Slashdot Mirror
Domain: networkworld.com
Stories and comments across the archive that link to networkworld.com.
Comments · 979
-
The Acunix counter-offer is ridiculous
So we will accept the wager and perform a security audit on the Network World site and attempt to breach any vulnerabilities found. This should be a fair substitute, since we are assuming that considering Mr. Snyder's comments, Network World is confident that its website is secure and any data it holds is unbreachable. - Network World
My company has been through several security audits and they require several days of management time, plus telling the auditors all about your IT infrastructure and data compliance. Security audits are not about hacking - they check that you've hardened your infrastructure, have appropriate policies for e.g. 'phone queries, and avoid client data being unnecessarily exposed. They're similar to a VAT (sales tax) inspection.
You should only agree an audit by totally trustworthy auditors, working for a major client, which is not the case here. -
Re:"the majority of todays smartphones"
> Of all the world's smartphones, 95% run on one of three platforms: Symbian (Nokia, Sony Ericsson), Blackberry (RIM) and Windows Mobile (HTC, Samsung).
Well, let's see. You've left out Linux, which has the second largest market share behind Symbian, so if this statement is true it's misleading, but I don't even think it's true.
http://en.wikipedia.org/wiki/Smartphone#2006_opera ting_system_market_share lists the smartphone OS market share as follows:
Symbian - 72.8%
Linux - 16.7%
Windows Mobile - 5.6%
RIM - 2.8%
PalmOS 1.8%
72.8% + 5.6% + 2.8% = 81.2%, which is nowhere near the 95% you claim. Since you didn't site anyone and 95% sounds like a made-up number, I claim you're wrong.
> Samsung, with the BlackJack, is a small player. Trust me, the world's best selling smartphones are in the Nokia N- and E- series. After Nokia, HTC is almost certainly the second best selling smartphone maker.
Nokia's number 1, but Motorola is number 2. The best source I could find, at http://www.networkworld.com/news/2006/100506-nokia -leads-smartphone-sales.html , doesn't even mention HTC.
> *Globally* Symbian is not an irrelevance.
Certainly not. Not yet. It will take at least another five years to phase it out.
However, you seem to pull quite a bit out of your posterior in this post, making up facts and supporting them only with bravado like "Trust me" to make it seem like you know what you're talking about. It bugs me when people pull crap like that and I'm glad I was able to call you out on it. -
Other voices are raising the same issue
The British, too, have expressed their concerns to Google, and Google insists it takes them seriously. http://www.networkworld.com/community/?q=node/104
4 5 And this homeland security expert believes the issue is worthy of discussion1 093 -
Why Sony (and others) do this kind of thing
Can't think of a more deserving campaign or a more deserving company. However, it's worth noting that Sony does this kind of thing because they are confident -- and apparently have good reason to be confident -- that the public at large won't notice or doesn't care, witness these poll results:
http://www.networkworld.com/community/?q=node/1026 7
At the very least, they can be sure that the benefits of such deceitfulness will outweigh the costs. Too few people pay too little attention. -
Shakespeare saw this one coming ...
... and even took out a billboard in an attempt to warn Novell. But did Novell listen?
http://www.networkworld.com/community/?q=node/1042 9 -
should avoid the optical paper ideait wastes a considerable (car dealership sized) amount of paper. Consequently, yo support voting online with the right government setup. Online voting being optional optional and money matters aside, money seems a tangible 'paper trail' which we already have so why not use credit cards on an individual basis as to increase credibility voting online. ID theft is decreasing in several respects.
I understand there might still be some people in the everglades who still live in open-air chickee huts with no utility services, so a real voting machine is a necessity. Here's what I figure should be done to get the best machine system:
-
This concept is already implemented
http://www.networkworld.com/reviews/2005/041105sy
m antectest.html
www.networkworld.com - Symantec's new Mail Security 8100 Series appliance offers a twist on spam management. It limits the amount of network bandwidth spam can consume. In our exclusive Clear Choice test of the Mail Security 8160, we found that when the bits start flying it manages the load on corporate mail servers quite well, providing a good first line of defense in reducing the amount of spam that enters the network -
Re:Anti-DRM Advocates are Missing the Point Here
If it weren't for Microsoft handing over our rights to the them on a silver platter, it would be the RIAA and MPAA bending over to the people instead!
Indeed. Compare the size of hollywood (the six major studios combined) with Microsoft:
Hollywood fiscal 2004 revenue: $44.8 billion
Microsoft fiscal 2005 revenue: $41.3 billion
All by itself MS is roughly equal to hollywood en toto. Then add in the rest of the American computer industry - HP, Dell, Intel, AMD, etc and Hollywood becomes a midget. In terms of what industry is more important to the US economy, Hollywood is clearly the ones who ought to bend over and take it, not the other way around. -
How is MySpace like a daycare center?
They're exactly alike, at least according to the Texas lawyer who who filed this asinine suit. He says "these virtual sites are no different" than a daycare center in terms of their responsibilities to keep children safe. I went off on a bit of a rant this morning on my blog trying to explain the difference to him, if you're interested:
http://www.networkworld.com/community/?q=node/1057 4 -
Printable version
Obligatory karma whore attempt.
Just kidding, I'm a coward. -
Why not just make a cereal out of ads?
-
Re:Nothing new to NSA...
Wouldn't be the first time.
-
In the sub-category of "Best Comedy"
Let us not overlook the contributions of Lyger and Jericho at attrition.org, who brought us the tale of "The GPA Hack That Wasn't"
9 -
Predictable update on this story
Press aide who tried to hire hackers has been fired.
http://www.networkworld.com/community/?q=node/1001 5 -
Re:You've gotta read the entire email trail!
http://www.networkworld.com/community/?q=node/999
9
He initially lies, then admits it.... -
Re:Slashdot's petty partisanship.
Because he initially lied about it, then admitted it?
Quote:
***
After initially denying knowledge of the exchange, Shriber told me this afternoon in the final of our three phone conversations: "I did something that's greatly out of character for me and it's a mistake that I regret."
***
http://www.networkworld.com/community/?q=node/9999
'Greatly out of character': right. -
Re:cat file | grep something
Yup, that's the phrase that jumps out at those of us who don't speak UNIX. Fun with piping cats on this blog post:
http://www.networkworld.com/community/?q=node/9764 -
Re:Not complete innovation?
How many times have you heard the word "innovation" from a microsoftie?
(uncountable)
How much money does it spend on research?
http://it.slashdot.org/article.pl?sid=06/12/06/204 2218
http://www.networkworld.com/news/2006/120606-micro soft-research.html
How many times has it innovated?
http://www.dwheeler.com/innovation/microsoft.html
http://hea-www.harvard.edu/~fine/opinions/msinnova te.html
http://www.vcnet.com/bms/departments/innovation.sh tml
http://www.mcmillan.cx/innovation.html
This last dude gave up, Last updated 27 June 1999. Basically, it came down to a list of all accepted innovation nominations compared to two accepted: Microsoft Bob (doubtful but accepted) and the fucking talking paper clip. Which is basically Bob redone as a more annoying Help file.
all I did was a google search for "microsoft innovate" without quotes, and I came up with ZERO microsoft sites, and a whole bunch which put "innovate" into the quotes it deserves.
Worthless software company. The only things they did right are SQL server (derived from Sybase, and even though it was apparently recoded it shares similar syntax), which actually has a decent track record on security issues, and of course Visual Studio (IMO until the
Dinkumware info, apparently there is a license dispute so that MS can't package the updates in a visual studio service pack, so Dinkumware tells which lines to edit and how:
http://www.dinkumware.com/vc_fixes.html
std::string causes corruption. Sorry we can't fix it, upgrade to
http://support.microsoft.com/kb/813810
"When you build applications in Microsoft Visual C++ 6.0 that use the supplied Standard Template Library (STL), memory corruption may occur, or your computer may stop responding. "
Origins of MSC compiler
http://www.nimh.org/microsoft/
"`This is just a historical note about the C compiler microsoft sells. In the late 80's I was developing C programs under DOS using the Lattice C compiler. One day I got a letter from Lattice saying they were out of the C compiler business, I should contact microsoft for support. I found out that microsoft bought the compiler and exclusive rights to sell it from Lattice. "
O man I just pissed myself off again rehashing all that ineptitude. -
As predictable as snow in winter
Customers *always* like to hear that their vendors are playing nice-nice together; the details matter little -- at least in the short run.
http://www.networkworld.com/community/?q=node/9636 -
Re:No reason to switch
Really, and what address do you send the video to?
Maybe someone has accomplished it, but I highly doubt it's company policy. Especially when all you have to do is use the recovery CD to reinstall it. -
Re:Gov Microsoft
We've got that "Gates for President" coverage right here:
http://www.networkworld.com/community/?q=node/9430
Even have a followup, of sorts, today, headlined 'Gates for President': Stocking-Stuffer Edition': http://www.networkworld.com/community/?q=node/9495
Doubt the Massachusetts CIO will be getting any of this stuff -
Re:Gov Microsoft
We've got that "Gates for President" coverage right here:
http://www.networkworld.com/community/?q=node/9430
Even have a followup, of sorts, today, headlined 'Gates for President': Stocking-Stuffer Edition': http://www.networkworld.com/community/?q=node/9495
Doubt the Massachusetts CIO will be getting any of this stuff -
Stargate addresses
-
Re:Printable one-page version
I love moderators who blindly moderate informative. The site passes several hidden fields to the x.cgi script. Here is a working URL. http://www.networkworld.com/cgi-bin/mailto/x.cgi?
p agetosend=/export/home/httpd/htdocs/news/2006/1127 06-antikythera-slides.html -
Printable one-page version
-
Re:I can get to a printable version...
-
Re:Block email from Windows
For personal usage, this is a reasonable technique. Our research has shown that 95% of deliveries from Windows machines are spam. However, if you are considering using fingerprinting in a business or service provider setting, rejecting connections from Windows machines is a bad bad horrible idea. Microsoft Exchange is run by almost as many companies as Sendmail these days (trust me, we've surveyed 400,000 mail servers to determine this). Blocking them all will result in many unhappy end users.
However... fingerprinting can be a very useful technique to identify a bad sender when nothing else is known about it. For example, with our connection management software, you can configure it to throttle (i.e. slow down, traffic shape, etc.) connections from Windows-based hosts if the host has no previous good reputation. See an overview of the technique in this OnLAMP article by Stas Bekman. -
Duh
Generally speaking, it comes out that hackers are usually brilliant, inventive, and determined. They generally feel anger and rebellion towards authorities and narrowmindedness, seen as a menace for civil liberties. Hacking is conceived as a technique and a way of life with curiosity and to put themselves through the hoops, or as a power tool useful for raising awareness among the general public about political and social issues. Normally, they are driven by the love for knowledge. Nevertheless, there are also hackers who have profit purposes and, therefore, practice phishing/pharming, carding, or industrial espionage. Their preferred targets are military and governmental systems, as well as information systems of corporations, telecommunication societies, schools, and universities, but also end users and SOHO.
You've got to be kidding.
What's the methodology for this profile? Googling the word "hacker"? Please. Tell me something I didn't know years ago. (For example, MEECES.
Seriously, these guys sound like they have a seriously flawed survey methodology, in that all they are doing is self-selecting their sample and parroting the results. Moreover, I don't see how they plan to create anything useful out of the forensic data they expect everyone to send them. In that regard, I see little difference between what they say they are going to do and what the Honeynet Project has been doing for years. -
required by law to notify customers
In many states now there are consumer protection acts that require companies to inform those that may have had their information comprimised.
http://www.networkworld.com/news/2006/010606-data- breaches-law.html?fsrc=rss-security
Of course it may different for your state as it's not nation wide that I'm aware of, but the fact still remains it is illegal in almost half the states in this country to "keep it quiet". More over, he WOULD be implimented in this mess as he knows of the problem and doesn't say anything. Either rate, as professionals...it falls on US to protect clients' and comsumers' data. Most ID theft is caused by poor business practices, not from anything that the individual has done and this is a perfect example of that.
On another note, wtf is this guy thinking having Win98 machines on a business network live on the 'net without firewall(s)? It's one thing to have to use it for legacy software, it's another to make it a juicy target. I hate to even bring this up since it would end up being flamebait or could label me as a Linux Zealot, but have you considered using Wine, dos4lin or anything to run the software? If it works at least then you'd have a current OS to run the software. -
If you are interested in the back-story
This blog entry from yesterday includes links to Berners-Lee's past writings on the subject, as well as a summary from an '05 meeting of the minds in London at which this effort was apparently first kicked around.
http://www.networkworld.com/community/?q=node/9103 -
Re:I particularly like this bit:
If that IS in the EULA, it sure would contradict their "world of devices that run on windows" campaign, where they mention "schools and hospitals"
Furthermore, Dvorak isn't the first to use hospitals as an example, as can be seen in this article from 2004. And whaddya know...it is an actual concern, albeit not of Microsoft's but of the manufacturers, and it seems it's because the manufacturers don't want hospitals installing the security patches. The article also makes mention that worms have hit hospitals in the past, often shipping from the manufacturer with viruses already on them. And you thought the iPod story a few days ago was bad. -
Printable page link
One continous page:
http://www.networkworld.com/cgi-bin/mailto/x.cgi -
Re:Hey Ed's...
Actual link is to a Network World article. http://www.networkworld.com/news/2006/100506-micr
o soft-antipiracy.html?page=1 -
correct link for Microsoft story
-
Moo
Link.
-
Look for article here
This article can be found at networkworld.
FTA:'"I think Microsoft will have to budge on this, say worst-case scenario in Service Pack 1," says John Pescatore, an analyst with Gartner.'
Oh yeah, they're sure to 'budge'. After all, if they don't budge people will flock away from MS products in huge numbers.
"Under SPP, which debuts in Windows Vista and Longhorn Server, Microsoft software that is found not to be genuine will warn the user and eventually go into a Reduced Functionality Mode (RFM) until it is activated with a product key."
RFM must be the new name for Windows XP/2003.
-
This is the correct link to the story
I believe this is the correct link to the story: http://www.networkworld.com/news/2006/100506-micr
o soft-antipiracy.html?t5 -
Re:Really?
Then maybe you should be removed form Windows support and reassigned or let go. Sorry but if you have these problems "all the time" then you are doing something wrong.
Yeah, right. It's my fault Microsoft patches often cause problems. My fault and the fault of thousands of others who just don't know what they're doing, I suppose. Let's see what a google search turns up:
- August 30, 2006 - IE patch breaks Exchange 2000
- August 16, 2006 - Microsoft patch may crash IE when certain websites are viewed.
- June 16, 2006 - Microsoft patch breaks dial-up networking
- April 18, 2006 - Microsoft patch breaks HP software
- April 16, 2006 - Microsoft patch breaks web pages ON PURPOSE (EOLAS problem passed on to their users)
- April 14, 2006 - IE patch breaks Siebel client
- October 29, 2005 - Another Black Eye for Microsoft Patch Creation Process
- May 13, 2005 - Faulty Microsoft Update Rekindles Patch Quality Concerns
I could go on. That's just the tip of the iceberg. It's a known issue. Has been for years. Many of those links point to articles saying things like "Patches have caused trouble at times, on occasion prompting Microsoft to fix already released updates" and "When we are dealing with Microsoft updates, one thing we always reiterate, then reiterate some more, is to test before deploying. The guidance is always to download, test, then deploy the patches. With Microsoft, the test section of our guidance has gotten larger and larger."
That you haven't experienced problems with ANY Microsoft patches but SP2 is at best an anomoly.Where I work we've got about 500 windows computers, give or take. Those run on a rather eclectic mix of hardware, some as old as P2s, some as new as Core 2 Duos. Servers, workstations, you name it. We run a pretty eclectic mix of software too. Off the top of my head some examples would be Matlab, HFSS, Photoshop, Office, Vegas, Visual Studio, Metrowerks, Miktek and so on. A fairly diverse Windows environment, in other words.
Wow. I'm happy for you. Your parents must be so proud.
Wanna know how many patches ever came out that broke systems? One: SP2. How many broke? 2, both personal systems loaded to the gills with spyware. We wiped them to get rid of the spyware, they took the update and worked fine. That's a pretty good track record. Comparable to Solaris (which we also run a lot of)
So, is it your policy to automatically patch production servers using AutoUpdate? You've never run a competitor's database or application stack on any of your Windows servers? All the software you mentioned is desktop software. Because if you have, you'll find service packs breaking things aplenty. I'm not talking desktop apps. I'm talking backend. I'm actually fairly comfortable setting desktops (since XP stabilized) to auto update. I would never apply a patch to a production server without full testing on test servers to make sure things like, oh, let's see...the latest SQL Server service pack doesn't cause function FOO of product BAR to stop working...because that happens...frequently.
Now let's compare that to, say, Fedora, which we also run.
I never said anything about Linux. Patch management seems to be an equal
-
mod parent up, underrated
Case in point:
Cisco IP stolen by Huawei:
http://www.networkworld.com/news/2003/0709huawei.h tml?net
http://newsroom.cisco.com/dlls/corp_012303.html
I have an example about Cherry qq ripping off the Chevrolet Spark, I'll post it later. -
Ameritrade spam
My unique Ameritrade address was leaked before 2005-10-31, and a different unique Ameritrade address was leaked between 2005-11-24 and 2006-8-11.
My unique Ameritrade email address also started receiving stock-related precisely on the same day (2005-10-31). Clearly the same incident. I changed the email address the following day, and reported the issue to Ameritrade. After several layers of denials, the message finally got through to someone aware of the incident, who replied:Ameritrade has received reports of clients receiving spam at e-mail addresses that were only provided to Ameritrade. We are currently investigating this situation in order to put a stop to it as soon as possible....
No more spam to the new email address for almost 8 months, then it started receiving spam on 2006-07-28. So the second leak must have been between 2005-11-24 and 2006-07-28, probably toward the end of that period. Again consistent with your report.Getting back to the question of whether a company should go public about a security breach, I think it would depend on the circumstances. If publicity would hinder an undercover investigation or sting operation, a delay could be justifiable.
For what it's worth, on another occasion last year, Ameritrade did lose a data backup tape containing customer account information during shipment back in February 2005, and went public about it two months later (http://www.networkworld.com/news/2005/0420ameriw
a rns.html) after notifying customers who may have been affected.And here's an extensive blog entry about the Ameritrade incidents-- with many corroborating comments pointing to the late July early August 2006 timeframe: http://www.billkatz.com/node/77.
-
Re:What is an OS again?
I've always thought there's something a bit Gödelly about this, along the lines of "Any sufficiently complex system can never be secure".
E.g. I added a new hard drive, and left it downloading a vast 55GB set of files by FTP from the UK over my shiny new 2Mbit connection. Since the machine at the other end is ADSL, it's a very slow process. When I try and watch a DVD, I'd get a BSOD. Figured the drive was bad, so I checked the SMART data. Can't see the drive at all, motherboard has a Sil3112 and the the shitty SATA drivers manage to fumble the SMART command so they always go to drive 0 even if you ask for drive 1. The two drives are in non raid mode, and I'm using the non raid drivers, so I should be able to do this, but all the tools I have return drive 0 data for both drives.
Flipped the drives around. Now I see SMART data for the new drive on both drives. SMART data looks ok - no reallocated sectors for example. Got the Debugging Tools for Windows and WinDbg'd the dump - csrss.exe had aborted and the system bug checked since it needs csrss.exe. Looking in the log, csrss had aborted due to an IO error, STATUS_INSUFFICIENT_RESOURCES. Elsewhere in the error log I can see references to running out of non paged pool. Figured that the SATA driver had a leak. Turned on pool tagging, left it FTPing with PoolTag from the DDK running. I can see the lots of non paged pool being allocated to tag HidC, the Hid class driver.
I bought a cheap USB remote control, a Trust NB-5100P. At least on my system, it seems to Hid Class driver to use lots of memory. It's pretty dramatic, a K per second. Over 24hours day I ended up with 57MB of non paged memory to just this driver. If I stop the system tray applet, the memory is freed instantly.
So it looks like once I got the new drive and started to leave the machine on for several days pulling the files, I could get to the point where it run out of non paged pool and died. Now I only turn on the Trust control panel applet when I'm watching video.
Who's at fault here
1) Trust for making the stupid applet which uses vast amounts of a extremely precious resource. Note that the HID class driver isn't leaking - if you turn off the trust applet the memory is freed. Trust have managed to bring down the system from user mode though.
2) Silicon Image for making a driver that misroutes IOCTL_SMART_*
3) Me for buying Trust/Silicon Image stuff and expecting it to work properly. -
Printable Version
-
Print Version
-
WORKING print view
-
print view
-
802.11n is not around the corner. 2nd vote Jan-07
FYI, IEEE is still debating on 802.11n. The second vote is scheduled in Jan-2007.
-
Re:Worthless
Take this as constructive advice from someone who works in the field: what you don't know could fill a library (that's a building with books in it).
You could try educating yourself first about Filenet before posting, but I forget; this is Slashdot. Filenet has a buttload of products; they also provide lots of consulting to go along with those products. BTW, consulting is IBM's bread and butter, if you didn't know. Filenet made $422 million bucks last year. At that level of income, IBM will make its money back in about 4 years.
Sure, I'm a Filenet admin, so I'm biased. But I get paid pretty damn well for it.
And it runs on UNIX. So there. -
Re:So...
Apple caters to their users and provides them with lovingly crafted systems that the Wintel world is just incapable of ever attainting.
Hmmm. Are these the same "lovingly crafted" systems that overheat due to leftover parts from the factory, flake paint and have "swelling and failing" batteries? -
Re:Astroturfing, too
Yes, its the same guy:
When not blogging, I am a Network World news editor and write the 'Net Buzz column
Its also definitely astroturfing, because he admits he wasn't spammed, and that what really pissed him off was that he wasn't included
All of which I might have let slide without remark if not for this final indignity: Nowhere among those 11 Network World addressees, three former employees, and 102 other journalists could I find the name that matters most: mine.
I think his theory goes something like this:
- make fool of self in blog by bitching about NOT being included in the people being spammed
- post/astroturf it under a separate account to slashdot
- ???
Pointed this all in this comment on the original blog
- make fool of self in blog by bitching about NOT being included in the people being spammed
-
And the condensed version of their 12 principles
Embrace, extend, and extinguish.
