They probably deserve their own shitlist/local business review thread. Nothing wrong with learning Novell though.
Hell they can't even secure some of their own servers that are exposed to the internet. I think it is because the documentation of the internal workings of their software is so weak. I wanted to review the security of a webmail server running GroupWise a long time ago, and I really couldn't find shit on what actual software the server was running, any guidelines on securing it, or any methods to get it abstracted from internal architecture. The funny thing is I bet theres 50 ways to do all that, just badly documented, and in turn badly implemented (even by their own staff).
Anyway that investigation led to findings of Netscape Enterprise Server dropping directory listings instead of the server's index pages when I sent some HTTP commands in lowercase, default scripts installed by Novell with the server that let unauthenticated users browse NDS from the web with the security context of the server, and scripting examples that allow you to run code on the server. I'm interested if anybody knows about updates to WebAccess? I imagine I'm like an NT newb bitching about security issues in NT3.51. Not that the Novell server implementation was near that old though.
I moved your thread over to local businesses, what do you think Grifter? Shitlist or Local Businesses?