Slashdot Mirror

The NetworkWorld article mentions that according to ClearWire, LTE will be out in 2011, but according to Telenor they will have in operation by 2010. The claims of both sides should of cause be taken with a grain of salt.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9122719&intsrc=news_ts_head
Opera 10 alpha aces Acid3 browser test
Newest preview boosts browsing performance by 30%, claims Norwegian company

"who had no idea about computer hardware, who was in charge of the test lab at that location. the more computer sci grads i meet the smarter i feel" - by Anonymous Coward on Monday December 01, @09:44AM (#25943813)

Spoken like the typical "academia bound" wannabe - I know, I was YOU once, & thought I knew more than some guys I met who were already out in the real working world... what a mistake.

What did I find out, later in the real working world? Especially about "hardware know-how"...

LOL!

Well, first, anyone can read a review, but, is that actual "hands-on experience" with said hardwares? NO, it is not, & no one has tested EVERY KIND OF HARDWARE THERE IS... don't fool yourself, especially IF you think that YOU personally, have.

AND??

Hey, face it - Any moron can read a manual, install hardware & its drivers, & test them. I know, I did that, for YEARS, prior to realizing that I only knew a VERY LIMITED SET OF POSSIBLES IN THIS FIELD, as regards employ & skills...

AND, let's face facts: People do much the same, everyday, setting up stereos, phones, & other home appliances, for Pete's sake! They read a manual, & set it up, following directions (but, not necessarily understanding HOW it works, & THAT? That's KEY, to problem solving, period!)

So - though, after all that "said & aside"?

How many of the kind of "IT Professionals" that you describe, though, could write that driver or a better one?? Not many, if any at all.

Probably none.

ALSO - What are YOU going to do, when say, an antivirus or antispyware prebuilt script kiddie tool fails you, & per this, they often do nowadays:

----

TOP SECURITY SUITES FAIL EXPLOIT TESTS:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042 [computerworld.com]

----

What happens then, when you (the degreeless & foundationless wannabe) don't have an underlying understanding of an OS & its API that comp. sci. degrees can give someone? You'll be lost in the sauce, 9/10 times, period.

By comparison, someone with a degree and what it gives you, plus hands on years to decades of experience in & around this field, in the trenches? Most times, they can just LOOK @ a running program, & tell you how its doing what it's doing, and how (as well as how to beat it, especially in the case of malwares)...

Heh - The kind of "wannabe tech" you're describing is helpless without his forums boards, wikipedia, & automated script kiddie tools...

I've seen it, so many times, over a 17 yr. experience in this field, it's not even funny.

Fact is?

Most network admins/techs/engineers? "Users with a better password" @ best/most, & that's it, especially by comparison to say, a seasoned programmer who actually has his degrees and years of experience.

AND, yes - I've done both realms (network admin/tech/engineer as well as programmer/analyst - software engineer as my titles), & for over nearly 2 decades now, & have those things under my belt (degrees, & experience at both programming/software engineering AND network admin/engineer/tech levels) - clue:

MOST PROGRAMMERS THAT ARE ANY GOOD? HAVE TO DEAL WITH TASKS THAT NETWORK ADMINS/TECHS DO, &, are often largely assigned the same rights, so they can just set things up themselves, & not have to BOTHER the techies... why are they allowed that luxury/privelege most times?

Because they KNOW what they're doing, & many/most times, often better than the network techs/admins do... case in point? SQLServer. A DBA is needed, or a programmer that can function as one (& in MIS/IS/IT? That just "comes with the territory", & you as the coder had best be able to function with that type of BackOffice application engine)

NOW - the 1 advantage that network techs/

"That's right. Without a real computer science degree, you just wouldn't have that same access to wikipedia and google. Just because you can write an operating system in hex doesn't mean you understand anything significant about computers" - by Anonymous Coward on Monday December 01, @11:30AM (#25946031)

Ok, script kiddie: What are YOU going to do, when say, an antivirus or antispyware prebuilt script kiddie tool fails you, & per this, they often do nowadays:

----

TOP SECURITY SUITES FAIL EXPLOIT TESTS:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042

----

What happens then, when you (the degreeless & foundationless wannabe) don't have an underlying understanding of an OS & its API that comp. sci. degrees can give someone? You'll be lost in the sauce, 9/10 times, period.

By comparison, someone with a degree and what it gives you, plus hands on years to decades of experience in & around this field, in the trenches? Most times, they can just LOOK @ a running program, & tell you how its doing what it's doing, and how (as well as how to beat it, especially in the case of malwares)...

Heh - The kind of "wannabe tech" you're describing is helpless without his forums boards, wikipedia, & automated script kiddie tools...

I've seen it, so many times, over a 17 yr. experience in this field, it's not even funny.

Fact is?

Most network admins/techs/engineers? "Users with a better password" @ best/most, & that's it, especially by comparison to say, a seasoned programmer who actually has his degrees and years of experience.

AND, yes - I've done both realms (network admin/tech/engineer as well as programmer/analyst - software engineer as my titles), & for over nearly 2 decades now, & have those things under my belt (degrees, & experience at both programming/software engineering AND network admin/engineer/tech levels) - clue:

MOST PROGRAMMERS THAT ARE ANY GOOD? HAVE TO DEAL WITH TASKS THAT NETWORK ADMINS/TECHS DO, &, are often largely assigned the same rights, so they can just set things up themselves, & not have to BOTHER the techies... why are they allowed that luxury/privelege most times?

Because they KNOW what they're doing, & many/most times, often better than the network techs/admins do... case in point? SQLServer. A DBA is needed, or a programmer that can function as one (& in MIS/IS/IT? That just "comes with the territory", & you as the coder had best be able to function with that type of BackOffice application engine)

NOW - the 1 advantage that network techs/engineers &/or network admins MIGHT have?

First, is a better password - Honestly? I feel MOST of them, are just "users with a better password", who are dependent on tools that those with comp. sci. programming experience MAKE FOR THEM TO USE (keyword, use)...

(&, they MIGHT MAYBE possesss, for a little while, some better knowledge of the overall network topology (big deal, that only takes a little time to get down anyhow, & certainly by way of comparison to inventing a program, when you have NO OTHER RECOURSE (such as a prebuilt script kiddie tool, & every company has that having to be done, because their data, their needs & the way they manage them, are unlike anyone else's, period))

I know that I can say 1 thing, that anybody with equal experience & degrees will most likely largely second & agree with:

That there IS a huge difference between the 2 types of computer people I am describing, vs. how you see it & understand it (playing music by tablature, but not reading music, is what you describe)

"I will note, however, that a formal CompSci degree seems to be far more helpful in producing good programmers than good support people and sysadmins." - by nine-times (778537) on Monday December 01, @11:32AM (#25946097) Homepage

Well, I'll disagree with that, because techs that don't understand how say, a virus/trojan/rootkit/spyware/malware-in-general, work? Are not NEARLY as effective as someone who does, especially with a programming background, because 9/10 times, a GOOD programmer who understands the underlying OS & API's, can just look @ most any program, & tell you HOW things are being done, in any program (not just viruses) & get it right.

Someone w/out said saavy? Usually, cannot... let alone invent such a thing, themselves. They're usually "script kiddie tool" dependent, @ best/most.

No, without deep understanding, such as a comp. sci. degree gives you, in addition to years of real world hands on in the trenches experience??

There is really no way you can be as good as someone who actually has experience, AND DEGREES (degrees help here, they provide you foundations & tips to avoid mistakes like mad, & part of why you take them - so you avoid said mistakes, and have a good logical toolset to work with as a foundation)...

I've just seen it, TOO many times, over 17 yrs. now in this field as a pro, & many years before that as an "amateur" also... & I know it's the truth.

----

"My theory is that being a good programmer involves much more knowledge about how things ideally should work, whereas support/administration is often more about knowing how things tend to break when they don't work the way they ideally should." - by nine-times (778537) on Monday December 01, @11:32AM (#25946097) Homepage

No theory here though - pure work in practice, on most any levels there are in comp. sci. related fields over 17 yrs now almost.

Well, I do BOTH for a living (both a network engineer/admin/tech & write code (for log parsing & far more, where I don't have an 'automated script kiddie tool' to do the job for me, or, have an indexed database helping me)). I know I can say, without question because of the degrees and that much experience in this field, hands-on? That it IS how it is.

I have found, that when those that depend solely on "Script Kiddie Tools" (automated scanners vs. virus/trojans/spyware/rootkits/malware in general) are LOST, when those tools fail... &, they do - Witness below, take a GOOD read:

----

TOP SECURITY SUITES FAIL EXPLOIT TESTS:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042

----

Nuff said...

----

"Knowing how things break in the real world tends to be something you can learn a little more easily from experience." - by nine-times (778537) on Monday December 01, @11:32AM (#25946097) Homepage

That, I'll agree with... but, when you KNOW this field, & especially @ levels like Comp. Sci. degrees give you, in addition to years (if not decades) of professional hands-on experience in the trenches gives you, @ most of the levels that timeframe gives you much of the time?

You not only know "real world experience", but, rarely fail vs. say, a malware infestation, when virus/spyware/rootkit scanners fail... & per the above, from COMPUTERWORLD? They clearly do, especially vs. today's "blended & polymorphic" threats...

&, that's JUST @ the "techie" level... when it comes to REAL problem solving (like making tasks that would take days/months/years with HUGE data) & being able to automate a machine to solve it for you, far faster than a human being can??

Computer Science IS the answer... real computer science, not just script kiddie using the tools that those that CAN DO THE JOB @ THESE

All that means is that the law is wrong. Goading someone into killing themselves is murder.

Or at the very least, manslaughter. It's definitely very, very wrong.

I have no idea why you brought up anarchy. I am advocating that we change our Justice system to actually mete out justice. That doesn't sound like anarchy to me.

In this case, the prosecution used tortured logic and applied an almost entirely unrelated law. Interpreting that law in this way makes millions of otherwise innocent people into criminals. That is not justice.

Justice based on how the Jury feels is anarchy. It's the definition of mob rule. You either have very articulate laws that spell out when and where something is wrong/right, or you end up with total chaos.

It is not justice to allow a murderer to go free. Technicalities are not justice.

“That it is better 100 guilty Persons should escape than that one innocent Person should suffer, is a Maxim that has been long and generally approved.” — Benjamin Franklin [Cite]

In your world, pushing someone off a cliff is OK because you didn't kill them. After all, is it your fault they hit the ground?

Making ridiculous strawman arguments only makes you look like hyperventilating internet flamebait. The "new hotness" in internet scams is to impersonate your Facebook friends for fun and profit. It's insidiously clever social engineering and easily accomplished. This is a real issue that needs to be addressed by real legislation, not grandstanding DAs convicting someone in isolated cases on odd technicalities that will affect millions of otherwise innocent people.

So where are the US antiterrorism people? This is an attack on US assets by foreign nationals. We have a whole Department of Homeland Security. They had a good computer security guy in charge of dealing with such attacks, Amit Yoran, and he quit in 2004, fed up because DHS didn't really want to deal with real problems. His replacement was a career lobbyist. Really. "He served as Director of 3Com Corporation's Government Relations Office in Washington, DC where he was responsible for all aspects of the company's strategic public policy formulation and advocacy." That's America's first line of defense against cyberterrorism.

The FBI has an antiterrorism operation. What are they doing? What they say they're doing is working to "strengthen and support our top operational priorities: counterterrorism, counterintelligence, cyber, and major criminal programs." What they're actually doing is flying around the FBI director in the private jet purchased with antiterrorism funds.

FBI testimony before Congress, 2001: "The FBI believes cyber-terrorism, the use of cyber-tools to shut down, degrade, or deny critical national infrastructures, such as energy, transportation, communications, or government services, for the purpose of coercing or intimidating a government or civilian population, is clearly an emerging threat for which its must develop prevention, deterrence, and response capabilities."

FBI testimony before Congress, 2004: " In the event of a cyberterrorist attack, the FBI will conduct an intense post-incident investigation to determine the source including the motive and purpose of the attack."

So where's the action?

Heads need to roll at DHS and the FBI.

Damn, if only I had know early that piracy kills 7000 people* each year, I wouldn't have copied that floopy.

*value from: http://blogs.computerworld.com/fighting_software_piracy_with_shaky_studies

Actually, there is a general requirement - although it's a special case, kind of. It's called FRCP - Federal Rules of Civil Procedure. So, it's a special case in that it only applies when you show up in Federal court. But it's a general requirement in that any case that gets ruled against can be appealed, and after enough appeals, you end up in Federal court. The Cornell link also points out that a lot of state courts are accepting the FRCP rules as reasonable for their proceedings.

I've been told by our legal counsel the same thing mentioned in TFA: "If litigation is anticipated, the party has a duty to preserve potentially relevant documents". The obvious case is when someone's death (due to negligence) is involved. The less obvious case is when the boss starts an affair with one of the administrative assistants. Do you keep the love letters? Is litigation anticipated? What if the boss has authority over job promotions?

Problem 1 is that the automated "we delete after 90 days" system may not have a provision for "well, delete all except foo and bar". (And, BTW, foo might take five years to get to court, and bar might never). Problem 2 is that it's probably not reasonable to expect end users to be able to classify keepers from trash. If they weren't love letters, but rather evidence of sexual harassment, should the victim have been allowed to keep them? If corporate policy says no....

I don't know if this was the same case you were thinking of, but Morgan Stanley agreed to pay $15 million in fines for its failure to retain e-mail messages.

Except that large numbers of people don't go around stealth-infecting people on purpose to infect others.

With automated botnets scanning and attacking your legitimate sites are getting exploited Large scale sql insertion attack.

You could use something like siteadvisor.com to help protect yourself, if you aren't afraid of using something owned by McAfee. It doesn't catch exploited sites instantaneously, but it helps you on the user training front by marking large swatch of the internet as unsafe. It definitely catches a LOT of nasty sites that your grandmother might accidentally click on.

Really, you think "wireless broadband" will be the savior? It's got more problems than wired (latency issues, distortion/signal strength issues, materials penetration issues, interference issues).

And if that weren't enough, if anything "Wireless Broadband" is already MORE restricted than wired (DSL/Cable/FiOS) offerings. For example, both Verizon and AT&T cap you at FIVE GB. Your own example (Wi-Max) sneakily enters into underlying "service provider" agreements to pull the same stunts.

Again: a FIVE GB cap, even when advertising their service as "unlimited." Use anything over that, and they cut your account instantly (while insisting, of course, that if you want to get out you have to pay them severance charges).

"Wireless broadband" is not your savior.

Remember the date: July 8, 2008. Today is the day virtual worlds go mainstream. The reason is that Google has launched its own 3D virtual world called Lively. It's free. And it changes everything. Especially for telecommuters.

The current iteration of Lively seems to border on the goofy and cartoonish. But eventually, it's likely that Google's virtual world will become mainstream to the point where enterprises actually conduct real business there.

Like instant messaging and social networking, Lively will probably start out as a trendy hangout for teens, only later to become indispensable for professionals first for internal communication, then later to replace some business travel and even trade shows and the like.

Kudos to you, Mike Elgan, for your keen insight.

probably for the same reason these guys used .net:
http://blogs.computerworld.com/london_stock_exchange_suffers_net_crash [computerworld.com]

In elementary school, girls do as well as or better in math than boys. In middle school, Mertz and her colleagues suggest, girls with an inclination for math begin to lose interest and fall behind, mostly due to peer pressure and societal expectations. Throughout middle and high school, social stigma and lack of appropriately challenging educational opportunities for the mathematically precocious becomes a hard reality in most American schools. Consequently, gifted girls, even more so than boys, often camouflage their mathematical talent to fit in well with their peers.

It falls back on the whole societal stereotype that math, and by extension science, isn't cool and certainly not cool if a girl does it.

As for women leaving, The Athena Factor is a study to read. They researchers found that hostility of the workplace culture is the most important factor driving women out, with "63% of women in science, engineering and technology have experienced sexual harassment." The whole thing is worth a read, and can give some insight into why women don't stick around in IT or any science career.

I'm lucky in that I've worked in the public sector for most of my IT career, and I've not seen as much as what the study found.

This the kind of innovation they are on about. Can any of these patents be turned into real working devices, without spending thousands of man-hours and huge wads of money. I'm thinking of the NTP v Blackberry litigation. NTP basically bought up some old wireless, paging and email patents, sat on them and them and then waited until Blackberry did all the work ...

'NTP is a holding company created in 1992 to manage certain patents belonging to Thomas Campana'

'on 20 May 1991. Campana filed a patent application for his idea to merge existing e-mail systems with radio-frequency wireless communication networks'

The very interesting thing about OS X 10.5 (Leopard) boot process is: It does nothing in order. It is parallel booting, firing all OS startup stuff at once and expects to do their jobs. That happens thanks to launchd architecture which I have no clue why not adopted by Linux or *BSD.

Here is its presentation by the inventor of launchd
http://video.google.com/videoplay?docid=1781045834610400422
(in 8:00")

That is one of underrated features/changes of Leopard. Now the term "photocopy" comes from this: They do something like launchd without using the underlying Unix logic and architecture. So, there is a huge chance that it won't be scaled. I have really lost count of how many kernel extensions, startup items, daemons running on my Leopard but it boots exactly same speed as it was cleanly installed for first time. Just like I really don't care about 1000+ .plist (pref) files on my user directory.

They named it "parallel booting" or something, some story about it on http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9119230&intsrc=hm_list

The Windows 7 unveiling garnered largely positive coverage, with many hands-on testers praising it for being faster than Vista.

Had M$ provided me a free notebook I would praise it too!

Here is informed RTFM on the topic.

The reason Windows 7 is getting good reviews is because Microsoft is bribing reviewers with free high-end laptops. If a software company handed you a $2,000 computer, wouldn't you have a few nice things to say about the operating system preloaded on it?

As Mark Shuttleworth said, "I've heard creditable reports of Microsoft offering XP at no cost to OEMs."

Based on the announcements on Windows 7 and the reviews I thought too that they had improved the performance of Windows 7 vs. Vista. Then I found an article by Steven J. Vaughan-Nichols that might explain the "glowing" reviews at Microsoft's PDC. It seems that Microsoft may have permanently "loaned" $2,000 laptops with 2.4GHz Intel dual cores + 3GB ram to the "reviewers" to review Windows 7. If so, that's not the first time they tried that stunt (Vista was the first that I recall). So in the answer to the question, "Can a leopard change its spots?" if the above is correct then the answer in Microsoft's case seems to be "No." Here's the url: http://blogs.computerworld.com/microsoft_bribes_again

.
How does this translate into downplaying the threat?

October 23, 2008 (IDG News Service) Microsoft Corp. fixed a critical bug in its Windows operating system Thursday, saying that it is being exploited by online criminals and could eventually be used in a widespread "worm" attack.

Microsoft took the unusual step of issuing an emergency patch for the flaw several weeks ahead of its regularly scheduled November security updates, saying that vulnerability is being exploited in "limited targeted attacks." The company had already announced plans to rush out the patch.

"It is possible that this vulnerability could be used in the crafting of a wormable exploit. If successfully exploited, an attacker could then install programs or view, change, or delete data; or create new accounts with full user rights," Microsoft said in a bulletin released Thursday morning. Microsoft releases emergency Windows patch to head off worm attack {Oct 23]

New Windows bug differs from 2006 flaw, Microsoft says [Oct 27]

Adding onto my last reply (w/ evidences of security suites failing vs. today's threats from reputable security sites who analyzed it)...

"Considering that most people I know don't do much more with their computers then surf the Web, check their email and use some office software, you don't need much more than what I outlined above." - by apathy maybe (922212) on Saturday October 25, @05:47PM (#25512183) Homepage

&

"Firewall blocking all incoming connections / Alternative web browser (not based on MSIE) and email client / Don't download and run random programs (especially not from websites linked to from ads)" - by apathy maybe (922212) on Saturday October 25, @05:47PM (#25512183) Homepage

Those aren't enough... but, your last suggestion is/would be, & here is why + how:

----

"Learn about computer security" - by apathy maybe (922212) on Saturday October 25, @05:47PM (#25512183) Homepage

Absolutely on this point of yours: & more importantly, HOW TO IMPLEMENT LAYERED SECURITY!

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=7f3029e844e2c17eefa57768b1bf1fc0&showtopic=2662

----

Evidence as to WHY the techniques I listed in the URL above (in my last reply) are more effective than just using a firewall, antivirus, &/or antispyware program + patching your OS + programs:

Take a look @ this CURRENT information on SECURITY SUITES failing left & right on tests run, vs. the threats out there, TODAY (not yesteryear tech in them):

----

Top security suites fail exploit tests (COMPUTERWORLD):

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head [computerworld.com]

&/or

Top security suites fail exploit tests (SECUNIA):

http://secunia.com/blog/29/ [secunia.com]

----

The "old-school methods" (what security suites use generally - like anti-virus programs using virus detections signatures, which only work vs. KNOWN threats, when they ought to be concentrating on white or blacklisting sites &/or HEURISTICS levels of detection ("smells like a duck, tastes like a duck: IT MUST BE A DUCK!" type logic))

Signatures-based detections aren't working that well nowadays guys, vs. std. viruses... & MOST of what folks get today? They're bad javascript driven (in combination with iframes &/or bad or vulnerable plugins) usage, anyhow. AntiSpyware programs do better here, imo @ least, than antivirus programs do. By far...

After all, you know it, & I know it:

People - out online, today/nowadays?

The REAL, TRUE threat's out there today are coming thru your email, webbrowser, instant messenger programs!

(& even Adobe .pdf files with javascript active in the program, & plugins like Adobe Flash (which I guessed correctly on here weeks before it was revealed -> http://it.slashdot.org/comments.pl?sid=976325&threshold=-1&commentsort=0&mode=thread&cid=25158611 [slashdot.org] no less, as to the "mystery program" that was involved that J. Grossman & crew (discoverers of the clickjack issue) kept under covers, due to "responsible disclosure"))

The guide's steps in the URL above shows you how to lessen/mitigate that also, with some common-sense rules & tools, & if you can adhere to them?

You can take you

Is Open Source the Answer for Risk Models?
By agreeing to rely on Wall Street's computer models to gauge investment risks, the SEC essentially outsourced that part of its regulatory duties to the systems of financial services firms, says Erik Gerding, an assistant professor of law at the University of New Mexico who does research on securities law.
Gerding's proposed fix: Make the software code that underlies the risk models open source -- a step that he claims would boost the transparency of risk calculations and potentially improve their accuracy.
"Just as with open-source software, other users would be able to copy and modify these models for their own use," Gerding said. And by looking at the code, business partners as well as credit-rating agencies could get a better picture of how financial services firms assess the transaction risks, he said.
Many Wall Street firms are already major users of open-source software. But Lisa Cash, executive vice president of sales and marketing at DFA Capital Management Inc., a vendor of risk management tools, said she thinks it would be difficult to get high-quality risk models into the market on an open-source basis.
Cash said that a better option for increasing transparency as well as confidence in risk models would be for U.S. regulators to emulate their counterparts in Europe, where watchdog agencies audit financial firms' risk models.
Peter Teuten, president of Keane Business Risk Management Solutions LLC, also questioned the wisdom of using open-source approaches in risk modeling. But he said that he does expect some modeling standards to emerge from the crisis.

Yes, I checked for this too. Even followed a link about Christopher Cox and risk models. At no point was a bug mentioned. The word "code" wasn't used.
Coders would spot that ;-)

"In other words: any idiot on your network can gain admin access to any attached Windows-based system with file-sharing enabled" - by IceCreamGuy (904648) on Thursday October 23, @01:39PM (#25484483) Homepage

Well, for a system that is an endpoint node (say, a workstation) on a LAN/WAN (for example, a departmental one, or even larger @ work for instance)?

Sure - This might be a severe risk!

(Although I have had my colleagues TRY to even find my system on our LAN/WAN @ work, & they can't (one of them's a *NIX head & he likes wireshark for this type of thing amongst other tools) - yet, I have FULL ACCESS to all of our internet, email, + other network features - this is doable, this "effect", with a few simple registry hacks, many of which are covered in the URL link below no less)...

HOWEVER - if you're a "standalone user" (meaning single machine online on the internet, say, from your home)?

This is EASILY secured!

That's easily done, as you more-or-less noted via YOUR method (stopping/disabling File & Print sharing)

OR

By even going a step further -> Stopping the SERVER service (disable it via services.msc)...

There is also a method using a batch file to stop ALL shares (yes, even administrative $ type ones, ala:

C:
NET SHARE C$ /DELETE
NET SHARE ADMIN$ /DELETE
NET SHARE IPC$ /DELETE
NET SHARE DFS$ /DELETE
NET SHARE COMCFG$ /DELETE
NET SHARE FAX$ /DELETE
NET SHARE NETLOGON /DELETE
NET SHARE PRINT$ /DELETE
NET USE * /DELETE

& technically?

Each/ALL/ANY of those measures SHOULD work, just fine, in mitigating this prior to applying this patch (especially if you're a standalone machine on the internet @ home, with no home LAN present)...

(Feel free to correct me if I am off/wrong here fellas... thanks!)

APK

P.S.=> I cover that & MUCH more, here:

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=49125ef36605621c1a4c34eb160411a9&showtopic=2662

&, yes, it works... vs. today's threats, especially - I say this, mainly because today's "security-suites" are NOT doing such a good job, vs. them, as evidenced here:

----

Top security suites fail exploit tests (COMPUTERWORLD):

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head [computerworld.com]

&/or

Top security suites fail exploit tests (SECUNIA):

http://secunia.com/blog/29/

----

&, the fact is? They're not that useful vs. threats coming from the REAL source of today's exploits (mostly), & that's javascript (+ iframes & bad or vulnerable plugins for webbrowsers, email programs, & even lately Adobe .pdf reader w/ javascript enabled (easily turned off) & their FLASH plugin system)... &, they're NOT doing well vs. std. viruses either, since many are "polymorphic" in nature today, or, use rootkit type technology... HEURISTICS & white/black lists of sites + apps are the way imo, vs. "signatures" based detection (which is good vs. KNOWN threats only really)... & most of them, depend on the latter (sigs work).

PLUS - Hey, anyone can go to SECUNIA.COM &/or SECURITYFOCUS.COM for example & see my statement here just plain 'bears out as truth', just by seeing how much (a good 95%) of today's threats come from those sources... that guide above, however? IS... & again, it just works! apk

"That depends, do you walk around all day with a rubber on your weiner? No? Newsflash, niether does your computer" - by noundi (1044080) on Thursday October 23, @10:15AM (#25481543)

Mine does, lol, essentially!

AND?

So can yours, or anyone else's, via following some simple steps (many common sense, others more complex), via this guide (which has you use a noted test of your system's security, which is multiplatform (not just restricted to Windows, but also to many *NIX variants as well), called CIS Tool):

----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "fun-to-do", via CIS Tool Guidance (&, beyond it's "industry best practices" for security):

http://www.tcmagazine.com/forums/index.php?s=49125ef36605621c1a4c34eb160411a9&showtopic=2662

----

The CIS Tool test is much like PC performance benchmark, but this one's for security!

(&, it reviewed well in COMPUTERWORLD no less for doing so)

----

"so stop putting it's dick everywhere." - by noundi (1044080) on Thursday October 23, @10:15AM (#25481543)

I can, & DO, because I use a simple concept, that works (no virus/worms/trojans/spyware/malware-in-general here, for more than a decade++ now in fact, because of this) -> I practice a thing called "Layered security", nowadays, & yes, it works!

( &, that's what that post from Tech Connect Magazine gives you, & shows YOU, the end user, how to do layered security of your system today, online... &, as a bonus? You'll even end up surfing F A S T E R as well... )

See - The problem with today's antivirus programs is that they're largely MOSTLY "signatures based" & with polymorphic viruses that can "mutate" into ones that look totally different to an antivirus program (defeating signatures based detections) from one minute to the next?

HEURISTICS ("looks like a duck, sounds like a duck, smells like a duck - IT MUST BE A DUCK!" type logic) is the way to go for them, alongside whitelisting &/or blacklisting of applications allowed to run!

I mean, take a look @ this CURRENT information on SECURITY SUITES failing left & right on tests run, vs. the threats out there, TODAY (not yesteryear tech in them):

----

Top security suites fail exploit tests (COMPUTERWORLD):

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head

&/or

Top security suites fail exploit tests (SECUNIA):

http://secunia.com/blog/29/

----

The "old-school methods" (what security suites use generally - like anti-virus programs using virus detections signatures, which only work vs. KNOWN threats, when they ought to be concentrating on white or blacklisting sites &/or HEURISTICS levels of detection ("smells like a duck, tastes like a duck: IT MUST BE A DUCK!" type logic))

Signatures-based detections aren't working that well nowadays guys, vs. std. viruses... & MOST of what folks get today? They're bad javascript driven (in combination with iframes &/or bad or vulnerable plugins) usage, anyhow. AntiSpyware programs do better here, imo @ least, than antivirus programs do. By far...

After all, you know it, & I know it:

People - out online, today/nowadays?

The REAL, TRUE threat's out there today are coming thru your email, webbrowser, instant messenger programs!

(& even Adobe .pdf files with javascript active in the program, & plugins like Adobe Flash (which I guessed correctly on here weeks before it was revealed ->

"Ok. Then what can we trust?" - by 404 Clue Not Found (763556) * on Thursday October 23, @09:49AM (#25481201)

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "fun-to-do", via CIS Tool Guidance (&, beyond it's "industry best practices" for security):

http://www.tcmagazine.com/forums/index.php?s=49125ef36605621c1a4c34eb160411a9&showtopic=2662

----

You can trust that material in the URL link above! Mainly because it's YOU doing the work, yourself, albeit, with a tool that makes it some fun, & explains why you are weak in a particular area in securing your own system, yourself, with a fun to use tool to do so.

The CIS Tool test is much like PC performance benchmark, but this one's for security!

(&, it reviewed well in COMPUTERWORLD no less for doing so)

So, it's a test (which is what you asked for in fact) to quantify your improvements, after you do the work securing yourself based on its advisements (& points that go beyond just that test only are also in that guide above)

E.G. -> In not quite 1 yrs.' time online, it's passed over 200,000 views on the 27 forums its on, & people are doing well using it... but, take a peek @ it yourself, & YOU judge, as to whether it can help YOU, help yourself, vs. the threats present online, today.

----

"Without some sort of test, however imperfect, how is the average home user supposed to choose?" - by 404 Clue Not Found (763556) * on Thursday October 23, @09:49AM (#25481201)

Layered security!

( &, that's what that post from Tech Connect Magazine gives you, & shows YOU, the end user, how to do for security of your system today, online... &, as a bonus? You'll even end up surfing F A S T E R as well... )

The problem with today's antivirus programs is that they're largely MOSTLY "signatures based" & with polymorphic viruses that can "mutate" into ones that look totally different to an antivirus program (defeating signatures based detections) from one minute to the next?

HEURISTICS ("looks like a duck, sounds like a duck, smells like a duck - IT MUST BE A DUCK!" type logic) is the way to go for them, alongside whitelisting &/or blacklisting of applications allowed to run!

I mean, take a look @ this CURRENT information on SECURITY SUITES failing left & right on tests run, vs. the threats out there, TODAY (not yesteryear tech in them):

----

Top security suites fail exploit tests (COMPUTERWORLD):

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head

&/or

Top security suites fail exploit tests (SECUNIA):

http://secunia.com/blog/29/

----

The "old-school methods" (what security suites use generally - like anti-virus programs using virus detections signatures, which only work vs. KNOWN threats, when they ought to be concentrating on white or blacklisting sites &/or HEURISTICS levels of detection ("smells like a duck, tastes like a duck: IT MUST BE A DUCK!" type logic))

Signatures-based detections aren't working that well nowadays guys, vs. std. viruses... & MOST of what folks get today? They're bad javascript driven (in combination with iframes &/or bad or vulnerable plugins) usage, anyhow. AntiSpyware programs do better here, imo @ least, than antivirus programs do. By far...

After all, you know it, & I know it:

People - The REAL, TRUE threat's out there today are coming thru your email, webbrowser, instant messenger programs (& even Adobe .pdf files with javascript active in the program,

I know RTFA is out of fashion here... can't blame people if TFA isn't even the TFA but a F Blog Post -on- TFA, but all the same...

``In addition, Google says that if it does remotely remove an application, it will try to get users their money back, a question that iPhone users have wondered about in the case of an iPhone application recall. Google said that it will make "reasonable efforts to recover the purchase price of the product ... from the original developer on your behalf." If Google fails to get the full amount back, it will divide what it gets among affected users.`` - http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117279&source=rss_news , AKA: TRealFA

"Does anyone know of a project to bring some of the fast Javascript implementations like V8 to the server?" - by cornicefire (610241) on Monday October 13, @06:40PM (#25362433)

More importantly than speed, imo @ least, would be to create a less 'faulty' (insecure) implementation of the Document Object Model (DOM) behind javascript... & of javascript itself!

(After all, anybody can take a peek over @ SECUNIA.COM &/or SECURITYFOCUS.COM (just to name a couple reputable sites in regards to security) & see that the majority of attacks ARE javascript driven the past 3-4 years now (sometimes in combination with plugins & iframes) that have even extended to not only bad site's code, but also adbanners as well).

Speed's nice, but judging by the state of things, such as the recent "ClickJack" shenanigans going on out there (which YES, stalling javascript does help stop, despite the init. headline here in regards to this on Sept. 25th 2008 ->

----

Alarm Raised For "Clickjacking" Browser Exploit:

http://it.slashdot.org/comments.pl?sid=976325&threshold=-1&commentsort=0&mode=thread&no_d2=1&cid=25158835

----

Which the /. article's poster had stated otherwise (verbatim: "The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you", which is blatantly untrue, if you read on you will see why & from whom (makers of NoScript iirc)), at the close of its initial posting?

Well, guess again:

----

SALIENT QUOTE:

http://www.securityfocus.com/news/11534/2

"JavaScript increases the effectiveness of this attacks hugely, because it ensures that user will click our target no matter where he points -- that is, we can move the target around to stay always under the mouse pointer"

----

Thus, as you can see? Well, contrary to the "clickjack" article initially posted here @ /. on Sept. 25th & its headline here from its initial poster??

It actually HELPS to stop javascript vs. Clickjacks, too (see the reference to SECURITYFOCUS.COM there in that URL above)... once more, see the URL above in regards to that & despite others also stating that 'stopping javascript would stall framebusting code, as well!

Speed's nice guys, but it only means you will get infected/infested, THAT MUCH FASTER is all, nowadays (& for the past 3-4 yrs. now)... heck, & the security suite folks are failing vs. these things too, with this latest COMPUTERWORLD excerpt:

----

Top security suites fail exploit tests (COMPUTERWORLD):

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head

&/or

Top security suites fail exploit tests (SECUNIA):

http://secunia.com/blog/29/

----

The "old-school methods" (what security suites use, like virus signatures, which only work vs. KNOWN threats, when they ought to be concentrating on white or blacklisting sites &/or HEURISTICS levels of detection ("smells like a duck, tastes like a duck: IT MUST BE A DUCK!" type logic)) aren't working that well nowadays guys!

After all, you know it, & I know it - The REAL, TRUE threat's coming thru your email, webbrowser, instant messenger programs (& even Adobe .pdf files with javascript active in the program, & plugins like Adobe Flash (which I guessed correctly on above no less, as to the "mystery program" that was involved that J. Grossman & crew (discoverers of the clickjack issue) kept

It's a feature

The less profitable business can stay afloat on business from its former sibling divisions while the stockholders unload their stock in it.

However the chip fab business will be owned by Advanced Technology Investment Co. (ATIC), "which is owned by the government of Abu Dhabi in the United Arab Emirates" and AMD. If nothing else because ATIC is owned by an oil rich government there's no pressure to satisfy stockholders. And because the new business isn't tied to AMD it can contract to fabricate other businesses' chips.

Falcon

I can use this to collect the bounty on the Gpcode virus?

Unfortunately the current mob in (sort of ) charge here are right up the illiberal-fuck brigade's arse.

When it was recently demonstrated that the new national travelcard is broken (Mifare) the response was a typical mixture of outrage, damming everybody as criminal, and refusing to accept that people with science degrees are a darn sight smarter than the bunch of PR/MBA wankers who fell for the Mifare sales spin.

Narrator, the screen reader built into Windows XP and Vista, is so crude that even Microsoft admits that it is not suitable for daily use.

So the actual alternatives that are usable (JAWS and WindowEyes) do cost about a thousand dollars each. And no VoiceOver, the one that comes built in to OSX, can't compete entirely with those, but it is usable. You can interact with the entire operating system, browse the web etc. It's just as someone else said, a little clunky. It doesn't have the advanced features the other screen readers have. What is nice is that you can sit down at any Mac with updated OSX and hit command-F5 and Voiceover will turn on.

While we're on it, the Gnome screen reader Orca has made big strides recently and is rather usable now for browsing the internet with Firefox 3. It has many of the advanced features the expensive Windows software has, but it's not perfectly stable yet.

http://www.computerworld.com/action/article.do?command=printArticleBasic&taxonomyName=Careers&articleId=9115616&taxonomyId=10

3. Um I've run vista just fine on computers NOT marked as vista capable. And this is the same as #1 so you're just inflating your numbers.

The fraudulent "Vista Capable" is well documented. It wasn't just about beefy hardware, it was also about poorly supported device drivers:

• Buying a new PC? 'Windows Vista Capable' barely hits the mark
• 'Vista Capable' lawsuit against Microsoft now a class action
• Vista-capable lawsuit paints picture of buggy NVIDIA drivers
• The Vista Capable fiasco: to hell with system recs!

Link

Ramuglia said Sunday that the IP address he found in the proxy service logs didn't "look consistent" with reports identifying Kernell. By today, however, he had changed his mind.

"It became clear that the ISP, in addition to serving Illinois, also serves Tennessee, which means that the IP address could actually be consistent with the news reports," Ramuglia said today.

I think the issue there is that companies have to rewrite their legacy COBOL in new languages becuase they cannot find anyone who knows COBOL (or charges too much).

COBOL is perfect for its specific domain - batch processing business stuff. I think you'll find that some things (like payroll merges) can be done in 4 lines of COBOL that the equivalent Python or Java would take 1000 lines.

Here's an interesting take on the subject.

With the emergence of service-oriented architectures, companies are able to more easily reuse their Cobol code, notes Nate Murphy, president of Nate Murphy International, an IT professional services firm.

The 66-year-old Murphy, who has decades of mainframe and Cobol experience, sees a resurgence in the value of Cobol because of the emergence of SOA and IBM's Language Environment, which provides a common runtime environment for combining many different languages, including Cobol.

"Now you can extend and add subroutines for other Web-based features that you need," he says. "All of a sudden you've got a valuable asset in these old Cobol programs, and you can extend them and expand their capability without writing new code."

Hmm, seems we'd be free of COBOL if it wasn't for those pesky IBM kids.

The Gates/Seinfeld ads were an attempt to be really creative and iconoclastic. People hate that. They want faux creative and faux iconoclastic. As Fry remarked once, "Clever things make people feel stupid, and unexpected things make them feel scared."

So rather than being entertained by interesting commercials (I try to avoid commercials, but if I have to watch them I prefer them to be interesting), we'll get the new ads which are not interesting. Just like Apple's ads are not interesting, come to think of it.

Honestly, the Apple ads are similar to the Chad ads from Alltel, or the Welcome to the Next Level ads from SEGA. Or the "plumber boy" ads from Sony which basically ripped off SEGA's ad campaign, but were entertainingly extra-obnoxious. I'll admit, that when I was a SEGA partisan, I had fun with the SEGA ads, I loved telling my brother all about Blast Processing knowing full well it was somewhat disingenuos marketing. Since I'm not an Apple fan, I find the Apple ads only slightly amusing, sometimes. Mostly something to fast forward through or a cue to get a drink.

However, the new ads will likely be successful. See this article, "I'm a PC" ad: Finally, Microsoft gets it.

Honestly, you are probably too intelligent for ads to work on you the way they are supposed to. Advertising targetted toward you will be more subtle and harder to pin down. That's why advertisers employ psychologists, after all.

The vast majority of people -- and yes, creative people -- use PCs.

Apparently they couldn't find any of those creative PC people to do the ad:

Microsoft's 'I'm a PC' ad images made on Macs.

Way to go Microsoft!
link

"If this was such a problem, then why don't we see it happening?"

See here where a tree + a virus + someone switched-off-the-monitoring equipment-and-went-to-lunch, led to the blackout of August 2003 ..

It's a mixed bag. Some (older GE Fanuc PLCs for example) have zero security features, and only have a telnet daemon wide open to the world. The obvious answer is to bitch at the vendor and mitigate it with ACLs or some such, but really you'd have to know something about what you're hacking at to force it to do anything more than lock up, which might be bad, but generally is more of an inconvenience to a worker on the floor since all mission critical environments should have people standing by in such a case with the ability to manually override.

To my knowledge there's only been one real targeted SCADA hack that caused damage, and he had inside information. Don't get me wrong, I'm all for increasing security in SCADA environments, but the biggest hurdle isn't technical; it's political. Most SCADA environments that I've seen have been set up by electricians that programmed the SCADA devices but know pretty much nothing about IT (FYI, there's a lot of Linksys gear out there). They're usually paid overtime to work on the SCADA network and they see IT personnel as a threat to their livelihood. Someone I know was threatened with a screwdriver for just trying to replace a router.

Kodak sues Sun over Java
Computerworld, MA - Sep 4, 2008
Kodak has worked with Sun on several aspects of Java. It was one of six developers to work with the company in the creation of the Java Advanced Imaging ...

And here is what you see in the Computerworld article:

Kodak sues Sun over Java
Martyn William, IDG News Service
February 13, 2002 (IDG News Service) -- Eastman Kodak Co. has filed a patent infringement lawsuit against Sun Microsystems Inc. over its Java programming technology, Sun said late yesterday.....

Computerworld's web server throws out these response headers:

HTTP/1.1 200 OK
Date: Tue, 09 Sep 2008 21:42:11 GMT
Server: Apache/1.3.34 (Unix) Resin/3.0.18 PHP/4.3.11 mod_ssl/2.8.25 OpenSSL/0.9.8a
Content-Language: en
Connection: close
Content-Type: text/html;charset=UTF-8

I've seen these kind of things related to Java news for a few months.
Each time I saw it, I wondered what might be behind it.
SEO manipulating news rankings?

Kodak sues Sun over Java
Computerworld, MA - Sep 4, 2008
Kodak has worked with Sun on several aspects of Java. It was one of six developers to work with the company in the creation of the Java Advanced Imaging ...

And here is what you see in the Computerworld article:

Kodak sues Sun over Java
Martyn William, IDG News Service
February 13, 2002 (IDG News Service) -- Eastman Kodak Co. has filed a patent infringement lawsuit against Sun Microsystems Inc. over its Java programming technology, Sun said late yesterday.....

Computerworld's web server throws out these response headers:

HTTP/1.1 200 OK
Date: Tue, 09 Sep 2008 21:42:11 GMT
Server: Apache/1.3.34 (Unix) Resin/3.0.18 PHP/4.3.11 mod_ssl/2.8.25 OpenSSL/0.9.8a
Content-Language: en
Connection: close
Content-Type: text/html;charset=UTF-8

I've seen these kind of things related to Java news for a few months.
Each time I saw it, I wondered what might be behind it.
SEO manipulating news rankings?

Kodak sues Sun over Java
Computerworld, MA - Sep 4, 2008
Kodak has worked with Sun on several aspects of Java. It was one of six developers to work with the company in the creation of the Java Advanced Imaging ...

And here is what you see in the Computerworld article:

Kodak sues Sun over Java
Martyn William, IDG News Service
February 13, 2002 (IDG News Service) -- Eastman Kodak Co. has filed a patent infringement lawsuit against Sun Microsystems Inc. over its Java programming technology, Sun said late yesterday.....

Computerworld's web server throws out these response headers:

HTTP/1.1 200 OK
Date: Tue, 09 Sep 2008 21:42:11 GMT
Server: Apache/1.3.34 (Unix) Resin/3.0.18 PHP/4.3.11 mod_ssl/2.8.25 OpenSSL/0.9.8a
Content-Language: en
Connection: close
Content-Type: text/html;charset=UTF-8

I've seen these kind of things related to Java news for a few months.
Each time I saw it, I wondered what might be behind it.
SEO manipulating news rankings?

It's not a bug. This is how Mozilla wanted it. I hate products like this. From this article:

When Firefox users receive the update offer, they will be able to choose between accepting the update, postponing it 24 hours or declining it. The latter, however, doesn't necessarily mean the offer won't be repeated down the road. "We reserve the right to make the offer again," Beltzner said, adding that the offer would not reappear for at least several weeks.

"We're pretty committed to user choice, but we're also pretty ardent that Firefox 3.0 is a good product," said Beltzner, explaining why Mozilla won't take 'No' for an answer.

If you have to explain your ad to the world you should know you have done something seriously wrong.

It's funny that a lot of advertising agencies believe that they can actually duplicate the hype that has started around several services or products. And Microsofts advertising company just joined the club!

Yes, but that still doesn't answer his objections.

Let's say you've got nothing to hide, are on the database, then you get an abcess in your foot. I had one, for example, thanks to some retarded shoes which did that much damage and it got infected.

It wasn't a pair of Conquistadors, was it?

They run very tight.

I strongly doubt they allocate that much space (as you claim) for spare sectors.

From what I see it's a small percentage - maybe at most thousands of spare sectors for hundreds of million sectors.

Just a google for complaints shows that people are already in serious trouble when their drive starts using hundreds of spare sectors.

Thus I think my current policy is safer.

As for SCSI vs SATA there is evidence that the failure rates are not significantly different (at least for recent drives):

http://labs.google.com/papers/disk_failures.html

http://www.usenix.org/events/fast07/tech/schroeder/schroeder_html/index.html

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=disaster_recovery&articleId=9025380&taxonomyId=151&intsrc=kc_feat

It'll be interesting if you have evidence that says otherwise.