Slashdot Mirror

Amazon recommends Fed-Ex for AWS -- http://newsletters.networkworld.com/t/4725748/258645701/111837/0/. They want the whole fucking storage unit, up to 50 pounds, and will return anything less.

So fragmentation will ALWAYS be an android issue until they say "here is our reference hardware platform(s) -- you must use of these three sets of features when building hardware."

To an extent that's already happening. Phone goliath Nokia among others are setting up an alternative to appstore:

Twenty-four mobile network operators have formed the Wholesale Applications Community to avoid fragmenting the apps market and to give developers one point of entry to all the members, the GSM Association announced on Monday.

The operators will now start working on uniting their existing developer communities, so developers will be able to go to one place to get their applications distributed instead of having to go through multiple application approval processes.

The community will also start working on a common development standard that should be ready within the next 12 months. The standard will be independent of phone type and operating system, according to the members.

That will allow them to better compete against Apple's App Store or Google's Android Market, which have independent and competing approvals processes tied to their phone or operating system.

"Developers are going to have a lot more access to a lot more customers," said Alex Sinclair, chief technology and strategy officer of the GSMA, at a news conference at the Mobile World Congress in Barcelona.

The Wholesale Applications Community members include: AT&T, China Mobile, Deutsche Telekom, NTT DoCoMo, Orange, Telefónica, Telenor Group, Sprint, Verizon Wireless and Vodafone. Together the operators in the group have about 3 billion subscribers, the GSMA said.

The group has the full backing of the GSMA and the list of supporters will grow in the coming days. "There are several people who are annoyed they couldn't get their name on the list in time," said Sinclair.

Apple is not among those clamoring to be added to the list, but if the company wants to join the group, "it will be welcome," he said.

Just like many phone manufacturers, operators have seen the success of Apple's App Store and want a piece of the pie. Some, including Orange, Verizon and Vodafone, have already launched their own application stores.

Mobile phone manufacturers LG Electronics, Samsung and Sony Ericsson have also voiced their support for the apps community.

The Wholesale Applications Community faces a number of obstacles, according to analysts at CCS Insight.

"Operators are trying to regain control of apps, but have a poor track record with this type of industry consortium," they said in a research note.

"Big challenges remain overcoming inconsistency between standards bodies like JIL and Bondi," the analysts continued, referring to the Joint Innovation Lab created by a group of mobile operators including Vodafone, China Mobile, Softbank and Verizon Wireless, which also has the support of phone manufacturers LG Electronics, Research in Motion, Samsung Electronics and Sharp.

There is no competition between the Wholesale Applications Community and JIL, as all members of JIL are also members of the community, according to Sinclair.

"The last thing we wanted was a Jack versus JIL situation," he said. The groups hope to converge their various specifications within 12 months, he said.

These are some seriously big names, big enough to knock it out of the park if they wanted to.

I'm not buying any more Chinese equipment. From now on I'm only buying from reputable American companies.

I"m with you on this, BUY AMERICAN!

I'm not buying any more Chinese equipment. From now on I'm only buying from reputable American companies.

Have you ever served on a jury?

You don't need an entire jury to be rational thinkers--you just need a few jurors to lead the discussion. So what if you have emotional jurors? How long can you possibly deliberate over whether or not a defendant is ugly?

Think Terry Childs was convicted because he was ugly? I think you'd enjoy reading this article, which was posted on slashdot a month or so ago. It was written by one of the jurors at his trial, and he is a CCIE.

Mozilla official cite that the innovation of new features in other browsers suspiciously correlate to the sudden appearance of black duck eggs at restaurants near the Mozilla office.

Reference

http://www.networkworld.com/community/node/61425

Black duck eggs on the menu of a Chinese restaurant drew the suspicions of a security consultant reporting to renowned security expert Ira Winkler.

The colleague, a former Russian security agent named Stan, was at a new Chinese restaurant in "the middle of nowhere" in the United States, but conspicuously near the R&D center of a Fortune 5 U.S. business.

"Don't you know black duck eggs are a delicacy in China?" Winkler said Stan asked. "I can't get black duck eggs in San Francisco, let alone this little piece of crap town in the middle of nowhere." Stan's conclusion was that the Chinese restaurant was a front for a Chinese espionage operation targeting the Fortune 5 business.

TFA is under a blog/column called "Microsoft Tech", now everything is reasonable.

Pretty much any ISP level device or IOS/CatOS

http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html
http://cryptome.org/isp-spy/cisco-spy.pdf
http://www.networkworld.com/community/node/57070

that's because there aren't any high profile web sites written in Java - they're too slow, buggy and useless. Even assuming what you say is 100% true, how come vendors patch security flaws in Java itself and they never get exploited?

We had our corporate system breached due to a flaw in a very big, expensive 'Enterprise' java web system so I know it from experience.

How about a quick google for information. This one has a table of java web framework security features. This one (pdf) describes "Our static analysis found 29 security vulnerabilities in nine large, popular open-source applications, with two of the vulnerabilities residing in widely-used Java libraries. In fact, all but one application inour benchmark suite had at least one vulnerability."

as well as "A recent penetration testing study performed by the Imperva Application Defense Center included more than 250 Web applications from e-commerce, online banking, enterprise collaboration, and supply chain management sites [54]. Their vulnerability assessment concluded that at least 92% of Web applications are vulnerable to some form of hacker attacks"

Ho hum. I guess you think Java is completely secure. What a fool. Hope no-one hires you to write any of them, well, not until you go to java.net and look up all the 'how to make your java app secure' tutorials. Sounds like "fucking morons" like you need them more than most.

I've commented on this in a prior thread just above this one.

HTML5 is still quite new and the Quake port is a brilliant POC. Maybe one day we'll see HTML5 as an important selling point for SmartPhones but alas today, i refer you to this news article.

http://www.networkworld.com/news/2010/042210-analyst-html5-far-from-killing.html

Here something i found also ...

http://www.networkworld.com/news/2010/042210-analyst-html5-far-from-killing.html

Let the blasting begin Mr AC :)

Let me say this for Mr. AC: as long as even the Openness Weenies will support a closed system over an open one, of course Flash will win over HTML5.

Here something i found also ...

http://www.networkworld.com/news/2010/042210-analyst-html5-far-from-killing.html

Let the blasting begin Mr AC :)

And I guess your point is... I should not have expressed that opinion?

No, I think that your point was that we should not have expressed an opinion which differed from yours, even though none of us knew the whole story at that time. My point was that you were full of crap for saying that.

"I think this is a good moment for all of us to reflect on how rallying around this lying criminal stained our profession"

Yes, that's what you said. Look a few centimetres up if you don't remember saying it.

Innocent until proven guilty doesn't mean, don't have a discussion.

Which is why there is a different description for what you said, which is that having a discussion about the possibility that he might not be a lying criminal has somehow "stained our profession".

I can't believe I'm explaining this.

Then maybe you should try listening to what you're saying. You might learn something useful. If you look waaay up at the top of the page you'll even find links to articles that have a few things to say about this "lying criminal" and the fine organization he worked for, as told by the very people who found him guilty earlier this week.

"I think he's a decent guy. Like many IT people, protective of his work. Possibly a little paranoid. But the problem he had was that he didn't have good management to keep that in check."

"Management did everything they possibly could wrong [...] There was ineffective management, ineffective communication. I think that if they put the city on trial, they would be guilty, too."

Is that all nonsense too, which anybody including the jurors who know more about this trial than anyone else here, should have been able to see through immediately? Or is it possible that you were just looking for an excuse to believe that Terry Childs was a lying criminal instead of being objective?

The fact that he failed document the password properly is not a crime.

Neither is his unwillingness to hand that password over to someone explicitly disallowed by corporate policy.

Actually, the fact that he denied access to authorized users is a crime, specifically CA 502(c)(5). See this for more information:

Specifically, he denied computer service to an authorized user without permission. The specific act here was not providing access to the FiberWAN routers and switches upon the request of the city's COO. For the permission part, he did not have any permission from anyone to not provide that access. We looked through the evidence for anything that would indicate that he had permission to deny access to an authorized user, but there was no such evidence. There was evidence, however, that it was part of his job duties to provide that access to authorized users.

I don't know if 5 years is justified (note that he will probably be released shortly with time served), but there is little doubt that he broke the law, and even that he did so knowing exactly what he was doing.

Also see this article which interviews the Slashdot poster who happened to be on the jury.

For the google webservers yes. In fact the youtube website and the google website themselves were (I now have native Ipv6 and my provider seems to have now an agreement with google) still published on IPv4 for me. The media for youtube however is published as IPv6 for everyone.

http://www.networkworld.com/news/2010/020110-youtube-ipv6.html

Fortunately that's no longer true. Comcast is working with the IETF on a rather interesting transition scheme. If I understand correctly, the idea is this:

1. Each home will have a dual-stack v4/v6 router, connected to a v6 only backhaul network.
2. The router will encapsulate the local, private IPv4 traffic in IPv6 packets and forward them to a carrier-grade NAT.
3. The carrier-grade NAT will decapsulate the v4 packets, NAT them, and then forward them on to their receiver.
4. The return path is handled the opposite way.

The result is that v4-only devices in the home network will be able to access the v4 internet, while dual-stack hosts will be able to access both the v4 and v6 networks. This allows the ISP to gradually transition their networks over to v6 without disrupting existing v4 connectivity, or requiring new v4 IPs.

Of course, this doesn't allow is v4-only clients to access v6-only servers or vice versa. But with dual-stack and private v4 IPs, there's no need for v6-only hosts (meaning v6 -> v4 isn't necessary), and if content providers can't get v4 addresses for dual-stacking (ie, the v4 -> v6 case), well, good, that just speeds up the transition.

The brain doesn't use a bus, its connections are parallell yet serial. Nothing man has devised is anywhere near as complex.

True, but that's true of life in general. Also, modern microchips are getting close.

We know vastly more about the brain than we did fifty years ago, and we still know next to nothing about it.

We know, in general terms, how it works. We know how neural networks work, we know what areas of brain do what. We don't have a complete model of it yet, but that's mainly a question of sheer amount of data to be inputted.

Most importantly, we know that brain is extremely flexible and will, in general, adapt to make sense of pretty much anything that gets inputted there.

If this were as advanced as some of you guys are making it out to be, blindness, deafness, and paralysis would be a thing of the past.

We're working on that.

We're still a long way from Down and Out in the Magic Kingdom.

Yes, I'm certain you'll have to wait a long time for a fictional future to come true. The real future, however, has already began. Please ignore the ominous music and the grinding sound of the wheel of time coming towards you from behind :).

Enrollment in undergraduate computer science courses is at an all-time high at colleges nationwide. But this trend that's been hailed by the US tech industry has a dark side: a disproportionate number of students taking these courses are caught cheating. More students are caught cheating in introductory computer science courses than in any other course on campus, thanks to automated tools that professors use to detect unauthorized code reuse, excessive collaboration and other forbidden ways of completing homework assignments. Computer science professors say their students are not more dishonest than students in other fields; they're just more likely to get caught because software is available to check for plagiarism. 'The truth is that on every campus, a large proportion of the reported cases of academic dishonesty come from introductory computer science courses, and the reason is totally obvious: we use automated tools to detect plagiarism,' explains Professor Ed Lazowska, chair of computer science and engineering at the University of Washington. 'We compare against other student submissions, and we compare against previous student submissions and against code that may be on the Web. These tools flag suspicious cases, which are then manually examined.'"

This is the link that was probably intended.

http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/032610-dns-ipv6-whitelist.html&pagename=/news/2010/032610-dns-ipv6-whitelist.html&pageurl=http://www.networkworld.com/news/2010/032610-dns-ipv6-whitelist.html&site=printpage

No. That's not sufficient.

Disallowing USB drives helped the military cut down on infections, though.

How about: users run restricted. Using GPO's: mandatory win updates daily with reboot. Automate patching of commonly-used helpers like flash, shockwave, adobereader, firefox, java. And MS security essentials.

Some rigorous port filters on EVERY machine and iptables rules on routers and l3 switches...a whitelist approach.

anyone had any experience with symantec's "reputation based security"? they were also calling this their "quorum" technology.

here's an article i managed to google up on the subject..

http://www.networkworld.com/news/2009/090809-symantec-quorum-antimalware.html

The difference is that Cisco actually announced line cards (14x10GE, 20x10GE, 1x100GE) that work on 140G slots, and Juniper just announced that it has "silicon" that can do 250G per slot. That reeks of an announcement that was meant to overhang the market while Juniper gets the equipment to upstage today's announcement from Cisco.

Juniper announces new chipset.

I'll admit I'm probably out of touch with the current state of crypto.

I remember a time when DES (56 bit symmetrical) was revered as high security. Then, a few years later, a test showed it was cracked in 56 days. Then, a year later, it was 2.4 days. Then, a few years later, it was under 1 day.

Once upon a time, we thought computers with 640k of RAM were huge. Now, you can buy a machine with 128gigabytes or RAM and 24 processor cores for about the same price as a small car. My first hard drive was 10 megabytes - I've now got a USB drive the size of my thumbnail that holds 4gigs, and that's old. Lots of numbers that used to seem huge now seem trivial. I have to believe we're going to see the same scale of changes in crypto, within my lifetime.

I've seen some technological evolution over the years. I don't want to be on the receiving end of a nasty surprise in a few years because I guessed wrong.

Fearmongering? Maybe. It's only paranoia if they aren't actually out to get you. If they actually are out to get you, it's called caution.

citation.

That was just off a quick Google search, I doubt it's the only one. I don't have a citation for the malware/spyware scans, but I'm not sure I need one -- Apple actually seems to discourage them, and one of the Mac-vs-PS ads even emphasized that Macs don't get viruses.

you can "what if" lots of features. As near as I can tell from the quick searching I did, it's not like it's on by default. I didn't think it would be, but I haven't fooled with Win7 wireless much.

Domain Administrators can do this.

Is there an article on Network World that condemns Linux for having this ability? Well I did find this when I searched for Linux and HostAP. Don't see anything in the article mentioned that it too, could be a security risk if used incorrectly. It's not called Beware the rogue Wi-Fi access point in Linux Kernel 2.6.26 and up.

Haha... wait, you're serious?

• Roomba learns your room layout while it works
• Automated surveillance cameras in the UK, recognising number-plates and issuing speeding fines
• DARPA grand challenge
• In April last year, a robot made a scientific discovery by itself: http://www.wired.com/wiredscience/2009/04/robotscientist/
• Simulated brains already "exceed" those of a cat's cortex: http://www.networkworld.com/news/2009/111809-ibm-brain-simulations.html
• Computers are used to prove the accuracy of some advanced mathematics that are beyond the ability of a human to verify
• I'm already using AI to help me write music... and it's better at it than I am: http://www.youtube.com/KitsuneSoftware#p/u/2/pnQHRdWJWgU

On that last point... yes, my business model does include developing AI to the point that it's not necessary to employ other people. I doubt very much that I'll be the first to get there (especially as I have to do a lot of other stuff to keep the money coming in and only write the AIs as needed), but I'm sure going that way.

There is a fairly large amount of counterfeit Cisco gear floating around

http://www.networkworld.com/news/2006/102306counterfeit.html

http://www.networkworld.com/community/node/13213

http://www.andovercg.com/services/cisco-counterfeit-wic-1dsu-t1.shtml

And we all know where this stuff is made.

OTOH we just bought a huge pile of new Juniper stuff at work, every single piece "Made in China".

There is a fairly large amount of counterfeit Cisco gear floating around

http://www.networkworld.com/news/2006/102306counterfeit.html

http://www.networkworld.com/community/node/13213

http://www.andovercg.com/services/cisco-counterfeit-wic-1dsu-t1.shtml

And we all know where this stuff is made.

OTOH we just bought a huge pile of new Juniper stuff at work, every single piece "Made in China".

its about supporting philosophy. we are supporting free software, for freedom. software that becomes less free by getting entangled with determinedly anti freedom stance corporations are bad for us to support for future. it may be just the mono and yahoo/bing search change now, but it is just for now. if this is not responded to, other 'changes' may come up.

I can more or less understand your beef with MS, but this deal does not promote MS in any way. It promotes Yahoo. It doesn't display MS logos anywhere, and it doesn't display Bing logos anywhere. Go ahead, open Yahoo, run some search, and look at the search page and the results page - I dare you to find any mention of MS or Bing there!

Now, Yahoo search uses Bing as a backend, yes. This isn't in any way exposed to the users, however. It's between the two corps. And if being powered by MS technology is somehow detrimental to you, then you might also want to stop using Linux entirely, since the kernel contains some code written by Microsoft.

Or is your problem with closed-source code in Bing, in particular? Then why are you using Google, which is equally closed?

Why would pirates have free access to updates too?

Because a insecure, compromised OS affects more people than just the owneruser of that OS. Unpatched pirated copies of Windows can be pwned and exploited to send spam, perform DDOS attacks, do distributed cracking of encryption keys, or whatever else the operator of a botnet chooses to do with it; actions that hurt all the users of the internet, including all the legitimate ones.

Patching pirated copies of Windows is in the public interest

You are aware that Exchange has better interoperability with other products today than in the past, right?

You're also aware that Microsoft just pledged to provide documentation and open up the .pst format, right?

http://www.networkworld.com/community/node/46752

In fact, the Cisco Nexus data center switch has been on the market since around January 2008, IIRC. I don't remember hearing any fuss made by the estate when it came to market

I'm extremely concerned at the amount of power Google is gathering, its data collection, its lack of privacy protection. BUT in this case, Google is the good guy. The FCC forced this whole database option upon the white spaces industry and then said white spaces database admins can charge fees for the service. The company with the most experience (and in Microsoft's camp) was actually partially funded by an FCC commissioner ... so the FCC could be granting a profit-making contract to "one of its own." Now the FCC can't say that it doesn't have another option. Google is big enough -- and its proposal not only says it wants to offer this service for free (possibly), but it includes a method for multiple providers, keeping competition in the game. (My full views here if you are interested: http://www.networkworld.com/community/node/49544).
Julie
--
Network World's Google Subnet

I'm sorry, your post is off on a number of points. Let me clarify things for you.

The problem shouldn't be being solved now, while we're at the 90% level, the problem should have been solved long ago, back when we were at about the 10-20% level, because the actual halfway mark as a function of time is somewhere near 20-25% completion!

The IPv6 specs were drafted in 1994 and mostly finalized in 1998. That 95% of the world still is on IPv4 is not due to the IETF's tardiness.

1) Piss poor backwards compatibility. This was even acknowledged publicly in a recent news article.

Yes, in hindsight, more backwards compatibility would have been nice. It might have made the switchover period less painful and would have avoided the Game-theory deadlock that has withheld IPv6 adoption.

It's not only not poorly backwards compatible, it just basically ISN'T backwards compatible. Want to talk to an IPV4-only resource from your IPV6-only address? You basically have to have some fancy trickery with NAT and DNS in order to do this - it isn't straightforward, and it requires coordination with the IPV4 resource. And the reverse is even worse!

Why do you bring up IPv6-only addresses? They don't (yet) exist, and the situation you're describing is supposed to be painful: IPv6 was designed to not be backwards compatible. Such compatibility would introduce so much legacy/deprecated items in a new standard, that they opted to forego that option completely. The alternative for BC was also drafted at the same time: dual-stack operation. The only reason that your scenario may become real is because the industry's laziness. So if you have a problem with IPv6, take it up with your ISP who should have been offering IPv6 addresses for years. It's sad that the first major OS release to support the IPv6 stack was Windows Vista, even though the first working implementation dates from 1998 (KAME project). It's even sadder that up to this date, there are no end-consumer (NAT) routers that support IPv6 - well apart from the OpenWRT router I have running here.

2) Un-necessary complexity in implementation.

Where is the complexity, and which parts are unnecessary from your point of view?

Partly as a result of #1, implementing IPV6 will be costly, and will require expensive "transition tools" in order to work smoothly. But it's not just because of lack of backwards compatibility - issues such as strange hardware requirements (what... no MAC address?)

wha... what? MAC addresses are layer 2 addresses, and have nothing to do with IPv6, which is a layer 3 protocol. And besides, the MAC address is part of the autoconfigured IPv6 address...

and the like make the cost of implementing high. Sure, it's not that expensive per device, but multiply that by the entire Internet, and the problem becomes a bit more clear.

Which is why we could have had a ten-year transition period already...

3) No net positive for implementing! You don't get "more" for implementing, you get "less". Some stuff that used to work won't, and other stuff that you need to work just isn't there. Sure, Yahoo and Google support IPV6, which is great for the 50 or so people who are on it. But, if anybody cares, it's on IPV4.

Again the magic words: dual-stack operation. And about the net positives: no more fiddling with port-forwarding to get your online games to work, no more insecure UPnP implementations, automatic router discovery, automatic address discovery, full protocol support for IPSEC (instead of the tacked-on IPv4 version); no more portscan sweeps, ISPs can't limit the amount of addresses you use, to name just a few.

4) Tragedy of the Commons: The address shortages don't affect any

Let's say that you get all these companies to give up ALL their addresses. You've postponed the problem by about 18 months! Whoopee!

The thing is, technology tends to grow logarithmically, which is why we have things like Benford's Law. The problem shouldn't be being solved now, while we're at the 90% level, the problem should have been solved long ago, back when we were at about the 10-20% level, because the actual halfway mark as a function of time is somewhere near 20-25% completion!

That IPV6 has been bungled so bad is a consequence of the Second System effect and perhaps a bit of design by committee.

In any event, IPV6 fails to solve a couple of fundamental problems:

1) Piss poor backwards compatibility. This was even acknowledged publicly in a recent news article. It's not only not poorly backwards compatible, it just basically ISN'T backwards compatible. Want to talk to an IPV4-only resource from your IPV6-only address? You basically have to have some fancy trickery with NAT and DNS in order to do this - it isn't straightforward, and it requires coordination with the IPV4 resource. And the reverse is even worse!

2) Un-necessary complexity in implementation. Partly as a result of #1, implementing IPV6 will be costly, and will require expensive "transition tools" in order to work smoothly. But it's not just because of lack of backwards compatibility - issues such as strange hardware requirements (what... no MAC address?) and the like make the cost of implementing high. Sure, it's not that expensive per device, but multiply that by the entire Internet, and the problem becomes a bit more clear.

3) No net positive for implementing! You don't get "more" for implementing, you get "less". Some stuff that used to work won't, and other stuff that you need to work just isn't there. Sure, Yahoo and Google support IPV6, which is great for the 50 or so people who are on it. But, if anybody cares, it's on IPV4.

4) Tragedy of the Commons: The address shortages don't affect anybody who's already on the 'net. I have an IP address or two already. I don't care if *you* run out, I only care if *I* run out. So, I really don't much care about you so long as I get mine. That's called the "tragedy of the commons" - a common resource is exploited as quickly as possible by people who are motivated to get theirs before anybody else gets it, resulting in a destroyed public resource.

IPV6 sucks. The engineers had their chance, and they blew it. Now it's too late to change it because we don't have another 5 years to committee another solution, and there is already a significant amount of inertia from those poor souls who have already implemented it! (at great cost)

This is NOT going to end well.

1) You link to the comments at the bottom of the article.
2) Here is the one page, print version: http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/export/home/httpd/htdocs/news/2009/122309-layer8-nasa-iss-astronauts.html&pagename=/news/2009/122309-layer8-nasa-iss-astronauts.html&pageurl=http://www.networkworld.com/news/2009/122309-layer8-nasa-iss-astronauts.html&site=printpage

I would be surprised if anything less then 100% of zombies run Windows.

Be surprised.

My guess would be somewhere in the region of all of them.

Make that "most of them". OS X botnets have been appearing for a while, and other forms of OS X malware have been known for quite some time.

While many of these pieces of malware are fairly lame, I'd expect more and more "professional" variants of those in the future. One factor that shouldn't be overlooked is the generally complacent attitude of non-Windows users towards the security of their own machines (not unlike what you exhibit in your own post). In other words, from a technical point of view, if users download a malware-infested key generator and enter a password to execute it, it's pretty much irrelevant whether it's for OS X or for Windows. Arguably in this scenario, OS X is actually slightly more likely to be infected, since many Windows computers have at least some form of anti-virus software installed, while on other platforms this is still fairly rare.

It makes sense when you consider it was written by a tech journalist for a computer trade magazine. Apparently, understanding basic science is no longer a prerequisite for reporting on it.

And shame on the editors, too, for not catching it. It's pretty damn obvious that telescopes don't bathe anything, especially not the entire cosmos.

Actually they have, if fairly recently. However they are farther along with open source than many people believe, they've even started their own version of sourceforge called CodePlex that hosts open source projects and developer tools. You can search directly by license type for software released under a number of licenses, including GPL.

The problem isn't anything Microsoft doing, it's users who don't upgrade their OS. Did you notice the part where this only affects IE6 and IE7? Upgrade to IE8, and, presto, you're immune!

Some users, like office workers, are not in control of the computers they use and cannot switch away from what they were given. Sometimes they were set up with particular versions of software to suit other programs. The "Banner" system some universities use, for instance, requires MSIE7 and a particular old version of Sun's Java runtime. Certain sections of Banner don't work properly with non-MSIE browsers like Firefox. I understand this is an extremely costly system and switching away is considerably complicated. I'm not endorsing these choices or claiming any of these choices is wise, but it is there.

The article also says the status of MSIE8 is not mentioned by the researchers: "Neither company [Symantec and Vupen] was able to confirm that the attack worked on Microsoft's latest browser, IE 8.". What part of what article were you referring to?

Yes, but so does Publicly stating that your company's stock is overvalued, and 10 years later Ballmer still has his job! (In both cases, the fact that they were speaking the truth is no defense -- they have a fiduciary responsibility to the company they work for to not damage it's market value.)

Three things 3Com has that HP doesn't: a core switch, new edge routers, and a large chunk of Chinese market share.

A few researchers have claimed that it is actually easier for them to hack in terms of effort:
http://www.theregister.co.uk/2009/03/03/safari_at_pwn2own/ 2009
http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/
http://www.networkworld.com/news/2008/042208-mac-hack-contest-bug-had.html 2008

I have seen Zango, 180 solutions toolbars and shopping compare toolbars appdar in my relatives computers.
http://blog.johnath.com/2008/12/08/firefox-malware/

I did mean type or class of flaw, I apologise. I imagine that there IS a difference in what is more subsceptible to what.

The FUD seems accurate as some people have said the company has associationo with Microsoft.

Assuming the summary isn't completely wrong, this is an excellent idea. In the UK we are under severe threat of a draconian three-strikes law. This is without question due to the behind-the-scenes lobbying of the record and movie industries. And also, of course, the general attitude of compliance of the government towards those interests at the expense of the original, liberal copyright law that benefits culture and the public.

Convincing the ISPs that the filtering/monitoring requirements of the draconian-copyright brigade are worse than having to deal with P2P traffic may be the only hope.

Reference: TalkTalk will resist net piracy plans

Have you ever seen what happens when you take an average, non tech-savvy expert microsoft office user and then tell them that they have to use open office instead? they can't find anything! File formats can be an effective method of lock-in, but having a large base of users who are completely accustomed to using your product as the standard can be as well.

Just as there's training moving from MS Office to Open Office, there's training moving from MS Office 2003 to 2007 and there will be expenses upgrading to MS Office 2010. I could write a book on the complaints I've heard from Office users upgrading. Some of those complaints were about Office 2007 new Ribbon UI. A simply google turned up this article from last year, Arrogance or efficiency? Why Microsoft redesigned the Office user interface.

Complaining that switching to another app has costs without acknowledging MS upgrades has training costs as well is MS FUD.

Falcon

http://www.networkworld.com/news/2009/051909-likewise-novell-active-directory.html

Based on his $21 million bonus in 2008

With those sorts of rewards on offer for "performance", the results are hardly surprising.

Yet we continue to be surprised.

Converting from one large mainframe to a bunch of small servers has an unexpected hidden cost:

http://www.networkworld.com/news/2009/100809-google-dram-error-rates-vastly.html

Unless this problem is addressed, the switch to a cluster trades one source of costs for another.