP, the manufacturer will shield your organization from any threatened legal action from SCO.

As you may recall, SCO filed a $1 billion lawsuit against IBM for "stealing" code from UNIX and then said it would go after customers who had bought Linux as well. Since that time, the SCO lawsuit has risen to $3 billion, IBM has countersued, and SCO has created a $699 license that Linux customers can purchase. (Recent reports indicated that only one Linux customer has purchased this license.) This created a silent panic in the customer movement toward the Linux operating system: Would SCO come after them too?

The SCO-IBM suit is going to take years to iron out in the courts, who the winner will be is unclear, and customer FUD factor for Linux has been substantially bolstered--and funded--by Microsoft's support of SCO's action through its own purchase of a license agreement for UNIX technology that it has never pursued.

Now, this HP announcement clears a path through this legal car wreck so that companies that want to make the move toward Linux can do so without recklessly endangering their own organizations by opening them to legal repercussions.

HP will offer full legal indemnification to customers buying Linux on HP hardware with a standard support package after they sign an addendum to their sales contract. Under the contract, no modifications to the source code can be made, but desired changes can be discussed with HP on a case-by-case basis.

Industry analysts are also predicting that IBM will soon follow HP's lead, also indemnifying its own Linux customer base. By offering this protection, IT can get on with their management's directives to get beyond the Microsoft Windows server environment--with its high maintenance licensing fees, maintenance contracts, and questionable safety record.

IBM Ups the Stakes in SCO Countersuit

Meanwhile, IBM has gone back to court to amend its countersuit against SCO Group. Last August, IBM filed its initial legal action against SCO, claiming that SCO had violated the GNU General Public License (GPL) software license that governs Linux and infringed upon a number of IBM software patents. The lawsuit asserts that SCO's rights to distributed Linux had been terminated but that the company continued to sell Linux for some period. IBM's new amendment to its countersuit has added the charge of copyright infringement.

IBM is also asking the court to rule on whether SCO has the right to seek the $699 per-processor licensing fee that SCO now demands of Linux users. According to IBM's legal brief, "SCO has no right to assert...proprietary rights over programs that SCO distributed under the GPL." Last month, SCO began threatening to send out invoices directly to the largest Linux customers, demanding payment on the license fee. This legal move by IBM is an attempt to get a quick ruling to prevent a kind of extortion from impacting IBM's customer base.

"Microsoft Windows" Safety Report?

Meanwhile, a report studying the impact of operating system "monoculture" has become cannon fodder to the battle between Microsoft supporters and detractors. The report entitled "CyberInSecurity: The Cost of Monopoly" and subtitled "How the Dominance of Microsoft's Products Pose a Risk to Security" was crafted by seven independent IT security researchers and released through the highly partisan Computer and Communications Industry Association (CCIA).

The report's primary contention is that, in a global environment, the dominance of any single vendor's product group makes those products natural targets for hackers. Microsoft's monopoly stature--controlling over 95% of the desktops with its proprietary Windows and Office products--is predisposed to attacks simply because its presence is so pervasive.

A quote from the report reads: "Because Microsoft's near-monopoly status itself magnifies security risk, it is essential that society become less dependent on a single operating system from a single vendor if our critical infrastructure is not to be disrupted in a single blow. The goal must be to break the monoculture. Efforts by Microsoft to improve security will fail if their side effect is to increase user-level lock-in."

The report goes on to detail how Microsoft's market strategies and proprietary hold on its products actually prevents progress from being made to secure them, and it calls for governments to take action with internal procurement policies that will break up the government's reliance upon any single system.

Interesting enough, this is exactly the same message that IBM has been promoting in its e-Government initiatives, but with a slightly different spin.

IBM's position is that governments need to follow open standards for interoperability between agencies across government and should consider the use of open-source technologies to provide the most cohesive applications from a diverse group of operating system and application vendors. Of course, at the top of that list is IBM's own product, supported by the IBM cross-platform Linux implementation.

According to the CCIA released study, "The threats to international security posed by Windows are significant and must be addressed quickly." The report then discusses the problem in principle, Microsoft and its actions in relation to those principles, and the social and economic implications for risk management and policy.

The risk management to the authors of the report, however, was evidently not considered. One of them, @stake CTO Daniel Geer, was immediately fired by his company upon the report's publication.

@stake is a national consulting company that specializes in providing security solutions and consultations to large, multinational corporations and evidently doesn't want to be associated with any anti-Microsoft movement, no matter what.

@stake's official perspective about the cyber-threat posed by hackers and worms is considerably more Microsoft-neutral than Daniel Geer's. In fact, the company's recent September 10, 2003 testimony before the US Congressional hearings entitled "Worm and Virus Defense: How Can We Protect the Nation's Computers from These Threats?" only mentions Microsoft three times and only in passing.

This strikes this reporter as being somewhat odd. Why? Because the hearings were called in response to the specific attacks on Microsoft products by the worms Blaster.D and Sobig.F! Instead of addressing Microsoft's specific vulnerabilities, @stake's testimony focuses upon how the rogue programs penetrate systems, seeming to ignore the possibility that the underlying security architecture of the operating system may be at fault.

Indeed, Blaster.D and Sobig.F specifically targeted Microsoft systems because of their documented vulnerabilities and Microsoft's inability to provide a plausible security response.

Yet, in light of circumstances, @stake's testimony at the hearings made perfect sense: The majority of @stake's clientele are companies who have hired them to secure the Microsoft products that have been installed. No CEO in his right mind would diss the goose that laid the golden egg, and @stake's subsequent firing of the author of a report criticizing Microsoft--and one that contradicts its official US Congressional testimony--was probably a foregone conclusion.

As the Worm Turns

Meanwhile, the speculation about who released Sobig.F and Blaster.D and why continues to revolve around professional spam artists. As reported here last month, FBI and Department of Homeland Security officials now believe these rogue programs are part of an international effort to build a spam network composed of household and company computers, controlled anonymously by hackers who would sell access to the network to the highest bidder. By implanting worms into these machines, spammers could buy bandwidth from these hackers to send out their messages. By doing this, they can still remain hidden to network officials and police.

The implications of such a threat--based upon Microsoft's contentious vulnerabilities and its unparalleled dominance on desktops--are exactly what the CCIA report is talking about.

Anti-Spammer Blacklist Purveyors Throw in the Towel

Yet, because officials seem somewhat blind to this specific kind of threat, Internet activists have been trying to take vigilante actions.

One of these actions was an informal network of email "blacklists" that identified the SMTP open relays through which spammers sent their missives. Internet administrators could subscribe to these lists, obtain IP addresses of known spamming computers, and then filter out any communications sent to their servers.

Unfortunately, some of these anti-spam, blacklist Web sites--along with their owners--have paid the ultimate Internet price: Distributed Denial of Service (DDoS) attacks. According to these owners, spammers shut them down so hard that their actual businesses were threatened. And last week, after fighting unsolicited commercial email for years, two of these online anti-spam businesses threw in the towel.

Ron Guilmette, owner of independent software company Monkeys.com, and Joe Jared, owner of foot orthopedics design business Orisoft.com, had their anti-spam, blacklist Web sites shut down by hackers who ravaged their online businesses with DDoS and other attacks. A third blacklist provider, Compu-Net Enterprises, also ended public distribution of its blacklist because of similar fears.

In an open email posting on an email abuse online bulletin board, Guilmette announced his "unconditional surrender" so that spammers would stop the attacks.

"I am deeply sorry that I have to withdraw from this fight, but at this point I clearly have no choice," he wrote. "I will simply not be allowed to continue fighting spam. I don't have either the bandwidth or the level of interest among either big network providers or law enforcement authorities that is clearly necessary in order to fight this kind of concentrated onslaught from thousands of separate zombie machines at a time. I would be the first to say that it is a damn shame that the bad guys have won yet another round, but their really isn't a damn thing that I can do about it."

According to Guilmette, his focus on anti-spam efforts in recent months attracted the wrath of the spammers. By working with Internet service providers around the world, he and his colleagues constructed an "open proxy honeypot network." These proxies used automated logging software to see where spammers were hijacking access on insecure servers to send out spam. The honeypot collected the IP addresses of the spammers, and he and others then used those addresses to get the Internet's largest spammers kicked off the network by their own service providers.

In response, spammers seemed to have rallied to place Guilmette's own Internet connection under a DDoS. Guilmette attempted to retaliate to get his service under control, but after the last attack, he said, "I'm done fighting spam. I didn't decide this. The spammers have done this for me. I can't do this work if I can't connect to the Internet."

Meanwhile, analysts from a number of companies that track the progress against spammers called the shutdowns "a massive blow to the movement." According to these analysts, FBI and other officials are still failing to take these kinds of attacks seriously, and businesses are at risk if they become the targets of the spam industry's wrath.

With the Internet becoming the feeding ground for this kind of underworld activity--and with insecure software remaining the status quo--the entire e-business model seems increasingly problematic.

Microsoft Settles California Class-Action Suit

Now imagine what would happen if Microsoft were in some way found liable for the security flaws in its products. Could it survive such a legal onslaught? Could it even happen?

Perhaps or perhaps not! But if recent events are any measure of the stakes involved for the company, we're seeing Microsoft's financial vulnerabilities beginning to show.

For instance, if you or your company purchased Microsoft products in California between February 18, 1995, and December 15, 2001, you're entitled to participate in the class-action settlement that Microsoft signed last June with the State of California. Microsoft has agreed to pay up to $1.8 billion in vouchers to individuals and businesses. These vouchers can be used to purchase desktop computers, laptops, tablet computers, printers, scanners, monitors, keyboards, printing devices, and software made by any manufacturer.

The settlement was reached last June as a direct result of the anti-monopoly legal actions taken by the US Department of Justice and the California DOJ in response to Microsoft's anti-competitive marketing and bundling schemes.

Individuals and companies that purchased specific Microsoft products within the State of California--individually or in volume--between the specified dates can claim the following:

  • $16 for each Microsoft Windows or MS-DOS license
  • $29 for each Microsoft Office license
  • $5 for each Microsoft Word, Home Essentials, or Works Suite license
  • $26 for each Microsoft Excel license

For home users who kept their desktops up-to-date during the five years specified, this is like a Microsoft tax refund.

For companies that performed roll-outs of new products as they were released during that time, the monetary value of the vouchers quickly becomes significant.

If you are a California home computer user and are claiming up to five product licenses, you don't need to have the product license key. More than five product claims require you to provide either product key numbers for the CDs or documentation of purchase.

More information about this California settlement--including FAQs, claim forms, and the complete terms of the settlement--are available at the special Microsoft California Settlement Web site.

The point is that Microsoft can be held liable, and the legal and financial consequences are not trivial to the company. If the corporation should be found liable in a "product defect" lawsuit related to its security flaws, this current class action settlement of $1.8 billion would seem like peanuts, and the overall impact to both the company and the desktop computing and e-business communities could be devastating.

In this light, the SCO-IBM lawsuit, the HP indemnifications, the virus and spam efforts of the underworld, and the reluctance of the political and legal officials to take action bode ill for the future of our profession as a whole. Where would we go? How would we manage? What would be the future of e-business and the Internet?

Your guess is as good as mine.

Thomas M. Stockwell is Editor in Chief of MC Press, LP.

Thomas Stockwell

Thomas M. Stockwell is an independent IT analyst and writer. He is the former Editor in Chief of MC Press Online and Midrange Computing magazine and has over 20 years of experience as a programmer, systems engineer, IT director, industry analyst, author, speaker, consultant, and editor.  

 

Tom works from his home in the Napa Valley in California. He can be reached at ITincendiary.com.

 

 

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

RESOURCE CENTER

  • WHITE PAPERS

  • WEBCAST

  • TRIAL SOFTWARE

  • White Paper: Node.js for Enterprise IBM i Modernization

    SB Profound WP 5539

    If your business is thinking about modernizing your legacy IBM i (also known as AS/400 or iSeries) applications, you will want to read this white paper first!

    Download this paper and learn how Node.js can ensure that you:
    - Modernize on-time and budget - no more lengthy, costly, disruptive app rewrites!
    - Retain your IBM i systems of record
    - Find and hire new development talent
    - Integrate new Node.js applications with your existing RPG, Java, .Net, and PHP apps
    - Extend your IBM i capabilties to include Watson API, Cloud, and Internet of Things


    Read Node.js for Enterprise IBM i Modernization Now!

     

  • Profound Logic Solution Guide

    SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation.
    Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects.
    The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the companyare not aligned with the current IT environment.

    Get your copy of this important guide today!

     

  • 2022 IBM i Marketplace Survey Results

    Fortra2022 marks the eighth edition of the IBM i Marketplace Survey Results. Each year, Fortra captures data on how businesses use the IBM i platform and the IT and cybersecurity initiatives it supports.

    Over the years, this survey has become a true industry benchmark, revealing to readers the trends that are shaping and driving the market and providing insight into what the future may bring for this technology.

  • Brunswick bowls a perfect 300 with LANSA!

    FortraBrunswick is the leader in bowling products, services, and industry expertise for the development and renovation of new and existing bowling centers and mixed-use recreation facilities across the entertainment industry. However, the lifeblood of Brunswick’s capital equipment business was running on a 15-year-old software application written in Visual Basic 6 (VB6) with a SQL Server back-end. The application was at the end of its life and needed to be replaced.
    With the help of Visual LANSA, they found an easy-to-use, long-term platform that enabled their team to collaborate, innovate, and integrate with existing systems and databases within a single platform.
    Read the case study to learn how they achieved success and increased the speed of development by 30% with Visual LANSA.

     

  • Progressive Web Apps: Create a Universal Experience Across All Devices

    LANSAProgressive Web Apps allow you to reach anyone, anywhere, and on any device with a single unified codebase. This means that your applications—regardless of browser, device, or platform—instantly become more reliable and consistent. They are the present and future of application development, and more and more businesses are catching on.
    Download this whitepaper and learn:

    • How PWAs support fast application development and streamline DevOps
    • How to give your business a competitive edge using PWAs
    • What makes progressive web apps so versatile, both online and offline

     

     

  • The Power of Coding in a Low-Code Solution

    LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed.
    Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

    • Discover the benefits of Low-code's quick application creation
    • Understand the differences in model-based and language-based Low-Code platforms
    • Explore the strengths of LANSA's Low-Code Solution to Low-Code’s biggest drawbacks

     

     

  • Why Migrate When You Can Modernize?

    LANSABusiness users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
    In this white paper, you’ll learn how to think of these issues as opportunities rather than problems. We’ll explore motivations to migrate or modernize, their risks and considerations you should be aware of before embarking on a (migration or modernization) project.
    Lastly, we’ll discuss how modernizing IBM i applications with optimized business workflows, integration with other technologies and new mobile and web user interfaces will enable IT – and the business – to experience time-added value and much more.

     

  • UPDATED: Developer Kit: Making a Business Case for Modernization and Beyond

    Profound Logic Software, Inc.Having trouble getting management approval for modernization projects? The problem may be you're not speaking enough "business" to them.

    This Developer Kit provides you study-backed data and a ready-to-use business case template to help get your very next development project approved!

  • What to Do When Your AS/400 Talent Retires

    FortraIT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators is small.

    This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:

    • Why IBM i skills depletion is a top concern
    • How leading organizations are coping
    • Where automation will make the biggest impact

     

  • Node.js on IBM i Webinar Series Pt. 2: Setting Up Your Development Tools

    Profound Logic Software, Inc.Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. In Part 2, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Attend this webinar to learn:

    • Different tools to develop Node.js applications on IBM i
    • Debugging Node.js
    • The basics of Git and tools to help those new to it
    • Using NodeRun.com as a pre-built development environment

     

     

  • Expert Tips for IBM i Security: Beyond the Basics

    SB PowerTech WC GenericIn this session, IBM i security expert Robin Tatam provides a quick recap of IBM i security basics and guides you through some advanced cybersecurity techniques that can help you take data protection to the next level. Robin will cover:

    • Reducing the risk posed by special authorities
    • Establishing object-level security
    • Overseeing user actions and data access

    Don't miss this chance to take your knowledge of IBM i security beyond the basics.

     

     

  • 5 IBM i Security Quick Wins

    SB PowerTech WC GenericIn today’s threat landscape, upper management is laser-focused on cybersecurity. You need to make progress in securing your systems—and make it fast.
    There’s no shortage of actions you could take, but what tactics will actually deliver the results you need? And how can you find a security strategy that fits your budget and time constraints?
    Join top IBM i security expert Robin Tatam as he outlines the five fastest and most impactful changes you can make to strengthen IBM i security this year.
    Your system didn’t become unsecure overnight and you won’t be able to turn it around overnight either. But quick wins are possible with IBM i security, and Robin Tatam will show you how to achieve them.

  • Security Bulletin: Malware Infection Discovered on IBM i Server!

    SB PowerTech WC GenericMalicious programs can bring entire businesses to their knees—and IBM i shops are not immune. It’s critical to grasp the true impact malware can have on IBM i and the network that connects to it. Attend this webinar to gain a thorough understanding of the relationships between:

    • Viruses, native objects, and the integrated file system (IFS)
    • Power Systems and Windows-based viruses and malware
    • PC-based anti-virus scanning versus native IBM i scanning

    There are a number of ways you can minimize your exposure to viruses. IBM i security expert Sandi Moore explains the facts, including how to ensure you're fully protected and compliant with regulations such as PCI.

     

     

  • Encryption on IBM i Simplified

    SB PowerTech WC GenericDB2 Field Procedures (FieldProcs) were introduced in IBM i 7.1 and have greatly simplified encryption, often without requiring any application changes. Now you can quickly encrypt sensitive data on the IBM i including PII, PCI, PHI data in your physical files and tables.
    Watch this webinar to learn how you can quickly implement encryption on the IBM i. During the webinar, security expert Robin Tatam will show you how to:

    • Use Field Procedures to automate encryption and decryption
    • Restrict and mask field level access by user or group
    • Meet compliance requirements with effective key management and audit trails

     

  • Lessons Learned from IBM i Cyber Attacks

    SB PowerTech WC GenericDespite the many options IBM has provided to protect your systems and data, many organizations still struggle to apply appropriate security controls.
    In this webinar, you'll get insight into how the criminals accessed these systems, the fallout from these attacks, and how the incidents could have been avoided by following security best practices.

    • Learn which security gaps cyber criminals love most
    • Find out how other IBM i organizations have fallen victim
    • Get the details on policies and processes you can implement to protect your organization, even when staff works from home

    You will learn the steps you can take to avoid the mistakes made in these examples, as well as other inadequate and misconfigured settings that put businesses at risk.

     

     

  • The Power of Coding in a Low-Code Solution

    SB PowerTech WC GenericWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed.
    Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

    • Discover the benefits of Low-code's quick application creation
    • Understand the differences in model-based and language-based Low-Code platforms
    • Explore the strengths of LANSA's Low-Code Solution to Low-Code’s biggest drawbacks

     

     

  • Node Webinar Series Pt. 1: The World of Node.js on IBM i

    SB Profound WC GenericHave you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.
    Part 1 will teach you what Node.js is, why it's a great option for IBM i shops, and how to take advantage of the ecosystem surrounding Node.
    In addition to background information, our Director of Product Development Scott Klement will demonstrate applications that take advantage of the Node Package Manager (npm).
    Watch Now.

  • The Biggest Mistakes in IBM i Security

    SB Profound WC Generic The Biggest Mistakes in IBM i Security
    Here’s the harsh reality: cybersecurity pros have to get their jobs right every single day, while an attacker only has to succeed once to do incredible damage.
    Whether that’s thousands of exposed records, millions of dollars in fines and legal fees, or diminished share value, it’s easy to judge organizations that fall victim. IBM i enjoys an enviable reputation for security, but no system is impervious to mistakes.
    Join this webinar to learn about the biggest errors made when securing a Power Systems server.
    This knowledge is critical for ensuring integrity of your application data and preventing you from becoming the next Equifax. It’s also essential for complying with all formal regulations, including SOX, PCI, GDPR, and HIPAA
    Watch Now.

  • Comply in 5! Well, actually UNDER 5 minutes!!

    SB CYBRA PPL 5382

    TRY the one package that solves all your document design and printing challenges on all your platforms.

    Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product.

    Request your trial now!

  • Backup and Recovery on IBM i: Your Strategy for the Unexpected

    FortraRobot automates the routine tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
    - Simplified backup procedures
    - Easy data encryption
    - Save media management
    - Guided restoration
    - Seamless product integration
    Make sure your data survives when catastrophe hits. Try the Robot Backup and Recovery Solution FREE for 30 days.

  • Manage IBM i Messages by Exception with Robot

    SB HelpSystems SC 5413Managing messages on your IBM i can be more than a full-time job if you have to do it manually. How can you be sure you won’t miss important system events?
    Automate your message center with the Robot Message Management Solution. Key features include:
    - Automated message management
    - Tailored notifications and automatic escalation
    - System-wide control of your IBM i partitions
    - Two-way system notifications from your mobile device
    - Seamless product integration
    Try the Robot Message Management Solution FREE for 30 days.

  • Easiest Way to Save Money? Stop Printing IBM i Reports

    FortraRobot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing.
    Manage your reports with the Robot Report Management Solution. Key features include:

    - Automated report distribution
    - View online without delay
    - Browser interface to make notes
    - Custom retention capabilities
    - Seamless product integration
    Rerun another report? Never again. Try the Robot Report Management Solution FREE for 30 days.

  • Hassle-Free IBM i Operations around the Clock

    SB HelpSystems SC 5413For over 30 years, Robot has been a leader in systems management for IBM i.
    Manage your job schedule with the Robot Job Scheduling Solution. Key features include:
    - Automated batch, interactive, and cross-platform scheduling
    - Event-driven dependency processing
    - Centralized monitoring and reporting
    - Audit log and ready-to-use reports
    - Seamless product integration
    Scale your software, not your staff. Try the Robot Job Scheduling Solution FREE for 30 days.