Slashdot Mirror

http://blogs.zdnet.com/security/?p=2084Credit cards fetch around $2-3 a piece. Surprisingly WOW accounts go for $10+ USD.

This is bad news. Microsoft's security products suck big time. Their AV was compared against other top AV brands last year and failed miserably compared to Symantec, Kaspersky and others. I have never used it myself but if it is anything like Windows Defender, which I have used, then it definitely sucks. Defender never finds anything even if the system is teeming with spyware. Customers won't care though and they won't buy the additional software. This is bad news for the big box stores too. They're already losing money on their sale computers and they generally try to make up the difference by selling you software and other crap.

Yea, I recently built an 8T server. It cost me about $5000, and has no raid controller, and uses linux software raid.

And you suffer from the famous "RAID-5 write hole". Hello silent data corruption. And good luck during a rebuild if when you have a latent sector error.

If I really wanted, I could buy a second $5000 server and do DRBD between them to have 2x redundancy.

DRBD is not instant-failover clustering and load balancing, it is simply block-level replication. The vast majority of applications - especially databases - would undoubtedly corrupt data during a node failure on your proposed setup. If all you're storing is MP3s, fine, but if you have lots of apps banging away at your storage, Linux software RAID and DRBD don't cut it.

We have some real "enterprise-class" clustered storage systems built on Linux from LeftHand. In testing we've ripped the plugs on one of the five nodes (plain HP DL320S's rebadged) and every application just kept on trucking with no corruption or downtime. And 10K random 8K IOPS, 1/3 of which are writes. Nothing you can build yourself with Linux can currently match those capabilites, so we paid $100K for it.

Google gets away with cheap storage using very sophisticated software, and by controlling the entire application stack to tolerate storage and node failures. You can't buy Google's software, and even if you could you couldn't run your app of choice on BigTable without a lot of coding. But you can get similar capability by paying money to LeftHand, IBRIX, NetApp and other "enterprise" clustered storage vendors.

What a crappy headline. I hate teasers like that.

So? Before you do free advertisement, do some more research: http://blogs.zdnet.com/security/?p=1516 They can't even protect their own sites ...

Agreed, given the EU's past hostility to Microsoft in the form of Antitrust enforcement. At least they have the balls to step up and fine Microsoft.

The secrecy may or may not be a bad thing but I doubt that it's there because of some ultra-shady backroom deal, but after the OOXML fiasco, who knows...

This explains nicely - http://blogs.zdnet.com/microsoft/?p=1707

Short answer: mostly.

I don't think so: check out about kernelbase.dll.

I of course wish them good luck. One of the last commercial attempts to do this, Dash Express, recently revealed it did no go as well as originally planned.

Since Vista SP1 and XP SP3 benchmark really closely, I think you can assume that the 18% lead Ubuntu 8.10 has over Vista will translate into a similar lead over XP SP3.

The old system, at 40, was a patchwork of databases that were often out of sync, Burbridge says. Staffers, he adds, were making 20,000 adjustments by hand every month. Auditors had been clamoring to change it for more than a decade. No administrator had the stomach to do it, Burbridge says, because âoethey knew it would be hellish.â

http://blogs.zdnet.com/projectfailures/?p=130

Just ask the school teachers in Los Angeles Unified how they feel about having their payroll system rewritten in a new language. For the ones who got paychecks three times larger than they should have been I think they liked it. For the others who didn't get paid or got paid significantly less, I think they're pretty upset. See the article below.

http://blogs.zdnet.com/projectfailures/?p=576

Pay attention to the quote about "union work rules" being part of the "problem" with implementing the system. Those kind of situations are the types of "business logic" that have been built into old systems and long since forgotten about. Nobody thinks about those things and they don't come up during the development process because they aren't very visible. People don't realize how much they didn't think about until the a wrong paycheck shows up for the tenured teacher with 13 years of seniority, who was hired as part of a Federal grant, whose contract was negotiated to include stipulations X, Y and Z. Then all of a sudden you have a room full of project managers and developers sitting around Toilet and Douche wondering, "How are we going to code THAT logic into SAP?"

I think you are reading too much in this. I may be mistaken for I am not a lawyer, but I think there is a federal law mandating district courts to require the parties in civil lawsuits to try alternative dispute resolution before going to court. So this whole thing probably is nothing more than Psystar (and maybe Apple) buying themselves some time. Also, given Apple's motion for dismissal of Psystar's counterclaims, it seems Apple's attorneys are pretty confident Psystar doesn't have a leg to stand on.

I don't think Apple are really interested in paying out Psystar. Unless the resolution send a clear message that Apple does not tolerate Mac clones and will pursue their manufacturers/sellers to the bitter and expensive end, nothing will prevent a "StarPsy" form popping up again in a few months, hoping to either make a mint selling "open computers", or at worst to get a cool few millions form the mothership.

Does OpenMoko even have an app store?

Before you poo-poo the question, bear in mind you don't have to use Android Marketplace to install software on an Android phone. Android Marketplace is a trusted, easily accessible, application store. A kill-switch in that context makes sense, you've downloaded something from a trusted authority and it turns out it's malware, Google has an obligation to hit the kill switch or else at minimum destroy the credibility of the store.

From the reports, it doesn't appear as if the kill switch applies to non-marketplace software, as the switch only applies - according to Google's ToS - to software that violates the GM developer agreement.

I'm seriously not seeing the problem here. The phone is open - you can install anything you like on it. If you choose to have your hand held, Google will hold your hand for you, but you don't have to.

It's probably displaying a settings panel that is internal to the flash plugin itself. This is just my guess, but normal applications can probably open this settings panel, but not interact with it (the same way they can open the panel about allowing Flash to access your camera and microphone, but not simulate a click on it, although people have found workarounds).

Electricity is hardly a selling point if you're losing productivity and still spending the money on servers, to boot.

Obviously, achieving functionality is more important than being efficient. However, the point of thin clients is that they generally keep office productivity the same or better, IT efficiency is tremendous, and the equation ((thin clients * users) + (servers)) is less than ((full PC desktop) + (servers)) generally holds true. At that point, saving several hundred KwH might be pretty attractive.

Oslo and M appear to be taking a page out of the research Charles Simonyi has been doing at Microsoft, before leading to develop and advanced form of the technology at his own company Intentional Software.

The basic idea here is that any bigger project can be made more maintainable and flexible at the same time, if the deveopers create a domain specific model for the given task, and let the end-users (for example accountants, drug store chemists, biologists, business owners) model the concrete behaviour of the application by manipulating that simplified and specialized language, often visually, the way an UML diagram or a spreadsheet works.

Unfortunately the linked article offers a little more than the usual "LOL, Microsoft sucks!" rant, which is somewhat expected from a blog where the iMac keyboard and iPhone are used as "design elements".

Anyway, I'd say this should be watched as it can mean model languages will finally enter mainstream, something that's been years in the making.

Related articles:

http://blogs.msdn.com/wenlong/archive/2008/09/07/net-4-0-wf-wcf-and-oslo.aspx

"By mentioning model-driven programming, you will see a general modeling platform to be unveiled at PDC: Oslo. As Doug said, Oslo contains three simple things: a visual tool helps building models, a new textual DSL language helps defining models, and a relational repository that stores models. XAML represented workflows and services are special models in this domain. Check for more details in the postings from Doug and Don."

http://blogs.zdnet.com/microsoft/?p=1430

"'Schemas in the repository can be defined using this language, but they dont have to be,' Chappell said. Developers can still use any other tools with which theyd be comfortable to create schemas instead. Because the new language will generate SQL, and the repository can be accessed using standard SQL, no special languages will be required."

Just look at the donor statistics.

If you push the limits of a device, you deserve what you get. Maybe good and cool, maybe broken shit.

Considering an entire subset of the industry exists dealing exclusively with parts designed to run 'faster-than-spec' I'm more inclined to lay the blame on Intel. They should know full well by now that the enthusiast market drives a lot of personal buying decisions further down the food chain...
Remember when Tom's Hardware broke this story?
If you can't release components that will run with existing kit, well someone is going to get the short end of that stick... And when it's the high end consumers, well Oops!

You forget about a LOT more "evil" stuff, like Google discriminating against its own employees based on age and such. Couple quick links:

http://www.webpronews.com/topnews/2007/10/04/old-guy-smacks-google-for-age-discrimination

http://news.zdnet.com/2100-9588_22-143920.html

And that's still ignoring the over-charging people over click fraud (for which the settlement was a couple more bucks worth of advertizing) and contless more issues.

They've been doing evil for a while.

Meanwhile, they pretend to care about Linux, yet, there's no Picasa for Linux (no, running under WINE doesn't count), nor Chrome, etc. Lots of talk, but they don't put money where their mouth is.

Yes, they do have a good search engine, but that's about it. They're there to make serious $$$$$$$$$$$$$$$$ by throwing ads at us.

If there's any truth to it, then I'm fairly sure this only applies to MacPros (see http://blogs.zdnet.com/Apple/?p=2319).

true - I should also point out the scamware Windows Antivirus XP 2008 (and 2009 now) is actually a software company run by a Florida guy who is getting sued - the trojan that delivered it as a payload, however is Russian in origin, as were all of the spambots and password and outlook email address cullers that came with it (a check of the dynamic libs the viruses use is an easy way to identify purpose). My bet is the guy hired Russian virus writers (as I implied above), but I just wanted to clarify that this program is NOT Russian - it is an American scammer.

I had heard if you pay for this scamware it downloads more crapware, but I don't know if it is virus infected crapware like the payload of the trojan.

Hi AJ: small correction: WiMAX is here now! I am the friend you refer to :) Posting anon due to various disclosure agreements, etc. We launched Monday in Baltimore, and the service is commercially available now ( http://www.xohm.com/ ). Performance is also MUCH better than the "review" See the following "review of the review" at ZDNET: http://blogs.zdnet.com/computers/?p=228 [zdnet.com] In short, what was "reviewed" is NOT WiMAX, and does not reflect true "real world" performance. WiMAX works wonderfully with mobile handoffs, and has better performance than the Clearwire network that was tested. Clearwire's current networks are not yet WiMAX compliant. XOHM's are.

See the following "review of the review" at ZDNET: http://blogs.zdnet.com/computers/?p=228 In short, what was "reviewed" is NOT WiMAX, and does not reflect true "real world" performance. WiMAX works wonderfully with mobile handoffs, and has better performance than the Clearwire network that was tested.

Walmart is shutting down their DRM servers for their online MP3 service. If someone doesn't read their email (maybe they don't use the account anymore) and doesn't know about this, next month all of their music bought before Feb 2008 will be unable to be moved to any other devices.

http://blogs.zdnet.com/hardware/?p=2661

So any proponents of DRM want to argue this is acceptable?

Lessons learned from five years of Fedora

The most valuable thing I've learned watching Fedora is this: Patience. It takes time and steady, incremental growth to build a solid community. If you'd asked me two years into Fedora's development whether the project would succeed, I'd have been somewhat skeptical, but looking at the project five years down the road, I'm convinced.

Solaris may be similar.

in TFA it says Noscript doesnt stop the problem 100% - but there is a link to a page that says that only applies in noscript's default setup. You can get it to stop this problem completely.

http://blogs.zdnet.com/security/?p=1973

noscript -> options -> plugins -> forbid IFRAME.

should be helpful till someone comes up with a proper solution.

A follow-up from Giorgio Maone, the creator of NoScript says:

"1. It's really scary.

2. NoScript in its default configuration can defeat most of the possible attack scenarios (i.e. the most practical, effective and dangerous) - see this comment by Jeremiah Grossman himself.

3. For 100% protection by NoScript, you need to check the "Plugins | Forbid " option."

Read it here:

http://blogs.zdnet.com/security/?p=1973

From a comment on TFA:

NoScript in its default configuration can defeat most of the possible attack scenarios (i.e. the most practical, effective and dangerous): see this comment by Jeremiah himself: http://ha.ckers.org/blog/20080915/clickjacking/#comment-84820. ...

It has seen the end of Jack Thompson,
It has seen the end of a RIAA lawsuit,
The end of copyright cops,
The end of Comcast's forging of RST packets,
It will soon see the end of the Empire itself!

What are we going to call actual beta web software then? Alpha? But then what would we call Alpha software?

It's called "trusted tester."

Link

Meanwhile, Gabriel Ramuglia, webmaster of Ctunnel, the proxy service used to attack the Yahoo account, has identified the IP user of the perpetrator but he doesn't think it points to Kernell, Computerworld reports.

"Because I'm not in contact with the Internet service provider, I'm not 100% sure of where the IP is based," he said. "But from what I can tell, the IP address doesn't look consistent with the media reports."

The FBI will be able to close the loop, though, with the records of the ISP to which that IP address is assigned. Ramuglia said it is a small, residential ISP.

Now, it's always possible that he compromised someone else's box or drove a long distance away to someone else's computer.

I guess we are using two different deffinitions of the word "overselling". Certainly providing every home with 20Mb every second of every day would be impossible to do in a way that customers could afford and the provider could make money. Fortunately the service isn't going to be used that way so yes, they can and must sell more service than the network can provide.

However, there is a limit. All users will be on some of the time and some will be on all of the time. For whatever bandwidth they advertise there is some amount they must be able to provide. I am saying that they are not doing this.

Now, as for that one guy whom is supposedly dragging down his whole block by downlaoding TBs of p0rn every day... Personally I've never lived on this guy's block. The only service issues I have had have involved weak or noisy signals coming through bad cable lines. (And i've had many of those) But, if this problem really does exist... why is it possible?

Why is one person able to pull more bandwidth than another? I don't know the actual numbers on this but lets say for example that an area of 100 people can be assumed to at most have 10 people online at a moment. So.. to give them 20Mb each the cable co sets up a 200Mb network. It's expected they may be a little congested during peak hours but such is life. These numbers are of course totally made up and way oversimplified I am sure. Now let's say that 1 user has nothing better to do than download movies all day long. Let's say he is using his full 20Mb. Right now there are 10 "normal" users on. With 190Mb between them should they even notice the difference?

If 1% of the users are able to noticeably affect the other 99% then I still argue the problem is at the ISP, not the individual users. Perhaps this article http://blogs.zdnet.com/Ou/?p=1078 linked to on here a while back holds a real solution. Not rules which tell users they cannot use the bandwidth they pay for.

But on the other hand, a Forrester research report from September 2003 (available through ZDNet's Whitepapers if you have an account) stated:

SOME FIRMS MODIFY OPEN SOURCE CODE; MOST DON'T
Sixty-four percent of our experts say that they view source code; 40% modify source code (see Figure 4). Firms that modify source code are also likely to be bigger open source users -- they use almost four open source products on average, twice as many as those that don't view or modify code.

And you seem to be forgetting the fact that opening up source code allows other software development companies (or individuals) to work on it.

I love your post! Intellectual, high-brow, thought-provoking...

The reason everyone hates Micro$oft is because they do things like:
"Microsoft has been granted a patent on 'Page Up' and 'Page Down' keystrokes."
http://news.zdnet.com/2424-9595_22-218626.html

It's just sooo hard not to hate a corporation that does crap like that.

Windows HPC Server 2008 is dying!

That used to be true. The Vista one is all new code.

That explains why it's so awesome.

I love Cuil. No doubt. As a concept. But as I pointed out, there's a vast chasm between "a search engine" and one that can compete with Google. I mean, really, the "it sucked" in your comment says all that needs to be said. How many people are leaving Google to use Cuil? Personally, I *do* use Cuil. But I don't exactly see it making waves. Also, I am curious. Your comment got me to finally do a bit of checking. How much capital does Cuil have exactly? Judging from their staff, they look like quite the bunch of heavyweights themselves. Five million? I wonder.

Also, have you checked the recent news about them? I think that this piece kinda makes my case for me.

Ed Bott at ZDNet has reproduced the problem and focused attention on an updated version of the GEARAspiWDM.sys driver. This is one of the CD burning drivers that iTunes installs during the update (though to figure this out, he had to comb through the inflated installer packages manually and the System Restore history).

Like this?

http://news.cnet.com/8301-10784_3-9982898-7.html

or this?

http://government.zdnet.com/?p=3885

That's just from the first page of my first search.

Note that Microsoft got off on the anti-trust charges after the bushies came in.

It wasn't necessarily the bushies, it was that Microsoft figured out how to play the game and then played it better than even Enron.

So it may not be that Google has failed to pay off the appropriate parties, just that MS has paid the appropriate parties even more than Google did.

Let's make this simple. Don't use webmail. Don't use Yahoo.com, Gmail.com, Hotmail.com, squirrelmail, etc. There are SO many vulnerable access points between the web application and your email that it is almost impossible to secure the entire stack.

The use of Ajax alone (like most major webmail vendors) increases your vulnerability by huge amounts. SOP (same origin policy) is broken. A combination of a reflected XSS attack (which are everywhere http://blogs.zdnet.com/Google/?p=451 ) and a stored XSS attack can completely compromise your session.

Forgetting about XSS, there's still CSRF, injections, RFI, information leakage, broken authentication/session management, insecure url access, etc.

So seriously - unless you trust that your email server has secured every possible hole in every possible layer of their stack, stick to TLS/SSL encrypted imap/pop3/smtp. Now, I'm not saying these are perfect, but email protocols are just simpler. There will always be fewer places to attack and thus the chances of your email being compromised are just smaller.

China is the least of my concerns. How about the Justice Department or the Department of Homeland Security?

The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.

Frankly I think that none of Google's logs should carry identifying information. If they need to track IPs for some reason, put them in a separate database table that's unconnected to the contents of the search strings. Keeping this information much beyond a week or two seems unreasonable to me.

That's the basic idea behind things like ZFS/Flash which will layer flash storage in along with traditional rotating storage.

You can do it now with some high-end SANs, but soon it'll be workable for people on more meager budgets as well. Quite exciting, really. Storage capacity has been going great for a long time, but access speeds haven't been nearly as impressive.

Here's some painful lessons for you
http://blogs.zdnet.com/Ou/?p=981
http://blogs.zdnet.com/Ou/?p=777

Here's some painful lessons for you
http://blogs.zdnet.com/Ou/?p=981
http://blogs.zdnet.com/Ou/?p=777

It's far worse than you think, or fear even.

'normal' people (are there really such creatures?) will see that it is from MICROSOFT, and think "it must be good, all their stuff is really technical, and they know what they are doing ... if it wasn't for Microsoft, we'd not have any computers or Intarwebtubes or anything"
http://talkback.zdnet.com/5208-12558-0.html?forumID=1&threadID=44459&messageID=820843&start=0

You only need look as far as what passes for entertainment on television in the USA to figure out that you should be considered special if you have an 8th grade education! http://www.snopes.com/language/document/1895exam.asp

Disclaimer: I have yet to watch any episode of Seinfeld. I wasn't impressed with him before Gates conned him into this.

Its a problem with product cycles from design to manufacture to landfill becoming shorter and shorter. I have a 3 year old cell phone designed for kids and the elderly that has been partially submerged in dishwater and salt water, dropped out of a moving vehicle and generally banged around more than any personal electronics I own and I fucking love it. Yeah, the screen is tiny but I have never surfed on a cell phone for the internet and pry never will; because I have never found a reason to. Jobs have tried to give me Blackberries and I have broken or lost all the them and I have clearly explained to them why. My new phone arrives today a G'zone Boulder and I have waited a long time for a phone before I chose this one. With some of my engineer friends changing out phones every 6 months I wonder how long they actually took in selecting that phone, how long other engineers took to design it and how quickly clones of it were being made and shipped all over the world so someone like him could throw it away for another cell phone with 10% more screen size, a sleek new shell and whatever whiz bang feature in another 6 months.

Overblown poop. http://blogs.zdnet.com/Bott/?p=512 http://blogs.zdnet.com/Bott/?p=513

Overblown poop. http://blogs.zdnet.com/Bott/?p=512 http://blogs.zdnet.com/Bott/?p=513