Slashdot Mirror

"Password Policy"
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.

All passwords are to be treated as sensitive, confidential County information.

Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your passwordwhile on vacation."

http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf

So announcing it at a meeting was right out.
The person that should have taken this all into hand and resulted in a normal dismissal instead of an arrest is Chris Vein. He was originally an accountant but many CIOs are and some manage to pick up management skills and familiarity with technology along the way.
Here is what http://blogs.zdnet.com/BTL/?p=4692 says about him:

San Francisco's CIO Chris Vein calls himself an "accidental CIO." His background includes working in and around the White House during Reagan, Bush and Clinton administrations. For the city of San Francisco, Vein's political background has turned out to be an important asset.

It's still possible he got there by merit, but it starting to look like a political appointment. On his linkedin page he describes himself as "Delivering strong and effective leadership", which often means someone that fires people for no good reason to show they are "strong" but maybe I've just seen too many bastards in action that like that word. These things may give an insight or maybe not, but the end result of getting the police involved in a workplace dispute demonstrates to me that he is not paticularly effective, let alone the situation where there was only one person that could do the job. BTW San Francisco, do you have your free WiFi from 2006 yet? If not you now know the name of the guy that was in charge of delivering it.

(typing again because /. ate my post)

If anything, the pendulum might swing backwards as competitors try to ape 80% of the iPhone's functionality at half the price.

Swing back? It never swung that way. Firstly, I'll assume you meant smart phone in general - there are others beside the Iphone, you know.

Despite what some might think from reading all the Iphone coverage that Slashdot gives, by far most phones sold are still the cheaper ones (e.g., see http://blogs.zdnet.com/gadgetreviews/?p=6836 ).

It's also long been the case - long before your Iphone was thought of - that "feature" phones have "aped" most of the functionality of so-called "smartphones". Things such as Internet access, email, running programs, are now commonplace on all but the most cheapest and basic of phones . As technology progresses, I can't help thinking that the distinction between smart and non-smart will become even less meaningful (I'm glad someone agrees with me). Pretty soon the "smart" phone category will only exist from a marketing point of view, for companies like Apple who want to inflate their market share by reporting their share of an arbitrarily restricted one, rather than the mobile market as a whole.

And indeed, I'm curious you refer solely to the Iphone, as it doesn't really fit neatly in the smartphone category, in that it lacks several features that even "feature" phones have (one might just as well say that the Iphone tries to ape 80% of a Motorola's functionality at twice the price). In the smartphone market, there are plenty of other phones doing 100% of functionality, and more. Don't expect to read about it on Appledot, though.

Uhhh... I take it you haven't read this yet, have you? The reason Chrome has been a "secure browser" so far is the SAME reason I would argue that Linux hasn't been seeing viruses: It just ain't a big enough target yet to waste serious brain power on. But as it grows more popular (I can remember a time when FF never had hardly any problems either) the amount of exploits WILL go up, because as I said (and you yourself pointed out with your post) sandboxes are bandaids on bullet wounds.

With so many legit reasons to be calling outside the browser to render "web 2.0" content means you have to try to lock down the browser PLUS JavaScript PLUS Flash PLUS Acrobat PLUS Java PLUS WMP and I'm sure others could think of another dozen or so to add to that, like Quicktime, ETC. That is just too many attack vectors IMHO, and why we need to step back and re-examine the way we interact with the web. And mark my words we WILL be looking back in five years and seeing that JavaScript ended up just as much of a malware haven as ActiveX. The only difference IMHO is that JavaScript so far has been too much of a PITA to write truly cross platform nasties for and therefor JavaScript bugs have been shooting the big game by going after Windows only.

Trust me, if OSX and/or Linux makes a huge jump in users that WILL change. Just look at DNSChanger for Mac. Yes, the user has to be stupid enough to run in, but guess what? Many users are quite stupid. Working with them for nearly 15 years I know this quite well. I think ultimately we are gonna have to take a step back, look at how we interact with the web, and work at making the interaction safer from the ground up. Perhaps by having a way to isolate and scan and THEN sandbox code before it is ever ran. But as things are now I say you are in an arms race you can't ever win, because the malware writers can spend all day every day just looking for little weird attack vectors that you have probably never thought of. After all we have been building homes for 2000+ years and can't figure out a way to make them burglar proof cheaply and easily, what makes you think we can make an "idiot proof" and hacker proof browser that will still allow the "web 2.0" content the content producers and public wants?

Vista has a robust DRM scheme, which appears to be inhereted by W7, and the first customer to utilize it was Microsoft itself: http://blogs.zdnet.com/Bott/?p=334&tag=rbxccnbzd1 DRM doesn't exclusively refer to music and videos, but to all of software and even hardware. Think back to Apple's handling of jailbroken iphones. As an individual, you may not be affected by DRM, but collectively people are. The capability is there and we may see media conglomerates like the RIAA utilize it as their business model undergoes more and more pressure.

Remember when the telcos claimed that net-neutrality would harm the industry by preventing them from collecting enough money to upgrade the infrastructure in the US?

This proves their previous anti-net-neutrality arguments were BS.

From http://news.zdnet.com/2100-9588_22-148385.html

"Republican backers, along with broadband providers such as Verizon and AT&T, say it has sufficient Net neutrality protections for consumers, and more extensive rules would discourage investment in wiring American homes with higher-speed connections."

From http://www.freedomworks.org/publications/the-problem-with-network-neutrality

"By contrast, mandatory network neutrality is bad for business. Unlike the narrowband phone lines of the twentieth century, broadband pipes are being built with billions of dollars of unsubsidized investment in a competitive environment. ISPs make this investment on the assumption they can recover the costs and profit. As such, broadband lines are not the "public resource" that monopoly networks were in the past. Companies that own high-speed lines have a right to recover the costs that other parties impose when they wish to use those lines to transmit high-bandwidth, revenue-rich services of their own. If network neutrality is enacted, ISPs will have no incentive to build new pipes. Consumers will therefore get less choice."

I believe you are talking about the SCO case... and yes, Microsoft did at least indirectly help fund the litigation. http://news.zdnet.com/2100-3513_22-139743.html

For those that are all happy and "Yay, MSFT got screwed!" I would suggest looking at this picture explaining the patent in question and seriously think about it.

That picture does not, on its own, explain anything, and certainly not the patent in question. It is one of a series of 10 similar figures that are part of the patent (the whole patent is attached to the complaint as Exhibit A.)

From the looks of it this patent is so vague pretty much ANYTHING that uses the XML format to manipulate data in any way would could possibly be looking at a lawsuit, should this patent troll decide they are a potential cash cow.

No, the patent covers a particular approach to handling data wherein you track a raw content stream separately from the tags ("metacodes"). Something similar to what is patented (but maybe not enough to be within the scope of the patent) might conceivably be used (at least, the approach makes sense) in lots of text-oriented applications (word processors, browsers, etc.), but probably not used in most applications that use structured data where the text content wouldn't also be used, as-is, as a text stream without the tags. So the scope is much narrower with respect to XML use than you suggest (conversely, its broader in another respect, since it is not limited to XML -- in fact, it refers to use with SGML as the main example throughout the patent, but the claim isn't limited to any particular markup language.)

For those that are all happy and "Yay, MSFT got screwed!" I would suggest looking at this picture explaining the patent in question and seriously think about it. From the looks of it this patent is so vague pretty much ANYTHING that uses the XML format to manipulate data in any way would could possibly be looking at a lawsuit, should this patent troll decide they are a potential cash cow. This includes OO.o. How many FLOSS applications use XML in some way? Because they have all just been put at risk until this patent is either invalidated or their ability to use XML is removed.

If this is held up then XML looks to be a dead format, and least here in the USA. The patent is just too vague to make it worth the risk, and this includes OO.o ODF which IIRC uses XML as well. If this isn't proof that software patents need to be thrown in a fire I don't know what is. If this stands it doesn't matter how many patents one has, or how much work one puts into making a new format, as all it will take is a patent troll playing "buzzword bingo" and getting a broad enough patent to kill any format dead.

There are a few proof-of-concept rootkits that work by installing a thin hypervisor in hyperprivileged mode

No, there is one that the creators claim to operate like this.

This is virtually undetectable to the OS

No, it's claimed to be undetectable, but when challenged, the creators won't let anyone examine it to see.

There are a few proof-of-concept rootkits that work by installing a thin hypervisor in hyperprivileged mode

No, there is one that the creators claim to operate like this.

This is virtually undetectable to the OS

No, it's claimed to be undetectable, but when challenged, the creators won't let anyone examine it to see.

Because upgrading the upstream pipe from 14.4Kbps to 33.6Kbps would require the Yemenis ISP to take out a small loan at a 'very' high interest rape from the WTO...

But in reality, all ISP's would like to censor traffic as 'Less load + more consumers = Greater Profit'. If ISP's had their way we would all have the old netzero type ad bar on our screens while every mistyped web domain would take you to their sponsors web site all the while making sure you never exceed 1GB a month on your 100Mbit/100Mbit connection.

As far as the 'free market' 'you have a choice' idea goes... We know that just isn't true anymore... Large corporations collude with each other to insure your SOL and they rarely get caught. Even when they do it doesn't drive them out of business.. Flamebait? Damn Dirty Lies? Hey why not check out the quick 30 seconds of research below.

07-14-2009: EU issues charges in global LCD price fixing crackdown
06-16-2009: AT&T and Verizon deny price-fixing accusations
03-10-2009: Hitachi pleads guilty to LCD price fixing
11-12-2008: LG, Sharp, Chunghwa admit to LCD price fixing
03-03-2004: EU probes memory price-fixing charge
09-30-2002: States settle CD price-fixing case

This is why 'fanboys & girls' really need to be 're-educated' and not by their TV's, iPhones or PS3s... ;-|

OR better yet, get rid of the real Patent trolls that put major companies on the defensive patent claim train.

You mean like all the patent licensing firms started by ex-MS employees?

I wonder where they got the idea from that that was a viable business model...

Exactly. It would be better not to use the term 'RAND'. As RMS wrote:

These standards bodies typically have a policy of obtaining patent licenses that require a fixed fee per copy of a conforming program. They often refer to such licenses by the term "RAND," which stands for "reasonable and non-discriminatory." That term whitewashes a class of patent licenses that are normally neither reasonable nor non-discriminatory. It is true that these licenses do not discriminate against any specific person, but they do discriminate against the free software community, and that makes them unreasonable.

Can open-source solutions maintain Skype's level of security?

Skype Encryption Stumps German Police
http://www.reuters.com/article/internetNews/idUSL21173920071122

Expert: Skype calls nearly impossible for NSA to intercept
http://blogs.zdnet.com/ip-telephony/index.php?p=919

I mostly agree with you. I would very much like a browser with the privacy settings you described. There is already the "Accept third-party cookies" option (I think all modern browser have a similar option), but I am not sure exactly what that does.

On the other hand, cookies are not needed for logins. In fact, they are a rather insecure way to do logins as anyone who can see your cookies can take over your session. For example, if you are on an open Wi-Fi hotspot and view any website that uses cookie logins and allows viewing logged-in pages without encryption, then anyone on the same hotspot can see your cookies and hijack your session. There was an automated attack specifically for GMail a little while ago (which Google added a "require HTTPS" option to secure against), but the same principle works for any site that does not require HTTPS (so it [hopefully] won't affect your bank).

Instead, logins should be done using HTTP digest authentication. As HTTP auth actually authenticates each request separately (as HTTP is stateless so it has to), it does not get tied to an IP, but still works without cookies. Additionally, it never sends the user's password in the clear, so even if the user is tricked into logging into a phisher's server, the phisher gets no useful information.

Unfortunately, although all modern desktop browsers support digest auth (some more obscure mobile browsers might not), the UI is horrible. I have yet to see a browser even indicate clearly that the HTTP auth was not basic (read: send password in the clear which should come with as many click-through steps as Firefox's current setup for self-signed certificates). Also, users have been trained for years to expect login boxes to appear as part of a web page, not as part of the web browser.

Using cookies for authentication is bad idea. They are currently the preferred solution for UI and historical, not technical, reasons. The browser vendors should be working on a sane authentication UI, so we can stop using them for that purpose.

MS isn't improving the performance or security of their operating system.

Huh? Windows Vista introduced some really low level:

• Memory and IO priory - which made background tasks less interfering as they could gradually cause higher memory priorities to be swapped even if you left the machine idle for a long time
• Granular scheduler - more precise scheduling
• Multimedia-aware scheduling - network bandwidth reserved when playing back multimedia and cpu and memory reserved to avoid glitches. Vista (and 7) holds up remarkbly well under stress - much more than Xp or Linux.

It is widely recognized (at least among security researchers such as Charlie Miller) that Vista has improved security a great deal:

• Stack/heap encryption and checksumming
• DEP
• Variable reordering (making buffer overflows much less likely to affect critical parts with pointers)
• Many other anti-memory-corruption prevention mechanisms
• Process integrity levels and the IE sandbox - effectively a subdivision of the current user account by modifying the process security token (dropping rights) and preventing shatter attacks.
• Service hardening - even before Vista/Server 2008 only a few services (daemons) were actually running as the "root" (SYSTEM) account. But with Vista/2008 service hardening again modifies the process security token to effectively shut it out from any resources except those explicitly granted. This is like Apparmor, only it leverages the built-in granular permission structure instead of requiring external "profiles". In other words, it is like each service has it's own account and has severely restricted access - even if formally running as SYSTEM or NETWORK SERVICE.
• Network Access Protection - can (almost) guarantee that clients on a network which do not meet certain policy requirements (e.g. patch levels, AV protection etc.) are quarantined and only allowed e.g. windowsupdate access.

Windows 7 also has some kernel tweaks which further improves performance and scalability

• Microsoft engineers solved the "spinlock" problem (akin to the "big kernel lock" problem Linux still grabbles with) and improved performance and scalability to 256 cores.
• Concurrency and Coordination Runtime (to be backported IIRC) which is a highly granular, minimal-overhead user mode threading model. Programs written to take advantage of these features will have greatly improved scalability across many-cores (the current process/thread concept for concurrency is really coarse-grained in comparison).
• Transactional memory (at least they are experimenting with it in '7).
• New "delayed" service mode
• Multicore tweaking - switch off entire cores when usage so permits to save energy.
• Lots of other minor tweaks - such as consolidating timer events so that if processes asks for timer events every 10 seconds they are synchronized so that they all receive their event at the same time and the CPU can go into a lower energy state in between.

Intel and AMD have been making dual-core CPUs for more than FOUR YEARS.

What your point? All major operating systems have supported multiple cores FOR YEARS. Even XP had support for 2-4 cores IIRC. The article you linked to was not an announcement that Windows now can use multiple cores, it was an announcement of the new tweaks (removal of spinlock and 256 core scalability) and of the new Concurrency and Coordination Runtime (a.k.a. "concert") - which is user mode threading and is in addition to the traditional kernel mode threading with processes and threads.

Because they essentially have no competition.

MS isn't improving the performance or security of their operating system.
Instead, they are simply cramming more products in and calling the monstrosity an "operating system" - in an effort to expand into more markets.

Huh? MS just fixed and tweaked what was wrong with Vista without promising or adding a bajillion new features. Security is a lot better, with many exploits for XP that are coming out not working on Vista or 7.

Intel and AMD have been making dual-core CPUs for more than FOUR YEARS.
http://www.intel.com/pressroom/archive/releases/20050418comp.htm

Intel has announced 8-core CPUs.
And yet the "new" (its basically a rebranded Vista) Windows 7 will barely take advantage of any of them other than the first..
http://blogs.zdnet.com/microsoft/?p=1612

Why link to outdated speculation? Check these real tests and benchmarks out instead. http://www.infoworld.com/t/platforms/generation-gap-windows-multicore-273

Even Slashdot linked to it. http://tech.slashdot.org/article.pl?sid=09%2F01%2F22%2F1554224&from=rss

This is what happens when you don't have any competition. Its not an operating system, its a bloated behemoth born of a monopoly that wants to kill competition in every software market it can.

Microsoft should have been split up in 2000.
You can't create competition through regulation.

Err, you want MS to be split up because of regulation and then say you can't create competition through regulation. Cognitive dissonance?

Are you sure you didn't mean to post this comment when Vista launched? If not, all I can say is this --> http://linux.slashdot.org/story/09/07/25/1757253/Linus-Calls-MicrosoftHatred-a-Disease

If your sole objective was to irrationally hate on Microsoft and gather Slashdot karma, Congratulations, you've been modded up already.

whereas there is NOT A SINGLE ONE on Windows Server 2003 [..] I cannot fix... or, avoid

So - you cherry-picked a release and even this one has several unpatched and known exploits in it? Congratulations!

WHAT? Apparently, you aren't aware of the JAVA bug that Apple had, for MONTHS now, that other vendors patched many, Many, MANY months ago... would you like proof of THAT, also?? Just ask... I'll get the link, & right from this website...

http://blogs.zdnet.com/security/?p=1708 http://zerodayinitiative.com/advisories/upcoming/

Windows runs more software AND ON MORE HARDWARES in peripherals

Whether Windows can run loads of software is irrelevant. If it did not ship with it - it will not get counted as a flaw.

As for your last comment - you just don't get it do you?

2) The annual pwn2own competition, among others, shows that Linux and Windows are similarly secure and OSX is much less secure. OSX goes down first every year, while Windows and Linux both last until later days of the competition when more direct access to the systems is granted to the contestants.

First, I don't understand why this myth keeps appearing. Ubuntu is the only one that came out without being cracked.

Second, pwn2own shows what can happen if someone specifically targets your machine. No system is unbreakable to a truly determined and resourceful attacker, and nobody claims Linux is magically untouchable to such a concerted effort.

But that kind of targetted attack is not really what people care about when talking about general desktop security, is it? Nobody is targetting your mother's Windows machine, specifically. Her machine gets infected because trojans, viruses, and other malware is absurdly easy to pick up on the Windows platform just by going about her day to day work.

The thousands of exploits and vectors documented in Windows are of far more consequence to the average user than a focussed attack by a dedicated hacker deliberately trying to get into that specific machine. pwn2own demonstrates the latter threat, which is of no real concern to most users. It says nothing about the former threat, by far the more dangerous.

A Windows machine is more likely to be compromised, but that's because of market share.

This is such a tired argument. There are millions of LAMP stacks out there sitting on fat pipes. You think hackers and spammers wouldn't love to get their hands on those? The ones under my control get hammered all day, every day.

"Market Share" has nothing to do with the primary vector I notice plagues users either: Getting new apps. In any modern "desktop" disto, you get software out of a respository, which has been examined, vetted, and verified. If something's wrong with the package it won't get into the repo, and if it does, someone's going to notice quickly. It's not 100% foolproof but it's pretty damned great.

But Windows users don't have that option. Instead they scour the web looking for software which might do what they want, sift through the crippled versions, the trial versions, etc, and download a compeltely unknown binary from an unknown source, and run it. BIG SURPRISE, many of these come bundled with little extras -- trojans, adware, toolbars, and other party favors. Next thing you know the hapless Windows user is calling you to complain about how slow their computer is...

This is not a marketshare issue, it is one of many fundamental differences in the approach and structure of Windows versus Linux. If some genie made it such that Ubuntu had 90% marketshare tomorrow, that 90% of users would still be using Synaptic, and the 10% Windows users would still be downloading random executables from the web.

1) This vulnerability exists on OSX, Windows, and Linux.

As far as I can tell it exists on any platform where Flash is installed. It's not really an OS problem (though this is debatable, I guess), but an application problem. Though, the Zealot in me just has to point out that this is what happens when you deal with closed software. Now we're all waiting around twiddling our thumbs hoping Adobe will get off their butts and do something about this, because nobody else can.

Window's record is pretty bad, but Mac OSX hasn't been completed tested out in the wild yet because it's not very popular right now. More exploits might be coming as it gets used more. But Apple seems to have developed it with security in mind, so let's see what happens.

Wrong. http://blogs.zdnet.com/security/?p=2748

Pwn2Own hacker: Apple Safari is 'easy pickings'

WRONG on many levels. If you're not running as admin, only your user files will get affected in all the current OSes including XP. But IE8 on Windows 7/Vista does sandboxing and hence is more secure than Firefox on Ubuntu out of the box. Don't believe me? Read is straight from the horse's mouth. http://blogs.zdnet.com/security/?p=2941

Why Safari? Why didnâ(TM)t you go after IE or Safari?

Itâ(TM)s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs donâ(TM)t do. Hacking into Macs is so much easier. You donâ(TM)t have to jump through hoops and deal with all the anti-exploit mitigations youâ(TM)d find in Windows.

Itâ(TM)s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesnâ(TM)t have anti-exploit stuff built into it.

[ SEE: 10 questions for MacBook hacker Dino Dai Zovi ]

With my Safari exploit, I put the code into a process and I know exactly where itâ(TM)s going to be. Thereâ(TM)s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I donâ(TM)t know where it is. Even if I get to the code, itâ(TM)s not executable. Those are two hurdles that Macs donâ(TM)t have.

Itâ(TM)s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But thatâ(TM)s only half the equation. The other half is exploiting it. Thereâ(TM)s almost no hurdle to jump through on Mac OS X.

It appears that you somehow are forgetting the multiple reports that the judge was clearly biased.

Because I don't wear my phone?

This guy does!

I guess I'm not seeing this "treachery" of which you're going on about.

You may want to click on the links to the articles to see the treachery. Here is a quote from one of the articles...

Pigs are flying low: Why Microsoft open-sourced its Linux drivers
"Microsoft originally was licensing the Linux drivers, also known as the Linux Integration Components (LIC), in a way that was in violation of the GPL. It was offering them under a combination of the GPL and a closed source license."

Nobody cares that Linksys/Cisco uses GPL code in their cheap routers.

The whole idea of releasing source code under the GPL is to make it available for use. The copyright holders of that code do not take issue with corporations using the code, they take issue with corporations when they violate the license terms under which the source code is made available to them for use. As was the case with Linksys/Cisco.

Cisco sued by FSF over GPL violation

And considering the fact that MSFT just signed another patent protection deal with another Linux company, and recently sued TomTom over the dubious FAT patents, I think Linux guys have a right to be cautious.

After those of us survived the horror of WinME (you STILL owe me an apology Bill Gates!) we Windows guys know MSFT will screw us over in a heartbeat, you Linux guys just haven't had MSFT bring on the pain yet. But we Windows users are addicted to our games and apps, and therefor doomed. Save yourselves!

Are you serious?
I suggest you read the section about mac address security here:
http://blogs.zdnet.com/Ou/index.php?p=43

and then implement WPA (if you actually want real security)

Your current setup keeps out harmless casual users and lets in easily anyone who might want to use your connection for dodgy/illegal purposes and has the slightest clue what they are doing.

Silly rabbit... didn't you know that the laws only apply to OTHER people, not the movie studios and the elite?

You're kidding me. You honestly couldn't manage to go to cinepaint's web page and figure out "click the download button, and double click the file that downloads"?

I did that. And when I launched CinePaint after installation all I got was a CinePaint titlebar, nothing else. I tried to open a photo with it, by ctrl clicking the photo and choosing CinePaint in the Open With dialogue. But it did not open.

Of note btw, while cinepaint is shiny (and easy to install), there's actually better software to do that kind of thing on Macs -- pixelmator for example.

Does pixelmator work with at least 16 bit colour channels, depths? I googled it, and oh surprise a license cost $60. Looking at a comparison between it and Photoshop Elements it looks like PE does more, and I got PE with the scanner I bought. However that comparison doesn't say what it's colour depth is, let's look more. Oh, here we go: "It should be noted that 16 bit raw files when saved out are reduced to 8 bits of color depth so using Pixelmator for JPGs would be fine but if you want to shoot raw I suggest using either the pro-level tools or the software that came with the camera." It only saves 8 bit colour channels? Not that good, at least CinePaint saves at least 16 bit depths. Now let me go over to photo.net and see what people there say about it... Not much, out of thousands of posts it's mentioned only 3 tymes though none of them say how well it works. One does say though that "the screenshots for Pixelmator are apparently created in PhotoShop" and provides a link. CinePaint works well enough to use on a number of movies including "Last Samurai", "Harry Potter", and "Lord of the Rings". And you think pixelmator is better?

Falcon

You're kidding me. You honestly couldn't manage to go to cinepaint's web page and figure out "click the download button, and double click the file that downloads"?

I did that. And when I launched CinePaint after installation all I got was a CinePaint titlebar, nothing else. I tried to open a photo with it, by ctrl clicking the photo and choosing CinePaint in the Open With dialogue. But it did not open.

Of note btw, while cinepaint is shiny (and easy to install), there's actually better software to do that kind of thing on Macs -- pixelmator for example.

Does pixelmator work with at least 16 bit colour channels, depths? I googled it, and oh surprise a license cost $60. Looking at a comparison between it and Photoshop Elements it looks like PE does more, and I got PE with the scanner I bought. However that comparison doesn't say what it's colour depth is, let's look more. Oh, here we go: "It should be noted that 16 bit raw files when saved out are reduced to 8 bits of color depth so using Pixelmator for JPGs would be fine but if you want to shoot raw I suggest using either the pro-level tools or the software that came with the camera." It only saves 8 bit colour channels? Not that good, at least CinePaint saves at least 16 bit depths. Now let me go over to photo.net and see what people there say about it... Not much, out of thousands of posts it's mentioned only 3 tymes though none of them say how well it works. One does say though that "the screenshots for Pixelmator are apparently created in PhotoShop" and provides a link. CinePaint works well enough to use on a number of movies including "Last Samurai", "Harry Potter", and "Lord of the Rings". And you think pixelmator is better?

Falcon

The echo chamber misreads another Windows 7 survey --> http://blogs.zdnet.com/Bott/?p=1181

Here's a nice graph http://i.zdnet.com/blogs/win7-vs-xp-adoption-rates.jpg

The echo chamber misreads another Windows 7 survey --> http://blogs.zdnet.com/Bott/?p=1181

Here's a nice graph http://i.zdnet.com/blogs/win7-vs-xp-adoption-rates.jpg

By linking directly to the PDF, the submitter bypassed a summary from ScriptLogic's web page that directly contradicts the summary provided by angry tapir and kdawson:

The primary goal of this survey was to assess the impact of the weak economy on IT infrastructure projects and we found that, despite its impact on short-term plans, 41% of organizations plan a wholesale migration to Windows 7 by the end of 2010. This is actually a strong adoption rate when compared to the historical adoption rate of Windows XP in its first year which was cited as 12-14%.

Furthermore, in ScriptLogic's primary market segment it is usual for businesses to upgrade operating systems piecemeal as they purchase new desktop hardware, so the fact that nearly half of organizations surveyed are planning major rollouts during 2009-2010 indicates a high acceptance of Windows 7 among small and medium businesses.

Hat tip: Ed Bott

Google had a total revenue of $ 5,508,990 (5.5 billion) in Q1 2009. If Microsoft had to reimburse them for half of that each quarter, it would hurt.

How much would it hurt if they were capturing some significant portion of that revenue as the new alternative to Google?

As in, reason enough to trigger a big wave of Apple and Linux migrations.

This *might* be true for the crowd that's abandoned MS Office in favor of Google apps, but it's far from clear that the majority of people love their search engine enough to abandon an investment in their existing operating environment.

Finally, it would be a good reason for the DOJ to start a new round of anti-trust legislation. Last time, Microsoft got off easy because the DOJ under Bush was no longer interested in harsh penalties. But they cannot be sure of getting that kind of rescue again.

It's also far from certain they'd get any kind penalty harsh enough to deter them. Microsoft took a lesson from that last round and learned to lobby. They likely have more friends in Washington across the political spectrum than they did last time, and they're certainly more sophisticated than they used to be. The kind of penalties that would have to be hanging over their head to act as an absolute deterent would be something between being barred from a market that's important to them to being actually broken up. Anything else will simply become part of the financial calculus: if they stand to gain anywhere near as much ground as Google might lose in a dirty-play scenario, even if they have to pay substantial fines on top of that over the short term, it might well be worthwhile to them.

While I'm sure you were jesting (though someone is liable to believe you!), wireless keyboards aren't safe either.

Yes, but the rules had to be changed, and it was technically a flaw in Flash that worked (and supposedly would have worked against any OS with Flash, and DEP turned off). http://blogs.zdnet.com/security/?p=993

> Every year I've read about it, the order from first to last compromised has been Windows, Mac, and Linux.

Which year? And which pwn2own contest are you talking about?

In 2006, there was no pwn to own cansecwest contest.
In 2007, it was mac first, but only macs were prizes ;).

In 2008, it was mac first again (out of OSX, Ubuntu and Vista) on day 2 (nobody managed to pwn anything under the day one rules), and vista only on day 3 (due to adobe flash exploit).

http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-picture?info=EXLINK

Day 1 rules = remote exploit - no user interaction
Day 2 rules = default client apps
Day 3 rules = popular 3rd party apps.

In 2009, it was safari on OSX first again, on day 1, followed by IE8 on Win7, followed by safari on OSX again, followed by firefox on Win7 (however multiple platforms were actually vulnerable to nils' attack[1]). All in day 1.

http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
http://blogs.zdnet.com/security/?p=2917
http://blogs.zdnet.com/security/?p=2934

[1] http://www.securityfocus.com/bid/34235

Rules:
Day 1: Default install no additional plugins. User goes to link.
Day 2: flash, java, .net, quicktime. User goes to link.
Day 3: popular apps such as acrobat reader ... User goes to link

And Charlie Miller one of the pwners says OSX is easier:

http://blogs.zdnet.com/security/?p=2941

"It's really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows."

"For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they're paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac."

> Every year I've read about it, the order from first to last compromised has been Windows, Mac, and Linux.

Which year? And which pwn2own contest are you talking about?

In 2006, there was no pwn to own cansecwest contest.
In 2007, it was mac first, but only macs were prizes ;).

In 2008, it was mac first again (out of OSX, Ubuntu and Vista) on day 2 (nobody managed to pwn anything under the day one rules), and vista only on day 3 (due to adobe flash exploit).

http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-picture?info=EXLINK

Day 1 rules = remote exploit - no user interaction
Day 2 rules = default client apps
Day 3 rules = popular 3rd party apps.

In 2009, it was safari on OSX first again, on day 1, followed by IE8 on Win7, followed by safari on OSX again, followed by firefox on Win7 (however multiple platforms were actually vulnerable to nils' attack[1]). All in day 1.

http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
http://blogs.zdnet.com/security/?p=2917
http://blogs.zdnet.com/security/?p=2934

[1] http://www.securityfocus.com/bid/34235

Rules:
Day 1: Default install no additional plugins. User goes to link.
Day 2: flash, java, .net, quicktime. User goes to link.
Day 3: popular apps such as acrobat reader ... User goes to link

And Charlie Miller one of the pwners says OSX is easier:

http://blogs.zdnet.com/security/?p=2941

"It's really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows."

"For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they're paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac."

> Every year I've read about it, the order from first to last compromised has been Windows, Mac, and Linux.

Which year? And which pwn2own contest are you talking about?

In 2006, there was no pwn to own cansecwest contest.
In 2007, it was mac first, but only macs were prizes ;).

In 2008, it was mac first again (out of OSX, Ubuntu and Vista) on day 2 (nobody managed to pwn anything under the day one rules), and vista only on day 3 (due to adobe flash exploit).

http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-picture?info=EXLINK

Day 1 rules = remote exploit - no user interaction
Day 2 rules = default client apps
Day 3 rules = popular 3rd party apps.

In 2009, it was safari on OSX first again, on day 1, followed by IE8 on Win7, followed by safari on OSX again, followed by firefox on Win7 (however multiple platforms were actually vulnerable to nils' attack[1]). All in day 1.

http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
http://blogs.zdnet.com/security/?p=2917
http://blogs.zdnet.com/security/?p=2934

[1] http://www.securityfocus.com/bid/34235

Rules:
Day 1: Default install no additional plugins. User goes to link.
Day 2: flash, java, .net, quicktime. User goes to link.
Day 3: popular apps such as acrobat reader ... User goes to link

And Charlie Miller one of the pwners says OSX is easier:

http://blogs.zdnet.com/security/?p=2941

"It's really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows."

"For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they're paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac."

Um, what? This has nothing to do with the kernel.

Clarification - Maybe not this one, however: Using ActiveX allows system access
Ever heard the phrase "ActiveX kernel mode"?
Some nice examples:
http://www.codeproject.com/KB/COM/ActiveXEXEWrappers.aspx
http://blogs.zdnet.com/security/?p=427
http://secunia.com/advisories/35683/
Need anymore?
FMSFB (You figure out the acronym)

RAID1 is useless for protecting against hardware errors - people use it for the stellar read-performance and for no other reason.

In my experience, RAID1 performance gain varies quite a bit from solution to solution.

For a desktop solution, a system builder can get good results by stroking the drive(s) during O/S installation, then carefully choosing which partitions to use for their various needs (outer vs inner.)

And back it up! My solution has been to install a second drive of same-or-greater size from a *different* manufacturer. It stays spun down most of the day, and is started periodically for backups. (Yes, I've been lectured that drives supposedly last longer when spinning all the time, but I don't buy it - they're generating heat, are subject to g-force shocks, etc.)

I've been happy using rdiff-backup, but there are plenty of backup solutions for Windows, if the OP choose to be proactive about that.

Heck with digital distribution why even have ads on free stuff because the price of the device itself more than makes up for the minuscule price of transfer.

The Kindle has sold about 800,000 units. Analyst: Kindle to reach 10 percent of Amazon's customer base [June 30]

The vast majority of Kindle downloads are indeed priced at $9.99 or less (and a third of them are freebies)
Amazon is subsidizing the cost of those $9.99 books, which means they're just barely profitable.
Bernstein analysts Claudio estimate that Jeff Bezos and company record an operating profit of 61 cents on each $9.99 e-book they sell. But a $24.95 hardcover generates $4.25 in operating profit. That's a 7 to 1 ratio, and that can't continue, indefinitely. Like Your Kindle Books Cheap? Don't Get Too Used to It [June 19]

"Free Beer" is a time-honored way to build a market. But you can't freely distribute a third of your product - 100,000 titles - over the cell phone network and expect hardware sales to cover the bill.

"First Electronic Quantum Processor Created".. Sorry to spoil the fun, but does anyone do facts checking with these articles before posting? Guess not, because these guys presented a 28 qbit prototype and working quantum processor back in 07.

Because he took a job that requires him to do so by federal law.

He made his choice when he took the CEO job.

http://healthcare.zdnet.com/?p=2381&tag=nl.e539

Exactly. In this video Eben Moglen explains why for Microsoft threatening is better than suing. So Microsoft prefers denying that they have anything to do with SCO... although they may do some business with them.

Which is... what? That when an artist offers something for sale, it's no OK and "modern" to just rip them off and not pay, rather than go somewhere else for your entertainment? So modern! "Of course I just ripped off music that my favorite artist offered for sale! I'm modern, and everybody else is doing it!"

You seem to have read a lot into that post that wasn't there. Don't let the limitations of speculation get in the way of a good rant of course.

Ah, so you've got some case studies of record labels that sue other record labels who give away signed artists' work? Please, do tell.

Let me sidestep that common yet often misattributed fallacy and give you some possible examples of what was actually meant: Pandora UK closes due to increased royalty rates, Russian music site closes due to pressure from US and RIAA sues radio company for providing users with the ability to record from the radio.

Please try harder next time, especially when using selective quoting in responding to an AC.. it would be unfortunate for someone to read your post without reading the parents.

The reviewers were all about taking an appliance and complaining that it didn't have video or image editing software or play the right kind of games. I hate tech reviewers for things like this. They're doing it again with smartbooks.

Well, so now either the RIAA starts arguments that it needs to gain access to the address where the IP is registered to search the computer before the case, or everyone starts arguing they never had a computer, or that they had an open wifi access point, or other legal hairsplitting on either side. I'm all for beating the riaa in court, but I'd prefer that it _somehow_ led to a debate of the copyright and patent laws themselves, like the Pirate Party winning a seat on the European Parliament, or a debate on proper amount of punitive damages the US law allows for, the RIAA reputation, etc. The Jammie Thomas-Rasset case is being pretty helpful.

That's nonsense.

This is why your doing a few minor things to slightly reduce your CO2 footprint will make fuck all difference. Also, I seriously question the science behind the notion that non-recyclable shopping bags use significantly less CO2 overall. Care to justify it?

uh at 36 db according to zdnet, or about whisper level of noise. But the real problem here is that SCSI costs a ton for the interface, nothing like SATA, that is where the cost is.

Mods, have you lost your collective fucking minds? How the hell is this a troll? Do you know what a real troll is? A troll is not the first comment you see that you don't like. For future reference, this is a troll. Even if you don't agree with the guy, for fuck's sake don't use mod points to censor.