Microsoft Says "War on Terror" is Overblown

SlinkySausage writes "The endless security measures imposed on society as a result of the "war on terror" have become overblown and intrusive, according to Microsoft Redmond senior security analyst Steve Riley. He made the comments in a talk at day one of Tech.Ed Australia about software security. Riley also fessed up that Microsoft cocked up XP from a security perspective. "We let you down with XP," he said. Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised."

Karma gets even with MS!

[ArcherB]

I'm kinda glad that MS gets to feel the pain of "overblown and intrusive" security. Maybe they will understand that it is better to make things secure from the beginning, rather than overacting after the fact.
From TFA:

Steve's approach to security spans all horizons, not just information technology. He elaborated on this theory in an afternoon session today at Microsoft Tech.Ed entitled "Making the Tradeoff: Be Secure or Get Work Done". You are trying to get work done. Allow or Deny?

Re:Karma gets even with MS!

On the bright side, MS security should improve, after all, they have finally invented the software jail.

Re:Karma gets even with MS!

How is the very first post modded "Redundant"?

(Check the time)

Re:Karma gets even with MS!

From TFA:

"It's measured against the current cost of leaving things as they are - if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. However, if the cost is actually less than the cost of removing the problem , bizarre as it may sound, it might not actually be worth it."

Hmmmm.... Maybe Microsoft really does understand why I refuse to intsall Vista on my network.

Re:Karma gets even with MS!

[utopianfiat]

Agreed.

Moreover, if one machine goes down due to security vulnerabilities, and it has my social security number on it...

Re:Karma gets even with MS!

[Trent+Hawkins]

Yeah that's all we need. Microsoft making yet another windows.

Now announcing a new version of windows: Windows NIX. It's the one that works!

Re:Karma gets even with MS!

[StingRay02]

Maybe I missed it, but is no one else struck by the hypocrisy of Microsoft criticizing someone else's security measures. Right or wrong, how does their track record of horrendous failures in security qualify them to tell someone else how to do it right? Since when did failure become a path to success?

Oh, wait.

It's Microsoft.

Question answered.

Re:Karma gets even with MS!

[radl33t]

Since when did failure become a path to success?

Ever since scientific thinking birthed our enlightenment.

Re:Karma gets even with MS!

[cmacb]

Not to mention...

As Microsoft always does, now that the NEW version is out, they have suddenly become aware and willing to talk openly about how miserable a failure the OLD version was.

Microsoft continues to go to the bank on the basis of "You CAN fool MOST of the people ALL of the time."

How much longer will this formula work for them?

Re:Karma gets even with MS!

[Thexare+Blademoon]

Right or wrong, how does their track record of horrendous failures in security qualify them to tell someone else how to do it right?

Well, even if they don't know how to properly secure something, I giuess they at least know improper security when they see it.

Re:Karma gets even with MS!

[Thexare+Blademoon]

I believe the rationale behind it is that such remarks are made here all the time, so they're redundant on the five hundredth time they're posted, even if it's only the first post on a specific topic.

Re:Karma gets even with MS!

[Mister+Whirly]

How much longer will this formula work for them?

3027 A.D.

Re:Karma gets even with MS!

[Gr8Apes]

Well, even if they don't know how to properly secure something, I giuess they at least know improper security when they see it. They've certainly seen a lot of different ways to do it badly!

Re:Karma gets even with MS!

[nugneant]

Ten years ago, this would be a really exciting development. Too bad that now, when MS talks about "security", they mean "DRM"... I don't care if I was "let down" with XP, I'm sticking with it into the forseeable future, because at least I know that XP isn't wasting CPU cycles to cripple my content on my computer.

Fuck Vista.

Re:Karma gets even with MS!

[Mix+Master+Nixon]

Well, the War On Terror is the biggest pile of steaming FUD I've ever seen. Microsoft is uniquely qualified to call them out on it, because after all, game recognize game.

Re:Karma gets even with MS!

[westlake]

However, if the cost is actually less than the cost of removing the problem , bizarre as it may sound, it might not actually be worth it."

What makes you think that this isn't true for any OS or application?

The Moz Foundation has substantial financial resources. It does not have unlimited resources. Development and maintenance of OpenOffice remains dependent on staffing and funding by Sun:

Almost all features which were planned for 2.0 were implemented by Sun engineers. Having a whole bunch of full-time developers was helpful to get most of the features done in time. Interview with OpenOffice.org staff

Re:Karma gets even with MS!

[EdBear69]

As Microsoft always does, now that the NEW version is out, they have suddenly become aware and willing to talk openly about how miserable a failure the OLD version was. This is Vista marketing at its finest. And in the fine tradition of Microsoft Marketing, it's a FUD attack against the product with the largest market share, in this case WinXP. Never mind that the product in question is put out by the same company.

Re:Karma gets even with MS!

[moosesocks]

Microsoft's problems have largely lied in their management for the past 10 years or so.

Whenever the management makes one big push, as was done with Vista, things get screwed up horribly. You'd better believe that Microsoft has some very smart people working for them that know a thing or two about security.

The underpinnings of Windows that kept it compatible with old software have made it inherently insecure, and every tiny bug can result in a system-wide breach thanks to the fact that until recently, it was the standard procedure to run every process with unlimited credentials (and most software was written with this assumption in mind)

On my Linux box, Apache runs under its own account that has the permission to serve web pages in /var/www, and is restricted from doing *anything else* at a very low level in the operating system. Windows apps tend to be able to do whatever the hell they want.

The decision to maintain backward compatibility was most definitely made by upper-management, and the security repercussions were almost definitely brought to their attention at some point. It's not at all surprising that there are factions in Microsoft that disagree with this decision

Re:Karma gets even with MS!

[ArcherB]

Well, the War On Terror is the biggest pile of steaming FUD I've ever seen.

Funny! I thought the actual pile of smoking concrete, metal and bodies was much bigger than the FUD. When the population is asking, "how did this happen" and "why wasn't something done to prevent this", they get their answer.

Microsoft is uniquely qualified to call them out on it, because after all, game recognize game.

Microsoft is worried about Microsoft and Microsoft only. If computer security becomes a huge problem, they just patch it in the next version and resell it. When they are forced to make a product secure to begin with, the incentive to upgrade is removed for many of their would be paying customers. Of course MS is against security being forced up on it. As a biased source, they are not in any way qualified to call anyone out on security issues, especially with their track record!

Re:Karma gets even with MS!

[Conanymous+Award]

Wow. You know things are really getting bad when Microsoft thinks security measures have become too intrusive and overblown.

Re:Karma gets even with MS!

[iminplaya]

Since when did failure become a path to success?

March 20, 2003

Re:Karma gets even with MS!

[ThePengwin]

You are trying to get work done. Allow or Deny? Deny :D

Re:Karma gets even with MS!

[myowntrueself]

when MS talks about "security", they mean "DRM"

I always assumed that they were talking about 'financial security'... their own.

Re:Karma gets even with MS!

[ozmanjusri]

Maybe I missed it, but is no one else struck by the hypocrisy of Microsoft criticizing someone else's security measures.

It's becoming very clear the current US administration is unlikely to win the next election.

Microsoft needs the US government to protect it from standards, open document formats, antitrust prosecutions and any other similar inconveniences.

Expect Microsoft to continue distancing itself from the Bush administration. They need plausible deniability so they can cosy back up with Bush's successors.

Re:Karma gets even with MS!

[rtb61]

Marketing, marketing and yet more marketing. Say bad things about the previous version of windows in order to sell more copies of the next version of windows and wrap in up in what ever bullshit is required to make it more plausible.

Security, reliability for M$ are just marketing terms, they don't ever actually want to produce it because then they have nothing to sell you in the next version. No opinion coming out of M$ has any value at all.

Take for example the current crop of B$ for Vista, M$ announce the release of the performance and reliability service pack for Vista and at the same time they release stories about how will it performs and how reliable it is.

Now, why would you produce a performance and reliability service pack for a product that your saying has excellent performance and reliability, now come on M$ at least make an effort to get your B$ straight.

As for security, M$ handing out the source code of their swiss cheese (P)OS to a range of unreliable groups just to inlfate M$ profits and damn the consequences, is just a perfect example of how insecure and unreliable M$ management really are.

Re:Karma gets even with MS!

[ScrewMaster]

Which kinda gets back to that DRM thing ... they see their financial security in owning distribution of media (movies, music, whatever), and in their minds that means telling us what we can do with our purchases.

Re:Karma gets even with MS!

[syousef]

I agree.

Re:Karma gets even with MS!

[amRadioHed]

Funny! I thought the actual pile of smoking concrete, metal and bodies was much bigger than the FUD. You would be wrong. A very conservative estimate of when the FUD surpassed 9/11 would be September 22, 2006. Now I say that's conservative because the cost of the FUD can be measured in far more ways then merely American body count. As those other costs are factored in the actual date quickly approaches September 11, 2001.

Re:Karma gets even with MS!

[number11]

is no one else struck by the hypocrisy of Microsoft criticizing someone else's security measures

Well, only to a select audience. They wouldn't want to offend anyone in power by calling them out. From TFA:

This particular section of Steve's presentation dealing with the War On Terror doesn't appear on the US-developed Tech.Ed DVDs -- it was censored and removed.

Re:Karma gets even with MS!

[SeaFox]

Maybe I missed it, but is no one else struck by the hypocrisy of Microsoft criticizing someone else's security measures. Right or wrong, how does their track record of horrendous failures in security qualify them to tell someone else how to do it right? Since when did failure become a path to success?

Actually, I read this as CYA for Microsoft in government. With computers being as important as they are for the financial health and other aspects of our country, the Dept. of Homeland Security is making cyber-terrorism a higher priority. With that in mind, one sure way to improve security of the world's most critical computer systems is to not having them running an operating system known as a dismal failure at protecting users from malicious attacks.

So, shock shock, Microsoft is going against the grain of it's pro-big-business overlords to say that efforts to improve security to thwart terrorism are overblown, before someone says, maybe "we should switch our government systems to BSD." Otherwise, they may be forced to spend even more time and effort to correct their legacy code mistakes.

Re:Karma gets even with MS!

[TheLink]

"Windows apps tend to be able to do whatever the hell they want."

Same for Linux. On most Linux distros by default Mozilla/OpenOffice/etc run with the same privileges of the logged on user account.

You can change that for both with su/"run as" equivalents, but it is not userfriendly, plus when other apps launch browser windows you end up with the problem again.

Re:Karma gets even with MS!

[StingRay02]

It's becoming very clear the current US administration is unlikely to win the next election.

Not to be a spoil sport, but the current administration is guaranteed not to win the next election. Unless there's a last minute change in Cheney's plans, there will be a brand new administration in 18 month's time.

Re:Karma gets even with MS!

[Weedlekin]

"it's a FUD attack against the product with the largest market share, in this case WinXP. Never mind that the product in question is put out by the same company."

They did the same when Windows XP was launched by running a set of ads showing the Windows 9X BSOD, and a statement about them being things of the past. Irrespective of whether Slashdotters like it or not, the fact of the matter is that during the last decade, Microsoft's effective monopoly in the desktop OS and office automation markets has resulted in their only effective competition being older versions of their own products. People using these older products who aren't corporates don't make any money for Microsoft at all unless they buy said older products with a new machine, but an upgrade sold to 10% of them would earn as much as converting every OS X and Linux desktop out there to Windows, and they'd obviously like much more than 10% of their current users to upgrade, and they won't achieve that by telling them that what they already have is arse-kickingly fabulous.

Re:Karma gets even with MS!

[moosesocks]

Yes, but on Unix, user accounts generally aren't given administrator access, and on many "modern" distributions, you use "sudo" instead of "su", which makes it virtually impossible to accidentally give an application admin-level privileges, as you've got to explicitly call it for every root-level process that you execute.

The absolute worst you can do is to trash your user account. It's not pleasant, but it's a hell of a lot better than infecting your entire system.

This functionality is hypothetically available in Windows, but is often overlooked (and I believe the 'Run As User' context menu item is turned off by default). Therefore, for the sake of convenience, Windows users (and their processes) are more often than not given Administrator access. This way, every exploit is a root-level exploit.

Re:Karma gets even with MS!

[jsight]

many "modern" distributions, you use "sudo" instead of "su", which makes it virtually impossible to accidentally give an application admin-level privileges, as you've got to explicitly call it for every root-level process that you execute.

Unless you are lazy. Then it's sudo /bin/bash

I don't know anyone lazy enough to ever do that, though. ;)

Re:Karma gets even with MS!

Care to elabourate?

Re:Karma gets even with MS!

[UMTopSpinC7]

Almost every scientific discovery in history is result of trial and error. You need failures to have success... what more do you want said?

Re:Karma gets even with MS!

[sasdrtx]

I don't know, but it's been the policy of the government for as long as I can remember.

Re:Karma gets even with MS!

[e2point71828]

I am new to writing on slashdot but have been reading evry now and then.
Although this might seem unrelated, I insist that you see this and if anyone has the time, effort, contacts or anything positive to give to this, go ahead and do it:

http://savannah.gnu.org/task/?7027

Maybe it is crap. Or already made somwehere. If so, mod me down, and that is the end of it.
If not, pleeeaassee write the code.

yubnub.org (Ruby on Rails) has code ready for the shell imitator.
Eyeos / Cornelios / 100+ AJAX/GUI toolkits have the code ready for the GUI imitator.
ibiblio has the bandwidth and so do slashdot, sf.net, linux.com AND www.linux.org
(and yes, I have a keyboard and you have the "bad karma" widgets in your browser
Maybe, you think that the project is unimportant, but I am damn sure not everyone on the sother side of the fence thinks the same and they *DO* read these pages as well --*not* fud.

As a side plus, you could make good money as well
And yes, remove the XUL part - nowadays, mozilla sux.

Re:Karma gets even with MS!

[Listen+Up]

The universe is determined by a finite number of absolute rules. The point is that no matter whether you are right or wrong, you always learn and knowledge increases.

Re:Karma gets even with MS!

[Phroggy]

The absolute worst you can do is to trash your user account. It's not pleasant, but it's a hell of a lot better than infecting your entire system. On servers, this is true. On desktop systems, infecting the OS isn't pleasant, but it's a hell of a lot better than trashing your user account.

Riley is smart, and VERY entertaining.

[Jeremiah+Cornelius]

Too bad you have to read him - not see him in person.

Oh, and a pity he makes the fron page at Slashdot for stating the obvious!

Re:Riley is smart, and VERY entertaining.

However, he made the typical (albeit innocent) mistake of assuming that all these new "security measures" exist only because of the "war on terror", or 9/11, or the policies of the Bush administration.

I hope I don't have to remind anyone that (to cite the most glaring example) the "patriot act" was planned, and in fact attempted in various incarnations, long before 9/11. Make no mistake -- every one of these "security measures" (or more accurately, expansions of government revenue and power over the people) has been on the drawing board for quite some time.

It just happens that recently, government has finally achieved the right political climate -- and grown big enough -- to where the door is swung wide open for massive increases in both revenue and power over the people.

Virtualizing Applications

[tehwebguy]

Or think Crossover: http://www.codeweavers.com/products/

Re:Virtualizing Applications

[TheRaven64]

Or think 'operating system.' That's what an operating system does. It virtualises the computer's resources and multiplexes them for applications. It multiplexes memory and gives each process its own address space. It multiplexes disk and gives each process its own virtual disks (files). It (or a userspace delegate) multiplexes video and gives each process its own virtual screen (a window or virtual terminal). It multiplexes the speakers and gives each application its own sound device (a virtual channel). It multiplexes input devices and switches them between apps.

Everything old is new again.

Re:Virtualizing Applications

[IndieKid]

I believe Parallels does this too. It let's you run MS Word 2007 on a Mac as if it were native, for example.

Re:Virtualizing Applications

[jandrese]

I was thinking it was more like "Jails" on the BSD platforms. You're not really virtualized, you just have your access to everything cut off unless it is explicitly enabled. Virtualization would work, but the performance penalty discourages people from using it.

Re:Virtualizing Applications

[qweqwe321]

Crossover Office isn't virtualization. Crossover Office is a compatibility layer.

Re:Virtualizing Applications

[ChemGeek4501]

It will be a cold day in the 9th Circle when I start allowing Microsoft to be in charge of my security.

Re:Virtualizing Applications

[qweqwe321]

Whoops, bad Wikipedia link.

In software engineering, a compatibility layer allows binaries for an emulated system to run on a host system. This translates system calls for the emulated system into system calls for the host system. With some libraries for the emulated system, this will often be sufficient to run binaries for the host system.

Re:Virtualizing Applications

[Paracelcus]

WINE?
Uhh, I thought we were already virtualizing applications with "http://www.winehq.org/"

Re:Virtualizing Applications

Java sandbox, 10 years ago http://www.javaworld.com/javaworld/jw-08-1997/jw-0 8-hood.html

or VM, 35 years ago

I guess at least those patents must have expired by now

Re:Virtualizing Applications

[Ohreally_factor]

Yeah, I was thinking the same thing, and if you read the FA, that's sort of what this softgrid seems to be doing, except the mecahanism is it's monitoring every change and operation for later removal instead of just comparing before and after. So, I'm not sure if this is really a stripped down OS as layer so much as it might be like spyware. The spyware angle sort of makes sense, coming from MS (OK, that's sort of biased). I wonder if they developed this when doing research on AV software.

You're much more of an expert on this than I am. I sort of get some of this stuff conceptually, but you actually get your hands into it and get paid for it. So, I'll defer to your judgement.

Re:Virtualizing Applications

Thank you, I'm glad I'm not the only one that thought this too.

You don't virtualize applications, you run applications. Applications can be built to run anywhere and when they request access to hardware the Operating System usually intervenes. Virtualization is a level of hardware abstraction, NOT SOFTWARE. When you start talking about CPU scheduling and Memory allocations, you are talking about Operating System tasks, not Virtualization.

Maybe this is why Windows sucks so bad, they don't even understand what an Operating System is supposed to do.

Re:Virtualizing Applications

[0racle]

Parallels and VMware virtualize entire OS's which is exactly what the summary said they are not talking about.

Re:Virtualizing Applications

[Internalist]

There's a new(ish) company here in Ottawa that's doing stuff with app virtualization, too: http://www.trigence.com/ I "attended" one of their webinars (godawful word), and it looks like they've got some pretty neat stuff going on.

Re:Virtualizing Applications

[j0217995]

Or think Altiris Software Virtualization Services, http://getsvs.com/ which is free for personal use. I have virtualized all of my applications on my wife's computer and she doesn't realize it. Also works great for running both Office 2003 and Office 2007. I use SVS on my work laptop, virtualize all my non-work related things and deactivate them when I go to work. When I leave work, I deactivate my work related apps. Great product...

Re:Virtualizing Applications

[Reverend528]

Everything old is new again.

Basic Operating System functionality? If you've been using windows, it's new to you!

Re:Virtualizing Applications

[GMFTatsujin]

I can't say for sure, but from TFA, I suspect that the "new" virtualization is to have the OS provide a default sets of settings, libraries, and registry, but then to overlay different sets of those same resources for particular apps. Two different versions of an application may need different libraries under the same name, for example -- ditto with registry entries or configuration files.

Not virtualization in the sense of VMWare, which creates an entirely virtual computer, hardware interfaces and all. This is more like managed tomfoolery with pointers and symbolic links, all of which gives the impression of a sandboxed environment.

Just a suspicion.

Re:Virtualizing Applications

[gravesb]

If I remember correctly, the 9th circle consisted of Lucifer being frozen in a block of ice....

Re:Virtualizing Applications

[costing]

Is it only me or somebody else thinks too this is like reinventing Java all over again ?!

Re:Virtualizing Applications

It's not "virtualization" at all. It's just a typical pile of buzzword compliant MS architecture to reimplement chroot. http://en.wikipedia.org/wiki/Chroot

Re:Virtualizing Applications

[ChemGeek4501]

I guess that would make it a cold day in hell then. I should have said 6th-8th cirlce where there's some heat.

Re:Virtualizing Applications

[Grishnakh]

Mostly correct. The main problem is that while the OS allows applications and users to share the system, it doesn't completely partition them away from each other.

In a correctly-designed OS, processes owned by separate users are indeed completely partitioned from each other, and cannot reasonably affect each other (other than hogging resources; make sure to set account disk space quotas for instance). However, processes owned by the same user are not partitioned from each other at all, and can easily inflict damage on each other or the user's data.

But this is a problem in OS design: how useful do you want the OS to be? If applications are completely partitioned from each other, then IPC can't happen, which is pretty much essential on any normal OS running multiple applications at once. (It's useful to have your web browser call up a PDF viewer application to show a PDF file, for instance, or to copy data from one application to another.) If applications are prevented from damaging each others' files, then they can't even share the same filesystem; it'd be a real pain if you couldn't download a file with your web browser and then open it later on with your spreadsheet program. So a certain amount of risk is taken, that the applications a user runs are mostly trustworthy, and if something happens, it'll only affect that one user.

Re:Virtualizing Applications

[ScrappyLaptop]

Ever since their first beta was available, I felt that *that* was the way MS should have build Vista or Vista+1 from the ground up. Always have a new-install-fresh Registry...think of what that does for performance. The are actually many possibilities that I don't think Altiris has thought of yet, they seem to be in more of a pump-it-up-to-get-the-company-sold mode...

Re:Virtualizing Applications

[DrgnDancer]

I suspect the GP is misunderstanding Parallels ability to run individual applications in the guest OS and make it look like it's running on the host OS. Essentially I can open I.E. 7 on my Mac and it has a nice Darwin looking windows frame and no Windows desktop behind it. It's still running on a full Windows VM, and the entire operating system is still eating system resources the same way it would be if I had the whole Windows Desktop sitting there, but it LOOKS like I'm just natively running I.E. 7 on my OS X desktop.

Re:Virtualizing Applications

[TheRaven64]

It sounds a little different from chroot, and a bit more like union mounts. These were present in 4BSD and are used for exactly this purpose in Plan 9.

Re:Virtualizing Applications

[nuzak]

Lucifer wasn't frozen, he was blasting everyone in the ninth circle with the freezing wind off his demon wings, while his three (count em!) heads chewed eternally on Judas, Brutus, and Cassius, like so much Eternal Damnation Gum®.

Re:Virtualizing Applications

[SanityInAnarchy]

Therefore, the solution (which Microsoft seems to be starting to do) is to force the majority of an application to run as a user specific to that application, and completely unprivileged. Ideally, to allow multi-user systems to function properly, we would have sub-users -- each normal user should be able to create users which they control, and those users should be able to create users -- you could have a UID quota.

I believe Internet Explorer now runs the bulk of the browser as an unprivileged user, even less privileged than the human running the browser. When it wants to save a file, it asks the part of it that still somewhat-privileged to pop up a "save file" dialog, which it does. This is a good design -- implemented properly, no insecurities in IE could allow anything to damage any data except the file that the user has explicitly told it where to save.

I would much prefer that kind of solution than the brute-force virtualization of a whole architecture just to force apps run by the same user to not be able to talk to each other -- which is then going to force us to implement a mini-network within the computer to allow them to talk to each other again (and thus be exploitable). The whole idea is laughable.

Our way of life is not under threat!

[Ckwop]

In the United Kingdom we lost fifty or so people in the carnage of bombings last-year, in the United States you lost four or so thousand.

I don't for a second want to say that the loss of these lives through an unspeakable act of senseless violence is a trivial matter, but we need to put these figures in perspective. In the United Kingdom, more are killed in road traffic accidents in a couple of weeks than were in the July 7th bombings. In the United States roughly three times as many people are killed in gun accidents per year than 9/11.

Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year. It's probably true. This stuff is right in the noise level of the threats we encounter each day. It's dramatic when we see some idiots attempt to blow a car up at Glasgow airport but in terms of actual risk, these people are up there with being struck by lightning or having a bad reaction to asprin.

So why is there talk about trading liberty for security? Even though the security vs liberty argument is as flawed as the mythical man month, the point still remains - why do I need this extra security anyway? It's expensive, it costs me my rights and it's ineffective.

It feels like that we've forgotten what it is really like to be a nation threatend with annihilation. In the 1940s our country nearly didn't make it and we have the United States to thank for that as much as our own heroic airmen. That was a time where the agressors really could have destroyed our way of life. Yet we did not yield in the face our adversity. We held our resolve!

And we should hold our resolve now. In comparison to the Nazis these modern day terrorists are like flies trying to stare down a tank. I don't know whether to laugh or cry why we even take them so seriously. We should not give a shred of our liberty to these people - they are pathetic and worthless; you only need to look at the Glasgow "terrorist" attack to see this for yourselves.

Simon

Re:Our way of life is not under threat!

[Himring]

You better wake up pal, and starting wrapping your house in plastic and duct tape!

Re:Our way of life is not under threat!

[Mullen]

I don't for a second want to say that the loss of these lives through an unspeakable act of senseless violence is a trivial matter, but we need to put these figures in perspective. In the United Kingdom, more are killed in road traffic accidents in a couple of weeks than were in the July 7th bombings. In the United States roughly three times as many people are killed in gun accidents per year than 9/11.

You mean, killed by guns, not killed in gun accidents. Few people are killed in gun accidents in the US and the overwhelming vast majority of those are preventable by slightest bit of common sense and following gun safety rules.

Other than that, good post!

Re:Our way of life is not under threat!

[Ian+McBeth]

"Our way of life is not under threat!"

Tell me that in 15 years when England is an Islamic State.
When your women wear burkas.
When your Liberals lie dead in the streets.
When your Christians serve as torches for the sport of Imams.
When Sharia is the Law of the Land, and the Magna Carte is no more.
Then Tell my your way of life is not under threat.

The Fact of the matter is, Islam has been at war with the West since the Crusades.
Muslims do not think like Westerners. To Put Western Logic over Muslims and expect them to ask as we would shows a complete lack of understanding of who and what they are.
Islam has been in Active jihad against the West since the end of WW1, when the Brits and Frenchies lied to them about giving them their own state.

Unless the West wakes up, and sees the same Big Picture that Islams sees,
The West is lost.

Re:Our way of life is not under threat!

From http://www.bradycampaign.org/facts/factsheets/pdf/ firearm_facts.pdf : In 2004, there were 649 fatal accidents and 235 deaths with unknown intent. Maybe you were thinking auto, not firearm accidents.

From http://www-fars.nhtsa.dot.gov/ : In 2005 there were 43,443 motor vehicle accident fatalities.

Re:Our way of life is not under threat!

[tcopeland]

> In the United Kingdom, more are killed in road traffic
> accidents in a couple of weeks than were in the July 7th bombings.

Yes, but, at the risk of stating the obvious, there's a big difference between dying in an car accident and being killed by someone who blows up a train. You may as well console someone who gets mugged by saying "well, you know, people accidentally lose money every day." It's not relevant to the incident.

Re:Our way of life is not under threat!

[plague3106]

It feels like that we've forgotten what it is really like to be a nation threatend with annihilation. In the 1940s our country nearly didn't make it and we have the United States to thank for that as much as our own heroic airmen.

Don't forget to thank the Soviets too.

Re:Our way of life is not under threat!

[plague3106]

Few people are killed in gun accidents in the US and the overwhelming vast majority of those are preventable by slightest bit of common sense and following gun safety rules.

Isn't that kinda the definition of "accident?"

Re:Our way of life is not under threat!

[db32]

I would mod you up, and I even have the points, but you are already at a 5. So instead I will offer you this fun little game. You hit the nail right on the damned head, and so many people are so pathetic at math and are afraid of stupid things noone can seem to change our course of paranoid overreaction. The administration and media want us to keep overreacting, the government gets more power, the media gets better ratings. They are in it for different reasons, but their actions are mutually beneficial to eachother and horrible for "we the people".

The game. It may be different for non US citizens, but the same principle applies. Go to state.gov or the CDC site and probably a few other places. Go back 10 years and do the numbers. state.gov is really good because not only does it combat the "omg they are going to kill us all" but it shows without a doubt that "all terrorists are muslim" is such a load of horse shit, and the most of the major terrorist attacks up until recently were in fact not muslim at all. But anyways, you add up all the people killed in terrorist attacks, and I even am kind enough to call attacks on military targets terrorist attacks even though it really isn't. Then you add up all the deaths by alcohol related incidents, teen drivers, the common fucking cold, influenza. Then...you make nice presentations out of the numbers and modify the current propoganda "the $threat hates our freedom" and "war on $threat" stuff with whatever the highest per year killer you get. I cannot even begin to tell you how enjoyable the look on peoples faces can be when their brains get locked up on this. The plain and simple numbers conflicting with their media programmed fear. Most people ARE indeed able to see reason quite well, it just has to be presented right (and unfortunately to the lowest common denominator type person). Now, mind you, be careful with what you pick, because while an excellent demonstration overall, it can backfire and they will agree that the government should wage a war on your threat of choice.

Re:Our way of life is not under threat!

You mean, killed by people using guns, not killed in gun accidents.

Re:Our way of life is not under threat!

[folstaff]

Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year. It's probably true.

When you say killed, didn't you mean "died"? Because dying and being killed are two different things. If not, we are underestimating the power of footwear.

Your way of live is under threat. According to the article linked, 1 in 4 Muslims are sympathetic to the motives of the terrorists.

http://www.telegraph.co.uk/news/main.jhtml?xml=/ne ws/2005/07/23/npoll23.xml&sSheet=/news/2005/07/23/ ixnewstop.html

That sounds like a threat and a real danger to a peaceful society.

Re:Our way of life is not under threat!

[dpilot]

I may not dispute what you say, but I *will* say that the things we're complaining about now will prove ineffective against them.

Re:Our way of life is not under threat!

[rossifer]

In the United States roughly three times as many people are killed in gun accidents per year than 9/11.

Not to disagree with your overall argument, but this statistic is wrong. Three times 9/11 would be about 9000 accidental firearm deaths per year. According to the CDC, there are actually about 750 accidental deaths attributed to guns each year in the US (CDC Mortality Statistics - select "after 1999", then "intent -> unintentional" and "cause -> firearm"). Which is about 25% of 9/11.

I would suggest using automobile accidents in the US as well, since it only takes about three-four weeks of US automobile fatalities (~45,000/year) to equal one 9/11.

So why is there talk about trading liberty for security? Even though the security vs liberty argument is as flawed as the mythical man month, the point still remains - why do I need this extra security anyway? It's expensive, it costs me my rights and it's ineffective.

Hear! Hear!

Regards,
Ross

Re:Our way of life is not under threat!

[ryturner]

Yes, it is the definition of accident. However, most deaths that result from a firearm are suicides. Only a small percentage of firearm deaths are accidents. The vast majority of accidental firearm deaths could be prevented by a little common sense.

Re:Our way of life is not under threat!

[Xehn]

I saw a chart on digg a while back that your comment reminded me of. Here is the link. It isn't 100% accurate, but it does a great job of illustrating the point.

http://stpeteforpeace.org/real.threat.html

I just wish people would listen to reason when it comes to all of this.

Re:Our way of life is not under threat!

[Kjella]

Our way of life is not under threat!

I agree it's not under threat by terrorism. But, there are several issues that should be of concern which have far greater support among muslims, including but not limited to:

* Freedom of speech
* Women's rights
* Homophobia
* Religious law
* Forced marriage
* Repressed view of nudity and sexuality
* Female sex mutilation
* Honor killings

I know some of these are not tied directly to islam, but they occur mainly in islamic communities and islamic leaders are not doing enough to stop, or are even encouraging these practises. In general, I have the impression that many muslims are far more intolerant towards our way of life and hold values which I quite frankly find unacceptable. I'm not pretending Europe has had too many of these notions too long, 100 years ago women couldn't vote, 50 years ago people were being put on trial for erotic novels and 35 years ago being gay was a crime here in Norway. But in my opinion we have made great strides in recent years ensuring equality for all and that everyone is free to pursue their own happiness. The muslims are on the whole a very reactionary group that in my opinion is threatening to undo much of the progress we have made. What bugs me the most is the complete lack of symmetry - if we go to Saudi Arabia, they want us to respect their culture (or face Sharia). If they come here, respect for our culuture is slim to none.

Re:Our way of life is not under threat!

[Ohreally_factor]

Reread it and focus more on those. I read it too fast the first time as well, and went "huh?"

But when you think about it, even many of the non-accidents are preventable by common sense and following gun safety rules, i.e., don't shoot someone just because you're mad at them. Perhaps therapy should be part of the NRA gun safety course.

Re:Our way of life is not under threat!

[n+dot+l]

You've got a point there, but it doesn't justify the idiotic overreaction we've seen.

Some guys with box cutters hijack some planes and smash them into buildings, killing thousands. Terrible tragedy, I agree, very much unlike random highway accidents. But that doesn't mean that the proper reaction to this is a direct attack on what's left of the values that made this a great culture instead of, say, securing the cockpit with a sturdy, lockable door.

From that perspective it makes sense to compare it to accidents. We usually react sanely to accidents by simply developing better safety mechanisms that directly address the actual things we've seen go wrong. That's quite unlike having some central authority prevent us from ever doing (or thinking or speaking speaking about) anything that might be unsafe (like, say, existing) ever again just because someone slipped on an icy sidewalk and died.

And you could argue that I don't know what I'm talking about because we're moving towards an overly safety-obsessed culture anyway, but that's the result of being a society that sues too much. If you and your buddies want to go out and do dangerous things in the middle of a field where you can't hurt anyone but yourselves, the police aren't going to rush over to stop you. Not at all the same as being constantly spied on and arrested if the watchers see something they don't like, and then being denied due process.

Re:Our way of life is not under threat!

The proper comparison is not to what terrorists have done but what they could do. Sure, guns or cars do kill more per year than 911 but there is not much chance that they will kill many more than than in any other year. But terrorists could develop a plague or an atom bomb or really well done chemical attack that kills a thousand times more people than 911 did. Or more. And that's why we care about terrorism more than cars and guns.

SARS or avian flu only did kill a handful of people, but it could have killed hundreds of millions. That's why we cared about that instead of all those 'routine' diseases and conditions that kill so many every year like dysentery or cholera or tuberculosis.

The idea that terrorists could actually do these things or that we could actually protect against something like that all seems pretty dumb to me, but if you accept that basis then our reaction to terrorists is pretty sane actually. Stupid, but reasonable. If anything it's a good object lesson on why you don't elect stupid people to run the country.

Re:Our way of life is not under threat!

[rossifer]

You may as well console someone who gets mugged by saying "well, you know, people accidentally lose money every day." It's not relevant to the incident.

But the usual response to such a crime (afraid to go out, jumping at every noise in a shadow) is just the same as our current national fear-fest, and just as self-destructive. The appropriate internal response to being mugged is to be a little upset with yourself for being in a situation where you could be mugged and learning how to avoid that situation in the future. Externally, go to the police and describe the suspect as well as you can, then forget about it. When consoling a mugging victim--express sympathy, and internally hope that they don't become afraid of the world. Offering to be with them while "getting back out there" may help quite a bit.

Back to terrorism, one appropriate response to 9/11 is to avoid the situation that got you there (i.e. stop being the cause of so many people's deaths, which causes their surviving relatives to attempt to lash out at you). One other appropriate response is to do a better job of screening packages in high-risk areas. Getting on an airplane, knives don't matter (sharp knives are usually available in the first-class service area). Bombs and guns matter. Make sure there are no bombs in any luggage and no guns in carry-on luggage. Oh, and since it's not difficult to locate or bring a weapon onto an airplane, decide not to simply hand over the airplane to anyone who threatens a stewardess (this actually happened before flight 93 crashed into the Pennsylvania countryside).

Getting all wound up about small knives, bottles over 100ml, x-raying shoes, stopping business travelers from bringing both a carry-on and a briefcase, the color of the national fear-o-meter, etc. is a complete and utter travesty. That is not how you mourn or deal with ~3000 deaths brought about by deliberate fury and rage.

Regards,
Ross

Re:Our way of life is not under threat!

[Entropius]

The Soviets eventually won the war, but US aid (food, supplies, and the bases-for-ships trades) helped Britain out at a time when the Nazis weren't even at war with Stalin yet.

This of course isn't to belittle the native British contribution, of course, just saying that Stalin had nothing to do with the Battle of Britain.

Re:Our way of life is not under threat!

I, for one, am happy to see the fundamentalist christians and the fundamentalist muslims going at it. If only it'd take up enough of the fundamentalist's attention that they'd quit trying to pass bullshit "morality" laws here, and manage to leave the rest of us out of it.

What is so bad about seeing tits on TV when seeing people shot is ok? If I want to go buy a pile of dildos and s&m gear, that should be nobody's business but my own (and my partner). Instead we have laws and FCC rules saying you can't show nipples on TV and state laws that say if you own more than $number of "marital aids" then you're breaking the law.

Re:Our way of life is not under threat!

[Ohreally_factor]

Not a big difference to whom? Seems like if you're dead, you're dead and at that point you're beyond caring whether it was due to an act of man or god. Unless you become a ghost. A ghost might care, because a ghost needs some motivation to work off of, if he or she is going to do a proper haunting. You do believe in ghosts, right?

Re:Our way of life is not under threat!

[Entropius]

So what are we going to do, kill one out of four Muslims?

How about trying to reduce the percentage of Muslims that want to kill us, rather than reduce the population of Muslims?

Re:Our way of life is not under threat!

[LaughingCoder]

So why is there talk about trading liberty for security?

The examples you cited (gun accidents, "sock-wearing" accidents) are a) accidents and b) not a growing problem. Terrorism, on the other hand, is a deliberate act (and so there MAY be some way for us to dissuade or eliminate those who might choose it) and it is a *dramatically growing* phenomenon (and so while less serious in absolute numbers today, the trend is frightening).

I for one am always much more concerned with trends than I am with current conditions. And there is no denying that the trend for terrorism is sharply (exponentially) on the increase. In the 70s, individual terrorist acts caused fewer than 10 deaths (Munich). In the 80s the ante was upped to hundreds (Lockerbie). In the 90s we are dealing with terrorist acts that kill thousands. And if some terrorist succeeds in getting ahold of and setting off a nucleur device, biological weapon, or dirty bomb, we may be looking at 10s of thousands, or even 100s of thousands of deaths. At that point I submit most reasonable people would admit that terrorism was a more serious problem that gun accidents, car accidents, or most any other accidental death scenario you can name. It's funny, from what I have seen around /., the same crowd that is willing/eager to extrapolate a ~1 degree rise in the ocean temperatures over a 50 year period into a global catastrophe is not able or willing to also extrapolate the geometric growth rate of terrorism, and acknowledge that it, too, is a serious problem worthy of our attention.

Re:Our way of life is not under threat!

that kills a thousand times more people than 911 did. Or more.

You mean... like 911 times a THOUSAND? That's... that's like 911,000! DEAR GOD! And you say it could be even MORE? Heaven have mercy on our doomed souls!!

Re:Our way of life is not under threat!

[plague3106]

Opps... the other poster pointed out I read your statement too fast. Sorry about that.

Re:Our way of life is not under threat!

[Mullen]

Isn't that kinda the definition of "accident?"

Not really. If you point a gun at someone your intent is to kill them whether you want too or not. Guns are designed to kill people and when they do, with intent or not, they are doing what they are designed to do. If you do "gun play", your intent is to kill someone whether you know it or not. Using a gun in an unsafe manner is not an accident.

Another example, if you show off your new gun to a friend and don't check to make sure it is unloaded, then that means you are lacking common sense. All guns are to be considered to be loaded until YOU check to make sure it is not. Never assume a gun is unloaded. As far as many gun people would say, this is not an accident.

Re:Our way of life is not under threat!

[Bluesman]

While I agree completely with your point, the accidental gun death figure you use is wrong. In 2004, there were 649 deaths in the U.S. due to gun accident.

Traffic deaths in the U.S. dwarf the terrorist kill numbers, just like in the UK.

Re:Our way of life is not under threat!

And when they act, we will destroy them.

I think what everyone sensible is saying is that we have faced much greater threats and prevailed, and that we outclass the muslims in every way.

Re:Our way of life is not under threat!

[Bert64]

The muslims do have their own state, infact they have quite a lot of them:
Turkey
Iran
Saudi Arabia
Malaysia

All of those countries and many more are ruled by muslims, and they all implement islamic laws to varying degrees.

Re:Our way of life is not under threat!

[badasscat]

Yes, it is the definition of accident. However, most deaths that result from a firearm are suicides. Only a small percentage of firearm deaths are accidents. The vast majority of accidental firearm deaths could be prevented by a little common sense.

As could the vast majority of firearm homicides. Yet we still have about 9,000 of those per year.

I think you're focusing on the wrong part of the parent poster's post (in other words, you're missing the point). It sounds like you're trying to defend gun ownership, when the fact remains we have about 10,000 gun deaths per year, whatever the cause. If you still believe in gun ownership in the face of facts like that, then why do you care about the prospects of terrorists killing a couple thousand more every few years? Guns in the hands of Americans kill more people in this country every year than islamic terrorists ever have, but somehow, it's the terrorists that we're all afraid of.

(If you're going to then come back and say those 10,000 people would have just been killed some other way without guns, then realize that makes about as much sense as me saying the same about victims of terrorists. We're all gonna die somehow, sometime, right?)

Re:Our way of life is not under threat!

[Bert64]

Very true, statistically not many people are killed by terrorists at all.
The problem is the media coverage, it causes mass hysteria when terrorists manage to kill 2 people, but if a car carrying 2 people crashes and they both die it probably won't get reported at all.
Even 50 people dying in a single terrorist attack, is less than the number of people who could die in a single bus train or plane crash.

Re:Our way of life is not under threat!

Terrorism isn't sensless violence to those who would give up their life rather than be under the tyranny of a foreign power. Its called asymmetrical warfare.

Instead of restricting our freedoms why don't we stop manipulating foreign governments and meddling in the affairs of other nations and mind our own business. That would put an end to terrorism.

Who created Israel?
Who caused the Irainian revolution?
Who divided up Africa into the mess of nations it is today?
Who enslaved the Africans for their own benefit?
Who can't understand anyone but themselves?

Hmmm the answer seems to be the USA and Great Britian. Western European legacy. Cheers.

Re:Our way of life is not under threat!

Not in reproductive rates. This is where Osama fucked up - there are so many Muslims in western countries now that all they needed to do was wait two or three generations until they had the numbers to vote the infidels out of power in their own countries. In some parts of the UK it's already happened.

http://www.muslimnews.co.uk/index/press.php?pr=122

If Osama & co hadn't moved so early, we might never have noticed the threat until is was too late. Hey, maybe he didn't fuck up because even now our eyes are open our leaders still don't see.

Re:Our way of life is not under threat!

[MightyMartian]

You'd better read your history a bit. The modern Jihadist movement was born in the 17th century in reaction to what was seen as the decadence of the Ottomans.

As to Islamic views, that's rather like saying there is only one kind of chocolate bar. Historically, Islamic civilization has lead some stunning advancements in medicince, mathematics and philosophy. The key to that failure was the Mongol invasions, which decimated that culture at a time when the West was beginning its ascendancy.

Naturally, Muslims will tend to group together, to give a great deal of weight as what they view as crimes against their co-religionists. At the same time, every culture generates its self-righteous maniacs. How is your modern Islamist all that different from your average KKK or Nazi party member?

Re:Our way of life is not under threat!

[gnarlyhotep]

So why is there talk about trading liberty for security?

There should be no such talk, it's a losing proposition from the start.
"Any society that would give up a little liberty to gain a little security will deserve neither and lose both." -Benjamin Franklin

Re:Our way of life is not under threat!

[bziman]

Are you by chance running for office? Would you like to? I wish more people felt the way you do.

Re:Our way of life is not under threat!

[HollowSky]

Let me start off by saying I do agree with you.

The problem with terrorism and what freaked everyone out is that there is a sense of no personal control. If I kill myself by putting on my socks, everyone says "that's a shame but he shouldn't have been trying to balance himself at the edge of the tub, what nonsense." It's that 'you can be dead at any time through absolutely no fault of your own' thing that gets people going. That idea spills over to research in many areas (preventable diseases like AIDS have historically received less funding than non-preventable like Cancer - although recently that is changing.)

For some reason, that line of thinking doesn't carry forward to other areas. We all understand implicitly that you can be sitting at home and a single engine plane crashes into your house (seems to happen every so often here in the states) and you're gone. Or a bridge can collapse underneath you. We say it's terrible but it doesn't stop our lives like terrorism. My only guess is that we know that the random death is not preventable, so we don't dwell on it. Like winning a morbid lottery.

Our leaders are trying to convince us that 'random deaths from terrorism' are both not preventable (so spend lots of money on it) and preventable (let us intrude into every aspect of your lives) to push their agendas. To keep that contradiction going they have to remind us that we are alive through their efforts (with random busts which later turn out to be nothing at all) thus making them the 'daily medication for our disease' and they constantly warn us that something will happen again and it's not stoppable (be prepared for side effects.)

Re:Our way of life is not under threat!

[scribblej]

have far greater support among muslims, including but not limited to:

* Freedom of speech
* Women's rights
* Homophobia
* Religious law
* Forced marriage
* Repressed view of nudity and sexuality
* Female sex mutilation
* Honor killings

Sounds to me like they're doing pretty well, if they support Freedom of Speech and Women's Rights they're off to a good start. Those other things on the list we(here in the US of A) are not much better off at. We're CERTAINLY not in a position to dictate these things to anyone else.

Here in the US, in *most* (but not all) places, homosexuality is illegal. It's a technical matter that no one is ever prosecuted on, of course, but that doesn't make it legal -- there are sodomy laws all over the books here. So someone would be justified, in my opinion, in claiming we support homophobia.

Religious law? Bible belt? Judges convinced that our laws are based on the Bible and the 10 commandments! Okay, yup, same here again, we have support for religious law.

Forced marriage? Only if she's pregnant... haw haw... okay, I guess this is one thing on your list that they support that we do not. If there are large groups here that support this I am unaware of them.

Repressed view of nudity and sexuality? Can a woman breast-feed her child in public in the US? Not in a lot of places; many people have been arrested or ejected from private property for it. And let's not even talk about gratuitious sexuality -- why can women not run around topless if they want? Hint: it's not because we're civilized. Civilized people aren't upset by boobies (or ankles). So we also support repressed views of nudity and sexuality.

Female sex multilation -- not common in the states. But why do you only specify female? In most cases it is the analogous thing being done to men; most female circumcisions remove the hood over the clitoris (most, I said!) and most male circumcisions remove the foreskin; which is the equivalent male structure. So why do you only get up in arms about the females? As a male, my own circumcision was forced on me, I had no more choice than a female does in that other country. So you discriminate by gender -- but I'm still going to chalk this up as somehting that is supported in the states as well; sexual mutiliation (regardless of gender).

Honor killings - Many states in the US still apply the death penalty for cases where the criminal has done something that is very repugnant.

So yes, I'm obviously stretching definitions to make a point, but I think it's an important one.

I'm surprised to hear from you that they largely support Freedom of Speech and Women's Rights. What I've heard elsewhere is that they do not.

Re:Our way of life is not under threat!

One thing that's slightly different:
Members of other modern religions aren't compared to Nazis and KKK members!

Re:Our way of life is not under threat!

[noSignal]

Hear, Hear!

Re:Our way of life is not under threat!

[vertinox]

* Freedom of speech
* Women's rights
* Homophobia
* Religious law
* Forced marriage
* Repressed view of nudity and sexuality
* Female sex mutilation
* Honor killings To be fair, that sounds like Western Christianity up until the 1700's when nationalism finally replaced religion as the reason for violent deaths and the renaissance actually was accepted in Norther Europe. Of course Islam is a bit different as its rules as interpretation, but as Turkey shows you can be Muslim without being like Saudi Arabia.

Re:Our way of life is not under threat!

[scottishfae]

So why is there talk about trading liberty for security? Even though the security vs liberty argument is as flawed as the mythical man month, the point still remains - why do I need this extra security anyway? It's expensive, it costs me my rights and it's ineffective. My only real response (that hasn't already been said) to your comment is this quote from Benjamin Franklin:

"The man who trades freedom for security does not deserve nor will he ever receive either."

And I do think our way of life is under threat, but not from terrorists. The threat comes from people who like to use the concept of "terrorism" as a scare tactic in order to secure power for themselves.

Re:Our way of life is not under threat!

[MightyMartian]

Um, the KKK are a pretty religious bunch. I'd compare them and the other Christo-fascist isolationist extremists you find in the States to Nazis any day of the week.

Re:Our way of life is not under threat!

I think people like Bush and Blair have just taken terrorism as a godsend. They saw that with the end of the cold war they had no real basis to spy on everyone, and when there were terrorist acts they jumped on it to use them as an excuse to tap all phones, place cameras everywhere, read through all databases, etc etc.
Just because they like the control. Not as a "war against terror" but as a "demo of absolute power".

When they really wanted to end terror, they would have investigated the root cause and done something to resolve that. Instead, they started a war on it, fully knowing that terrorism exists just because people feel the are oppressed and thus fighting a war on terror would be like trying to extinguish fire by blowing air at it. It might work for a candle but it will just make matters worse for large fires.

And they do it *because they want that*. They amplify the thread because they want to be in the position where they can use it as an excuse for draconian measures. When 50 die in a bus or plane crash, nobody talks about it after a month. So you need to iterate again and again that the situation is really bad, to get any effect from a 50-death "attack".

Re:Our way of life is not under threat!

Or Russia during WWII- somewhere in the range of 11,000,000 soldiers 6,700,000 civilians died.

The two towers would have to crash twelve times a day for a year (or, hey, once a day for twelve years) for the death count to match up.

Re:Our way of life is not under threat!

One major problem with that list is the Heart Disease apparently "excludes smoking related deaths", while the reference points to "CDC, Cigarette Smoking-Related Mortality".

Anyway, group them according to this criteria: is it inflicted upon the victim or is it self inflicted? Phrased another way: Does the victim have control?

Terrorism: inflicted upon victim
Homicide: inflicted upon victim
Drunk Driving: either (about 40% are the drunk drivers themselves)
Lack of Health Care: mostly inflicted upon victim (due to external economic or situational realities)
Obesity: self inflicted
Suicide: self inflicted
Second hand smoke: inflicted upon victim
Medical mistakes: inflicted upon victim
Diabetes: mostly self inflicted (Type 2 affects 95% of diabetics and is heavily influenced by diet)
Cancer: inflicted upon victim
Smoking related: self inflicted
Heart disease: mostly self inflicted (heavily influenced by diet)

I just wish people would listen to reason when it comes to all of this.

A death is not as tragic when the victim had any choice in the matter. Is that not a good reason?

Re:Our way of life is not under threat!

[p0tat03]

While some (read: a couple) of the things you've listed are problems that the Muslim community faces, let's take this in perspective:

Freedom of Speech: China has an even worse problem with it, and they are decided a non-religious country. Heck, by definition through Marxism they are all atheists!

Homophobia: And this isn't a huge issue in America? I'm not sure what's worse, the systematic oppression of gay people through religious laws, or the American way: calling everyone a faggot and enforcing the image that "gay = bad". One has a bunch of kooky religious leaders oppressing the people, the other has the people themselves oppressing each other. Hmm.

Religious Law: Yes... and gay marriage is banned in almost all the US states because of UNreligious law? Give me a break.

Repressed View of Sexuality: Yes... Because we know secular, democratic governments are so good at encouraging a balanced view of sexuality. After all, NOBODY here overreacted to Janet Jackson's wardrobe malfunction, and the Hot Coffee issue was SO maturely handled...

When are people going to realize that religion is not the source of the problem, but rather the excuse? Honor killings occur in many places with secular governments, genital mutilation (wait, circumcision?) tends to be a cultural meme that some use religion to justify, and there are many places in the world that lack women's rights that are not Muslim. These are cultural and political issues, religion has always simply been an excuse for those in power to justify what they do, or what others do, and you've bought into hook line and sinker.

Stop getting your world view from CNN, and go out to your local mosque. I'm not Muslim, I talked to local Muslims and their religious leaders, and in the end my impression is that they are not so unlike Christianity. The hardcore ramble on about following the Bible to the T, justifying hate crimes with Bible verses, etc etc. Most Christians are not so extreme, and neither are most Muslims.

Re:Our way of life is not under threat!

Am I the only person who thought parent was talking about George Bush, until I got to about line 5 or so?

Re:Our way of life is not under threat!

"In the United States roughly three times as many people are killed in gun accidents per year than 9/11."

Trivial googling shows this to be inaccurate
http://www.nraila.org/Issues/FactSheets/Read.aspx? ID=127

Re:Our way of life is not under threat!

[ad0gg]

20,0000 people die as a result of driving under influence of alcohol each year yet we don't have a war on drunk drivers going on.

Re:Our way of life is not under threat!

[KitsuneSoftware]

I don't know about last year, but this year more innocent British people have died in Britain from heart attacks brought about by the excitement of riding a motobike for the first time in their life, than from terrorism. The fatality counts being zero and one repsectively.

For the USA? Let's take the last decade:
~170,000 homicides (not counting terrorism)
~300,000 suicides
~300,000 road traffic fatalities
~3000 killed by terrorism

What I'm really interested in, is how many Americans are killed each year by their own Police force?

(P.S., if anyone is interested, can we please try to fire the head of the UK Association of Chief Police Officers? He's been asking for the power of unlimited duration detention without even filing charges.)

Re:Our way of life is not under threat!

There are a whole lot more "modern" islamists than kkk or nazis. A WHOLE LOT.

Re:Our way of life is not under threat!

[the_womble]

if we go to Saudi Arabia, they want us to respect their culture (or face Sharia). If they come here, respect for our culuture is slim to none.

If anything the lack of symmetry is the other way around.

As far as I know the Saudis have not managed to impose Sharia law in Britain.

On the other hand many British people have got off more lightly on breaking Saudi laws than a Saudi would have done because of diplomatic pressure (of course if you are from a less powerful country like the Sri Lankan teenager the Saudis are currently framing and executing you are in real trouble). Furthermore Saudi Arabia is (slowly) modernising, partly because of western pressure.

Can you tell me of any European countries that are likely to legalise honour killings or forced marriage, or reintroduce sodomy laws? If not how exactly is your way of life threatened?

Some items on your list (like a "repressed view of nudity and sexuality") seem to simply boil down to not liking people having different views to your own. People are entitled to have any view of sexuality they like provided they do not try to coerce others. That is called freedom and is an important part of my way of living.

Re:Our way of life is not under threat!

[MightyMartian]

Really? Can you give me a statistic as to what percentage of the world Muslim population Islamists/Jihadists make up? And let's not confuse nationalist movements like the Palestinian movements with Jihadists. Those guys were happy to do business with other nationalist terrorist movements around the world, so hardly typify the Jihadists like bin Laden.

Re:Our way of life is not under threat!

[BrianGKUAC]

"Tell me that in 15 years when England is a Police State.
When your women wear barcodes.
When your Liberals lie dead in the streets.
When your Non-Christians serve as torches for the sport of the followers of Jesus.
When the DMCA and Patriot Act are the Law of the Land, and the Magna Carte and Constitution are no more.
Then Tell my your way of life is not under threat."

Fixed that for you.

Re:Our way of life is not under threat!

[Pandishar]

Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year.

Oh great, I wont be able to take my socks on a airplane anymore!!!

Re:Our way of life is not under threat!

Yes, thank the Soviets for exporting Communism to Germany, thereby causing the people to VOTE for Hitler as a response to Communist threat. Britain and France then DECLARED WAR ON GERMANY, unprovoked i might add - when Germany wanted peace with the west and the destruction of the Communists in the East.

American Lend-Lease allowed the Soviets to opportunity to fend off the Germans on the eastern front - something that they would not have been able to do in 1941-1942, when the Nazis could have easily beaten them had they been left to their own devices.

So, yes, thank the Commmies for provoking the war and thus creating a situation which endangered Britain. We bailed out Britain. Stalin was worse even than Hitler and any objective study of history will show this.

Re:Our way of life is not under threat!

[LWATCDR]

Far more people die in car accidents than in that bridge collapse so should we not worry about bridges? I understand what you are saying but what makes you think that if we ignored them that it wouldn't get worse? I think a lot of the actions of our governments is in the category of "look like you are doing something". You mentioned WWII when the UK stood alone "with some lend lease aid". BTW I feel that was some of the best money my government ever spent.
Just supposed that Chamberlain had sent in troops when instead of trying for "peace in our time"? Would history talk about the waste of money and lives that action took? Imagine if a few thousand men and a few thousands pounds had been wasted in a brush war with Germany just to stop them form annexing a mostly German speaking area of so little country? Just think of what good England could have done with that money if they had taken the road of peace instead of war?
Wait , they did and Europe burned, and millions died.
Hey I don't have all the answers but I just don't think that it is as simple as you are making it out to be. At what point should we take them seriously? How many deaths are worth how much effort? Like I said I do not like loosing civil liberties at all but then I don't think we need too to fight these idiots.

Re:Our way of life is not under threat!

[Grishnakh]

That's not where most gun deaths come from. They come from suicides, or from gang violence.

Therapy isn't a bad idea, but not everyone kills themselves with guns, and if you removed the ability to buy guns, they'd find another way to off themselves.

And NRA therapy won't work for gang thugs, because they don't join the NRA, or buy their guns legally. Besides, it's a net benefit to society when gang members kill each other; the problem is when innocents get caught in the crossfire. But then again, the "innocents" (which is us, the citizens) really have ourselves to blame anyway, since the gangs are able to afford their guns using drug money, and that comes directly from our stupid "War on Drugs". It's not going to stop until we legalize drugs, just like we did with alcohol in the 30s.

Re:Our way of life is not under threat!

[Hatta]

Of course our way of life is under threat. It's just that the threat is coming from our own government.

Re:Our way of life is not under threat!

[Hatta]

Yes, but, at the risk of stating the obvious, there's a big difference between dying in an car accident and being killed by someone who blows up a train.

Really? What is it? Both are preventable. We should be putting our resources towards preventing as many preventable deaths as possible. Whether or not it's intentional is entirely irrelevant.

Re:Our way of life is not under threat!

[Pragmatix]

In the United States roughly three times as many people are killed in gun accidents per year than 9/11.

Not that I agree, but the argument I hear most against your point of view is that the terrorist attacks will get much more serious if we do nothing about them. The war on terror is a kind of preemptive war in that respect, trying to prevent the day when the numbers flip and more people die in terrorist attacks than are killed in gun accidents etc.

Of course, that argument hinges on:

1) Our methods of fighting terrorism are effective. Personally I do not think they are, we still have millions of people in this country on expired visa's (9 of the 9/11 hi-jackers were here on expired visas. If the government just enforced EXISTING laws, 9/11 probably would not have happened).

2) The deaths due to terrorism left unchecked are going to increase dramatically. I am not convinced this is true, I am sure there will always be a certain amount of terrorism in the world, but I am not sure that we are really going to see the net loss of life dramatically rise to be on par with the huge volume of accidental deaths we already have.

Re:Our way of life is not under threat!

Not world-wide, but surveys of British Muslims:

40% Want Sharia Law
http://www.telegraph.co.uk/news/main.jhtml?xml=/ne ws/2006/02/19/nsharia19.xml&sSheet=/portal/2006/02 /19/ixportaltop.html

30% Prefer Sharia Law
28% Hope U.K. Becomes Islamic State
68% Support Arrest of British Who "Insult Islam"
62% Deny Free Speech to Anti-religious Speech
http://www.cbsnews.com/stories/2006/08/14/opinion/ main1893879.shtml

38% foreign Muslims who incite hatred should be ... allowed to live in the UK
4% acceptable "for religious or political groups to use violence for political ends"
5% 7/7 bombings and future attacks justified
13% future attacks on U.S. justified
http://www.danielpipes.org/blog/483

Re:Our way of life is not under threat!

[SIIHP]

"Freedom of Speech: China has an even worse problem with it, and they are decided a non-religious country. Heck, by definition through Marxism they are all atheists!"

Go ahead and tell me Marxism isn't a religion. I'll wait while you make a futile attempt to concoct an argument.

"Homophobia: And this isn't a huge issue in America?"

No, actually it isn't. It is an issue, but huge? No. Gays have legal protection. They are increasingly becoming integrated, and attitudes are improving. Some time in the near future gay weddings will be as normal as any other kind. Saying it's a "huge" issue is not accurate. As well, murdering gays, no matter your position on homosexuality, is not societally acceptable in the US, while that is not true in other places. I'll take name calling and "gay=bad" all fucking day over being stoned to death. (and I would really not like to hear someone chime in about living with oppression being worse than death. I have no intention of listening to that nonsense until you've personally tried both options)

"Religious Law: Yes... and gay marriage is banned in almost all the US states because of UNreligious law?"

Please list the states where gay marriage is specifically bannedas you claim. I know many states have no codified gay marriage as being legal, but I also know that most of them have not gone out of their way to ban it outright either. The mindset required to ban something is different than that required to fail to legalize it.

You make some decent points (especially about circumcision, that hypocrisy infuriates me) but distorting the reality of the situation in order to draw your comparisons is counter productive.

Now, you can make the argument that this isn't about religion, but when you engage in an activity that requires you to accept things at face value, then claiming that the activity doesn't have some culpability when you accept other more offensive and reprehensible things at face value, is absurd.

Re:Our way of life is not under threat!

[mpe]

Some guys with box cutters hijack some planes and smash them into buildings, killing thousands. Terrible tragedy, I agree, very much unlike random highway accidents. But that doesn't mean that the proper reaction to this is a direct attack on what's left of the values that made this a great culture instead of, say, securing the cockpit with a sturdy, lockable door.

A more fundermental thing to do would be a proper investigation. Going off killing even more people on the basis of conspiracy theories is undoubtedly the wrong course of action.

Re:Our way of life is not under threat!

[Grishnakh]

It'd be a lot easier to just deport all the Muslims and let them live by themselves. No one has to get hurt, and then they can be happy in their countries and we can be happy in ours. "Good fences make good neighbors."

It'd help a lot if we also stopped getting involved in their politics and feuds. Personally, I think we should stop buying oil from them, stop getting involved in their affairs, and just let them deal with their own affairs. Every policeman knows you'll get nothing but trouble by getting involved in domestic quarrels, and that's what it's like for western countries to get involved in the mideast.

Re:Our way of life is not under threat!

[Grishnakh]

Here in the US, in *most* (but not all) places, homosexuality is illegal. It's a technical matter that no one is ever prosecuted on, of course, but that doesn't make it legal -- there are sodomy laws all over the books here. So someone would be justified, in my opinion, in claiming we support homophobia.

Wrong. The Supreme Court struck down all such laws a few years ago. They're as valid as laws which say a woman can only drive a car when her husband is walking in front of it, waving a red flag.

Re:Our way of life is not under threat!

[Cinnaman]

"We should not give a shred of our liberty to these people - they are pathetic and worthless;" I don't think politicians would like it that way. It'll be a while before "security" becomes a non-issue.

Re:Our way of life is not under threat!

[p0tat03]

I am in no way attempting to say that America is as bad as many other countries in their worst human rights violations. That is simply not true. What I am trying to say is that all of the issues you've described have cultural origins, and are being perpetuated for political and cultural reasons, and religion is merely a scapegoat. All of the above occur in secular nations, as well as religious ones.

In a nutshell, while I agree that many Muslim states suffer from your mentioned problems, I disagree fundamentally in your attempt to blame it on sharia or Islam as a religion. Blame the power-hungry and corrupt clerics who have perpetuated this false and violent version of Islam, don't blame the religion itself.

I encourage you to speak with members of your local mosque, serious Muslims who make it part of their lives. I did, and the version of Islam that I got is a far cry from the hardcore fundamentalist trash that's being paraded about on US television as examples of "Islam". After you do this you will realize that the most egregious violations of human rights occur for power, or money, or both, not because the violator actually believes in it.

Re:Our way of life is not under threat!

[SIIHP]

"I disagree fundamentally in your attempt to blame it on sharia or Islam as a religion."

I never did any such thing. If you plan to respond, respond to what I typed and not what you incorrectly inferred.

Re:Our way of life is not under threat!

[rossifer]

[...] the vast majority of firearm homicides [could be prevented by a little common sense]

You're being glib. Common sense won't disarm gangs in Compton. It would take a decades-long effort and the decriminalization of drugs (which funds the vast majority of criminal violence in this country). Preventing accidental gun deaths means locking up your guns, even the home-defense gun. Which is just common sense.

It sounds like you're trying to defend gun ownership, when the fact remains we have about 10,000 gun deaths per year, whatever the cause.

How many of those are police inflicted? How many are suicides? How many are self-defense? And then the other side of the coin. How many positive uses of guns (self-defense, police, etc.) don't result in a fatality?

Guns in the hands of Americans kill more people in this country every year than islamic terrorists ever have, but somehow, it's the terrorists that we're all afraid of.

True, but guns have an upside. They can help the good guys as much as the bad guys (more so, IMNSHO). Not that I think we should be afraid of terrorists. But I think that being afraid of guns is equally self-destructive.

If you're going to then come back and say those 10,000 people would have just been killed some other way without guns [...]

Nah. Some of the gun deaths are replaced with knifings and clubbings, but not quite as many. Interestingly, though, fewer victims die, but a LOT fewer attackers die (since it's much more dangerous to defend yourself with a knife than with a gun).

Having guns in our society has a cost and a benefit. When I look at the numbers, I see that most (not all) gun injuries and fatalities happen to a specific high-crime, high-risk part of society (not me or my family/community). The beneficial aspect is both society wide as well as personal. So from my upper-middle-class seat, the cost is low and the benefit substantial. Colt marketed his six gun as "The Equalizer", so that a five foot 100 lb woman could hold her own against a six foot bruiser out to do her harm. That's how I perceive guns and that's why I want them in my neighbor's homes and in my home.

Re:Our way of life is not under threat!

[Entropius]

I'd like to live in a country free of fanatical religious people of any stripe, but that would require deporting 90% of Alabama if we're to do it by deportation.

I agree that we need to stay out of their politics and feuds. This means stop giving aid to Israel, btw. The West ought to just admit that we screwed up by taking a bunch of land from people who hate the Jews and putting the Jewish homeland there; I have no idea why we didn't give them a big chunk of West Texas instead. Nobody lives there, the climate's reasonably similar, and it's at least got oil. No reason we should get involved in two groups of people's claims, based on ancient writings, that their ancestors really like a particular scrap of dirt in Palestine.

Re:Our way of life is not under threat!

I agree with you, except that repression against women is tied directly to Islam. There are laws that specifically allow women to be beaten by men under certain circumstances written right in the Qur'an. The Qur'an dictates how a woman may and may not behave completely differently than a man, and I'm sure you'll find that women in the Qur'an were given the short straw.

I can't help what's written in the Qur'an. A Muslim who denies portions of the Qur'an they claim to hold sacred is a hypocrite. I'm not anti-Islamic. I'm a realist. The same applies to Christians. I can't count the number of times I've come across a Christian that doesn't believe in the Devil or Hell, or a Jew that doesn't keep kosher.

Yes, it is true that people in the US were living archaic lifestyles until fairly recently, but I'm not talking about history. I'm talking about current events. I appreciate that women only recently gained rights equal to men in the US. However, that was before my time. Before I was even born. One can't pin the blame for oppression against [insert group of people that aren't straight Christian white males here] on me or anybody else in my generation. We're not the guilty ones here. I'm an egalitarian, and I'm sure you'll find that the majority of people 25 and under today are the same.

Posted AC for obvious reasons.

Re:Our way of life is not under threat!

[Grishnakh]

From what I remember about the beginning of Israel, that land wasn't given to the Jews; the Jews moved there and purchased the land. Eventually, they had so much land they applied to the UN for statehood. Maybe the Palestinians shouldn't have sold the land to the Jews if they didn't want them there.

Re:Our way of life is not under threat!

[dhavleak]

"Our way of life is not under threat!"

Tell me that in 15 years when England is an Islamic State.
When your women wear burkas.
When your Liberals lie dead in the streets.
When your Christians serve as torches for the sport of Imams.
When Sharia is the Law of the Land, and the Magna Carte is no more.
Then Tell my your way of life is not under threat. Xenophobic, racist crap!

Unless the West wakes up, and sees the same Big Picture that Islams sees, The West is lost. The West is definitely lost. But it's because of people like you who will believe (and regurgitate) any nonsense without questioning it. If you're interested in the Truth about the Big Picture read this link: http://www.democracynow.org/article.pl?sid=07/08/0 7/130258 The fact is, nothing you see on TV is true. Nothing you read in the papers is true. Nothing your politicians tell you is true. Most people with a healthy amount of skepticism would have already come to that conclusion - but from reading your racist rant its clear that you don't realize that yet. Read the link completely, and attempt to refute it using a proper logical debate - I dare you.

Re:Our way of life is not under threat!

[Ohreally_factor]

I'm not a gun control nut (nor am I a regular gun nut). But the vast majority of deaths by gun are suicides, as you state. The usually pro-gun response is that if someone is going to commit suicide, they'll find a way to do it. However, this overlooks the fact that a gun makes it easy, quick, and irreversible, while other methods might take more effort and more planning, and can be reversed with timely intervention.

I'm not going to quote statistics because there are so many statistics, and they're regularly abused by either the pro or anti control people. The only statistic that really seems to be holding for the moment is that gun deaths have been going down since the late 90s, and that better enforcement is usually given as the reason (but who knows?).

However, a good portion of gun homicides is due to crimes of passion, including domestic violence. So, my half kidding idea of requiring therapy does have some basis in reality.

After suicide, it seems that gang related homicide is the second highest type of death by gun. However, I'd dispute that it's mostly gang members killing each other. In some cases, it's innocent bystanders at a gang-on-gang crime scene, but in just as many instances it is a gang member wrongly identifying and targeting an innocent victim. I'm a regular reader of my city's main newspaper's Murder Blog, so while I don't have solid stats, I'm not just pulling a number out of my ass, but I'd say that at least half of the gang related homicides by firearm are innocent bystander or wrongly targeted innocent victim.

As I said, I don't consider myself to be in either the gun control or the gun freedom camp, so my ideas for dealing with the problem might seem inconsistent at first glance.

1) Most states ban convicted felons from owning a gun. I think this should be expanded to include any crime that shows a propensity for violence. Beat your wife, you gave up your right to own a gun. Perhaps have a ten year wait period before allowing someone with a misdemeanor to own a gun. Perhaps counseling and anger management training could fit in here.

2) Allow more people to carry concealed weapons, but also have a stringent screening process to insure that calm, cool headed, and rational people are allowed to have CCWs. (Anecdote: I've thwarted crime twice by pretending to have a concealed weapon. It's all in the body language and attitude.)

Yeah, I know this sounds very nanny-state, but I think it's actually a good middle ground. There will be some unfairness, but it strikes a good balance between the rights of the individual to own a gun and the rights of the individual to be safe from guns.

Now, your other idea I support wholeheartedly. All drugs should be legalized. Even the very worst of them. It's not like doing this would really make drugs easier to get. I don't see how it could get any easier. What this would do, as you suggest in your comparison to Prohibition, is remove the criminal element. Hell, let the state have the monopoly, for all I care. They can tax the hell out of it, and use part of the money to offer rehab to those that don't kill themselves and education/prevention. The other part can go towards relieving the rest of us of part of our tax burden.

Re:Our way of life is not under threat!

[Cro+Magnon]

How is your modern Islamist all that different from your average KKK or Nazi party member?

That's an easy one. The KKK doesn't control a country, and the Nazis haven't controlled a country for over 60 years.

The Islamic radicals either control or seriously threaten to control numerous countries, many of which have significant resources, and one of which has nuclear bombs.

Re:Our way of life is not under threat!

[hypnagogue]

In the United States roughly three times as many people are killed in gun accidents per year than 9/11.

Compelling argument, but it's a lie. In the U.S. we usually see between 650 and 750 gun accident fatalities each year.

Re:Our way of life is not under threat!

[workindev]

How do you sanely react to a group of people who believe they will gain exaltation if they die in the act of killing as many of you as possible? Securing the cockpit door is a no brainer, but it doesn't make the problem go away. There will still be a group of people intent on killing as many of you as possible, and you will quickly find that there is no way you can sanely react to all of the ways they can possible kill you without addressing the problem at the source.

Re:Our way of life is not under threat!

[folstaff]

I am not for killing everyone who disagrees with me. Everyone should prefer living over dying. However, those who believe in radical Islam, don't. They will take innocent lives for cartoons they find offensive. They will murder members of their own family because of who they date.

If they hate us because we allow homosexuals to live as themselves, women to dress the way they like, and Baptists and atheists to believe what they want, they hate freedom. I for one will not trade mine, nor yours, to appease them.

Re:Our way of life is not under threat!

[Catbeller]

Please do remember that the United States and the "coalition" killed over a hundred thousand civilians in Iraq under the "shock and awe" doctrine of blowing everything and everyone up who were in our way.

Iraq had thirty million people. One tenth the US population. So to keep the perspective correct here, it would be as though Iraq had invaded the US and killed a million people. A. Million. People.

We've no moral cover. No place of dignity. We committed an act of terrorism that killed over a hundred thousand outright and have killed many tens of thousands more, destroyed their economy, stole whatever assets were worth anything, imprisoned and even tortured thousands more for looking at us funny, and wave the flag of righteous war against the 19 pipsqueaks armed with Home Depot box cutters. And it was all for a lie, the lie that the possessor of all that Asian-bound oil was somehow involved in the 9-11 crime. And they STILL tell the lie.

Our terrorism still goes on as the former peaceful nation devolves into the island of the Lord of the Flies as we look on, spitting on their unstable 'religious insanity' as though we had nothing to do with letting the demons of the mind loose on an innocent people. Any nation tortured to death as the Iraqis have been will devolve into savagery. And we did it.

Re:Our way of life is not under threat!

[n+dot+l]

How do you sanely react to a group of people who believe they will gain exaltation if they die in the act of killing as many of you as possible? If they're locals you find them, arrest them, and commit them to mental health institutions (or kill them, if that's what the courts decide). If they're foreigners, well, how about simply securing your borders? If someone's trying to smuggle a nuke into your country so they can blow one of your cities up, wouldn't you want to put your soldiers in their path, as opposed to the place they just left to come where you are?

Another sane thought: since this is a time of conflict it makes sense to get the economy as stable and productive as possible - not only to fund the new security measures but also so that you can stockpile supplies in case of a future crisis. Compromising your intelligence agencies by putting them under the burden of a massive new beurocracy and then randomly outing their agents is insane. As is pissing off a big chunk of your working class by spying on them to compensate for your mismanagement of national security.

Starting a war that kills thousands and leaves millions with even less than the nothing they had before would be the insane course of action. Doing that just replaces a few dozen fanatics with something to gain with a few hundred fanatics with something to gain and a few million angry (but otherwise ordinary) people that will hate you, and teach their children to hate you - all of whom have very little to lose by trying to see you dead. And if things get bad enough and anger turns into despair then you have a few million people turning, naturally, to the most extreme sects within their religion (because those are usually the ones that promise good things to come in the afterlife).

The thing I really don't like about your question is that it implies that sane people cannot deal with lunatics without becoming insane in the process, which simply isn't the case - though if we take that premise to be true then doing the stupendously irrational thing makes sense, in a nonsensical sort of way.

Re:Our way of life is not under threat!

[MightyMartian]

What is Iran's capacity for damage as opposed to the capability of Israel's allies? The Guardian Council may be many things, but it isn't suicidal, and, at the end of the day, no matter how goofy and lunatic the politicians, it's the Guardian Council that makes the decision. It knows quite well that launching a missile at Israel would mean the utter destruction of its regime and the blasting of the already-ailing infrastructure of the country back into the stone age.

Re:Our way of life is not under threat!

[meringuoid]

Tell me that in 15 years when England is an Islamic State.

You think that's likely, do you? We had decades of Irish fuckwits letting off bombs here, and they were better at it. How exactly do you think these still greater fuckwits who can't even manage to get a truckload of gas canisters to blow up properly are going to successfully impose sharia law? What, are they going to march on London and conduct a coup d'etat? Or perhaps they're going to set up one comically poor bombing attempt after another, until we're all laughing too hard to resist?

Re:Our way of life is not under threat!

[meringuoid]

According to the article linked, 1 in 4 Muslims are sympathetic to the motives of the terrorists.

Personally, I'm sympathetic to the motives of the IRA. I also think they're a bunch of murdering scum who've set back their own cause by decades at the very least. Sympathy for a group's motives does not equate to sympathy for its methods.

Re:Our way of life is not under threat!

[meringuoid]

This is where Osama fucked up - there are so many Muslims in western countries now that all they needed to do was wait two or three generations until they had the numbers to vote the infidels out of power in their own countries. In some parts of the UK it's already happened.

According to your link, there are two Muslim MPs in the UK. Two out of 646, in a country where Muslims represent about 2.5% of the population. So where exactly are the infidels 'out of power'? What power exactly do two backbench Labour MPs have under the British political system? Ah yes, the power to ask the Prime Minister sycophantic questions once a week. Impressive.

Are there any Muslims in the Cabinet? Are there even any local councils controlled by Islamic political parties?

If you want to find religious nutcases in positions of power I suggest you try Belfast, but they're not of the Muslim variety.

Re:Our way of life is not under threat!

[J053]

Yes, thank the Soviets for exporting Communism to Germany, thereby causing the people to VOTE for Hitler as a response to Communist threat. Britain and France then DECLARED WAR ON GERMANY, unprovoked i might add - when Germany wanted peace with the west and the destruction of the Communists in the East.
Unprovoked, except for the Austrian putsch, invasion of Czechoslovakia, attack on Poland...

Re:Our way of life is not under threat!

All of which had fuck all to do with England and France. Austria is German. Poland is barely a country. Czechloslovakia was another mistake of Versailles.

The point is that the Soviet Union was much more dangerous to Western Civilization than Germany ever was. They deserve no credit. We should be ashamed of ourselves to delivering millions to their deaths at the hands of the Communist oppressors. Yalta was the biggest scam of the 20th century.

Re:Our way of life is not under threat!

[dhavleak]

Something's wrong with this picture. Parent is basically a bigot. And whoever modded the parent up is a bigot is well.

Muslims do not think like Westerners. To Put Western Logic over Muslims and expect them to ask as we would shows a complete lack of understanding of who and what they are. Islam has been in Active jihad against the West since the end of WW1, when the Brits and Frenchies lied to them about giving them their own state

• 50: Death toll in London Bombings
• 3,000: Death toll in 9/11
• 650,000: Civillian death toll in Iraq (during the current invasion by US and UK)
• 300,000: Civillians living (dying?) in refugee camps in Iraq
• 3,600: Civillian death toll in Iraq during the Gulf war
• 500,000: Civillain deaths in Iraq due to sanctions imposed by the Clinton govt.
• 300 to 3000: Civillian deaths in the US invasion of Panama
• 3,700: Civillian casualties due to US bombing in Afghanistan
• 2 million to 5.1 million: Vietnamese civilian casualties during the US-Vietnam war
• 700,000: Cambodian civillian deaths during the US-Vietnam war
• 50,000: Laotian civillain deaths during the US-Vietnam war
• 51 million: Death toll during the almost 300 yr British rule in India
• 3 million: people affected by Agent Orange in vietnam
• 140,000: Deaths in Hiroshima due to "Little Boy"
• 80,000: Deaths in Nagasaki due to "Fat Man"

This is the tip of the freaking iceberg. I haven't mentioned Guantanamo Bay, the School of The Americas, US involvement in Haiti, Korea and so many more places where we simply were never welcome. You're in need of a serious history lesson -- Btitain and the US have been aggressor states as long as they have existed. I would rather change my 'way of life' than have millions of people killed in the name of preserving it. I'll gladly take the bus instead of driving a truck/SUV if it means that we stop killing people for oil. When we stop killing people for oil, they'll stop hijacking our aircraft and planting bombs.

Oh wait, I forgot - we did it to make the world safe. From the nuclear arsenal we never found. Oh no -- from the chemical weapons we never found. No no, I got it -- from the biological weapons we never found. Doh! Sorry - it was the Al Quaida operatives who we never found. Shit. Why did we invade Iraq again? And while we were complaining about chemical weapons, why did we use Napalm in Fallujah? Oh, right - it was to bring democracy (our way of life) to the Middle East! Now I get it. Bigot.

The Fact of the matter is, Islam has been at war with the West since the Crusades. It's really funny how you put it like that, when in fact the West was constantly waging war on Islam during the crusades.

I can't believe how some people (you, and whoever modded your post) can be so blind that they lose thier objectivity, and even thier humanity over issues like this.

Re:Our way of life is not under threat!

[dbIII]

I think the above poster should get out a bit more. Remember that those crazies that want an extreme Islamic fundamentalist state want it because Iran is not extreme enough for them. Don't be scared of the "darkies" - you'll have more in common with them than some white skinned people in the US that you may think have the same extreme values but may be predjuced against the English as well and know nothing of cricket :)

Re:Our way of life is not under threat!

Don't forget to use libraries of congress.

Re:Our way of life is not under threat!

[RzUpAnmsCwrds]

In the United States roughly three times as many people are killed in gun accidents per year than 9/11.

Wrong, wrong, wrong. Approximately 700 people per year are killed in the US by firearm accidents.

Now, if you want to include crimes comitted with firearms, you have a point. But you said accidents.

I agree that our reaction to the attacks of September 11, 2001 is overblown. But don't go making up statistics to prove your point.

Re:Our way of life is not under threat!

[Slashamatic]

In comparison to the Nazis these modern day terrorists are like flies trying to stare down a tank.

Terrorism is a valid defence/liberation strategy but it doesn't work well if you are attacking. By definition, asymmetric warfare involves a much smaller force attacking a much larger one. They cannot play by the rules because if they do, they will lose. As a defence/liberation strategy it works by making it too expensive to hold territory, which is why the Arab revolt worked in 1917. As an attacking strategy, it is like a myriad of pin-pricks, at best annoying but hardly enough to trigger a major policy change.

In the UK, Northern Ireland is a case in point, however much the British government would have liked to have withdrawn and left them to it, the loyalist faction may have had Scottish/English origins but after 300 years or so, they were hardly going to evacuate. In reality nobody from the British government could see the practicality of a pull-out even after the attacks in England.

Peace happened when all sides realised there was a stalemate and after for some strange reason the funding of terrorism became more difficult in 2001.

The strange thing is that none of the IRA related organisations or the Unionists used suicide bombers. The biggest influence of their campaign on mainland Britain was a certain extra police presence at critical points, a paranoia about left packages and the absence of wastebins at stations. There rules have changed now with Islamic terrorists as they are prepared to kill themselves. This makes certain assumptions more difficult, i.e., that a passenger is unlikely to bring a bomb on board a plane. This time, though the US had flipped from almost zero security on flights to the other way and promptly forced this overreaction on the rest off the world.

Re:Our way of life is not under threat!

[Alioth]

The security at airports is not only frustrating and useless, it's making the problem worse.

The security queue at Manchester Airport a couple of weeks back, when I was struggling to catch a flight, snaked from the security desks in an intestine-shaped folding queue (with those belt barriers) all the way until it was actually outside the airport terminal. The queue was at least 90 minutes long, and in the main hall, there was probably at least a couple of 747-loads of people all tightly packed together.

The terrorist doesn't even need to get on a plane or through security. They just wait until they are in the middle of that obscenely long and tightly packed security line with their nice big backpack bomb... and they score at least as many casualties as bringing down an A320.

Re:Our way of life is not under threat!

[techamed]

Godwin's Law in effect... Nazis were mentioned.

Re:Our way of life is not under threat!

[j_l_cgull]

What bugs me the most is the complete lack of symmetry - if we go to Saudi Arabia, they want us to respect their culture (or face Sharia). If they come here, respect for our culuture is slim to none.

Close. It should have been: "... if we go to Saudi Arabia, they want us to respect their laws (or face Sharia). If they come here, respect for our culuture is slim to none." If we do not respect culture, we might be scorned (perhaps leading to intimidation). But it still could be illegal. It is a whole another argument how culture and laws influence each other and whether they should. Should we stoop to the level of having laws that enforce our sense of "culture" ?

Re:Our way of life is not under threat!

[Grishnakh]

I'm not a gun control nut (nor am I a regular gun nut). But the vast majority of deaths by gun are suicides, as you state. The usually pro-gun response is that if someone is going to commit suicide, they'll find a way to do it. However, this overlooks the fact that a gun makes it easy, quick, and irreversible, while other methods might take more effort and more planning, and can be reversed with timely intervention.

So what's the problem here? If someone wants to take their own life, that's their right. Who are you to tell them differently?

After suicide, it seems that gang related homicide is the second highest type of death by gun. However, I'd dispute that it's mostly gang members killing each other. In some cases, it's innocent bystanders at a gang-on-gang crime scene, but in just as many instances it is a gang member wrongly identifying and targeting an innocent victim. I'm a regular reader of my city's main newspaper's Murder Blog, so while I don't have solid stats, I'm not just pulling a number out of my ass, but I'd say that at least half of the gang related homicides by firearm are innocent bystander or wrongly targeted innocent victim.

Yep, this is a big problem. This is why there should be stronger anti-gang law enforcement, coupled with drug legalization as mentioned before. We tried banning alcohol 75 years ago or so, and the gang violence didn't die down until they finally repealed that stupid Amendment.

1) Most states ban convicted felons from owning a gun. I think this should be expanded to include any crime that shows a propensity for violence. Beat your wife, you gave up your right to own a gun. Perhaps have a ten year wait period before allowing someone with a misdemeanor to own a gun. Perhaps counseling and anger management training could fit in here.

This is a little dangerous, because the nature of the crime should be the key factor. Someone who's clearly violent probably shouldn't have any weapons, but many misdemeanors are of a non-violent nature. The laws are already written so that everybody is a criminal for something, they just haven't been caught.

2) Allow more people to carry concealed weapons, but also have a stringent screening process to insure that calm, cool headed, and rational people are allowed to have CCWs. (Anecdote: I've thwarted crime twice by pretending to have a concealed weapon. It's all in the body language and attitude.)

I'd agree with this one. States which have jumped onto the CCW bandwagon have all experienced a reduction in crime. Criminals don't like the idea that their victims might be able to shoot back.

I'd also say laws need to written/re-written to make things friendlier for CCW holders, instead of criminals. Now, for instance, you actually can't legally use a concealed weapon to thwart crime, if you show the weapon and allow the criminal to live. You are basically required to shoot if you draw your weapon. Let me explain: if you're in fear of your life, for instance, because some wacko people are chasing you in their car, and pull up next to you at a light, get out and look like they're going to do something to you, if you pull out your gun and show it to them (not even pointing it at them) to scare them off, they can call the police and you'll be arrested and your weapon confiscated. This is a true story. Basically, the rule is "first to the phone". If you have a problem with some criminals, and a weapon is involved, whoever calls 911 first is the innocent party. There's lots of other cases along these lines. So basically, if you're carrying a concealed weapon, you're not allowed to even show anyone you have it until the situation has gotten so bad that you have no alternative but to take someone's life; you're not allowed to prevent a death (even of a scumbag criminal, or maybe someone who's just a little over the edge and could use some help) by showing that you're armed and will defend yourself if necessary, but would rather it not come to that. This seems a little messed-up to me.

think citrix

[Nex6]

its much like citrix, basiclyy allows you to have Backend farm of app servers and serve stuff up form the backend. greate for enterprises with lots of apps.

Re:think citrix

[Ctrl-Z]

Kind of like X?

Re:think citrix

[daivzhavue]

Except...its WITHOUT the backend of servers. At least the demo I saw. I application "bubble" lived on the workstation. You could use the virtualized app disconnected from everything. Need to uninstall? delete the bubble. No registry to cleanup. No stray files. Its like one big self contained .exe at its simplest level of explanation.

XP isn't that bad ...

[b0s0z0ku]

It's mainly the tight integration of the browser with the OS that is/was an issue. Don't use IE and don't run executables from unknown sources and 95% of the security issues go away. SP2 is actually a pretty decent OS.

-b.

Re:XP isn't that bad ...

"...and 95% of the security issues go away."

I couldn't agree more and have said the same thing. Except the statistic I pull out of thin air is 80%

Re:XP isn't that bad ...

[negated]

Don't use IE and don't run executables from unknown sources and 95% of the security issues go away.

...and run your account as a user as opposed to the default (administrator!).

-S

Re:XP isn't that bad ...

[Jeff+DeMaagd]

It's not just that though. It's really hard to get software for XP/2000 to work on a limited user account, so most people just run as a power user or administrator. It may in part be due to the fact that there wasn't a strong encouragement or requirement to set up a limited account when the user starts using a new computer. Apparently it is possible to enable administrator privileges to just the programs that require it, but it's not a trivial thing and it's still a problem waiting to happen.

Re:XP isn't that bad ...

[Floritard]

I have a number of less tech-savvy relatives who are always complaining of their computers slowing down after a few months of regular use, clogged with all sorts of net garbage. I myself don't care much about net security, it bores the hell out of me and if I ever have any real problem I can easily just wipe my pc and do a fresh install. That said, I never have to do that and I can't figure out what these people are doing to bog down their systems so much. Like I said I can't stand trying to keep up with the newest worms, bugs, what have you and I never use antivirus software. I just don't use IE, I'm all for Opera. And that's all I can think to tell them is stop using IE. It's the only common vector I can find between them. Just stay away from it.

Re:XP isn't that bad ...

[Nightspirit]

XP on a fresh install is blazing fast. I don't know why, but after 6 months of use it just seems sluggish, even with defrag, scandisk, registry cleaning, spyware/adware checks.

Re:XP isn't that bad ...

[garry_g]

Disconnect it from the LAN, WLAN and power, and you might get as close as 99% ... ;)

Re:XP isn't that bad ...

[Grishnakh]

My wife's computer runs XP, with no antivirus software. It seems to have no problems at all (except the occasional Windows weirdness or bluescreen); the common thread is that I told her never to use IE unless absolutely necessary (which is almost never), and she uses Firefox.

WINE, Anyone?

[ArcherB]

Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised." I remember when it was called WINE!

Re:WINE, Anyone?

Not being at all techie, but isn't WINE more like emulation than virtualization? If "SoftGrid" can virtualize an OS environment without running a virtual machine, it seems to me like it would increase compatibility immensely. Before you mod me an idiot, though, please read my preface: i'm not a techie! :)

Re:WINE, Anyone?

[ArcherB]

WINE = WINE Is Not an Emulator

Re:WINE, Anyone?

WINE is a native implementation of some Windows APIs, so it can't be considered emulation.

In fact, WINE stands for "Wine is not an emulator."

Re:WINE, Anyone?

[dave420]

That's not virtualisation.

Re:WINE, Anyone?

[Frostalicious]

I don't think it's much like Wine. Softgrid allows you to have a central server containing data for applications such as Word or Excel. Clients running Softgrid can then launch Word on their local PC, and Softgrid will download application data and run the app, without actually ever installing it on the clients. This greatly simplifies large deployments of apps and allows quick updates.

One interesting thing is they can't virtualize IE, because it is "too tied to the operating system".

Re:WINE, Anyone?

WINE
Is
Not an
Emulator

Re:WINE, Anyone?

[ak3ldama]

Before you mod me an idiot, though, please read my preface: i'm not a techie! :)

Then get of my damn lawn!

Re:WINE, Anyone?

[Anv*l]

Does this mean monopolysoft rolled a 6 and got on to the "go to jail" brick?

Re:WINE, Anyone?

[_xeno_]

First, ignore all the comments pointing out that WINE stands for WINE Is Not an Emulator. You're using "emulate" in a different sense than the WINE acronym is. By "WINE Is Not an Emulator" it means exactly your point: WINE does not emulate a physical machine - or, in other words, virtualize the process. WINE implements a compatible version of the Windows API, but it does not create a virtual machine. It's best called a compatibility layer or something like that.

Cygwin does something similar under Windows for UNIX. It emulates a UNIX environment under Windows, mapping standard UNIX calls to Windows equivalents. WINE does the same in reverse - it maps standard Windows calls to UNIX equivalents. (Pedantic note: I know I'm misusing the term UNIX. Someone else can come up with better terms.)

In any case, WINE is not a virtualization approach. A Windows program run through WINE is executed directly by the hardware the OS is running on. WINE simply provides a loader that can load and execute EXE and DLL programs, along with compatible implementations of Windows API.

Short answer: you're right. WINE is not virtualization.

Re:WINE, Anyone?

[captnitro]

I remember when it was called a jail.

Re:WINE, Anyone?

[uhmmmm]

WINE isn't virtualization. It's merely an implementation of the Win32 API. The program itself is still happily running with as much access to the machine as any other process. Now, I do believe Qemu is capable of something closer to this, where it emulates for one process, and passes the syscalls on to the native kernel.

Re:WINE, Anyone?

[biggrz]

That should have been... "I remember when it was called SOFTRICITY!" Softricity created this product, MS bought it up. http://www.microsoft.com/presspass/press/2006/jul0 6/07-17SoftricityPR.mspx

Re:WINE, Anyone?

[SanityInAnarchy]

I'm not sure qemu is capable of doing that with virtualization.

I know it can do it with emulation, and I believe it's possible to, for example, run Qemu on Linux-PPC or something, tell it to emulate x86, and use it to run an x86 version of Wine. So, theoretically, you could get native Windows apps -- but just those apps, not a whole OS -- emulated on a PPC Mac. But I never got that working, and new Macs are Intel anyway...

In other words, I was imagining using Qemu to do a kind of reverse-Rosetta.

But I don't know if it can do it with virtualization, and if it could, I don't know if it would provide the security benefits of virtualizing the whole OS. In fact, I doubt there would be a point to it at all, since an app doing an unlink() syscall is going to delete the file anyway, whether it's a native unlink() or a virtualized/emulated unlink().

Re:WINE, Anyone?

(Pedantic note: I know I'm misusing the term UNIX. Someone else can come up with better terms.)

POSIX?

virtualisation

[Nico3d3]

technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised." Give me a break, this thing isn't new at all. You can use Wine in Linux.

Re:virtualisation

[dave420]

WINE isn't a virtualisation product, fyi.

Re:virtualisation

For some reason, I read the summary as Windows now has a chroot feature.

Didn't RTFA yet.

Re:virtualisation

[wild_berry]

I suspect people will object to your example because you can't (as-yet) migrate Wine's processes around hosts.

Re:virtualisation

Nowadays one can't seriously expect Microsoft to come up with anything truly innovative.
This just seems like their latest attempt to capture another area of the market with a 'me too' product to try and regain some credibility after shooting themselves in the foot with Vista.

Should fix the article headline

[the+computer+guy+nex]

Microsoft didn't issue a press release, one guy voiced his opinion.

Re:Should fix the article headline

[EraserMouseMan]

Tell me about it! The article has nothing to do with the war on terror. Or even security for that matter. It is about MS SoftGrid.

Re:Should fix the article headline

[The+Bungi]

That's what happens when you're used to hyping and exaggerating everything to death for ad impressions. It's funny that the FUD hype machine is starting to turn on itself. Mozilla had to issue a press release saying "ten fucking days" was hardly their policy.

Mod parent up

[b0s0z0ku]

Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year. It's probably true.

Mod parent up insightful for this comment.

It feels like that we've forgotten what it is really like to be a nation threatend with annihilation. In the 1940s our country nearly didn't make it and we have the United States to thank for that as much as our own heroic airmen. That was a time where the agressors really could have destroyed our way of life. Yet we did not yield in the face our adversity. We held our resolve!

Not to mention knowing what to do with foreign agents when caught. Don't stick them in prison -- either shoot them or "turn" them whenever possible and use them to feed the enemy with disinformation.

-b.

Re:Mod parent up

Not to mention knowing what to do with foreign agents when caught. Don't stick them in prison -- either shoot them or "turn" them whenever possible and use them to feed the enemy with disinformation.

Thank God, at last someone who is willing to cast aside the Geneva convention when necessary in order to do something that might actually work, as opposed to just forcing them to perform homosexual acts to tape and sell to their friends.

Re:Mod parent up

[b0s0z0ku]

Thank God, at last someone who is willing to cast aside the Geneva convention

Spies and saboteurs aren't covered by Geneva. It's perfectly legal to punish them (up to death) if caught on your country's territory.

-b.

Re:Mod parent up

[MrNaz]

It's legal? Well goody then. It's a good thing our great society has invented this thing called law so we can do away with annoying things like "morality", "ethics" and "values".

Re:Mod parent up

[b0s0z0ku]

It's legal? Well goody then. It's a good thing our great society has invented this thing called law so we can do away with annoying things like "morality", "ethics" and "values".

If someone comes into a country with the intent of murdering large numbers of its citizens, they should really expect to be well treated. Yeah.

Re:Mod parent up

[db32]

Now, you may not do this personally, or you may just not admit to it, but 99% of the people I have talked to that say this kind of thing love to gloat when our own spies and such get caught and punished in other countries. Just a bit of a double standard.

That being said, things like treason and espionage have pretty much been illegal and often punishable by death with good reason from the dawn of government.

I don't agree with the super paranoia and "islamofacist" talk that has been going on lately, but that does not change the fact that there are sick and twisted people that come here, or even started here, with the intent of causing harm to us. Just to remove the typical cry of racism or whatever about our latest favorite enemy, lets talk about a different one. I think you will have a hard time finding anyone that would not have wished someone put a chunk of high velocity metal into ol Timmy McVeighs face before he was able to detonate his bomb.

Re:Mod parent up

[Hatta]

If someone comes into a country and is falsely accused of having the intent of murdering large numbers of its citizens, they should really expect to have due process. You act like we can read peoples minds, and we never make mistakes.

Re:Mod parent up

[b0s0z0ku]

If someone comes into a country and is falsely accused of having the intent of murdering large numbers of its citizens, they should really expect to have due process.

If you read me original post, I was talking about German spies in Britain during WW II. Those spies that were shot were executed after being convicted at a regular jury trial (held in secret, but still better than a military kangaroo court like the USA is trying to hold at Guantanamo).

And a lot of spies were given the option to turn their allegiance against the Germans and avoid trial entirely. Google "double cross system" for more info on that.

-b.

Let you down with XP

[chatgris]

They say this now, when there is Vista to buy. It's just part of Microsofts standard strategy... Release new operating system, try and make the old one look bad.

Re:Let you down with XP

[Farmer+Tim]

Release new operating system, try and make the old one look bad.

Not a lot of work involved there.

Re:Let you down with XP

Geez and what do you know recently that Slashdot users have been praising XP since Vista came out after years of bad mouthing it.

Re:Let you down with XP

[SanityInAnarchy]

Well, and claim the new one is so much better... "Improved security!" And in most cases, that's because anything would be an improvement.

With Vista, they've finally gotten to where there's even a question of whether they are more secure than Linux. And even if they were equally secure, I'll take the less annoying one any day. (Allow, dammit! Allow!!)

What I really want to see is for someone to just say "Secure." Not "More secure," but "Secure." As in, algebraically proven.

Because of H-1B Visas

Microsoft is going to have a problem with anything that makes it harder to import labor, whether the security measures make us safer or not. Because they aren't in business to keep America safe.

Re:Because of H-1B Visas

[tmjr3353]

Because they aren't in business to keep America safe. That's okay, the current administration isn't either.

Ironic

[ArcadeX]

I'd rather deal with airport security than install programs on my girlfriend's vista laptop...

Re:Ironic

[clubhi]

The real irony is that your girlfriend IS a vista app!

Re:Ironic

[Froster]

That's why I worked hard to find a good laptop for my girlfriend that came with XP instead of Vista. She's not very accepting of Linux, so if I'm going to have to help her with Windows, its going to be a version that I am familiar and comfortable with.

Re:Ironic

[Jeff+DeMaagd]

Installing Windows makes airport security look efficient. The TSA makes Microsoft look thoughroughly efficient and competent.

Re:Ironic

[lazyforker]

Obligatory:

Who are you fooling? "girlfriend"? On /.?

Re:Ironic

[e2d2]

We need a new "+1 hyperbole" modifier.

Re:Ironic

you defintely didn't stand long enough in the immigration queue at some airports coming to the US? Further, while installing Windows, I never had to undress...

Virtualization of an application?

[Gary+W.+Longsine]

Uh... on a real operating system that's called a "process". The only reason they need to think in these terms at all is because there is so much broken design in the basic OS. If everything wasn't welded inextricably from everything else, apps wouldn't take down other apps, nor the system when they misbehave, and you wouldn't need to "virtualize just the app! OMG! What a concept!"

Here's a little concept I've been working on. Why don't we use a real OS?

Re:Virtualization of an application?

[smithmc]

  Here's a little concept I've been working on. Why don't we use a real OS?

Such as...? I assume you're not talking about Linux, since after all, by your reasoning, if Linux were a "real" OS, we wouldn't need Xen/VMWare/etc., right?

Re:Virtualization of an application?

[Gary+W.+Longsine]

The converse of my claim is not necessarily true, so no, that's not my reasoning, its yours. And it's wrong.

Re:Virtualization of an application?

[RzUpAnmsCwrds]

Here's a little concept I've been working on. Why don't we use a real OS?

Here's a concept: why don't you actually look at how operating systems work before saying that.

There are a lot of reasons why we ended up with the model we have today. There are a few solutions. One is sandboxing, which is what .Net and Java do - you can run Java applets, for example, with little risk of harming your system.

Sandboxing doesn't work particularly well for legacy code, though. This isn't unique to Windows: in Mac OS X or Linux, applications expect to be able to write to your home directory. Unfortunately, that's where you keep your most important files.

Could you write an OS that's safer than that? Sure. But it's not going to run legacy code - at least not without virtulization.

Virtual Solution of Real Problem

[should_be_linear]

single application is virtualised.

Windows NT 3 could do that, except that screwed OCX technology makes it almost impossible to install 2 different versions of one application at the same time. This new "virtual applications" will address this problem by adding one more layer of complication (separating registry for each version of application) instead of getting rid of broken OCX thing.

Virtualization

[QunaLop]

It depends on how you define "virtualization" but Vista already uses fairly extensive virtualization, eg the UAC system redirects file system stores to user profile areas of disk. And IE7 protected mode (for Vista) is an example of exactly what is mentioned... I think this "talk" is just on already released "innovations." Though I suppose the comment about the paranoia is of note.

Mistaken Words?

[obergfellja]

For all this time, I thought Bush was talking about "War on Tar"... I was trying to figure out how Tar was affecting our lives and how Tarrist (creators of Tar) were creating Tar here. When did it become "War on Terror"?

Re:Mistaken Words?

I've had it up to here with the War on Tar. Frankly, ".zip" just doesn't cut it for me. A little tar and some gzip (or whatever other letter you wish) is far better.

I'd have thought the War on Tar would've become irrelevant years ago when WinZip started handling it.

Re:Mistaken Words?

Really? I always thought it was about tourism and tourists... the war on compression formats is news to me.

Let us down?

[thatskinnyguy]

They let us down with XP?! I think that means they totally screwed us with Vista!

Re:Let us down?

[QunaLop]

from a security standpoint, what shortcomings does it have?

Re:Let us down?

[thatskinnyguy]

None. But I wouldn't sacrifice nearly all usability and control over the OS in the name of security. The fact that I can delete the Recycle Bin and get it to consistently throw the BSOD just by plugging in my digital camera and the fact that Vista takes the admin's right to admin away, really puts a sour taste in my mouth.

Re:Let us down?

[Steauengeglase]

Agreed. After SP2 came along XP became a fine little OS that was reasonably strong and secure for those who had been paying attention to the state of the world for the last 10 years or so.

The war on terror...

[realdodgeman]

The war on terror is overblown. It's not like Muslim extremists are going to take over USA anytime soon... (Don't laugh, a lot of Americans think that this will happen if they pull out of Iraq...)

The war on terror is really a war against your rights, so be ware. This is much worse than even MS ME II.

Re:The war on terror...

[Kohath]

It's not like Muslim extremists are going to take over USA anytime soon

No one thinks it's going to happen "soon". You're simply lying about this.

Re:The war on terror...

[treak007]

(Don't laugh, a lot of Americans think that this will happen if they pull out of Iraq...) ummm....no.No one believes that. I guess it must be easier for you to attempt to reduce any opposing view to idiocy rather then actually debate it.

Re:The war on terror...

[realdodgeman]

I am not afraid to debate it. I have seen Americans saying that they think terrorists are going to take over USA. The truth is that the US is the worlds most powerful military state. Nobody can take over America in the foreseeable future.

Re:The war on terror...

[megaditto]

Well, they already took over our Congress in 2006. Soon it will be the whole country.

Re:The war on terror...

[Entropius]

ummm....no.No one believes that. Watched Fox News lately? People *do* believe that.

Re:The war on terror...

Well, not America anyway... Britain or France...? In June of 2001 (a few short months before Sept 11), I was in Paris with my family and my best friend. We emerged from that big glass trainstation on the Left Bank to be confronted with thousands of Arabs wearing shirts and carrying banners that depicted Saddam Hussain as smiling and friendly. The 5 of us were the onliest white folk around, and Americans... so we made a B-line for the way out quite fast.

Seriously - thousands of them, having a Pro-Saddam rally right out in the open. Back in the 70s when my mother was living in France, they would have had the dogs and hoses on them faster than you can say "Azerbaijan." Now its "don't show the Muhammed cartoons! That would be "insensitive!" Never mind "Freedom of Speech," which is supposed to be a common Western value - nope. Not "offending" the aliens is more important than protected political speech via satire!

the SAS and RUC had no problem torturing IRA prisoners into the 1990s, but is affraid to take tough measures against the Muslims?! Why!?! Talk about throwing your country away. Let a bunch of foreigners walk in, take over, and tell you how its going to be. Maybe you feel guilty its a feeling of guilt over colonial pasts... who knows? All I know is that its stupid.

Signed,

An American

Re:The war on terror...

Please pull your head out of your ass and come up for air.

Re:The war on terror...

[cdrguru]

Well, you might be understating things a little bit.

No, there isn't going to be a Muslim army that lands on the beaches and "takes over" the USA. That is silly.

However, we are seeing court decisions implementing Sharia law in Germany for Muslims. What do you think it would take for this to happen in the USA? How far away are we actually from allowing Muslim men to beat their wives with impunity? Would you not call "taking over" our laws?

How about the idea of people having Driver's License pictures taken while wearing a mask? Well, some states now allow fully covered (hajib) women photographed.

How about cab drivers that refuse to take unclean animals (guide dogs) or transport banned beverages (alcholic)? Yes, there is right now a fight over this in several cities.

No, the Muslim army isn't landing anytime soon, but you can start to see evidence that the USA is making over its laws and customs to be more in line with Muslim beliefs.

Re:The war on terror...

[treak007]

I have seen Americans saying that they think terrorists are going to take over USA No, you are correct, the terrorists are not like the Chinese, who could storm our country with troops. However, this doesn't mean that they are incapable of harming our way of life and are not a threat to democracy. We see this in our every day lives. They try to shape our foreign policy with their threats. They threaten us to conform to their beliefs or suffer attacks on our country. For example, if we support Israel, we will continue to be their enemies. Now the question here is whether our mighty country is going to give into some immature children who demand that other's share their beliefs or whether we are going to tell them to fuck off.

By not supporting the war on terror, you are claiming that our country should submit ourselves to their whims.

chroot?

[bomek]

Microsoft finally invent chroot

SoftGrid isn't new

SoftGrid isn't new, nor is it a particularly close relative of WINE as some Linux enthusiasts suggest. It was a Microsoft acquisition, the former product name being Softricity. It's not just virtualization, it's packaging, so a single file, streamed from a server as needed, encompasses the program and all of its settings, creating a layer over the regular file system, registry, etc. with copy on write functionality; if the program tries to change the host OS in any way, it just adds to the shell of program specific settings within the single packaging file. Extremely handy for network admins who need to distribute programs, and want the performance of local apps (once the whole package is streamed, it runs locally, with the streaming order prioritized based on what the user is doing), but want the simplified administration of centralized programs with standardized configuration.

Re:SoftGrid isn't new

[QuantumRiff]

I've been playing with it for a while now.. One of the nice features is the ability to repackage with an updated DLL or other update, and the next time the program runs, it updates. I use WSUS for windows patches and stuff, but this is handy for 3rd party apps and home grown stuff to ensure everyone has the newest version quickly..

Re:SoftGrid isn't new

I didn't see anyone suggesting that this is a relative of WINE. Instead people are correctly pointing out that this isn't a new invention and that WINE is one example of a technology that can provide a similar core capability (e.g. WINE "bottles" providing an isolated OS environment for different applications).

Re:SoftGrid isn't new

Check out Symantec's (formerly Altiris) SVS (Software Virtualization Solution). It runs faster than Softricity, and from what I understand it is much easier to virtualize an app as well. With 3rd party software it can also stream packages out to client computers.

Re:SoftGrid isn't new

[SnprBoB86]

Actually, the product was always called SoftGrid. Softricity is the name of the acquired company. And their technology is exceedingly cool :-)

Re:SoftGrid isn't new

SVS is a serious dog, just as most things from Altiris.

Choose "cry".

[khasim]

I don't know whether to laugh or cry why we even take them so seriously.

Consider what we COULD be doing with the money spent on this.

The Cold War ended. The world was as close to Peace as it has ever been. We could have been investing in so many things to help the human race as a whole.

Instead we're spending trillions of dollars "fighting" a few thousand nutcases who can't do any more damage to the world than we do to ourselves, every year, in traffic accidents.

Re:Choose "cry".

[Xtravar]

The Cold War ended. The world was as close to Peace as it has ever been. We could have been investing in so many things to help the human race as a whole. Hey man, the defense industry needs to eat, too! What, you expect them to go out of business in times of peace?

And this is the problem with militarily-funded businesses. They have incentive to not have peace.

Re:Choose "cry".

[treak007]

The Cold War ended. The world was as close to Peace as it has ever been. We could have been investing in so many things to help the human race as a whole. Wow, what planet have you been living on? Peace was not disrupted by the United States. There have been tensions and bombings in the Middle East for decades. People seem to think that the anti-American sentiments in the Middle East are caused by our invasion of Iraq, however they seem to fail to understand that these sentiments have been going on for decades before the current administration stepped into power.If that is not enough, take a look at the genocides in Africa.

But don't let the facts get in the way of your hippie dream.

Re:Choose "cry".

[MightyMartian]

The worst part about all of this is the lack of recognition that other parts of the world have been suffering under this very same breed of Jihadist for a lot longer than the US. Both China and Russia have been dealing with this religious nutcases for years prior to 9-11. Heck, part of the reason they're so widespread in the Muslim world is because Saudi Arabia has been exporting its maniacs so that they cease to be its problem.

The West now only concerns itself because suddenly we're the direct targets of their actions. Those actions are wildly successful because they're so visible. The fact that automobile accidents are far more deadly, or that more people die due to choking than the terrorists could ever hope to kill is besides the point. Those aren't sexy, top-of-the-hour, bonechilling, fingernail-biting, paranoia-inducing stories.

I have pointed out to people who think that Jihadists are getting ready to blow up their supermarket that the people of Leningrad and London put up with attacks of such intensity, such lethal effectiveness and such destruction that it makes a hole in the Pentagon and two downed office towers look like a joke.

Re:Choose "cry".

I think the OP was lamenting on how the US could have been a helping force in the middle east and africa.

Re:Choose "cry".

[Entropius]

Grandparent wasn't saying that the world would have been at absolute peace without the US invading Iraq.

But the world was doing pretty well -- sure, the Middle East was trying to kill itself, but it's *always* doing that. The people with the *serious* militaries, however, were at peace. We had a golden opportunity to *not* spend our national wealth on the military; for the first time there were really no serious military threats to Western democracy. We could have done something useful... ... and instead, we go start a dumbshit war that's wasted more American blood and money.

Re:Choose "cry".

Because war and fear created more power for those in power. If you think that a president or leader of a country wants to have less power then you are nuts.

NONE of these people in parliment, House of represenatives, Congress, Presidency are there for "the good of the people" or to "help humanity" they are there for power and the money and high that comes with that power. We have a vice president that is going fricking nuts on his Power trip high, we have a president that plugs his ears and screams "la!la!lA! LA! LA!!! I CANT HEAR YOU!" when he is told ANYTHING that contradicts what he wants to believe, and all the rest in the government is working only for their reelection or how they can get more money or power. They do not give a rats ass about the public.

Personally I want to know why the steps of the whitehouse are not cluttered with citizens with torches and pitchforks. And I also want to know why the Military and police of this country support the destruction of america instead of supporting the people.

If microsoft is now saying what the rest of us sane people have said cince 9/21 then it must be getting insanely bad.

Re:Choose "cry".

"The world was as close to Peace as it has ever been."

The continual technological empowerment for so few to destroy so much negates this statement.

"Instead we're spending trillions of dollars "fighting" a few thousand nutcases who can't do any more damage to the world than we do to ourselves, every year, in traffic accidents."

We also spent trillions of dollars during the Cold War because a handful of people could push a button and destroy entire cities; spending trillions of dollars "fighting" a few thousand nutcases is the natural progression from decades of empowering the individual.

It's the continuing cost of the double-edged sword of technological advancement; each time around, the curve gets steeper. One wonders when it will stop; maybe when we're extinct?

Re:Choose "cry".

[wild_berry]

Peace was not disrupted by the United States

But the intervention across the globe by Western governments since the end of WWII is that disruption of peace which makes enemies of those we and our governments have screwed over.

Re:Choose "cry".

[greedyturtle]

Can we say 1984 anyone? Creating meaningless wars as a resource sink to keep the people subjugated.

Re:Choose "cry".

[vertinox]

Both China and Russia have been dealing with this religious nutcases for years prior to 9-11.

I hope your not talking about Tibet, but rather the Gulong Fong?

Re:Choose "cry".

[slapout]

Those nutcases could certainly do a lot more if they had the proper weapons. That's exactly why we're currently trying to stop them.

Re:Choose "cry".

[edwardpickman]

I say the military contractors should declare war on each other. It'd cut out the middle man and make things more clear cut. Instead of road side bombs they'd be bombing each other's factories. Think of all the jobs being created rebuilding factories let alone all the new weapons!

Re:Choose "cry".

there are muslims in china too, you know.

http://en.wikipedia.org/wiki/East_Turkestan_Islami c_Movement

Re:Choose "cry".

[Hijacked+Public]

That is a popular idea, and true to an extent, but it isn't the whole picture.

Many political entities throughout the Middle East and Africa are making war to consolidate power in their own country and use the West as a convenient scapegoat. This isn't much different from what the neo-cons, to use a contemporary example, have done in reverse in the West. Invent some boogeyman, convince your people you can protect them from him, and they will support you.

On a conceptual level Sayeed Kotb's ideas aren't all that different from Leo Strauss'.

Sure many Western governments have encouraged conflicts. Directed them to their benefit. Provided the raw materials. But the total absence of all Western influence wouldn't bring peace, a great many people can still be killed with machetes.

Re:Choose "cry".

[Paul+Jakma]

Eisenhower's Military-Industrial Complex speech.

"In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the militaryindustrial complex. The potential for the disastrous rise of misplaced power exists and will persist."

Heed was not taken and arose it did..

Re:Choose "cry".

[workindev]

Instead we're spending trillions of dollars "fighting" a few thousand nutcases who can't do any more damage to the world than we do to ourselves, every year, in traffic accidents.

Guess what? We also spend enormous amounts of money and gladly relinquish freedoms to protect us from traffic accidents. Should we just give up on that, too? To come to think of it - we spend a lot of money and energy on Cancer research, and people get cancer. And we still spend a lot of money fighting poverty, and people are still poor. According to your logic, we shouldn't be wasting our time on that either.

A few hundred thousand innocent lives given up to terror attacks and car accidents is a small price to pay in order for us to "invest" in the human race, right?

Re:Choose "cry".

[DrDitto]

Western Europe would be communist if it weren't for all the intervention by the U.S.

Re:Choose "cry".

[HungWeiLo]

The Chinese province of Xinjiang and Qinghai in the northwest of the country are Muslim strongholds. An independence movement for East Turkmenistan is ongoing to be chagrin of the Chinese officials. Every once a while, some marketplace will get blown up and everyone gets clamped down upon.

BTW - You seem to be bothered by the label of "religious nutcases" being applied to Tibetans? What makes them so special as to be exempt from this label?

Re:Choose "cry".

[mickwd]

"The West now only concerns itself because suddenly we're the direct targets of their actions."

Make that "the USA" rather than "the west" - other western countries have had serious terrorism problems for years. In the UK there was the IRA and the "troubles" in Northern Ireland, and in Spain there was/is ETA, to name but two.

Interestingly, look at this story today - 400lb of explosives found, with a strong suspicion of links to real-live republican terrorists. Notice how little reporting there has been of this?

Now imagine how big the headlines would be if a group of muslims had been found with 400lbs of explosive.

It would be the same amount of explosive - able to kill the same number of people.

Re:Choose "cry".

[Grishnakh]

Seems to me that the Tibetans are all Buddhists, and their religion advocates peace. Islam advocates war and violence. Seems like a pretty big difference to me.

Re:Choose "cry".

[Pragmatix]

I always wonder what we could have done with the hundreds of billions of dollars we have spent fighting in Iraq, if instead we spent it on alternative energy research. It always seemed like a better long term strategy to me.

Re:Choose "cry".

[vertinox]

BTW - You seem to be bothered by the label of "religious nutcases" being applied to Tibetans? What makes them so special as to be exempt from this label?

They don't seem to be suicide bombing anyone, taking hostages, or any type of violence nor have had a history of doing so. You can be eccentric with your religion, but I don't think you cross over into the "nutcase" category until you start actually committing violence in the name of your religion.

In fact Tibetan independence has nothing to with religion even though both sides claim so. Technically, China would have claimed the same for Mongolia as always being part of China had not Stalin told Mao to back down.

Re:Choose "cry".

[Penguinisto]

The worst part about all of this is the lack of recognition that other parts of the world have been suffering under this very same breed of Jihadist for a lot longer than the US. Both China and Russia have been dealing with this religious nutcases for years prior to 9-11.

Both nations mentioned up there also have legally-sanctioned reactions against such terrorist groups - means that make Guantanamo seem like the near-summer-camp that it is. Usually these are performed without such obstacles as due process and/or trial. Part of the reason such activities remain low-key is because the penalty for screwing with either government in such a manner is usually fatal, and not just to the perpetrator(s).

Should we adopt their methods, perhaps?

/P

Re:Choose "cry".

[scuba0]

And that says what, that the US is absolute or what?

Got another for you the US wouldn't exist if it wasn't for Europe, hows that?

Re:Choose "cry".

[Xtravar]

I probably don't have to explain this but...
If they have to pay for damage, then it's no longer a fiscally sound business model. It's much easier to make copious amounts of money when others' pain and suffering is unaccounted for. For example, manufacturing factories in third world countries where working conditions are less strict.

Re:Choose "cry".

[wild_berry]

As a European, I wouldn't have a problem with Communist. I'd strongly oppose dictatorship. Is the USA political system absolutely non-totalitarian?

Re:Choose "cry".

Communist as in China, Cuba, the Soviet Union, or Cambodia means totalitarian dictatorship -- often one that kills mass numbers of its own citizens to boot.

Re:Choose "cry".

[dbIII]

Post war western govenments (mostly the USA but the UK seriously stuffed up with direct intervention in Iran) do obvious tinkering about on the edges of things with often ignorant mistakes which are not learned from - that's part of how they get to be scapegoats. It's also easy to blame the outsider for things. All of Algeria's problems at one point were blamed on returning soldiers from Afganistan instead of the local problems that existed.

Re:Choose "cry".

[dbIII]

we go start a dumbshit war

Ignoring the reasons for it in the first place this is the largest criticism military professionals have about it - we are almost seeing a textbook example of how not to do things. People on the ground have to go through Washington to communicate with other people on the ground and similar bits of stupidity. Then there's the uncontrolled spooks, private contractors working for the spook agencies, mercenaries working for construction companies and complications like shanghaied Phillipino contruction workers that thought they would be in Bahrain and paid better instead of being shipped to Bagdad at gunpoint.

Re:Choose "cry".

Should we adopt their methods, perhaps?

With secret CIA flights and "extraordinary rendition" of people who later turned out to have committed no crimes, it would seem that we already have.

Re:Choose "cry".

But the total absence of all Western influence wouldn't bring peace, a great many people can still be killed with machetes. It's hard to talk about the problems of Africa without straying into racism (or at least politically motivated social darwinism), but the tribal warfare in Rwanda was ultimately carried out by normal citizens armed with machetes and stirred up by local leadership.

Re:Choose "cry".

[Actually,+I+do+RTFA]

the defense industry needs to eat, too! What, you expect them to go out of business in times of peace?

Don't forget, the defense industry includes many varied things like school lunches for poor children and inner city technical education. At least in the US

Re:Choose "cry".

[jhol13]

I think your argument ("absence of all Western influence wouldn't bring peace") is ... how should I say it ... extremely idiotic. Sorry, not intented as an insult.

I think it is our (westerners) responsibility to try to improve situation by bringing "more" peace, not less.

Re:Choose "cry".

[treak007]

But the world was doing pretty well I never said the world would have been at absolute peace without the US invasion of Iraq.

I am stating that if you look at the facts, you realize the world was not doing well at all.

I'm still curious...

[VoxMagis]

How many AVERAGE Americans actually feel that the changes to security have affected them at all?

I mean, okay, I've waited an extra half-hour for a flight. I really can't think of anything else. It's easy for alarmists and those opposed to our government personally to attack, but I can never seem to get an answer to this question.

Now, understand - there is always someone inconvenienced. I'm not talking about a perfect system. I'm literally asking, does the average American (or Brit, etc.) really feel that they've lost something specific?

Re:I'm still curious...

[plague3106]

When the lock on your luggage was broken and your belongs have obviously been gone throuhg, yes you have lost something. Namely the right to be "secure in your person and belongings." It is very violating.

I've also lots a fair bit of money via taxes. So yes, it does feel like I've lost something everytime I see my paycheck.

Re:I'm still curious...

[Dystopian+Rebel]

Now, understand - there is always someone inconvenienced. I'm not talking about a perfect system. I'm literally asking, does the average American (or Brit, etc.) really feel that they've lost something specific?

Sir, I suspect that one of the reasons why you don't hear an answer is that some of your interlocutors are frozen in disbelief.

Although the USA may try valiantly, not everyone who displeases the government can be incarcerated. People think Guantanamo is bad; the US prison system is a systemic Guantanamo fit to burst with the highest percentage of incarceration in the world.

Do all the people who are not incarcerated have any reason to be concerned? If the government is above the law and there is no law to protect them, the only protection they have is their sleepy ignorance of their vulnerability.

You would call their sleepy ignorance proof that they have no cause for worry. Coincidentally, there's a group of men in the White House who agree with you.

Re:I'm still curious...

[DanQuixote]

Do you not understand the concept of a "slippery slope"?

Do you not realize that treating our fellow citizens with such severe suspicion causes much more damage than the "1/2 hour of lost time"?

The terrorists did not win at the moment the planes hit the buildings, the terrorists only won when Bush announced his war on terror and we sent troops over to Iraq. They continue winning each time someone takes off a shoe because "ooooo, if we don't do this, I might get bombed out of the sky!!!!!"

DON'T ignore the pattern of government abuses! Don't trivialize what's happening. Riley hits the nail on the head when he points out that cost is unaccountably high, and benefit is un-measurably low. Just say no!

Re:I'm still curious...

[Steauengeglase]

When I can't buy certain products because they are now placed on restriction lists, can't read certain materials because they will place me on a terror watch list and my child's education is stifled because once common knowledge is now classified as sensitive state secrets then yeah, my rights have been violated and I notice it.

Re:I'm still curious...

[Entropius]

How many AVERAGE Americans actually feel that the changes to security have affected them at all?

They have affected the ratio between the tax I pay and the government service I get in return.

I am paying extra taxes for things which benefit nobody.

That TSA screener may not be inconveniencing me that much, but the pothole he's not fixing because he wasn't hired as a construction worker instead may be.

Re:I'm still curious...

>How many AVERAGE Americans actually feel that the changes to security have affected them at all?

The changes to security are stage theater.

- Searching 80 year olds in wheelchairs at the airport doesn't make me safer.
- Making me go through long lines, taking off my shoes, belt, jacket, etc. etc. etc. does not make me safer.
- Compiling massive data warehouses of data about myself and my fellow Americans does not make me safer.
- Nor does data mining this data make me safer.
- Using Echelon and connections to my internet to record everything I say on a phone or a computer does not make me safer.
- Not allowing me to carry a water or soda onto a plane does not make me safer.
- Not allowing me to lock my suitcase to prevent TSA or airport workers to steal from my luggage does not make me safer.
- Installing cameras all over to watch what I am doing does not make me safer.

- Going into the badlands of Pakistan, hunting down and killing Bin Laden and his second in command would be a start.
- Hunting down and killing the leadership of the rest of Al Quaeda would be a start.
- Hunting down the Taleban and destroying them would be a start.
- Securing our border would be a start.
- Getting rid of the TSA and using the funds to put undercover armed air marshalls on EVERY flight instead would be a start.
- Really REALLY securing the cockpit would be a start.

We are supposed to be living in a democracy, with guaranteed rights of privacy. Infringing on those rights does NOT make me safer. It just puts more power in the hands of the government--where it does NOT belong.

Having some low trained, low wage person, going through my suitcase and examining my person does not make ME safer. Nor does it for anyone else here.

Re:I'm still curious...

[VoxMagis]

So what YOU are implying is that the US government is now locking down all though against them by putting all disenters in prison.

How many of them do you know? I'm not talking about the wackjobs that burn car dealerships in protest. I'm talking about the average American citizen that disagrees with our current policies.

I still don't see a government above the law. I see a government that will most likely go away in 2008, whether we agree with it or not. I can't say I love everything that has been done in the cause of safety, but on the other end - I really think you're stretching to figure out what that really means.

Start thinking about it really - what has happened to YOU? Someone opened your luggage? You had to take off your shoes?

Re:I'm still curious...

[VoxMagis]

All I'm hearing so far is the argument that 'we are going to go to far'

Taxes? C'mon - it doesn't matter one bit what we THINK should be done with taxes. The odds of your tax money going to anything but bean-curd studies in Western Iowa if it wasn't going to security is pretty slim.

I agree with all, that there CAN be a point where we go to far. I also will note that some of the security measures we've had in place are beginning to go away. Shoot, tell you what, I'll even agree with you that taking your nail clippers from you on the airplane is silly.

But the reality is that all you are all really saying is that you think better and smarter than everyone else. Maybe you do.

The current administration is in place precisely because the average American doesn't want to be treated like they are dumb. Whether you think they are or not doesn't matter. Until those running against the current power structure learn that their mannerisms and speech often translate to "You're not smart enough", that's how it's going to be.

Reagan is a classic example. Whether you liked him or hated him I don't care. The fact that he didn't make his constituents feel like morons was what put him in office.

Re:I'm still curious...

[moj0joj0]

The answer for me, as an average American is: On September 10th I wasn't afraid of my government.

Re:I'm still curious...

[Entropius]

The odds of your tax money going to anything but bean-curd studies in Western Iowa if it wasn't going to security is pretty slim. Some of it goes to build highways. I like that. Maybe we could pay those folks a little more, to fix up bridges before they fall down?

Some of it goes to pay for real scientific research that's not pork. I like that too.

Some of it goes to pay for those folks who'll come by and put your house out if it catches on fire (at least around here).

But the reality is that all you are all really saying is that you think better and smarter than everyone else. Maybe you do. Not than everyone else -- most of America agrees with me, according to polls.

The current administration is in place precisely because the average American doesn't want to be treated like they are dumb. So stupid people are more electable because they make the average American feel smart?

Re:I'm still curious...

[Dystopian+Rebel]

So what YOU are implying is that the US government is now locking down all though against them by putting all disenters in prison.

I am unfortunately quite sure that the US government has ENABLED itself to throw dissenters in prison.

Whether it throws them all in prison depends on how much prison space the USA can afford to rent from the "Coalition Of The Willing" around the world.

I still don't see a government above the law.

Then you have no eyes. Or, possibly, a much larger organ normally situated directly behind them.

Re:I'm still curious...

[VoxMagis]

No, my point was that SMART people often make people feel dumb. If someone makes you feel dumb, you don't vote for them.

As for taxes, my point is that I would be SHOCKED if we cut security funding and actually moved that money anywhere useful. Yes, the government uses our taxes for useful things - but everyone must remember that each person sees 'useful' differently. If all that money went to infrastructure, I'd honestly pause and think about it as well. I guess I just don't trust any politician to do it right.

Oh, and the fire department and most road repair is paid for by local taxes. I know that at least where I live, there isn't much money being spent on XRay boxes and strip searches by the county.

Re:I'm still curious...

[meringuoid]

On September 10th I wasn't afraid of my government.

The rest of the world had been bloody terrified of your government since the end of 2000. It was only a matter of time before Bush found a pretext to go on the warpath; if it hadn't been the terrorist thing, it would have been something else. Some diplomatic affront, some no-fly-zone violation, some extremely dubious intelligence about yellowcake, anything to provide the casus belli for the Middle Eastern campaign he and his cronies had been planning from the start.

Re:I'm still curious...

[Dhalka226]

If someone makes you feel dumb, you don't vote for them.

I do.

I consider myself a fairly smart guy, but if somebody running for office makes me feel smarter than them, now that is where I have a problem.

We're talking about powerful people here. In the case of the president, we're talking about quite possibly the single most powerful man in the world. I want him to be a fucking genius. I want him to be the smartest man that ever lived. I want to believe that when he decides something, it is because he sat down, listened to equally smart people, considered both sides and chose what he thinks is the best option. Or if all options sucked, and it was feasible to do so, that he actually decided NOT to decide just so he can look busy.

Maybe it's naive to assume that politicians ever have done or ever will do that, but the absolute first thing I look for in any candidate is whether they come off as smart enough to do the job well. I don't want average Americans running the country. I want the best we can churn out. To borrow a line from an episode of West Wing, "before I look for anything, I look for a mind at work."

Being a strong leader is important. Standing by your convictions is important. More important than both, however, is where you are leading and what convictions you are standing by. It's not an absolute rule that more intelligent people will make better decisions, but it's probably better than 50-50 odds, and it's certainly a good starting point.

That other Americans apparently vote for idiots because they make them feel better about themselves is only sad.

It's not terrorism that threatens it

[MikeRT]

It's large-scale immigration from countries that don't share British or American values. Both countries are taking in a lot of immigrants who don't want to integrate. That poses future problems for the culture in our respective countries. Even more so in Britain where it is primarily people from Islamic countries who are convinced that British culture can go to hell as far as they're concerned.

With immigration, we have too much of a good thing. Immigration is good, but only when it is limited to people who actually want to **abandon** their old culture in favor of the new one. Multiculturalism is bullshit. If you like the way it was done back home, then stay there.

Re:It's not terrorism that threatens it

[telbij]

Okay, I can't speak for Britain, but come on man, have some faith in your own culture. The only thing preventing first-generation immigrants is nostalgia, if they're old enough. However the younger generation will easily be indoctrinated into the culture quite rapidly. Especially western culture which has already proven powerful enough to invade the whole world. You know, previous generations of immigrants did not magically integrate. It takes time, but it's inevitable. Sure the old culture is subtly changed over time by this influx, but it's a good thing. Do you really want to inbreed yourselves until your eyes are all half an inch apart and your culture is as flavorless as the food you eat?

Re:It's not terrorism that threatens it

[Daniel+Dvorkin]

Immigrants have hardly ever wanted to abandon their old culture for their new one. The historically high levels of immigration to the US and the UK have been driven by economics. "I can't get a job here in [wherever], so I'll pack up my family and 50 or so of my closest friends and see who's hiring in New York."

I think modern Americans tend to forget this, because of the pattern of immigration to the US. There was a critical period of about 50 years in the middle of the 20th century when immigration was much, much more difficult than at just about any time before or since. So the huge numbers of Irish, Italians, Poles, etc. who came here in the years before WW1 had time to assimilate. The ethnic ghettoes disappeared; the old languages died out except for a scattering of loanwords and very light accents; by the time the gates opened back up, ethnic divisions that had once been deadly serious and nostalgia for "the Old Country" were largely relegated to the status of old jokes.

But the fact of the matter is, during the late 19th and early 20th centuries, these immigrants were seen as every bit as alien as Middle Eastern and Asian immigrants are now considered to be, and with good reason! They came largely from peasant societies that had changed little since the Middle Ages -- they sure as hell didn't have the values of Industrial-Revolution-era America -- and the conflicts that resulted, frankly, made 9/11 look like child's play. Roughly from the end of the Civil War to WW1, large parts of America looked like Ethniklashistan.

And yet, somehow, the nation not only survived but prospered. Golly. Imagine that.

Re:It's not terrorism that threatens it

[Ohreally_factor]

You got it exactly right. History repeats itself again and again. Ethnic group immigrates to U.S. Nativists and bigots get frightened and claim that our culture is threatened. Ethnic group settles in and assimilates by the third generation. Repeat process. One hundred years ago it was East Asians that were the threat. Today it's Muslims (in Europe) and Latinos (in the US).

Re:It's not terrorism that threatens it

[cayenne8]

"But the fact of the matter is, during the late 19th and early 20th centuries, these immigrants were seen as every bit as alien as Middle Eastern and Asian immigrants are now considered to be, and with good reason! "

Except, the immigrants of old, did not come to your country, and want to out and out destroy it and replace it with a theocracy. They also weren't so willing to do this, that they employed suicide bombers from within their numbers.

They also pretty much immigrated legally...not just sneaking in, and waving their old country's flags at protests. I'd dare say, at least in the old days for the immigrants to the US, they did want to become Americans, to integrate into the larger society, to speak English, etc.

I think those are 2 major differences we see today vs the past.

Re:It's not terrorism that threatens it

[Bert64]

Absoloutely, well said.
These people have to ask themselves *WHY* they want to emigrate to the UK or US, is it because these countries are better off and the standard of living is higher? And do these things have nothing to do with the culture?
If you want to enforce your culture on these countries, then they will end up in the same state as the country you moved from, so you've just shot yourself in the foot.

You have no right to enforce your culture on someone else's country. They didnt kidnap you and force you to live in their country, you went there of your own free will knowing in advance how things are done there.
The governments in the US and UK already waste far too much money translating various different languages, when immigrants knew they were coming to an english speaking country and yet were simply too lazy and arrogant to learn the language.

If you want to live in an islamic country, there are plenty around. If you don't like them or they don't like you, then there's probably a reason for that. Doesn't give you the right to try and change someone else's country, try and change your own instead.

Re:It's not terrorism that threatens it

[SpecTheIntro]

Immigration is good, but only when it is limited to people who actually want to **abandon** their old culture in favor of the new one. Multiculturalism is bullshit. If you like the way it was done back home, then stay there.

No one "abandons" their old culture. It's just a question of how you mix and meld the culture of one's ethnicity with that of the country to which you've emigrated. But just look around any country with a sizable immigrant population, and you'll see evidence of that culture everywhere, from Indian culture in Great Britain, to Latin culture in America, to Korean culture in Japan. (Although Japan is remarkably adept at discouraging individualism.)

As far as the Islamic problems in Europe, from my (admittedly limited) understanding of the problem, most of the European countries with serious issues are those that have done their best to disenfranchise the immigrants. The UK definitely has its share of crazy Muslims, but as I understand it they haven't caused nearly as much trouble as the Algerian population in France, or the Chechnyans in Russia.

Re:It's not terrorism that threatens it

Ahhh, It's good being a racist redneck isn't it.

Re:It's not terrorism that threatens it

[Daniel+Dvorkin]

Except, the immigrants of old, did not come to your country, and want to out and out destroy it and replace it with a theocracy.

Then as now, a small minority did; and then as now, nativists seized on the statements and actions of a few fanatics to create a national hysteria about how that good American old-time religion was under dire threat from these strange alien infidels.

They also weren't so willing to do this, that they employed suicide bombers from within their numbers.

The suicide-bomber thing is unique, I admit. OTOH, immigrant (and native-born) terrorists weren't shy about planting bombs. You know the old cartoon image of the mad bomber, a guy in a mustache and a bowler hat holding a grenade with a lit fuse? There was a time when that wasn't a joke.

They also pretty much immigrated legally...not just sneaking in, and waving their old country's flags at protests.

You're conflating two phenomena: illegal immigration from Mexico and other Latin American countries, which may be vocal but is largely nonviolent, and Arab and other Muslim immigration from the Middle East, which is largely legal -- and done under much tougher laws than existed a hundred years ago. Also, again, largely noviolent, with a couple of notable exceptions; see "hysteria" above.

I'd dare say, at least in the old days for the immigrants to the US, they did want to become Americans, to integrate into the larger society, to speak English, etc.

No. They didn't. They formed ethnic ghettoes, clung fiercely to the old language and the old ways, and tried their damndest to re-create a little slice of the Old Country. The only part of America they wanted was the prosperity. Their kids and grandkids were the ones who got out. Like I said, I think a lot of modern Americans forget how difficult this process was, and how long it took, because for several generations, it was a done deal for all the major immigrant groups up until that point. However, we're seeing it happening with the children of the wave of Asian, especially Vietnamese, immigrants who started arriving in the mid-1970's; and it will happen with Middle Eastern and East African immigrants now, if we give it time. It's pretty much what America does.

Re:It's not terrorism that threatens it

[tregetour]

No one freaks out when an Italian or Irish family, even many generations on, displays great pride in the mother land.

Re:It's not terrorism that threatens it

[mpe]

As far as the Islamic problems in Europe, from my (admittedly limited) understanding of the problem, most of the European countries with serious issues are those that have done their best to disenfranchise the immigrants. The UK definitely has its share of crazy Muslims, but as I understand it they haven't caused nearly as much trouble as the Algerian population in France, or the Chechnyans in Russia.

Algeria is a former French colony and Chechnya wants to be independent from Russia.

Re:It's not terrorism that threatens it

[Grishnakh]

I disagree.

It used to be this way with immigrants from Europe, etc. However, it is not this way with Islamic immigrants.

A recent poll in Britain found that most second-generation immigrants want Sharia Law to be instituted there. This isn't the first-generation immigrants from Pakistan and elsewhere; this is their kids, who grew up in Britain. The first-generation immigrants don't seem to be causing any problems; they just want a decent life and job. Their kids are embracing the ways of radical Islam. The same thing is happening in France.

There was a movie about this a while ago, called "My Son the Fanatic". Check it out.

Re:It's not terrorism that threatens it

[cayenne8]

"You're conflating two phenomena: illegal immigration from Mexico and other Latin American countries, which may be vocal but is largely nonviolent, and Arab and other Muslim immigration from the Middle East, which is largely legal -- and done under much tougher laws than existed a hundred years ago."

I was commenting on 2 different immigration problems....the one mentioned earlier how the UK and I think France are being overrun by Islamic immigrants (legally coming in), and also the illegal immigrant problems we have in the US coming over our southern border. Both are immigrant problems unchecked, but, different situations, different types of culture clash, and different legal classifications, but, still problems.

Re:It's not terrorism that threatens it

[SpecTheIntro]

Algeria is a former French colony and Chechnya wants to be independent from Russia.

Yes, but Algerians living in France chose to move there, and the protests they've put up have been against French policy. Chechnya probably wasn't a good example.

Re:It's not terrorism that threatens it

[curious.corn]

Perhaps that's because they grew up being told they'd have their share of the chick pool but instead they've been shunned as the a'rab guy that sweeps the f'ing streets clean and moves back to it's slum quarters. Hormones, sexually repressive upbringing while Britney/Hilton throws her clit at you on billboards is enough to drive someone with a chance half insane; add some loony priest and you get jihad.

Re:It's not terrorism that threatens it

[Grishnakh]

Pictures of Britney's and Hilton's clits were so disturbing they nearly turned many men gay. I don't think that's the exact problem these kids are having.

Seriously though, what makes you think these immigrants are only having male children? This seems like a rather silly argument.

Re:It's not terrorism that threatens it

[ghyd]

I must admit that has a French I am terrified by the backlash against Muslims in large parts of the society, though it's apparently not a bad as northern countries like Sweden or Denmark. What frightens me is that there are some wild assumptions and more importantly, messed up ideas about ethnicity, religion, or culture. And messed up ideas about demographics. I don't want to say that there are no problems either, but no Muslim I know frightens me like the fear fueled Eurabia mindset. I know that 95% of Europeans will feel the opposite (which is precisely what I find frightening, given our now long history of scare crowing, finger pointing and finally warmongering..; but it seem that because we've not decimated ourselves since 50 years we have the highest moral ground in the world), but is is simply my opinion. The problem, I just can't see, and demographics won't make the trick ( http://en.wikipedia.org/wiki/Eurabia ), how there will EVER be enough hard liner Muslims to integrates Sharia law as our laws. And until then, you can call a killing "honor", it is a killing nonetheless, whichever culture is yours. If we could manage to work upon our native problems with beaten and killed wives because of alcohol, unemployment and such, it would save a lot more lives than to focus on so called "honor" murders. But hey, we're addict to scapegoats by here, that's how it went, how it goes, and why it will finish badly once again.

Re:It's not terrorism that threatens it

[curious.corn]

I don't think immigrants' sexual ratio is disproportioned. It's just that certain aggressive traits and behaviours are more prevalent in the male gender, especially in western countries where social pressure in overstating virility is the norm.

External pressure, social impediment in fulfilling it, cultural disorientation as in being in an in-between status between two heritages and unable to take anyone with the due grain of salt makes these poor sods an easy pick.

Western society, has always breeded this kind of anti-social behaviour in reaction to its non-inclusive attitude towards sub-cultures: gangs, hooligans, black blocks, etc... Given enough pressure even a tea kettle will burst.

We need more Woodstocks...

Re:It's not terrorism that threatens it

[Grishnakh]

Western society, has always breeded this kind of anti-social behaviour in reaction to its non-inclusive attitude towards sub-cultures: gangs, hooligans, black blocks, etc...

Huh? EVERY society has a non-inclusive attitude towards subcultures. This is a fundamental trait of human nature. The problem is that only Western society actually has any subcultures of a large enough size for problems to be seen with this. Exactly how many people are immigrating to Pakistan or Saudi Arabia, for instance? Those countries would have severe social problems if a bunch of Westerners starting moving there in huge numbers and refusing to convert to Islam, their women refusing to cover their faces in public, etc. I'm sure severe violence would result. The way I see it, Western society is the only culture that even permits subcultures to exist without attempting to destroy them all the time.

Security advise from Microsoft?

[Kohath]

Thanks for the security advice, Microsoft. You are the experts. We need your wisdom. Who better to advise us on security.

I guess we can only hope to be a safe from attack as Windows is.

Re:Security advise from Microsoft?

[Ohreally_factor]

Well, there is a delicious irony when a practitioner of Security Theater starts complaining about Security Theater. Maybe we need a new term, "Security thru Marketing". Buy our product and feel safer than you really are. (cough*cough, Apple (note: I'm a long time Apple Koolaid drinker, and I bask in the warm glow of the RDF.))

Anyway, the most interesting and insightful guy writing about security these days is Bruce Schneier. And not only is he insightful, but he once killed a man using only linear cryptanalysis (fact). Remember - if you ever lose your password, you can still ask Bruce Schneier.

When there is only one OS (Windows)....

[the+eric+conspiracy]

Then OS virtualization is something that you really should not need. It would just be a way of installing something that would be hidden from the OS, meaning that Windows does not have full control of the machine. Can't possibly want that.

SoftGrid is pretty neat

[jtdennis]

SoftGrid has been around for a while and was bought last year by Microsoft. We've been using it in our labs for a few years. Our base image is XP with antivirus and DeepFreeze, then SoftGrid provides the apps. It streams the apps to the desktop without them actually being installed on the system. It has reduced downtime due to reghosting, and the size of our Ghost images considerably.

overblown and intrusive, like Vista?

[bzipitidoo]

The security craze has also been a vehicle for agendas that actually are about security, except it's overreaching, excessive, broken, and dysfunctional security for intellectual property owners against MS's customers. Defective by design "security" both for MS themselves (Windows Genuine Advantage), and for the entertainment industry. Any mention of Vista's shortcomings alongside the bit about XP being a security letdown?

don't worry

[nomadic]

"We let you down with XP,"

No you didn't, that implies that we had expectations of you.

Re:Virtualizing Applications (Altiris SVS)

[macroexp]

http://www.altiris.com/Products/SoftwareVirtualiza tionSolution.aspx

Microsoft attacking Symantec on another front?

Been there, done that.

[Genesys1]

Thinstall (http://www.thinstall.com)
Xenocode (http://www.xenocode.com)
Sandboxie (http://www.sandboxie.com)

Uh. Yes.

How about the fact that you can't wear Kerry buttons within five miles of a Bush event without getting arrested? It's for "security."

Re:Uh. Yes.

[VoxMagis]

Heh - happens with both parties bud. Wrong answer.

Re:Uh. Yes.

[treak007]

How about the fact that you can't wear Kerry buttons within five miles of a Bush event without getting arrested? It's for "security." Only because stupidity isn't a crime yet.

Microsoft is Hypocritical.

[wellingj]

What about the war on Piracy?

Softgrid (ie. Softricity)

[MrJynxx]

MS bought out softricity I think last year. In theory the system is great from an enterprise management perspective because it basically streams one instance of an application to many desktops.

We actually use softgrid for citrix(softgrid steams to citrix, citrix streams to remote user). We've had some issues with it but very few compared to our regular problems across our citrix environment.

Now the interesting part of softgrid is it's ability to sequence and stream a small set of the app. For instance after evaluating visio, we discovered most of the users only used 20% of the app, so softgrid only deployed that small footprint. Neat technology, and we will be using it next year when we move to XP for my environment of 7000+ desktops. (We're slow moving to new OS's :) )

Re:Softgrid (ie. Softricity)

[Adam9]

A competing product that we use here at Miami is Altiris SVS. Streaming comes with a separate product, but for us, SVS is the fastest way to package software with some nice features like resetting software back to a baseline.

Check facts better.

[Kadin2048]

In the United States roughly three times as many people are killed in gun accidents per year than 9/11.

Um, no, there weren't. I'm not arguing with your overall point but you really need to get your numbers straight before you start spouting stuff.

There were only about ~700 accidental gun deaths in the U.S. in 2004. It was slightly higher in 2001, but still only 802. That's slightly more than a third of the number of people killed on 9/11.

(Sources: for accidental gun deaths go to the very slick CDC Fatal Injury Reports Calculator and put in "Unintentional," "Firearm," and the year of your choice. 9/11 casualties are from NyMag's "September 11th By the Numbers".)

Re:Check facts better.

OK smart-ass, try putting in "Violence-" and "Firearm". Whoops, that's now up to 28,685. An absolutely disgraceful figure.

Re:Check facts better.

Irrelavent. People had been killing each other with sticks, stones, and fists long before gunpowder was invented.

Re:Check facts better.

[Khaed]

Which isn't accidental, now is it, dipshit? The OP said "gun accidents."

Reading comprehension: Not a bad skill to have!

Re:Check facts better.

[Maxo-Texas]

Are you confused? Because I read the dipshit's post as being correct while yours seems wrong.

Re:Check facts better.

The majority of which were suicides. Yawn.

Re:Check facts better.

[scuba0]

Maybe accident was the wrong wording in his post but don't you agree that their is more deaths done by your selfs than by terrorists?

Re:Check facts better.

[Khaed]

Did the OP mention gun violence? No.
Did the OP mention gun accidents? Yes.
Did the reply mention gun violence statistics? No.
Did the reply mention gun accident statistics? Yes.

Are gun violence deaths greater than gun accident deaths? Yes.
Is this relevant to the discussion, OP, or the reply the AC replied to in a smarmy manner? No.

So no, I'm not confused, but I think you might be. Go back and read the original post, then Kadin's reply. The AC starts off calling him a smart ass for providing accurate gun ACCIDENT deaths. Which we've established as the original focus of the OC's comment.

Virtual Apps sounds like Thinstaller

Thinstaller is a product that lets you package portable apps. It snoops that OS during product install to see registry changes, dll installs, etc. It provides a virtual sandbox that the app can use to make API calls even when said APIs are not on the host. Apps can run with no registry interaction and you can deploy .net apps without have .net on the host. I am typing into Office 2007 as we speak on a machine that has 2003 installed.

Any stuff that relies on shell integration is missing, like file associations, but any malware that might target an Office 2007 install will find nothing to attack. Apps can be copied with a single exe copy or run from USB. Ive been betting MS might see this as good especially for corporate users. The only problem Ive seen is with licensing/activation issues (which can by bypassed in the built portable app) and the trend for MS to use those hosts API as a lever to force an unwanted OS upgrade. Really portable apps are immune to such nonsense as you can bundle any needed API in the package.

What's the big security problem with XP?

[xxxJonBoyxxx]

Riley also fessed up that Microsoft cocked up XP from a security perspective. "We let you down with XP," he said.

What's the big security problem with XP? It installed by default with a firewall that denied inbound connections. It allowed people to easily give the kids and the wife non-admin access to a shared system. It automatically tells me when new security patches are available from Microsoft, and it always installs them without incident. It even complains (through a tray icon) when my virus-checker's images were getting out of date. I've been running the same XP system on my laptop now for about three years; I haven't had any spyware, viruses or worms yet, and the system still boots as fast as the day I got it. So...what's the beef with security?

Re:What's the big security problem with XP?

[clubhi]

Microsoft would love to say XP was a blunder. It would just help promote Vista...amirite??

Re:What's the big security problem with XP?

[twitter]

Vista is not selling, so XP must be killed. They do this with every OS, so you might as well imagine that it's 2011 and Win9 is out and they let you down with Vista.

Re:What's the big security problem with XP?

[Marcion]

That's right, the biggest competitor for Windows Vista is the 80% of the market running Windows XP.

Re:What's the big security problem with XP?

[IL-CSIXTY4]

It installed by default with a firewall that denied inbound connections.

My memory is a little fuzzy, but I don't think that was the case before SP2. Before then, if your computer was hooked up to the Internet, you could get a virus in the time it took to boot it the first time and install antivirus software. The XP firewall was disabled by default, allowing a DCOM bug to be exploited.

Re:What's the big security problem with XP?

[Blakey+Rat]

You're talking about Windows XP SP2, which was a huge leap forward for security. Before the service packs, XP was pretty bad, security-wise. It had a firewall, but it was disabled by default (IIRC). It didn't have any sort of monitoring of whether you were running a firewall/antivirus/antispyware program, that was added later.

So I guess the point is that Windows XP failed at security, and Service Pack 2 was Microsoft repairing some of the problems with the stock OS.

Re:What's the big security problem with XP?

...and Win9 is out and they let you down with Vista.

Yeah, but with Vista they actually have.

Re:What's the big security problem with XP?

[dedazo]

Anyone who reads that journal entry of yours should definitely pay attention to the first comment.

Re:What's the big security problem with XP?

[The+Bungi]

If you have an agenda and you're trying to push your own product, what's the best approach? To convince people that your competitor's products don't work. In this case, the constant hammering of that cute myth that people who use Windows are mired in a shitstorm of malware and trojans is very effective.

The problem with that approach of course is that it's self-defeating because for the vast majority of people who use Windows that simply is not true. So when people hear that they tend to wonder about your honesty and intent.

FUD, misinformation and lying is hardly something trademarked by Microsoft. They work both ways. The efforts by the "evangelists" and advocates have started to turn around and bite them more often than not. The Vista FUD campaign is an excellent example.

Re:What's the big security problem with XP?

[Kalriath]

Why the fuck is this modded insightful you idiots?

Twitter, get a real fucking source, not your bloody journal. Especially your journal with a page of comments telling you why it's all complete bullshit.

Re:What's the big security problem with XP?

[RzUpAnmsCwrds]

Incidentally, most of the security features in XP SP2 (Security Center, IE changes) were originally intended to be released with Vista.

Re:What's the big security problem with XP?

[rs232]

"What's the big security problem with XP? It installed by default with a firewall that denied inbound connections"

Click and install is what ... 'Storm Worm' Sweeps Into U.S.

sure... but..

...does WINE run on windows?

Hmmmm...

[JayTech]

I find this statement odd coming from a company which routinely propagates FUD to the general public...

WTF?

[nurb432]

Since when does a *software company* get to comment on global issues such as this? Are they trying to assume the role of the federal government now?

Don't we have a new rule in place that if you are 'in the way' of the war you get sent to jail? Can we send these idiots away now? I don't care if they are right or wrong, they are an American company and should support the country they owe their existence to..

Re:WTF?

[Mistah+Blue]

Last time I looked we have a First Amendment here in this country. It applies to companies as well. Questioning the governement's actions doesn't equate to dissing the country. Your comment on the new rule leads me to believe you are being tongue in cheek, but figured I'd be safer than sorry.

Re:WTF?

[Billosaur]

When they are a global software company that does business just about everywhere there is technology?

Re:WTF?

Maybe they're afraid computer security could be next on the war on terror's agenda. Imagine minimum computer security standards, mandatory security tests, quarantining of machine, etc. Microsoft could lose a lot.

Re:WTF?

[Blakey+Rat]

Questions like yours are nearly always the result of bad editing, or a moronic story submitter.

In this case, Microsoft didn't say anything about the war on terror. One Microsoft employee, however, did. That's very, very different from what the headline says.

Strong MS Windows is good for Linux

[athloi]

You need strong competition to spur you on to even greater things, and with the number of brilliant people they hire, it's not surprising that some truly great ideas come out of Redmond. I'm very relieved to see MS corporate culture is admitting the problems with security, caused by (as one poster here noted) the browser-OS integration that makes writing viruses so easy and fun. Maybe they'll learn from this with Vista, which when it is working will provide a full-on technological challenge to Linux with its new methods of handling screen fonts, data and threads.

Huh?

[MightyMartian]

SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised."

How is this very different from the VDMs that OS/2 used?

Re:Huh?

[Todd+Knarr]

Answer: it's not. MS is just now picking up on what you can do with the Virtual 8086 mode introduced on the 80386 and used to good advantage in OS/2. The idea goes back even further, IBM's been doing this with the Virtual Machine Monitor on their mainframes since forever. Of course, one of the prerequisites to doing it efficiently is that applications have to avoid mucking with the hardware directly and only use system or library calls to do things, otherwise you have to fully virtualize the hardware instead of just providing call emulation within the VM. This bumps up against things like DirectX which are designed around just the sort of low-level hardware-specific access you want to avoid.

The headline and article say different things.

[smitth1276]

Pretty self-explanatory. What is it with slashdot?

Hrm...

[DeepCerulean]

"intrusive" = interfering with M$'s bottom line

What's smart about a false choice?

[twitter]

He's giving a lecture called:

Making the Tradeoff: Be Secure or Get Work Done.

With reasonable design choices, I get both. With sftp and konqueror, I can transfer files without worry. With real user and process separation, I can do a lot of other things without fear. If he's forced to chose between security and convenience, his system offers neither.

Re:What's smart about a false choice?

[Macthorpe]

With sftp Available on Windows.

and konqueror Or Internet Explorer 7.

With real user and process separation Also available on Windows.

Re:What's smart about a false choice?

[Thrip]

With real user and process separation Also available on Windows. I cry bullshit on that. I used to hear for a long time "So many people say Windows is insecure, but they run as Administrator all the time. They should run as an unprivileged user." And that sounded reasonable, so I pretty much believed it. So the next time I had to use Windows, I made an unprivileged account, and discovered that the restrictions placed on unprivileged users are so arbitrary and absurd that it's essentially impossible to work that way. You can't even change your own file associations. I had to keep logging in and out of my user and admin accounts all day to get anything done.

Maybe things have improved in Vista, but the user separation on Windows XP seems to be designed to drive you insane.

Re:What's smart about a false choice?

you do know that you can run processes as different user without logging out yes? well obviously no.

and i can't see why this is worse than using su or any other of those weird processes just to get root priviliges for simple tasks. you should probably get the facts straight before complaining. just because you're not able to operate it doesn't mean it can't do what you need (or have to do on other OSes)

Re:What's smart about a false choice?

[Macthorpe]

I had to keep logging in and out of my user and admin accounts all day to get anything done. Then you really don't know enough to comment, unfortunately. Look up a little something called "Run As..." and get back to us, will you?

Re:What's smart about a false choice?

[Thrip]

Me: The tasks requiring privilege are arbitrary and I have to "log on" (i.e., put in my administrator password) too much.
You: You don't know enough to comment! You can use "Run As..." to cut the arbitrary password BS in half!

Sorry, still not sold.

Re:What's smart about a false choice?

[Macthorpe]

Fair enough, though you did quote something I didn't say.

Re:What's smart about a false choice?

[Macthorpe]

Slashdot ate half my comment. Also:

I had to keep logging in and out of my user and admin accounts all day to get anything done. then

The tasks requiring privilege are arbitrary and I have to "log on" (i.e., put in my administrator password) too much. You've changed your story halfway through here. Which is it, because plainly my original answer solves your original problem but not your new complaint.

Re:What's smart about a false choice?

This is how Vista works. Administrators in Vista launch everything by default as an unprivileged (aka standard) user. If the exe reports that it really needs administrator rights then by default it'll ask if you really want to run it. If you don't want to always fail or never prompt, its configurable.

Re:What's smart about a false choice?

I cry bullshit on that. I used to hear for a long time "So many people say Windows is insecure, but they run as Administrator all the time. They should run as an unprivileged user." And that sounded reasonable, so I pretty much believed it. So the next time I had to use Windows, I made an unprivileged account, and discovered that the restrictions placed on unprivileged users are so arbitrary and absurd that it's essentially impossible to work that way

I cry bullshit on that.

There are hundreds of thousands of people using unpriveleged user accounts every single day. That's how things run in the enterprise, kid.

Just because you don't know how to use Windows doesn't mean it can't do something. Take a few classes, learn what you are talking about. The people who complain the loudest about Windows are the ones who know the least about it.

You can't even change your own file associations.

Of course you can't. Are you stupid? Do you know how much trouble an unpriveleged user can cause by screwing with file associations? Not to mention how easy it would be to circumvent any kind of security restriction. If you have the policy limiting what .exe files they can run, they could just invent their own file extension, and associate it with explorer.exe or cmd.exe.

Try taking a security class, kid.

You can't even change your own file associations. I had to keep logging in and out of my user and admin accounts all day to get anything done.

Right click, select "Run As...", and enter the information about which user account you want it to run under.

Learn how to use Windows: it really helps out when you, ya know, use Windows.

Maybe things have improved in Vista, but the user separation on Windows XP seems to be designed to drive you insane.

Nope, it works the same, which is to say it's always worked fine. Your problem lies between the chair and the keyboard.

Re:What's smart about a false choice?

Right-click on a file. Select "Open With|Choose Program...". Choose a program and click "Always use the selected program to open this kind of file". No admin account required.

Right-click on a file. Select "Properties". Click the "Change..." button. Again, no admin account required.

This is XP. Were you running in a corporate environment where the admins had locked everything down? That's not Windows' fault.

Re:What's smart about a false choice?

[Thrip]

That's why I said your solution cuts the password problem in half. If I use "Run As..." (which I did not know about, so thanks for the information), I don't have to log off, but I still have to enter my admin password repeatedly (which is about equivalent effort to "logging on"). I'm not trying to change the story, just highlight the relevant part. In your initial response, you ignored the most important part of my complaint: that the Windows privilege system seems arbitrary and interferes far too much with a user who's just trying to go about their daily business. By contrast, I very rarely resort to sudo or su on my desktop at home (though I do use sudo a lot on machines where my function is basically administration).

So yeah, maybe people who are more familiar with Windows know ways to make it more livable, but I work with a lot of serious hardcore Windows vets, and they all use admin accounts as their main logon. By contrast, only one guy here regularly gets a root shell on unix (and the rest of us strongly disapprove).

Re:What's smart about a false choice?

[whoever57]

There are hundreds of thousands of people using unpriveleged user accounts every single day. That's how things run in the enterprise, kid.

Hundreds of thousands is a tiny fraction of the Windows userbase.

Are you stupid? Do you know how much trouble an unpriveleged user can cause by screwing with file associations? Not to mention how easy it would be to circumvent any kind of security restriction. If you have the policy limiting what .exe files they can run, they could just invent their own file extension, and associate it with explorer.exe or cmd.exe.

Only on a system with poor security is this a problem. Who cares what program I run if I am running with limited privileges? As log as I don't change any other user's associations, there is no security implication. If for security reasons you have to limit .exe's that the user can run, then you have deeper problems.

You have not addressed:

Quickbooks -- try running that as a limited user. Arguably the OS does not provide the features necessary to have this run as anything other than administrator

On XP Home -- try using a new wireless network as a limited user.

Re:What's smart about a false choice?

[_Sprocket_]

With sftp Available on Windows.

and konqueror Or Internet Explorer 7. So I can fire up IE7 (or Windows Explorer) and point it at "sftp://my.example.com/" and start up a SFTP session, handling SSH keys, etc. and transfer my files through a secure SFTP session? I was poking around looking for a reference to this and I'm not finding it anywhere. The closest I've gotten is a hint of IE7 supporting FTP over SSL (which would be FTPS).

Re:What's smart about a false choice?

Quickbooks -- try running that as a limited user. Arguably the OS does not provide the features necessary to have this run as anything other than administrator

My turn to call bullshit.

The rest of the software world has figured out how to write incredibly complex and cool Windows applications without requiring Administrator rights. Quicken is too [dumb | lazy | cheap] to get their shit together and fix their misuse of APIs that J. Random Shareware-Developer gets right.

Re:What's smart about a false choice?

[Rudeboy777]

su is weird now?

Re:What's smart about a false choice?

[Thrip]

There are hundreds of thousands of people using unpriveleged user accounts every single day. That's how things run in the enterprise, kid. Sure, just as millions of people use ATMs every day without having any reason to install new software on them. But it should have been clear that my post was about my experience trying to use a computer for what I use it for. Which is not data entry in some cube at a Fortune 500.

Just because you don't know how to use Windows doesn't mean it can't do something. I never claimed there was anything it can't do. I pointed out that it makes it unnecessarily difficult and annoying to do some things.

Take a few classes, learn what you are talking about. The people who complain the loudest about Windows are the ones who know the least about it. I'm no Windows expert, but I definitely am not among those who "know least about it." I've never taken a class on using an operating system -- the whole concept strikes me as bizarre -- if I need a class to use an operating system, there is something seriously wrong with that operating system.

Are you stupid? No, by anyone's standard.

Do you know how much trouble an unpriveleged user can cause by screwing with file associations? Exactly none, unless your operating system is drastically flawed. A file association is merely a way to invoke a program. It should only work if a user already has the right to invoke that program. Therefore, it should be impossible that changing a file association could cause any serious trouble.

Not to mention how easy it would be to circumvent any kind of security restriction. If you have the policy limiting what .exe files they can run, they could just invent their own file extension, and associate it with explorer.exe or cmd.exe. This makes no sense whatsoever. Any policy designed to restrict a user from invoking an executable should work no matter how the user tries to invoke it. If this is not the case, you have bigger problems.

Try taking a security class, kid. You seem to have a lot of faith in classes. Try working in the industry for a while, kid.

Right click, select "Run As...", and enter the information about which user account you want it to run under. Learn how to use Windows: it really helps out when you, ya know, use Windows. As I pointed out elsewhere in this thread, this cuts the inane bullshit necessary to change your file extensions by half. 50% of bullshit is still bullshit. Others have pointed out how inadequate Run As is for other tasks.

Your problem lies between the chair and the keyboard. I don't have a problem. I have used Windows with an admin account for many years and have never had a virus or any other type of privilege-related problem that I'm aware of. I just like to do things as safely and securely as possible, and therefore tried out the Windows unprivileged user. As I said in my OP, I found it unusable.

Re:What's smart about a false choice?

[ScrewMaster]

Maybe things have improved in Vista, but the user separation on Windows XP seems to be designed to drive you insane.

Naturally, because if you're insane you won't see any problem buying the next version of Windows.

Re:What's smart about a false choice?

[w0lo]

First off, how often do you edit file associations? And you don't HAVE to be admin, you can edit HKEY_CURRENT_USER\software\classes by hand, it's just not exposed by the explorer gui (I understand it was removed/changed in vista)

NOT virtualization

[ianare]

from TFA

To understand how SoftGrid works, imagine that Office 2003 is running on the original PC, and Office 2007 is running in its own copy of Windows. However in Softgrid, there isn't actually another copy of Windows -- the application is running on the original copy of Windows, but some software called "SystemGuard" is keeping absolutely all the Office 2007 settings separate from the rest of the system. So, you can now run software that would normally run on the OS. Wow, incredible. M$, what would we do without you?
It's just a sandbox for apps, not virtualization.

And the hard reality is that....

[3seas]

.... its all just words to try and get people to buy Microsofts next product...

Impact of Technology

"In comparison to the Nazis these modern day terrorists are like flies trying to stare down a tank. I don't know whether to laugh or cry why we even take them so seriously."

This statement completely ignores the fact that as technology advances, the ability for one person to kill more and more people as time goes on also greatly increases. You should take the double-edged sword of technology and it's empowerment seriously -- Einstein sure as hell did. Though that speaks little towards the actual specifics of what to do about it.

Re:Impact of Technology

[richieb]

This statement completely ignores the fact that as technology advances, the ability for one person to kill more and more people as time goes on also greatly increases.

Correct. Which is why it would more useful to spend money on controlling proliferation of nuclear materials instead of making people take their shoes off when getting on airplanes.

Re:Impact of Technology

"Which is why it would more useful to spend money on controlling proliferation of nuclear materials instead of making people take their shoes off when getting on airplanes."

Which is really no different than the "duck-and-cover" grade school drills during the Cold-War era. We've never known how to deal with these problems (and never will) as they are intractable.
Being intractable, certain solutions are only implemented for the sole purpose of preventing the entire society devolving into abject nihilism.

Security or Convenience

[twitter]

I love that false choice. If you have to chose between the two, you don't have either.

Re:Security or Convenience

[Vancorps]

Sorry, but did you just say you can have something be both secure and convenient? I'd love to see an implementation like that because it's never been done in the history of all things.

Now security and functionality can be achieved but make no mistake, security is not convenient, always has, and always will take a lot of work to maintain both in the physical world and in the electronic one.

Look at smart card authentication, convenient right? Now someone can steal your card and gain access to all things you can gain access. Want to double up your challenges and use a pin in addition to smart card? Now they have something to memorize which is inconvenient and downright difficult for some people. Plus they have to remember to bring their smart card wherever they need to use it.

Finger print authentication? Won't get into the problems with that. Retina scanning? Now you're getting expensive, but it's exciting, secure, and convenient! Never mind the privacy concerns or accessibility problems.

Re:Security or Convenience

[lymond01]

Sorry, but did you just say you can have something be both secure and convenient? I'd love to see an implementation like that because it's never been done in the history of all things.

Not so fast. When was the last time you locked the bathroom door?

Re:Security or Convenience

[Kintar1900]

Not so fast. When was the last time you locked the bathroom door?

Are you kidding? Just look over/under the stall, or kick the door in. Bathrooms have more security holes than swiss cheese! That's why I only use open-source bathrooms so I can install my own stalls and locking mechanisms...

Re:Security or Convenience

[geekinaseat]

Sorry, but did you just say you can have something be both secure and convenient? I'd love to see an implementation like that because it's never been done in the history of all things.

Well the latch on my bathroom door is both secure and convenient... so I'm gonna have to disagree with you there :)

Re:Security or Convenience

[darkwind_2427]

Sorry, but did you just say you can have something be both secure and convenient? I'd love to see an implementation like that because it's never been done in the history of all things.

What about OpenBSD? Pretty secure and *very* convenient.

Re:Security or Convenience

[Vancorps]

That's convenience? What if you're dropping a log and need medical help. Now they gotta bust through your nice fancy door. Nevermind the fact that a robber could easily break into the stall and do bad things to you while you're on the crapper. That doesn't sound very convenient to me.

Convenience and security have always been trade-offs. The more secure you make things the less convenient they become. So yes, your bathroom door like might be convenient but it is not very secure.

Re:Security or Convenience

[nuzak]

Look at smart card authentication, convenient right? Now someone can steal your card and gain access to all things you can gain access. Want to double up your challenges and use a pin in addition to smart card? Now they have something to memorize which is inconvenient and downright difficult for some people. Plus they have to remember to bring their smart card wherever they need to use it.

The point is that they work together. A PIN alone is a joke, a smartcard alone is too easy to steal. Together, with a limited number of tries on the PIN, you have pretty good security. Of course it doesn't help how many people keep their PIN in their wallets.

Re:Security or Convenience

[skeeto]

I have never locked a bathroom door. If you really have a need to lock the bathroom door you should be looking for some new roommates.

"We let you down with XP"

[Chris+Mattern]

But now we have something *new* that fixes all those problems! Really! So hand us more money, now!

Chris Mattern

MS copies from Apple again

[Jimithing+DMB]

This SoftGrid thing looks interesting but I'm guessing the foundation for it is more accurately termed an application sandbox rather than virtualization. Well, guess what, Leopard includes a new sandbox function.

XP a "problem" to promote Vista.

[xxxJonBoyxxx]

I think that's possible. They mentioned Vista's built-in firewall (which in XP didn't allow fine control over outbound connections) as something they wished they did better.

Only one way to tell.

[twitter]

Microsoft didn't issue a press release, one guy voiced his opinion.

If they fire him, they disagreed.

Re:Only one way to tell.

[smitth1276]

That's absurd. Any employee who says something that doesn't necessarily reflect the "official" view of the company should be fired?

Re:Only one way to tell.

[twitter]

Any employee who says something that doesn't necessarily reflect the "official" view of the company should be fired?

No, but that's how M$ works

Re:Only one way to tell.

He'll probably respond to you with the link to the guy who was fired for taking photos of packing shipments entering the building, claiming it's a free speech issue of some kind.

This is despite the fact that the guy in question admitted (on /. no less) that he was in the wrong.

Re:Only one way to tell.

[The+Bungi]

No, but that's how M$ works

Really, that's how "M$" works? It's interesting, because the guy that got fired penned this blog entry, where he says:

Yes -- I made a mistake

This has been pointed out many times, sometimes more politely than others. My posting of a photo taken at the Microsoft campus was (most likely) a breach of contract.

... Who's to blame?

In the end -- me. I really don't blame Microsoft for their actions. By my best guess, they saw me as breaking the rules -- whether those rules were a "no cameras" clause, an NDA, or something entirely different -- and decided that rather than give me a second chance and run the risk of me doing something similar in the future, it would be better to just cut me loose before I could do any more damage.

This is from the guy's blog, who unlike you doesn't see fit to use what any other large company in the planet would have done to further their puerile "M$ is teh evilz LOLOL" agenda.

So the next time you feel the need to use this as a standard "I hate M$ let me tell you why" bullet point, perhaps you'd like to stop and think for a second about how "big dumb companies" work. You know, in the real world. Anyone with half a brain can probably see through that misrepresentation of the facts, like most of your other "arguments".

Re:Only one way to tell.

[Kalriath]

Ironic that you predicted that.

Where did you learn Telepathy? I failed it at my school, they weren't so good at teaching it.

The cold war never ended...

...if you consider that most of these radicalized muslims we are fighting now were our creations and proxies fighting against the Soviets. This is just more blow back in our historic global meddling.

Virtualised applications = sandboxing

[Big+Nothing]

There already exist Windows software for virtualising applications; these are called sandboxing applications. Sandboxie is a great example. Sandboxie is gratis, but you are encouraged to register/pay. Only drawback with Sandboxie is that it isn't Open Source - although I seriously doubt that "SoftGrid" will be Open Source either...

Take security out of the politicians hands

[Enrique1218]

I live in Baltimore. The murder rate is going over 300 for this year. The biggest threat to me is that robber armed to the teeth getting ready to hold me up. I don't look up in the sky dreading that terrorist who going to hijack a plane and fly it into my house. Yet, my elected officials think that the terrorist is my biggest concern and voted to expand the Patriot Act to include warantless wiretapping. Gee, thanks guys. I feel safer. If people thinks the "war on terror" is overblown is obvious, then I think we need to explain that to the politicians. They don't have a clue.

JUDAS!!

[ObsessiveMathsFreak]

No more Pork for you!!

I disagree completely.

[iknownuttin]

Yes, but, at the risk of stating the obvious, there's a big difference between dying in an car accident and being killed by someone who blows up a train.

How? In both instances you're dead. It just differs to the people who see it on the news. If we saw someone everyday on the news dieing from cancer or heart disease or a traffic fatality; which according to the odds is the way we will die, we all would have a much different perspective about the risks from terrorism. And I don't know about you, but spending months in the hospital dieing from cancer (very painful so I'm told) scares me much more than dieing instantly in a terrorist attack. The media is completely distorting risk in people's minds.

You may as well console someone who gets mugged by saying "well, you know, people accidentally lose money every day."

Being mugged is having money forcibly taken away and it's not losing money. So, of course you couldn't console someone that way. Perhaps you meant "People are robbed everyday, so don't take it so hard." ?

Re:I disagree completely.

[EvanED]

Being mugged is having money forcibly taken away and it's not losing money.

Um, what?

You could say the same thing about the death thing. "Being killed is having your money forcibly taken away, not losing your life by accident." There's a bit of a difference because there are things that you can do to reduce your chance of losing money, but that just reduces the kinds of deaths we can consider to ones where the person had a say. Such as being reckless, driving while not paying attention, deaths from smoking, some cases of cardiac arrest, etc.

I'm going to stay silent on the merits and demerits of the getting killed vs. accidental death thing, but you are being somewhat inconsistent.

Not Overblown

[rossz]

Calling the Islamic Terrorist threat overblown is burying one's head in the sand. Just yesterday alone:

8/7/07 ( Gaza, Pal. Auth. ) - Two Gaza children, ages 6 and 8, are killed by a rocket fired at Israel by a Palestinian Islamic group.
8/7/07 ( Yala, Thailand ) - A man is murdered and his body burned by Islamic separatists.
8/7/07 ( Pattani, Thailand ) - A roadside bombing by Muslim radicals leaves two Thai soldiers dead.
8/7/07 ( Banadir, Somalia ) - A mother and her 11-year-old daughter are killed when Islamists detonate a roadside bomb.
8/6/07 ( Pulwama, India ) - A civilian is abducted four days earlier and murdered by the Mujahideen.
8/6/07 ( Yala, Thailand ) - Muslim terrorists gun down a 61-year-old civilian on his way home.

One week of terrorist attacks (July 28 to August 3):

Jihad Attacks: 64
Dead Bodies: 354
Critically Injured: 514

And for the month of July:

Jihad Attacks: 322
Countries: 17
Dead Bodies: 2211
Critically Injured: 2674

These killings have been going on for years and are getting worse. The stated objective of the Islamic Terrorists is the total subjugation of all western society. It's a holy war, but we didn't start it. Just as we didn't start the Crusades (read your history). These are not the actions of a religion of peace. These are the actions of evil, murdering fucktards who consider mercy a weakness. They don't have any problems murdering women and children. Any action is justified if it's for "Allah".

I say to the Muslim world, get your fucking world in order and deal with these bastards before western society wakes up. Because when we do wake up and realize what the hell is going on, we are going to terminate you with extreme prejudice and we won't be making any distinction between extremist and moderates (especially since moderates don't seem to exist).

I expect this to be moderated down as flamebait. Some people don't wish to face reality.

Re:Not Overblown

[mooingyak]

Our vehicles are out to get us. They are plotting against us and are even willing to sacrifice themselves to kill a few of us. Calling the sentient automobile threat overblown is burying one's head in the sand.

In the US alone, a week will on average contain:

Sentient Vehicle Attacks: 115,000
Dead Bodies: 788
Critically Injured: Lots

And for a whole month:
Sentient Vehicle Attacks: 500,000
Dead Bodies: 3400
Critically Injured: Lots * 4.3

These killings have been going on for years and are getting worse. The stated objective of the Sentient Vehicles is the total subjugation of the human race. It's a holy war, but we didn't start it. These are not the actions of a simple transportation machine. These are the actions of evil, murdering fucktards who consider mercy a weakness. They don't have any problems murdering women and children.

For the curious, I got my numbers from FARS and some car accident site. Neither one has 2007 data, and even though the charts show steady progression, I used rough estimate numbers that were probably a little bit low 10 years ago, so if anything the threat from these monstrosities is even worse than the picture I've painted.

Re:Not Overblown

[rossz]

When the cars are intelligent and purposely target people, especially women and children, then you can make your argument. Until then, go fuck yourself.

Re:Not Overblown

[mooingyak]

Lacking the flexibility to fuck myself, I'll have to resort to responding instead. Otherwise you might get the wrong impression about what my silence means.

When you strip out the accidental vs deliberate from the equation, we're still stuck with the fact the deaths due to terrorism, while not insignificant, pale beside deaths caused by some other things.

Yet those other things receive nowhere near the attention and funding to prevent that terrorism does. That to me makes the threat overblown. Don't confuse 'overblown' with non-existent. It just gets more attention than it merits.

Re:Not Overblown

[serenity2b]

It isn't about the death toll. no really...

Stop and think.

Some "Evil foreign government" strolls into your country and shoots a bunch of people, kicks out the govt and puts a new one in it's place.

There will be people who agree, and support it, there will be people who disagree, and complain. There will be guys with guns and home made bombs trying to kill the invaders.

Do the math, it isn't about muslims, it could be the purple monkey country, they are still gonna be very angry purple monkeys if we invade.

Utter BS

I agree with parent, especially if your browser scripts are off. What they're actually doing is just down-playing the security of XP so they can get a few more people to move to Vista. They're actually playing to the fears of people afraid for their safety.

Future Shock. Re:Let you down with XP

[twitter]

It's just part of Microsofts standard strategy... Release new operating system, try and make the old one look bad.

The solution is to live in the future, not the past. That way you always know that the current version of Windoze is easy to 0wn, rather than mistakenly believing what they told you about the last version.

Softgrid is not a virtual OS with embedded apps

I work for a medium-large sized healthcare organization and we use it to deliver the majority of our 500+ applications. It's not perfect, but we can package about 80+ percent of our apps using Softgrid. Complex licensing models and drivers tend to break it though (think phone-home registrations and VPN software).

Some good sence from Redmond

[billsf]

Anyone who goes for this "War on Terror" crap needs help. I guess some MS employees aren't that stupid. I don't see them making that much difference in ending such a non-productive idea as a false war. Still my opinion has raised a bit. As far as any new technology in the suggested reading, we've been using it for years. Somehow Microsoft can't admit they have fallen behind, but they certainly drop many hints.

If I had the burden of MS, I'd sell off every division except 'Office' and maybe the re-branded hardware. Microsoft cannot make a true 64bit OS and more importantly, they've never turned a profit on anything but Office and perhaps mice. If it doesn't make a profit: Sell it!

XP is probably the best Win32 system since W2000 it may be slow, hard to use and full of bugs, but bashing it internally is only admitting to the failure Vista is. This is confirmed by their own statement another 'OS' is in the works. Perhaps if they 'opened it up', they'd make their code more understandable. I'd also hope they would remove those sometimes nasty and often irrelevant comments. The amount of BSD code is astounding, nothing wrong with that, just make it better.

i agree with M$?

[darth_linux]

if they made you agree with M$, the terrorists have won. (end sarcasm)

Re:Future Shock. Re:Let you down with XP

Yet, hackers have been '0wn'ing *nix systems since before Linus was a gleam in his fathers eye. Your point being?

The terrorists have already won ...

[seyyah]

because I just found myself agreeing with Microsoft ...

Re:The terrorists have already won ...

[pjr.cc]

Actually, i decided to fall on the other side so that I wouldnt be forced to agree with MS.. im now very strictly pro-bush and i now see terrorists everywhere...

Whats that hotline phone number again?

The paranoia is setting in...

Seriously though, if MS are saying it, i believe theres a bargaining chip behind it.

Tiny Sliver of Hope

[rossz]

People might get the wrong impression that I think all Muslims are murdering terrorists. Not so. There a lots of them who find the actions of the extremists repugnant. The problem is we rarely, if ever, here from them. Print a comic "insulting Mohammad" and there is rioting in the streets. An Islamic extremist murders a bunch of children and the silence is deafening. This MUST change.

Re:Tiny Sliver of Hope

There have been some marches and demonstations by muslims protesting against terrorism in the UK.
About 1700 Muslims did one in Glasgow after that car was set on fire at the airport.
There have been others too, some against draconion anti terror laws.

You don't hear about them because they are peaceful marches and not very exciting news.
There is also a Muslim lead campaign called 'not in our name' in the UK
http://news.bbc.co.uk/1/hi/england/london/6275772. stm

The protests against the comic were orchestrated and planned by a few people, they were not a genuine reaction or representative.

choking death = terrorism

are you saying more people die from choking each year than from terror attacks? Hm...sounds like a new kind of bio-weapon may be responsible...maybe they aren't accidents at all...

Re:choking death = terrorism

[Xtravar]

Dear Nannystate,

Please ban the sale and manufacture of foods larger than 1 centimeter in size. We could die!

Thanks,
The United Sheep of America

P.S.: This is urgent!! People are dying as we discuss this!

Err, softgrid?

[Bert64]

Softgrid? Is it little more than a chroot?

Re:Err, softgrid?

[ospirata]

I guess it's just the old chroot, with a brand-new name. Pretty much like "containers technology" at Solaris 10 ...

Ostriches!

[jmorris42]

> You hit the nail right on the damned head, and so many people are so pathetic at math and are afraid of stupid things noone can
> seem to change our course of paranoid overreaction.

No, you want desperately to believe we still live in a world where we aren't at war with Radical Islam. Some of us have seen it coming since the fall of the Shah of Iran and nasty events that happened afterwards. More still understood it by the time of their first attempt on the WTC. Only an idiot could fail to take the hint after 9/11.

Just because we have incredible LUCK doesn't mean we don't have enemies. 9/11 could have easily had a bodycount 5-10 times what happened. We got lucky. Much like the collapse last week of the I35W bridge. Rush hour traffic, including a packed school bus and it all goes splat into the Mississipi river. Single digit bodycount so far. Luck. Give praise to whatever higher being you prefer when it happens but if you expect yer invisible friend to make it happen like that every time you are eventually going to get the piss shocked out of ya. After all, God helps those who help themselves.

But forget all that, 9/11 wasn't about the bodycount. The point of terrorism isn't to KILL, it is to TERRORIZE and 9/11 succeeded beyond UBL's wildest deranged dreams. Be thankful we had a Republican President AND Congress who had the balls to ram a tax cut over the wails of the Dems or the economic shock would likely have thrown us into a full scale depression. If the same number had died in some horrible accident it would have had little effect on the country at large.

That is the difference. We can withstand accidents and natural disasters. We learn from them, our engineers build to avoid the same thing in the future and we go on. But intentional acts of War aimed at random have the potential to end our Civilization. The are only two ways to deal with that threat, end it at the source or become a Security/Police State. As a sane person I of course prefer ending it at the source.

> but it shows without a doubt that "all terrorists are muslim" is such a load of horse shit, and the most of the major
> terrorist attacks up until recently were in fact not muslim at all

Not really. Since the end of the IRA name one major terrorist organization that isn't composed of adherents to the "Religion of Peace"? Ok, lets pretend you aren't a total loss and you could think of a couple of regional ones like the Tamil Tigers or Shining Path. Now name one playing on the world stage and/or launching attacks into the 1st World. (i.e. anything the US need worry about) Name one major terrorist attack, successful or unsuccessful, in the last decade that didn't involve the Religion of Peace. It is hard enough to name an attack of any scale that didn't involve someone named after their "Pedophile Prophet".

Not all Muslims are terrorists, but damned near all terrorists ARE Muslim. And most of the non-terrorist Muslims are either afraid of the terrorists are agree with them to a degree, only lacking the personal courage to join the Jihad or agreeing with their goals but disliking their methods. It's a serious problem. We had better face it head on and find a better way of dealing with it than the default answer we will end up being left with if we don't. Because in the end, Ann Coulter's "Invade their countries, kill their leaders and convert them to Christanity" would WORK and if we get panicked into it by a few more successful attacks we will probably do it. We would regret it a generation or two later but ask the Native Americans how much that regret that worked out in tangible benefits.

And now back ontopic.

It figures that the Corporation most identified with cluelessness regarding security would be the first to retreat into a pre 9/11 mindset. Me, I'm more "Mad Eye Moody" in my outlook towards security. Constant Vigilence!

It isn't paranoia when they ARE out to get ya. The only sphere where Microsoft should be addressing security i

Re:Ostriches!

> Name one major terrorist attack, successful or unsuccessful, in the last decade that didn't involve the Religion of Peace.
> It is hard enough to name an attack of any scale that didn't involve someone named after their "Pedophile Prophet".

how about the war against iraq? that was not a religious inspired terrorist attack but solely money, oil and power. and don't give me that freedom, weapons of mass destruction, war against terrorism propaganda bullshit i ain't american so you'd need to come up with something more than fake and wrong reports from the CIA, pentagon or whatever weirdo organization over there smokes pot and invents reasons for war.

Re:Ostriches!

[Kintanon]

There are no terrorists in the United States of America. They are not actively attempting to blow anything up in this country. How do I know?
1. Hurricane Katrina:
During the aftermath of Hurricane Katrina ALL of our resources were tied up. National Guard, Coast Guard, fire and rescue from all over the country. EVERYONE was dealing with that. If there was EVER a time that we were vulnerable to terrorist attacks, that was it.
2. Terrorism is Easy:
Groups of 3-4 people dropping pipe bombs in mall trashcans around the country would strike more terror into the average citizens heart than 9/11 did. The idea that *I* personally might die if I go to the mall would affect me much more than the idea that if I had been standing 1000 miles away from where I live I would be dead.
3. No suicide bombers:
Every other country plagued by radical islamic terrorists sees a suicide bomber EVERY SINGLE DAY. We have yet to see even one. I know for a fact that it isn't THAT hard to get enough explosives to blow yourself and a small cafe to smithereens.

So, no terrorists. If you want to worry about someone worry about the fascist leaning elements in our own government.

Re:Ostriches!

[mhall119]

No, you want desperately to believe we still live in a world where we aren't at war with Radical Islam. We're at war with Radical Islam like we're at war with illegal drugs. We are told we have to do something, so we end up throwing a lot of time and money making the problem worse, because we never really understood what we were trying to fight in the first place.

Some of us have seen it coming since the fall of the Shah of Iran and nasty events that happened afterwards. Yeah, because that had nothing to do with the Shah being a despot who tortured and killed political dissidents. Or the fact that the same Prime Minister who suggested he leave Iran for his own safety brought Ayatollah Khomeini back to Iran and let him setup his own government to replace the monarchy. Surely it was all just because of Radical Islam.

Be thankful we had a Republican President AND Congress who had the balls to ram a tax cut over the wails of the Dems Yes, thankfully our leaders had the courage to use a horrific national tragedy to push through policies they had been advocating since their campaign. 9/11 was terrible, but it didn't really change any of the factors that govern the health of our economy, except perhaps investor confidence. And I don't think tax cuts really did anything to change investor confidence about future terrorist attacks, it's not like tax cuts make another attack less likely.

But intentional acts of War aimed at random have the potential to end our Civilization. You can only end a civilization if you replace it with another with the capitulation of the inhabitants, or kill everyone in it. Since terrorists don't try for the former, and are incapable of the latter, I don't think we're in any danger of them ending Western Civilization. Bombs can only kill people, not civilizations.

Since the end of the IRA name one major terrorist organization that isn't composed of adherents to the "Religion of Peace"? Ok, lets pretend you aren't a total loss and you could think of a couple of regional ones like the Tamil Tigers or Shining Path. Now name one playing on the world stage and/or launching attacks into the 1st World. (i.e. anything the US need worry about) What religions don't consider themselves the "Religion of Peace"? Also, name one major terrorist organization (Muslim or otherwise) playing on the world state and/or launching attacks into the 1st world that is not Al Qaeda. It's not really saying much that _all_ of them are Muslim when there is only _one_ of them total. It's kind of like saying that _all_ nuclear attacks have been carried out by Christians against non-Christians.

Because in the end, Ann Coulter's "Invade their countries, kill their leaders and convert them to Christanity" would WORK Firstly, quoting Ann Coulter, let alone saying she is right, kills almost any chance you had of being taken seriously as an intellectual. Secondly, western civilizations have tried that before, it didn't work out so well for us, and I see no reason why it would work out any better now. It's not their leaders that make them terrorists, nor is it Islam that makes them terrorists. Removing either or both will not change anything.

It figures that the Corporation most identified with cluelessness regarding security would be the first to retreat into a pre 9/11 mindset. Me, I'm more "Mad Eye Moody" in my outlook towards security. Constant Vigilence! Whatever chance you had left of being taken seriously after quoting Ann Coulter is completely removed by referencing Harry Potter. Please try to keep your comments reality-based.

Application Virtualization "softgrid"

[tji]

After reading the blurb on this, it sounds an awful lot like "Solaris Zones" -- which is similar to BSD Jails or OpenVZ on Linux.

It's a kernel level partitioning of resources, to create virtualized hosts with low overhead. They all use the same kernel (so you couldn't have Linux/Windows/Mac virtual machines), but each system/app is unaware of the others.

That way, you can have two virtual instances, each running Apache, but with different/conflicting middleware below it -- and no worries about them crapping on one another.

The example they give in the article is being able to run Office 2003 and Office 2007 on the same machine. The concept behind it is cool. But, doesn't that example illustrate a lot of what is wrong with Windows -- they need an all new virtualization technology just to install two versions of Office on your PC?!?

Funny...

[Geek+of+Tech]

Has anyone else noticed that "Microsoft Says 'War On Terror' is Overblown" came 36 minutes after "Storm Worm Rising."

They say that timing is everything...

Obvious? M$ blaming GWB for their own failures?

Microsoft security sucked and sucked bad long before there even was a "War on Terror". Blaming that for their shitty security performance is stupid. Almost as stupid as the Slashsheep who are lapping up the Koolaid because it panders to their ignorance and Bush Derangement Syndrome.

Basically, he's saying Microsoft has failed at security because the War on Terror has caused the government to actually have security standards for computers, and those standards are too high for Microsoft to meet.

And the Slashsheep are cheering him on. :-P

Um, yay Microsoft???

[FlyByPC]

I'm no fan of Micro$oft, but I do commend them for stating the obvious -- and very eloquently, at that. This is basically the modern business world take on Benjamin Franklin's quote about how those who would give up liberty for security deserve neither. Specifically, security (from an economic standpoint) is all about cost reduction. Every risk and threat can be expressed as a potential cost. When the costs associated with preventing a risk are higher than the costs of the risks themselves, the cure is worse than the disease.

With all this Security Theater, we've managed to go from having nearly the entire world on our side (9/11/01) to being the neighborhood bully. It's time we started acting more like the great democratic (and free-market) society that we're supposed to be.

Yeah, yeah, I know. -1:Flamebait. But M$ has a good point for once, and they deserve to be praised for it.

Microsoft trying to wriggle out of blame again

[Animats]

Sounds like Microsoft is expecting some flak over their insecure operating systems. Probably related to those millions of Windows systems pwnd by .. somebody, and available for launching attacks.

There's a current worry in the security community that somebody is building up assets of pwnd systems. Somebody is acquiring the capability to do something big. But who, or why, isn't known. The assets being accumulated are more than a spammer needs.

not new

Lots of UNIX systems use per-application virtualization; OLPC security, for example, is built on it. It's also closely related to capabilities systems.

I can't believe Microsoft agrees w/ me on somethin

Just this morning I made this comment in reply to someone's response to the "Internet is not dangerous anymore" slashdot thread:

The "internet is dangerous!!!!" is like "We must give up our liberty because of teh terrorism!!!!" Do the math: less than 3,000 dead in America this century from Muslim terrorists, while there are half a million from heart attacks and another half million from cancer, and forty thousand from auto accidents every single year! I'd say that Homeland Security money would be better spent on a few guard rails, and maybe if we can outlaw smoking something that slows lung cancer we can outlaw something that causes it? Or at least legalize the one that slows it so the cigarette smokers can legally... oh hell, never mind. This is mainstream media, law and government we're talking about. Logic, reason, and sanity should have nothing to do with the debate.

WTF? Microsoft agreeing with ME? Did I slip into a dimentional warp and get tossed into an alternate universe or something? Wow, maybe I might actually get laid...

-mcgrew

The difference

"How? In both instances you're dead."

Accidents, diseases, etc., will always take lives; death is inevitable; murder (and mass-murder) is not.

It differs because of the power involved. How much time / effort / cost was spent during the Cold War because a handful of people could kill millions with the press of one button?

There's a morality play on stage every night on the news; warning signs about what happens with the double-edged sword that is technology and individual empowerment.

Road accidents, cancer, etc. have no political agenda to push, they have no morality to pursue, they have no psychosis to feed, nor a death wish to pursue.

It is not solely about you and you alone; it's about us as a whole.

cocked up?

[DriveDog]

Isn't denigrating your own previous products to sell more of the current considered a very poor sales approach?

First off, consider the source (not Microsoft)

[JRHelgeson]

This is not an official release or opinion from Microsoft, per se. This is the opinion of Steve Riley who, in my opinion, has a tenuous grasp on security to begin with. That the "War on Terror" is overblown: in what sense? That is a pretty broad statement. I do not believe that we will ever see a "Cyber Jihad" because the worst I've ever seen come out of the Salafi Jihadists is flaming posts on message boards. Piss those guys off and they'll type in all-caps then figure out a way to blow themselves up.

Does this mean we ignore software security? Uh, no.

I started questioning Steve Riley's advise when he stated that explaining that ROI == economics in information security. While easily confused by some, economics is quite different than accounting. Now, perhaps I can see the difference because I've been studying the issue with colleagues that have PhD's in economics. Nevertheless, this tells me that he is not an expert in these issues and has not studied them.

SoftGrid 1/2 decade behind Linux VM

[wdnspoon]

After reading the description of the SoftGrid technology, I can see why people who have no exposure to basic Linux architecture might think this is new and exciting. Because of how Windows is fundamentally designed, apps need to be run on a desktop. Linux as been able to do this elegantly since VMs started running images of Linux w/ X11. With the client/server model of X, you start a VM, then just run applications in your VM on your local X display.

Just perfect

[HangingChad]

The endless security measures imposed on society as a result of the "war on terror" have become overblown and intrusive, according to Microsoft Redmond senior security analyst Steve Riley.

I agree with Microsoft on something. Great, just perfect. Now I have to get ready for the 4 horsemen, a rain of fire and the end of time.

On the plus side that means I won't have to mow this week.

Re:Just perfect

[RespekMyAthorati]

But your cat and dog will get married.

Softgrid is not new.

[lazyforker]

Softgrid's been around for at least a couple of years (as Softricity's Softgrid). M$FT acquired the company and is rolling the product into the "Desktop Optimization Pack".

We implemented Softgrid in our company a few years ago - works like a charm. It's wonderful for those awful apps that are extremely sensitive to .dll or OS version levels or cannot play nicely with other apps. It is also a great solution for a Citrix environment - apps are deployed quickly and they are not natively installed on the servers.
http://www.microsoft.com/presspass/press/2006/jul0 6/07-17SoftricityPR.mspx

There are competing products (Altiris SVS for example) but Softgrid was our preference.

BTW I have no financial or other connection with any of the companies I've mentioned.

I remember...

[DrEnter]

I remember SoftGrid from the first time I saw it... 20 years ago when it was called X Window.

Run As ...

[SpaceLifeForm]

I don't see that under 'Start'.

Re:Run As ...

[Macthorpe]

Wow, you are absolutely hilarious.

Re:Run As ...

[thewils]

It's there, you just have to look for it.

Right-click a program icon after you click 'Start'. 'Run as...' is in the context list.

Re:Run As ...

[another_fanboy]

In the command prompt, type "runas /user:username program".

Well, rather than spend? U CAN DO SOMETHING:

You MIGHT be right (I can see that from MS "business perspective on it", but you truly CAN secure Windows, & to such a level, even *NIX folks I challenged could not beat it)... read on, I guarantee, you'll be GLAD YOU DID (especially if you use what is in this post, from another URL I authored, on how to do so)):

"They say this now, when there is Vista to buy. It's just part of Microsofts standard strategy... Release new operating system, try and make the old one look bad." - by chatgris (735079) on Wednesday August 08, @12:18PM (#20157973)

Per my subject-line/title above, & your quoted response? No problem, take a peek @ the URL below, & exercise its suggestions:

APK 12 step program for securing Windows NT-based OS of modern varieties (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=f34 39c6a16f6f140e10d4d6d191c34e0&p=375355#post375355

Do what's in that URL?

And, w/in 1-2 hours of your time, you'll have YEARS of uptime, more speed, & stability, AND BE FAR MORE SECURE ONLINE!

Proof?? See this photo from the multiplatform test, CIS Tool, by THE CENTER FOR INTERNET SECURITY for my resulting score of 84.735/100 possible (default setups scores on say, XP? Will be WAY lower):

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

That's as HIGH a score as I can achieve, & STILL be able to go "online" & do what's needed, & NOT get "bugged/hacked/cracked", &, IT WORKS!

How well?

Well, so much so, that everytime I have challenged the various users of various "flavors" of *NIX here @ /., they "ran", or evaded the test with b.s. (why not take it? I am fairly CERTAIN many did but did NOT like the results they saw, & that their systems were not as "(insert *NIX variant here) is more secure than Windows" was proven WRONG):

http://slashdot.org/comments.pl?sid=254685&cid=199 85487
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695

What that blog tells me.

[twitter]

Rude dude, The Bungi, points to the employee's complete and utter submission to being fired for taking a photograph that offended His Gateness. He then goes on to call me a "half brain" and other names. Here's what I see in that blog:

I made a mistake This has been pointed out many times, sometimes more politely than others.

People were rude to him for what he did. You might not have a problem with that, but I do.

Microsoft ... decided ... to just cut me loose before I could do any more damage.

Only a person who works for M$ would consider telling the truth to be "damage". You might be OK with the way he was treated, but I think it sucks. I brought up the point to show what happens to people who violate M$'s PR. Your advocacy of such bad behavior only goes to prove what I said is true.

The man seems to have recovered from the vicious smearing he got for his entirely innocent actions. Most people like him and he seems to have gotten back enough self esteem to be critical of M$. It's also a sign that he's no longer afraid of them, so we might imagine he's got himself a nice job away from the asshole's reach.

Re:What that blog tells me.

[smitth1276]

Only a person who works for M$ would consider telling the truth to be "damage". Now we all know that you are young, inexperienced, and haven't worked in the real work. "No camera" rules are quite common at large companies... we have one where I work, in fact. Corporate espionage and IP protection are taken very seriously in the real world, where things actually matter--and especially where security concerns are integral to the company's business. The guy who was fired for breaking a very simple-to-follow no cameras rule has absolutely no relevance to the story we are discussing. He wasn't fired for voicing some opinion upon which Microsoft had not even commented, he was fired for breaking a rule.

Re:What that blog tells me.

[The+Bungi]

People were rude to him for what he did

No flocktard, they fired his ass for contravening corporate policy, just like they would have fired him at any other company in the planet. Ignorance of the law (or the policy) is no excuse.

Only a person who works for M$ would consider telling the truth to be "damage".

And what is "the truth"? That Microsoft buys Apple machines? Holy mother of god, they have a whole Macintosh software division, I'd think maybe that's the reason. You are as usual digging for shit where there is none.

I brought up the point to show what happens to people who violate M$'s PR. Your advocacy of such bad behavior only goes to prove what I said is true.

You brought up the point because you like to misconstrue and twist those types of things to your advantage. There is nothing here that even remotely relates to any "PR", and my "advocacy" is limited to pointing out you are full of shit.

The man seems to have recovered from the vicious smearing

You mean he got another job where he decided following corporate policy was probably good. I fail to see where he was "viciously smeared", so maybe you'd like to point that out for me?

entirely innocent actions.

I don't doubt they were innocent, but that is irrelevant.

By the way, phrases like "the truth", "vicious smearing", "innocent actions" are super good for getting modded up, but I'm sure intelligent people can see that you're not very good at masking the fact that you have absolutely nothing here other your usual zealot desire to pin everything on evil conspiracies and bad tricksies by Microsoft. Let's dissasemble the last paragraph here, cuz it's a doozy:

Most people like him and he seems to have gotten back enough self esteem to be critical of M$. It's also a sign that he's no longer afraid of them, so we might imagine he's got himself a nice job away from the asshole's reach.

• Most people like him - Irrelevant to say the least, but it sure looks good for the mods, doesn't it?
• he seems to have gotten back enough self esteem - I don't see where he lost it, or why. He fucked up and he was fired. He can be all the critical he wants, that doesn't change what happened or why it happened.
• a nice job away from the asshole's reach - The twitter piece de resistance is the poor little victim finding the strength to run away from the evil "asshole". Aw, shucks.

I've been gone for months and the first thing I run into when I load up Slashbork is your usual crap FUD, lies and deficient prose in prosecution of "Micro$haft Windoze". You truly are a great asset of the free software community, but I'm sure I don't have to mention that yet again since I see other people point that out to you quite often.

Re:I can't believe Microsoft agrees w/ me on somet

[Duffy13]

While I agree with you in principle, all but the auto accidents could be attributed to "choice". Not necessarily all cases, but a good portion of them could/are. As for smoking...you could make a brand called 'Cancer Sticks', make the package black with a skull and crossbones on them with the warning 'you will die' and people will still buy them.

(Kudos if you recall where I got that from.)

Re:XP isn't that bad: DO THIS? XP = GOOD!

"It's mainly the tight integration of the browser with the OS that is/was an issue. Don't use IE and don't run executables from unknown sources and 95% of the security issues go away. SP2 is actually a pretty decent OS." - by b0s0z0ku (752509) on Wednesday August 08, @12:13PM (#20157893)

Want to make more "security issues", go away, in 12 easy steps (and, I think you'll find this article below FAR MORE COMPREHENSIVE in that URL below, than most any you've SEEN online in 1 spot for securing a Windows OS, especially online NOWADAYS):

Per my subject-line/title above, & your quoted response? No problem, take a peek @ the URL below, & exercise its suggestions:

APK 12 step program for securing Windows NT-based OS of modern varieties (2000/XP/Server 2003/VISTA):

http://forums.techpowerup.com/showthread.php?s=f34 39c6a16f6f140e10d4d6d191c34e0&p=375355#post375355

Do what's in that URL?

And, w/in 1-2 hours of your time, you'll have YEARS of uptime, more speed, & stability, AND BE FAR MORE SECURE ONLINE!

Proof?? See this photo from the multiplatform test, CIS Tool, by THE CENTER FOR INTERNET SECURITY for my resulting score of 84.735/100 possible (default setups scores on say, XP? Will be WAY lower):

http://img.techpowerup.org/070618/APK14SecurityPoi ntsCISToolResult84735.jpg

That's as HIGH a score as I can achieve, & STILL be able to go "online" & do what's needed, & NOT get "bugged/hacked/cracked", &, IT WORKS!

How well?

Well, so much so, that everytime I have challenged the various users of various "flavors" of *NIX here @ /., they "ran", or evaded the test with b.s. (why not take it? I am fairly CERTAIN many did but did NOT like the results they saw, & that their systems were not as "(insert *NIX variant here) is more secure than Windows" was proven WRONG):

http://slashdot.org/comments.pl?sid=254685&cid=199 85487
http://it.slashdot.org/comments.pl?sid=240571&cid= 19630923
http://slashdot.org/comments.pl?sid=240283&cid=196 31141
http://linux.slashdot.org/comments.pl?sid=240501&c id=19630965
http://it.slashdot.org/comments.pl?sid=241957&cid= 19662703
http://it.slashdot.org/comments.pl?sid=241913&cid= 19662485
http://bsd.slashdot.org/comments.pl?sid=238993&cid =19578849
http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
http://it.slashdot.org/comments.pl?sid=243071&cid= 19691091
http://slashdot.org/comments.pl?sid=240283&cid=196 22485
http://it.slashdot.org/comments.pl?sid=244821&cid= 19736881
http://it.slashdot.org/comments.pl?sid=245695&cid=

So in the long view...

[HiggsBison]

They say this now, when there is Vista to buy. It's just part of Microsoft's standard strategy... Release new operating system, try and make the old one look bad.

So in the long view, all of Microsoft's operating systems have sucked blue whale, and Microsoft themselves have said as much.

Who has to do the work and where it shows up.

[twitter]

Now security and functionality can be achieved but make no mistake, security is not convenient, always has, and always will take a lot of work to maintain both in the physical world and in the electronic one. [several false analogies follow]

Like liberty, security is always easier than the alternative. A free and secure system works for me rather than the other way around.

With software, however, it's the programmer that has to put forth the effort, not the user and these don't have to turn up in the interface. When programmers share that effort, like they do with free software, the individual's work load is greatly reduced. It takes me less effort to use a nice free browser on a free system than it does for me to repair an insecure non free system because it's browser has gaping problems.

The kind of "security" M$ has to offer is little more than inconvenience designed to make the user think everything is their fault.

Re:Who has to do the work and where it shows up.

[h2_plus_O]

The kind of "security" M$ has to offer is little more than inconvenience designed to make the user think everything is their fault.

It is their fault, isn't it? It's their box, they chose it, they did whatever they did that resulted in being owned, why the fsck does anybody care about avoiding blame?

Re:Who has to do the work and where it shows up.

[inKubus]

new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS.

Isn't this Java? I mean, individual applications running on a virtual machine? Duh?

Re:Who has to do the work and where it shows up.

Like liberty, security is always easier than the alternative. Friend, I hate to be the one to tell you but you're compeltely full of shit. Liberty is a better outcome than the alternative - but not easier to achieve. Security is the better outcome than the alternative - but not easier to achieve.

 

A free and secure system works for me rather than the other way around. Same for everyone. Free != Convenient, and Secure != Convenient (which is what the previous post was about) so your point is quite irrelevent.

 

With software, however, it's the programmer that has to put forth the effort, not the user and these don't have to turn up in the interface. You're showing your ignorance of everything security related. A secure app requires an architect that can make a good threat model to mitigate architectural risks, a programmer that understands secure coding practices, a test team that knows how to test for exploits, a compiler that makes use of the latest security measures, code-analyzers that can examine code for banned APIs and known insecure coding patterns. And security issues absolutely do affect interfaces. Two simple examples -- the greying out (and disabling) of the entire desktop when you get a graphical sudo prompt on Linux or a UAC prompt on Vista. What's happening here is other apps are not permitted to send events to the UAC prompt or sudo prompt -- to prevent an attack. There are many, many more examples but its pointless to tell you since you're too stupid (or unwilling) to see reason about anything.

 

When programmers share that effort, like they do with free software, the individual's work load is greatly reduced. Again - this shows your complete lack of knowledge about security. Its the responsibility of much more than the programmer. And the vast majority of programmers (OSS or proprietary) are not familiar with secure coding practices. Further, even proprietary s/w development is a team sport. Programmers sharing effort. The individual's work load is greatly reduced. Dumbass.

 

It takes me less effort to use a nice free browser on a free system than it does for me to repair an insecure non free system because it's browser has gaping problems. I think you've pretty much demonstrated that you don't even know when you're secure and when you're not. And to claim that you can repair IE is well, cute, given the complete lack of security expertise you demonstrate.

 

The kind of "security" M$ has to offer is little more than inconvenience designed to make the user think everything is their fault. Nobody (MS/Apple/Linux/anyone) will claim that thier s/w is 100% secure. Anybody who does that doesn't know what the hell they are talking about. But for you to make statements like that, given your staggering ignorance is just dumb.

Re:Who has to do the work and where it shows up.

[NickFortune]

The kind of "security" M$ has to offer is little more than inconvenience designed to make the user think everything is their fault.

It is their fault, isn't it? It's their box, they chose it, they did whatever they did that resulted in being owned, why the fsck does anybody care about avoiding blame?

I think he meant "...designed to make the user think everything is the user's own fault".

A bit like the new Vista security. They have to realise that something as intrusive as that is going to get turned off pretty damn quick on most people's machines. Buy as an exercise in CYA, it's fantastic. Any security flaw is now the fault of ignorant users turning off the security, just like any software error is the result of bad device drivers. Nothing is ever going to be Microsoft's fault, ever again.

And oddly enough, I think I agree with them on that one, even if I'd phrase it a bit differently: if you're using Microsoft software, you've only yourself to blame :)

Put the word out!

I think every shop assistant when seeing a customer attempting to buy Vista should go "You are about to shell out money for Windows Vista. Allow or Deny?"

Virtualised application

[jaweekes]

Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS. Think Virtual PC or VMware, but instead of virtualising an OS, just a single application is virtualised.

Back in January I was at a VMWare User Conference and the main speaker talked about how VMWare was working with Oracle and other software vendors to do this very thing. Their take was to have a VMWare server running enterprise apps without the guest OS, which would speed up the host by not having the OS overhead. I gather that the apps have very basic drivers to handle video, network and such (if needed) with not much else, and because they will run on VMWare the drivers will be a minimal standard. I haven't seen anything official about this yet but I gather it is on it's way.

Re:I can't believe Microsoft agrees w/ me on somet

The terrorism is a 'choice' just as well. The choice of supporting Israel without criticism, to suppress the Palestines, to interfere in countries that have a different culture and are not waiting for someone to bring them "democrazy" etc etc is all a choice. A choice that has terrorism as a result.

SystemGuard = Windows idea of Solaris Containers?

[GuyverDH]

From the little I read, it reads as though they took Solaris's container idea and monkeyed with Windows until it worked as close to it as possible.

...in related news...

[AriesGeek]

The great Dr. Yamulka of Kazhakstan Ministry of Health has concluded that women have-a the brain the size of-a squirrel brain. (paraphrased from Borat, don't downmod me for being sexist)

in other words...

wha???

Altiris does this too...

I think I even read the article here on slashdot, Altiris SVS. It will virtualize any program you want, it basically records the installation process, and instead of putting everything where the installer wants it to go, it wraps everything up in its own package/layer. When the layer is turned on, the program is installed and operates as though it were natively installed. Disable the layer, however, and it is as though the program never was installed. Re-installing is also nearly instantaneaus.

This means if you have a program installed, and want to try out a new version of the same program, you can simply disable the old version, install the new version as a new layer, and switch between the two at will. Also, if a program is causing problems, you can uninstall it instantly, and if it really wasn't that program causing the problems, reinstall it just as fast. It's a great little program.

Leave it to the experts

[tweak4]

If anyone would know about "overblown and intrusive security measures", it would be Microsoft... Activation and WGA anybody?

Re:Obvious? M$ blaming GWB for their own failures?

Slashsheep?

Is that supposed to be witty? I bet you use the word "sheeple" as well.

If I use the word "Asshat" can you guess who I would be refering to?

No, OP is correct

[brunes69]

"Run As" is no solution at all. It is the Windows version of sudo, which is fine for things that SHOULD REQUIRE admin access.

But why should I require admin access to change file associations? Or to install a print driver?

"Run As" is just a crutch around poor design.

Re:No, OP is correct

[Macthorpe]

And sudo isn't? A lot of Linux driver installs required root. Has this changed in the last year or so since I last checked up on it?

Re:No, OP is correct

[itchy92]

Because both (can) have system-level implications.

File associations can be maliciously modified to exploit security vulnerabilities. Print drivers can be kernel-mode, giving "arbitrary" code low-level access.

Re:No, OP is correct

[Grishnakh]

I call BS on this.

First, print drivers have no reason to be kernel-mode. None whatsoever. Printers are either connected through ethernet (the proper way), or USB (the cheap way). Either way, there's no reason for kernel-mode drivers; user-mode drivers can do all the work of formatting the data to be sent to the device. Notice that in Linux, all printer drivers are user-mode, and are usually actually called "filters", since they're just changing the data, not directly interacting with low-level hardware. Usually, all that needs to be done is convert the file to Postscript or PCL or some other printer control language.

However, the norm on Linux systems is that root sets up printers and printer drivers, because it's easier that way and makes more sense: the printer is a system-connected device, not one which each user should have to set up himself. So root sets up the printer with CUPS, and then users just have to select it and print to it.

As for file associations, there's no reason for this to be inaccessible by users. If I want to open .jpg images with "mirage" instead of "kview" by default, why should I not be able to set that? This is an issue purely about user preferences, just like what I want my screen saver and desktop background to be. How would "security vulnerabilities" have anything to do with this?

Re:No, OP is correct

[T-Ranger]

So you have reduced down all potentially bad ideas to a single mode? This is better, how?

Re:No, OP is correct

I'd like to point you in the direction of a virus called 'SirCam' back in the days of Win95 and the like.

This virus works by changing the file associations of your executable files to run via a hidden executable in your Recycle Bin called 'sirc32.exe'. It does this to infect each executable file run from your hard drive with a copy of itself so that if the recycle bin is emptied, any file that has already been infected that is run will replace it again. Thus it perpetuates throughout your entire system.

It has various other effects, but if admin access is denied to file associations, it stops dead straight away.

Re:No, OP is correct

[scuba0]

You can install a printer as a user, no probs. at all in Ubuntu.

Re:No, OP is correct

[quux4]

As for file associations, there's no reason for this to be inaccessible by users. If I want to open .jpg images with "mirage" instead of "kview" by default, why should I not be able to set that? This is an issue purely about user preferences, just like what I want my screen saver and desktop background to be. How would "security vulnerabilities" have anything to do with this?

Because (in Windows at least) the user is changing system-wide file associations, not just his own. So, if the next user doubleclicks on foo.doc and it is passed as an argument to filedeleter.exe (just to make up a hideous but possible example), that does have security and usability repercussions. Screensaver and desktop backround are per-user changes, so in that case it's not an issue. However the sysadmin should still have the ability to override user choice of screensaver/desktop backround, for whatever reasons the organization deems appropriate.

Re:No, OP is correct

[Grishnakh]

Well there's your problem right there. Why would file associations be system-wide instead of per-user? That's just idiotic.

If I want to use kpdf to open PDF files, that shouldn't affect other users who want to use evince (or heaven forbid, acrobat reader).

Re:No, OP is correct

[callmevinny]

> Well there's your problem right there. Why would file associations
> be system-wide instead of per-user? That's just idiotic.

Seems to be perfectly rational from Microsoft's point of view.
The only program you need for any given extension is the
latest version of the Microsoft supplied program. No need to
change those pesky associations at all! This may be a future
policy decision. You Heard It Here First!

Single app Virtualisation - copied from WINE

Do you mean WINE? WINE has be doing virtualisation of single applications for a while now? Is Microsoft capable doing any real innovation ever. Seems more like reverse engineer a program and make it fancier.

Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS

Apples to apples

[Valdrax]

Except, the immigrants of old, did not come to your country, and want to out and out destroy it and replace it with a theocracy.

Nah, you had to look at home grown movements for that sort of thing. Violent theocratic movements have long been a part of the American political landscape. Some were born that way like the modern Dominionist movement, and others were made that way through persecution like the LDS church's early days.

For the most part, though, it's worth mentioning that a desire to tear down American and replace it with a theocracy is extremely rare in immigrants and is no justification for actions taken against the immigrant population as a whole.

They also pretty much immigrated legally...

In those days, immigration was pretty much trivial. You got on a boat, and you did some paperwork when you got off. Immigration control didn't really start until after the Civil War (mostly as a means of protecting US workers' jobs from people who were willing to work for less). The Federal Government didn't really get deeply involved until 1891. Quotas didn't really start until after WWI to stop the flood of European refugees.

Back before that, anti-immigration sentiment was primarily expressed through discriminatory laws once you got here. Turning people away is a pretty recent thing in US history.

So, let's compare apples to apples here. Immigrants trying to imigrate today face legal barriers that their predecessors did not. Saying that they all immigrated legally is like saying that no one broke highway speed limits back in the early 19th century when there weren't cars.

Censored?

[Mike+Kelly]

WTF?

This particular section of Steve's presentation dealing with the War On Terror doesn't appear on the US-developed Tech.Ed DVDs -- it was censored and removed.

Why? We need an open discussion and censoring based on policy only illustrates an agenda that creates more questions.

XP is that bad, and so is everything else

[arevos]

The only reason XP seems passable, in terms of security, is because the bar is set so low. In general, modern operating system security is absolutely terrible. In fact, the concept of computer security barely even exists outside dedicated server systems. We accept it is both because we have become used to this state of affairs, and because good security is extremely difficult for a layperson to judge. If Microsoft says something is secure, how is the general public to know any different?

For instance, if a user executes an email attachment purporting to be a screensaver, we expect the operating system to be compromised. Why? Anything claiming to be screensaver should not be allowed to do anything but draw pictures on the screen. Goatse should be the worst it's capable of. And yet we live in a world where running a screensaver can root your machine, log your keys and mouse movements, and hand your bank account details to any script kiddie with two braincells. That's not just bad: it's absolutely god-awful.

Re:XP is that bad, and so is everything else

[Grishnakh]

I'm not sure I see why this is "god-awful".

Why should a screen-save be restricted to drawing pictures on the screen, for instance? What if you want a screen saver that performs useful computations and sends the data to SETI? If you start restricting classes of programs to certain actions, then you've suddenly eliminated what made computers so useful: programmability. Do you want a computer, or an appliance?

Even worse, how are you going to restrict every application to certain actions? Is the user supposed to configure the security settings for every single program he installs? That's asking a bit much, don't you think?

It seems to me that if we want to have general-purpose computers, which can be programmed to do just about anything, a certain lack of security goes along with that. If you don't like that, you need to get yourself an appliance instead: a computer programmed and locked-down so that it can only do one thing, like a router or NAT box, or a mediaPC. This device will come pre-programmed, and won't be modifiable to do anything else or anything differently. However, it'll kinda suck when you want to run some great new application that everyone else is using, and you can't because it's not built into your appliance; you'll have to buy a new appliance.

I think having a decent level of security is already possible, and it's already being done. Macs and Linux computers don't have any major problems with security. Also, many Windows machines don't seem to have any major security problems either, as long as you don't run IE or Outlook. My wife has a Windows XP laptop and I haven't seen any real problems at all with it, but she uses Firefox.

Re:XP is that bad, and so is everything else

"Why should a screen-save be restricted to drawing pictures on the screen, for instance?"

NT4.0 and Windows 2000 had a nice feature where a screen saver could launch a web browser over your locked screen session by hitting a certain hot key. Microsoft broke the feature in one of the service pack releases, but thankfully added it back in the subsequent service pack.

Re:XP is that bad, and so is everything else

[arevos]

Even worse, how are you going to restrict every application to certain actions? Is the user supposed to configure the security settings for every single program he installs? I think it's quite possible for an operating system to be both secure and simple to use. Let me outline a hypothetical desktop operating system that deals with security issues in perhaps a more sane and safe manner.

A user downloads an application from a website. Applications in this OS have metadata which states what access they require from the system. In this case, the application requires access to the screensaver graphics API, network access to send and receive data to setiathome.com, and localized disk storage space of no more than 10Mb. Further, each application is cryptographically signed; these signatures are vetted via a web of trust, with the OS set up by default to trusting several dedicated industry security groups, which in turn trust smaller groups, and so forth. Trust is relative, with some organisations trusted more than others.

The user sees this as a screensaver icon superimposed with network traffic arrows. When the user clicks on the icon to install it, they get a human-readable set of significant access categories: in this case, the OS tells the user that it will send and receive data over the internet to setiathome.com, and acts as a screensaver. The application has a reasonable security rating, and combined with its low access requirements, doesn't rate any OS intervention. The user has the option to install, or cancel.

Now consider a malicious hacker, who wishes creates a piece of malware that masquerades as a screensaver, but instead compromises the system and steals the user's financial data. The application requests access to the screensaver API for appearences sake, and requess access to send and receive data to settiathome.com, a fake domain registered by the hacker. This would be enough to fool the casual user, who may not notice the extra 't'.

Unfortunately, the hacker has a problem. His application is going to have a rather low security rating, as he can hardly get his app vetted by anyone who is considered respectable by the trust network. Further, he has to request access to log the user's keystrokes, and for his application to be run constantly in the background, rather than just when the screensaver timeout occurs. The very requirements that the hacker needs to do any damage, are the ones that the OS is never going to grant.

But what if he gets a little smarter? What if he's going a more direct route, sniffing the hard drive for any financial documents? His malware can masquerade as a text editor, which is a plausible excuse to require read and write access to general files. Unfortunately, whilst a text editor might be cleared for normal documents, it won't be for documents that contain sensitive or financial data. But maybe some application is poorly written, and saves financial documents with the wrong security settings. Even in such a case, the malware will be thwarted; text editors typically only need access to the OS's file chooser GUI. Unrestricted file access without user intervention isn't going to impress the OS.

In summary, the trick to good security is, I feel, extremely fine-grained access control combined with a scalable distributed trust network. There are some things in the open source world that approach this ideal, but nothing widely implemented or remotely user friendly. Security just doesn't sell at the moment, and with Windows setting the bar so low, there's little incentive for everyone else to improve.

I wonder why..

[Clete2]

I wonder why nobody else has ever thought of virtualization for only one process. That is an amazing idea. Do programs exist that can do this yet? In Linux? I hate to admit it, but Microsoft has a wonderful idea there.

Tomorrow's Headline...

[Myrkridian42]

Microsoft Employee Killed with Folding Chair

Suspect still at large.

Sandboxie ??

[heytal]

has anyone seen sandboxie ?
It is sort of virtualization of individual applications.

Try Googling the phrase "Confirmation Bias"

A first principle of information security is physical security.

At many corporations, and not just ones you get deranged over, pictures of the loading dock are at the top of a slippery slope to "casing the joint", and thus are prohibited.

If it was any other company, you'd consider it sound security policy. But since it's the one company on planet Earth that drives you batshit crazy at the mere sound of its name, you "blame the victim" for not standing on *your* soapbox.

WGA

[Sheik+Yerbouti]

WGA is pretty overblown and intrusive guess he missed that. Seriously I have been using MS stuff since 1991 and I am so done with there lame asses. They used to be customer focused when they were fighting big bad blue. Now they are far worse than big blue was. Total loss of customer focus. Trying to lock customers into bad license subscription deals. Treating all their customers as potential criminals EVERYTIME you download something from them. Vista promised a lot delivered little and is only incrementally better than XP. Basically a company that is so overgrown and bureaucratic that it takes a group of some 43 http://moishelettvin.blogspot.com/2006/11/windows- shutdown-crapfest.html people working together to munge the shutdown submenu on Vista. lame lame lame Screw Microsoft from an MCSE going back to NT 4.

I would like to see your sources

[SIIHP]

What is your source for this comment?

"Here in the US, in *most* (but not all) places, homosexuality is illegal. It's a technical matter that no one is ever prosecuted on, of course, but that doesn't make it legal -- there are sodomy laws all over the books here."

Because, despite the fact that you claim it as so, it is not so.

Those laws that you think make being homosexual illegal were declared unconstitutional. Four years ago.

http://www.cnn.com/2003/LAW/06/26/scotus.sodomy/

The rest of your post is just as ignorant, but the part about honor killing was especially grievous. Simply put, you don't know what the fuck you're talking about.

http://en.wikipedia.org/wiki/Honor_killings

A woman can be killed because she was raped, and in allowing herself to be raped, dishonored the family. It takes a a special kind of ignorant to equate that with capital punishment in the US.

Re:I would like to see your sources

[scribblej]

Those laws that you think make being homosexual illegal were declared unconstitutional. Four years ago.

That's good news!! Finally I can get the reaming I deserve!!

Oh wait, I guess you already took care of that for me.

9/11 was an inside and outside (Israel) job

The War on Terror is phony neo-con rabble rousing. These neo-con/zionist puppets do the bidding of Tel Aviv. Only Israel benefits from these endless Middle East wars. Iraq is the beginning. As we commit war-crimes in Baghdad, the US gov't commits treason at home by opening mail, eliminating habeas corpus, using the judiciary to steal private lands, banning books like America Deceived (book) from Amazon and Wikipedia, conducting warrantless wiretaps and engaging in illegal wars on behalf of AIPAC's 'money-men'. Soon, another US false-flag operation will occur (sinking of an Aircraft Carrier by Mossad) and the US will invade Iran.. Then we'll invade Syria, then Saudi Arabia, then Lebanon (again) then ....

Re:Virtualizing Applications (Altiris SVS)

[Red+Alastor]

Seconded, SVS is excellent. It enables you to cleanly uninstall anything it manages since it tracks where everything goes, to switch off apps as if they were never installed and to use applications which aren't compatible together easily (switch one off, turn on the other and reverse at will).

The download page says "120 days evaluation" but when you install it asks if it is for personal use and offers a free license.

I wouldn't install anything on XP anymore without it. I wonder how it works on Vista.

The Biggest Threat To The United States

is this spider-hole AND Congress.

already done

[suezz]

"Microsoft also showed a very interesting new desktop virtualisation technology called SoftGrid, which allows applications to be virtualised individually, rather than a whole OS."

redhat has already been doing this with xen so this is nothing new or anything they invented.

but of course we all know that if apple or microsoft didn't invent it it never existed before.

What would be really new...

[SanityInAnarchy]

There are actually designs that allow for running untrusted code in the same address space as everything else, even ring 0.

I believe they are old designs, but I would like to see a new implementation. I bet it'd be a lot faster than a modern OS.

But I do agree with you -- the modern operating system does virtualize, and it does so efficiently. I'd much rather stick with that than have a whole architecture emulated just to make absolutely sure an app doesn't do anything bad -- the only time I see a need for that is things like DOSbox, for apps which assumed they had the whole architecture to themselves.

Re:What would be really new...

[TheRaven64]

There are actually designs that allow for running untrusted code in the same address space as everything else, even ring 0. Take a look at JNode, which does this with Java, and Microsoft Singularity, which does the same thing as JNode, but a decade later and calls it 'new'.

Can You Go fish://ing From Windows?

[saudadelinux]

http://en.wikipedia.org/wiki/Files_transferrer_ove r_shell_protocol It's easy to drag and drop stuff within a domain in Windows. But how easy is it to do it across domains?

Pearl harbor?

[huckamania]

"In the United States roughly three times as many people are killed in gun accidents per year than at Pearl Harbor."

There, fixed it for you. The attack at Pearl Harbor has a lot of similarities to the 9/11 attack including the fact that there were other greater causes of death at the time it occurred.

I agree that there is no comparison between the Nazis and the current threat. What are a few million Nazis compared to the 100s of millions of Muslim extremists that either participate in terrorism or condone its use. At least a majority the German people were ashamed to find out what their former leaders were capable of and then renounced that behavior.

Name one right or liberty you had in the past that you no longer have. You can't, because your liberty has not been diminished one bit. It is all just rumor and hearsay and a claim on something that was never yours in the first place. Try to find annonymity or privacy in the constitution or bill of rights. Try to find a right to sedition.

It's a shame that you have to wait in line at the airport. Get over it.

Thank god for model trains...

[Ecuador]

Oh, so it is with XP that MS let us down?

Thank god for Vista then!

If Windows was any good, Softgrid would be unessar

[Laglorden]

Softgrid is hardly "new" and it's something Microsoft bought. I've seen it and used it on Citrix. Basically it maske program packages so you can run multiple versions for example of a application at the same time and deploy them easily.

If Windows was any good, without that stupid registry and dll-files Softgrid would be unessasary. If you would just put an application in one place and run it from there, it would be unesseary to vitulize the applications.

One funny thing, you can virtualize Firefox and run multiple versions of it, but you can't virtulize IE because it's tied to hard into the OS... so Microsoft can still learn some things about writing good Windows programs from the opensource community ;)

2K is better

[antdude]

I think Windows 2000 SP4 is even better. Not bloated, no DRM, fast, low requirements in today's systems, stable, etc.

Re:I can't believe Microsoft agrees w/ me on somet

[Duffy13]

Sigh, either you missed the point or I was not clear enough. Choice for one's self. I choose to eat that burger with enough grease to give me a heart attack, I choose to smoke even though it gives me cancer, those are personal choices against oneself, not against others. That was my point. The only moral reason to prevent others actions is if they impact someone besides themselves. All law and all moral systems are built around that simple premise. (Though ironically suicide is illegal in the US, still not too sure about that one.) The reason we interfere abroad is because whether you like it or not what happens elsewhere can have very real consequences here. While it's very easy to point fingers and tout conspiracy theories and over-simplify complex ideas, it is very hard to accurately predict the outcome of every global action, thus it is a good idea to try and stack the odds in your favor when possible.

OT: "Accidental" is the key word.

[Kadin2048]

Homicides and suicides (and 'legal interventions,' the polite term for police shootings) are not "accidental."

(Not sure if I'm misunderstanding your post though, in terms of who you're agreeing or disagreeing with.)

I saw him at TechEd Auckland last year.

[pschmied]

He was whining about the Symantec report showing that Vista's network stack had been vulnerable to classes of attacks that older TCP/IP stacks had long been fixed against. Afterward, I asked him why that sort of disclosure was so horribly irresponsible as he had asserted in his presentation. His reply was to ask me if I had kids? WTF? Basically he was trying to illustrate that it hurt Microsoft's feelings, and that ripping on Vista's early lackluster security was tantamount to insulting his children. Uh huh.

Overall, I wasn't that impressed by Steve Riley. He'd be a good gospel preacher. He's very charismatic. Unfortunately, I just wasn't impressed by the religion he was selling. Then again I tend to be more impressed by security scientists rather than security evangelists.

Not so surprising statement.

[miffo.swe]

In other words, Microsoft realise that an overall hightened security effort will also result in much higher demands on IT security. Especially in governmental situations. If anyone is really serious about security they wont use a system so plagued by virus, trojans and security issues no matter what security rating it has on paper. IRL it just has to be secure and not just in the latest sales material. I highly suspect Microsoft would be turned down much more often if security gets a higher significance.

Re:9/11 was an inside and outside (Israel) job

[some+old+guy]

Is tin foil on sale at the Dollar Store?

Seems simple to me.

[jd]

The US and UK Governments invest heavily on intelligence infrastructure, particularly as part of the SIGINT system which includes Australia, New Zealand and Canada. If they cut back now, they lose that investment and potentially lose that knowledge base.

On the flip-side, Microsoft is hardly an expert on security and the last thing they need is for customers to require it. It would totally devastate their market.

So although both sides make good points, neither side can afford to let people weigh them.

Driving to the bank in my karma

"Microsoft continues to go to the bank on the basis of "You CAN fool MOST of the people ALL of the time."

How much longer will this formula work for them?"

Answer: Forever. Refer to tobacco, drugs, alcohol, religion and the 9/11 Truther Movement.

Re:Your ignorance betrays you

[Grishnakh]

Shouldn't you be in high school class right now?

Come back when you learn English, kid.

instead of virtualising an OS....

Submitter shows he/she doesn't work in a data centre with Windows machines.... It's called Softricity. Or it was before MS bought them. It's good stuff; but it's definitely not new stuff.

Microsoft's Security Motto - Sort Of...

[misterhypno]

Insecurity Is Better Than NO Security ... Maybe...

'Nuff Said.

Mongols not to blame

Islam lost the lead in science when it was decided that looking for root causes was sacreligous. If an apple falls from a tree, it isn't gravity causing it to fall, it is the will of Allah. Saying otherwise is an affront to the prophet.

We should use this same logic. Invasion of Iraq, will of Allah. Nation of Israel, will of Allah. Nuking mecca, will of Allah, baby.

Not a lot of work?!?!

[IdahoEv]

>>Release new operating system, try and make the old one look bad.

Not a lot of work involved there.

Well, not with the second part anyway. First part took them quite a few years, IIRC.

Re:Not a lot of work?!?!

[Farmer+Tim]

Well, not with the second part anyway.

Exactly my point.

First part took them quite a few years, IIRC.

Time!=work. If it did, Vista would have all those improvements we were promised when Longhorn was announced.

Re:Not a lot of work?!?!

[IdahoEv]

Time!=work. If it did, Vista would have all those improvements we were promised when Longhorn was announced.

True, but also work!=results. It's still quite possible they worked their asses off, and in fact I suspect that's the case. I just suspect it was poorly planned and conceived and they wasted a few million coder-hours on stuff that got the axe in the end.

A bit like a certain project called Copland from another computer company I know...

Re:Not a lot of work?!?!

[Farmer+Tim]

A bit like a certain project called Copland from another computer company I know...

Copland, a completely new code base, was abandoned as too ambitious after two years. Vista is a continuation of the NT code base, took five years to deliver, and still didn't meet the targets set.

So in other words, Microsoft didn't learn anything from Apple's failings over a decade ago and can't match their current performance despite having vastly greater resources. Why am I still unimpressed?

Female circumcision != Male circumcision

[WarwickRyan]

Can't believe that anyone would be stupid enough to equate female circumcision to male circumcision.

Do you even know what function the clit fulfills?

Okay okay, I'm on slashdot, so most people probably don't have hands on experience. Those that do are probably female.

Without the clit, it's going to be real hard for a woman to reach orgasm. The worst side effect to male circumcision is that it makes your schlong more long.

Re:Female circumcision != Male circumcision

[scribblej]

Go back and read my post.

If you still don't get it, you can go to a medical textbook and look up the clitoris, and the clitoral hood, and see how they are closely related but not the same.

As I claimed in my post, female circumcision generally refers to the removal of the hood. As I claimed, that is absolutely analogous to removal of the foreskin.

I understand that the original post referred to "genital mutilation" which also includes the kinds of things you are talking about. But if you even glanced at my post it should be clear what I am talking about and that I am not equating it to complete removal of the clitoris.

Also it should be perfectly clear I'm against any such practices. If an adult decides to go out and get himself circumcised, that's all good. If someone else does it to him (even if it's when he's a child) that's not good at all.

The worst side effect to male circumcision is that it makes your schlong more long.

HAHAHAHAHAHAhahaha.... no.

Re:Female circumcision != Male circumcision

[WarwickRyan]

> As I claimed in my post, female circumcision generally refers to
> the removal of the hood. As I claimed, that is absolutely analogous
> to removal of the foreskin.

Not according to the WHO:

"Female genital mutilation (FGM), often referred to as 'female circumcision', comprises all procedures involving partial or total removal of the external female genitalia or other injury to the female genital organs whether for cultural, religious or other non-therapeutic reasons."

http://www.who.int/mediacentre/factsheets/fs241/en /

(I'd not recommend reading all of that, it's sickening).

Top google results return the same thing.

Also from Oxford university, which carries similar definitions to the WHO:

http://www.medsci.ox.ac.uk/gazette/previousissues/ 54vol1/Part2

> I understand that the original post referred to "genital mutilation"
> which also includes the kinds of things you are talking about. But
> if you even glanced at my post it should be clear what I am talking
> about and that I am not equating it to complete removal of the clitoris.

As I posted above, if the WHO says they're synonyms then it's a futile arguing anything different.

> Also it should be perfectly clear I'm against any such practices.
> If an adult decides to go out and get himself circumcised, that's
> all good. If someone else does it to him (even if it's when he's a child)
> that's not good at all.

Good, and I pretty much agree with that.

Re:Female circumcision != Male circumcision

"The worst side effect to male circumcision is that it makes your schlong more long."

That's just utter bullshit and you know it. Actually, your comment just proves that you're exactly on the same level as those who support female circumcision.

Re:I can't believe Microsoft agrees w/ me on somet

[PopeRatzo]

a brand called 'Cancer Sticks', make the package black with a skull and crossbones on them with the warning 'you will die'

Shit, I'd buy 'em right now. If they had double the nicotine, I'd buy stock in them.

"Softgrid" is Microsoft saying "Hey, we fucked up"

[argent]

Microsoft Windows has had critical problems from the start with the way applications are forced to work in a single flat namespace, making it unreasonably difficult to install multiple instances of an application on a single computer. That's what's really been driving virtualization... most of the problems virtualization solves have much simpler and more efficient solutions on UNIX... or virtually any other serious operating system.

Most of them are based simply on taking advantage of the hierarchical file system and the process hierarchy.

All a well behaved UNIX application needs to run isolated from its incompatible brothers is to inherit an environment from its parent that tells it where to find its configuration parameters and files. This can be as simple as running out of a particular directory or using an environment variable, or as complex as a "chroot" environment.

This has been standard in UNIX since it was created, and Microsoft knew about it... they had the most popular UNIX variant in the world in the early '80s, before they followed apple down the cul-de-sac by designing an OS around the GUI instead of making that simply another resource that the OS manages. Now, they're coming up with an inefficient solution that will let some small portion of their users get a fraction of the capabilities they would have had if they'd stuck with Xenix as their premier OS.

Yep, it's not easy to be secure on XP.

[freeze128]

The hardest thing to do as an unprivileged user is to change your monitor power settings. The effects of this setting is VERY visible to the user, and very annoying if it is not set correctly. It gets more annoying when you can't change the settings, because you don't have high enough privileges.
So, you log out, and then login as an administrator, make the change to the power settings, log off and then log back in as your unprivileged user only to find out that the changes that you just made as an administrator only affect the administrator's user profile.

Sigh.

OK, Logout, login as administrator, grant your unprivileged user rights so he can change the power settings, logout, login as your new super user, change the power settings, remove the privileges so you are an unprivileged user again, log out, and then login as the unprivileged user once again.

Thankfully, there are ways to deal with this.

You're an idiot.

[SIIHP]

"Can't believe that anyone would be stupid enough to equate female circumcision to male circumcision."

That's nothing, I can't believe anyone would be stupid enough to endorse elective surgery on an infant's genitalia at all.

"The worst side effect to male circumcision is that..." the surgery goes bad and you lose your penis.

Frankly, sir, you're an idiot.

Re:You're an idiot.

[WarwickRyan]

"The most common type of female genital mutilation is excision of the clitoris and the labia minora, accounting for up to 80% of all cases"

http://www.who.int/mediacentre/factsheets/fs241/en /

>"The worst side effect to male circumcision is that..." the surgery goes bad and you lose your penis.

The worst that could happen to you would be to bleed to death as the results of the surgery. However, that's as uncommon as loosing a penis to male circumcision.

In practical terms, male circumcision is both safe "risk in a competently performed medical circumcision is very low" (http://pediatrics.aappublications.org/cgi/reprint /105/1/S2/246) there are also some pretty major benefits according to recent research (http://www.who.int/mediacentre/news/statements/20 07/s04/en/index.html).

> Frankly, sir, you're an idiot.

SURE.

Re:You're an idiot.

[SIIHP]

"However, that's as uncommon as loosing a penis to male circumcision."

The fact that any male infant at all "looses" his penis to a completely unnecessary elective surgery is unacceptable.

By defending it you verified my initial impression about you.

Re:You're an idiot.

[WarwickRyan]

Except I'm not defending it. I'm putting it into perspective in comparison with the procedure done to females.

My stance on the issue is that unless there's a good medical reason for it, then any surgery is a bad idea. It should be the patient's decision as to whether to go ahead with it. Babies and children can't make that decision, ergo it's wrong.

However it is nothing like as evil as the female procedure. It's like comparing falling off of your bike and grazing a knee to driving your Ferrari Enzo headon into a brick wall at 160MPH.

Re:You're an idiot.

[SIIHP]

"Except I'm not defending it."

We saw your post. Don't tell us you weren't doing something when you obviously were, it's insulting.

Like calling you an idiot, except I'm right.

America is doing -great- in this regard!

[Chris+Burke]

Being a realist, I'm am perfectly willing to admit the many failings of America and the ways in which the U.S. could learn from the folks across the pond. But this is one case where both historically and currently we do a much better job than Europe.

We have had waves and waves of immigration that have changed our demographics entirely. While at first they try to isolate themselves in their own communities, and are largely ostracized by those already living in the country, it doesn't take very long for them to become largely assimilated. In a large part because of our attitude which is open to immigrants. We see our country as a land of opportunity and someone coming here to live is as much a vindication of that promise as it is a threat.

The result? While there are cases of poorly-integrated immigrants, and non-immigrants (or rather non-1st-generation immigrants) who hate the people coming over, to a large degree they are accepted, and by virtue of that acceptance the immigrants come to see this country as their home.

Quick: Give the name, nationality, and ostensible religion of the last even modestly successful domestic terrorist. Times up, it's Timothy McVeigh, U.S., and Roman Catholic.

The ones most likely to conduct what we might call "terrorism" or just hate-based extremist violence are the anti-immigrant racist groups and fringe militias which often amount to the same thing.

Europe, on the other hand, seems to take a harsher attitude towards their immigrants and keeping them distinct from "natives". France in particular seems to go out of their way to make sure that all the Muslim immigrants are aware that they Are Not French. And gee, the Muslim immigrants go "You're right, fuck France".

Immigration is not the problem. Intolerance is the problem. And just like with any such situation, it's when the native majority is intolerant of the immigrant minority that the big problems arise.

With immigration, we have too much of a good thing. Immigration is good, but only when it is limited to people who actually want to **abandon** their old culture in favor of the new one. Multiculturalism is bullshit. If you like the way it was done back home, then stay there.

It would be a fun exercise to try to list every cultural influence from immigrant populations in just the last couple hundred years that is now considered to be a normal part of American culture, but we've both got better things to do. Suffice to say that multiculturalism is the parent of new culture, and is how American culture became what it is today.

Immigration isn't good when the immigrant abandons their old culture. Immigration is good when the immigrants adapt their culture to the native one, which requires that the native culture be tolerant of the immigrant's culture. When they feel accepted, they will accept us, and end up becoming one of us.

Placing a great divide between us and them and saying "you are not welcome unless you leap this divide and abandon all you knew" is a great way to end up with France-like situations.

Where's the war on heart disease? On diabetes?

[StreetStealth]

I took a look at the most recent US NIH annual, curious as to just *how many* 9/11s worth of people had died in the past 6 years of preventable cardiopulmonary disease, respiratory disorders from smoking, type II diabetes... I forget the exact numbers, but it was just astounding. The numbers themselves, certainly, but the *proportion* to which my country is expending massive resources dealing with an amazingly minor threat, versus what they could be doing with those billions... It boggles the mind. Many times.

Softgrid

[PalmKiller]

Didn't OS/2 do that way back when?

Re:Softgrid

[whimmel]

It sure did. That's what made OS/2 "a better Windows than Windows"

SoftGrid? Wha?

[bussdriver]

Virtual machines per application?
So next they will want to save RAM and speed things up with pass-thru hooks like what is already done with the virtual network interfaces but taken to the next level... It seems like a bad progression towards an actually working OS... How about we get the OS to WORK with the memory protection and better manage abstracted hardware??

Am I the only one who sees virtual machines as a solution to problems that mostly shouldn't exist or at least not to the severity that one would seriously consider that a solution?

Re:SoftGrid? Wha?

SoftGrid sounds exactly like what I use WINE for--and is something WINE has let me do with Windows that Windows never has.
Of course WINE only works on non-windows systems though.

Re:SoftGrid? Wha?

[andrew404]

I believe SoftGrid has actually been around awhile. From what I remember SoftGrid is a product made by a company called Softricity that produced this product. Actually if you go to softricity.com it will redirect you to MS site so they probably did buy the product and/or company. SoftGrid was being used for Citrix and MS terminal Services to manage and share resources amongst instance of applications running through RDP and Citrix

Re:SoftGrid? Wha?

[noidentity]

I'm guessing the idea is that this extends the protected memory paradigm to persistent store (file system). It'd be nice to be able to easily run an untrusted program normally except with severe limitations on what parts of the file system it can access. I might only allow it to access its settings and files in a particular directory, for example. The same kind of per-program control would apply to any network resources; many programs wouldn't need any network access at all (they may want it, but tough luck).

Re:SoftGrid? Wha?

[jhol13]

Virtual machine is perhaps too extreme, but how about http://docs.freebsd.org/44doc/papers/jail/jail.htm l?

Translation

"We let you down with XP"

Translates to:

"Buy Vista"

Don't fall for it. There is nothing in either operating system that is actually secure, just varying degrees of appearing that way.

I was here for that

[marcushnk]

Steve's an interesting guy to listen to.
Worth the time to sit and listen to him.

Re:XP isn't that bad: DO THIS? XP = GOOD!

[raylu]

NOT A SINGLE *NIX USER, on various flavors of *NIX (including the oft touted 'super-secure' BSD variants OR SELinux) COULD SURPASS THAT SCORE, because not a 1 posted a score

And, no - benchmarks are "not everything", only gauges (what else do we have? If you can find a better, more comprehensive gauge than this one that is also multiplatform?? I'll give it a shot too, but to date? I have NOT been able to find a better one, than CIS Tool!

"I don't have the evidence, therefore I'm right." Or, to be fair to you, "I don't have any evidence to say that I'm wrong, therefore I'M RIGHT."

Deciding that you have an unbelievably safe system based on lack of challenge and an arbitrarily defined scale is...stupid.

You don't even understand what we're talking about when we say "Administrator." Yes, we're all aware that there's a (semi-)hidden account called "Administrator." No, that's not what we're talking about.

The obvious issue here is that this test is not "multiplatform" in the way you think it is. A score on your system is as comparable to a Linux system as the SAT is to the ACT. For crying out loud, there's even a MySQL benchmark; it's not even an OS.

they "ran", or evaded the test with b.s. (why not take it? I am fairly CERTAIN many did but did NOT like the results they saw, & that their systems were not as "(insert *NIX variant here) is more secure than Windows" was proven WRONG)

http://it.slashdot.org/comments.pl?sid=243071&cid= 19690705
Let's take a poke at the reply:

I believe I am feeding a troll here...... However using that tool cannot give you an apples to apples comparison of windows to any other OS. Your photo evidence shows a score for "Registry Permissions".... This is therefore a weighted mark, because some OS's do not include a registry, and thus cannot be scored on this basis.
...
This sort of test, can *only* score known vulnerabilities. The problem with security is the unknown vulnerabilities. Even if you have addressed 100% of known vulnerabilities, it only takes 1 to get cracked.

Which is what I said. It seems you have either ignored the post and are calling it BS (why not reply to it? I am fairly CERTAIN [why did you capitalize this word?] you did but did NOT like your total inability to come up with an answer because you were proven WRONG).

By the way, I noticed that, for the first two items, you passed 0/1 major service pack and hotfix requirements and passed 1/1 minor ones, earning you a score of 12.5/25.

And finally, it failed to run on my system. After pointing it to the location of my java.exe, it gave a NoClassDefFoundError. Besides, I'm running XP Home. http://members.cisecurity.org/kb/article.php?id=01 3

Software as a Service

[ardle]

Microsoft cannot reasonably presue individual end users for license fees by legal means. They have preferred to profit from bulk licensing and latterly patent cross-licensing. Collecting money from end users is expensive: a technological solution is preferable to legislation (which at best can only secure revenue within national boundaries).

Microsoft needs a way of delivering its products to end users in a way that guarantees them revenue; the best way is to own the software but an EULA doesn't provide enough guarantee and forced upgrading is expensive. They need a self-contained (so as to avoid lawsuits) way of delivering their software to multiple platforms: people won't just run them on PC's.

Microsoft will sell some of these devices, will have licensing/cross-licensing deals with the manufacturers of others. Even if they run Linux.

Reading comprehension

[jmorris42]

> Yeah, because that had nothing to do with the Shah being a despot who tortured
> and killed political dissidents.

No argument the Shah was a real piece of work by our standards but probably above average for the region. History will eventually decide whether Cold War "Realpolitik" justified propping him up. It was a different age. But before stamping 'villian' on him now consider this:

There is a substantial 'pro-western' minority in Iran almost three decades after the Shah fell and the mad mullahs took over anything 'western', dress culture, ideas, etc. Have you considered the possibility that those folks learned of us and were exposed to our ways under the Shah's rule? Exposed hard enough that after all these years the imprint hasn't wore off?

But more to today's discussion the fall of the Shah gave the Islamic Radicals their first nation state and the ability to put Sharia back into practice. All the other countries in the region were either Soviet client states who were more prone to Bathist (Islamic Socialism, an oxymoron) systems or just pure dictatorships. Our client states tended towards pure dictators, but our puppets at least paid lip service to human rights and some like the Shah actually encouraged things like women's rights and education, including sending large numbers of his subjects here for a western style education. Now you get to make the argument you seem to be implying that the Mad Mullahs were an improvement.

> Firstly, quoting Ann Coulter, let alone saying she is right, kills almost any chance you had
> of being taken seriously as an intellectual.

Reading is Fundamental people, and just learning the words isn't enough, ya have to move on to reading comprehension.

Try rereading what I actually said. I'm saying Ms. Coulter's rather extreme solution would WORK. And even worse that if we got hit really bad a couple more times we might get panicked/angry enough to actually do it. But it should have been pretty clear from this line right before that I didn't think it would be a very good idea long term:

> We had better face it head on and find a better way of dealing with it than the default answer
> we will end up being left with if we don't.

If a critical mass say "screw it, it's them or us and it ain't going to be us" we will do something mega violent. And yes we COULD do it and it would WORK. And the side effects would set up yet another problem a generation later. So we need to be find a better answer. Not sure what it is, not even sure there IS a better one, only that we really need to be working on the problem NOW instead of waiting until we run out of time to do anything other than be driven by events.

The problem is Islam is stuck in the dark ages. Christanity evolved (fundies would say became corrupted and debased but screw em) during the enlightenment because it had to, thus it became compatible with the key ideas underlying modern civilization. Islam didn't have that advantage. And as it exists today it is totally incompatible with our civilization. The radicals AREN'T the ones misinterpreting Islam. Their book has all the nasty bits in it that ours does, maybe more, we just choose to ignore the incompatible bits and they don't. So we are faced with four choices:

1. Surrender, Adopt Islam and Sharia law. Over my cold dead body.

2. Invade their countries, kill their leaders and convert them to Christianity. Seriously. Trying to yank em all the way to harmless Godless European Socialists probably wouldn't be possible. But just switching em to a different holy book probably would be given a willingness to use over the top mega violence. (That would probably destroy our civilization in the end, unintended consequences.....)

3. If you didn't like #2 you really won't like this one. Kill em all and let God/Allah sort em out. End the threat by ending Islam. Practice of Islam punishable by death. Anyone suspected required to publicly curse the name of Allah

Wow, they just invented NFS!

[SanityInAnarchy]

1. Install applications such as Word or Excel on Wine on central server. You can give each program its own "fake windows" directory.
2. Mount central server's Wine directories over NFS. You can even boot from NFS, if you like.
3. Run Wine locally. All the application data will be pulled over the network, without actually installing it on the clients.

One interesting thing is that I can virtualize IE, thanks to IEs4Linux. Downside: IE7 isn't actually run; they use IE6 with the IE7 rendering engine. Upside: You get four separate versions of IE on the same machine -- you can probably even run them simultaneously.

By the way: You don't need virtualization to run apps off the network. You just need a fileserver and an app which doesn't insist on being installed on a physical hard drive. (For example, Steam will refuse to run if you attempt to install it on a network drive.)

Who cares?

[SanityInAnarchy]

If your goal is to virtualize all apps, and you can get all of them to work on Wine, then you can just run Linux on the desktop, save some money on Windows licenses.

And yes, you can probably coax Wine to run on Windows via Cygwin or something, but that would be pretty slow and pretty ugly. You might even get it to work with the Windows port of the Linux kernel, if that even exists anymore -- or by compiling UserModeLinux for Cygwin -- but that would be even uglier and slower.

SoftGrid = Citrix?

[BandoMcHando]

Haven't seen this mentioned in the discussion yet, but we've been playing around with / testing softgrid in the lab, and it's kinda just the same as publishing applications through citrix...

Re:SoftGrid = Citrix?

[perky]

Nope. Citrix apps execute on the server side. Softgrid cuts applications up into smaller chunks (God knows exactly how) and then streams the required components to the client as required. The application is then executed on the client in a sandbox.

Similar kinds of manageability benefits as Citrix, but the execution is on the client.

Oblig. signature response...

[HaloZero]

...I see what you did there.

That old argument again...

[__aailob1448]

Muslims have jobs, families, hobbies, STUFF TO DO. Like everybody else.

How about you just assume that your run-of-the-mill Abdullah is outraged and shocked by anything that shocks your run-of-the-mill john doe?

I don't feel guilty anytime a white person kills children and I feel no need to write letters to the editor condemning their actions or going out in the streets chanting "STOP KILLING THE CHILDREN!".

You have to stop thinking of muslims as some sort of borg collective that has decided to remain quiet about the actions of a statistically insignificant amount of crazies.

By your standards, the U.S citizens that elected, re-elected this U.S administration and have not, after almost 5 years, stopped the war in Iraq are even more guilty (count the deaths of muslims and those of americans, guess who wins?) I'm pretty sure that's a classic terrorist argument to justify killing civilians.

Stop judging people so rashly. Stop insulting the billion muslims who condemn terrorism. Kthx.

Very... eloquent troll.

[SanityInAnarchy]

Either you're trolling or astroturfing, or you're sadly misinformed. I suspect the former:

you truly CAN secure Windows, & to such a level, even *NIX folks I challenged could not beat it)...
And, no - benchmarks are "not everything", only gauges (what else do we have?

So, if benchmarks are not everything, then be more specific -- say that your Windows is secured relative to one benchmark to where no one else can beat it. Don't say that we can't beat your security -- that's pure bullshit. If I'm insecure, root me. Go on -- you can start with my mailserver. Shouldn't be too hard to find. If you're smart, you can even jump from there to my desktop -- they're connected via a gigabit crossover cable.

Oh, and get yourself a Slashdot account. Many people don't even bother to reply to Anonymous Cowards.

But let me try to take you seriously for a moment...

You posted a screenshot, which as we all know, should not be accepted as "proof" of anything. Your screenshot is bullshit unless I can get the tool and verify it myself. So try providing a link, at least.

Oh, is this what you were talking about? First, there's no tool for the most popular Linux variant today: Ubuntu. (My desktop is Kubuntu, but that shouldn't be a major obstacle, when you can "upgrade" from one to the other and back.)

But let's suppose I had RedHat or Suse or some such. It's still a huge, annoying hassle to even get to the file -- I'm very skeptical of anything that makes me FILL OUT A SURVEY, not to mention agree to some legalese, before I can even download the file. Included in that legalese is the requirement that I can't redistribute -- doesn't sound particularly open to me.

Once downloaded, I have a big tarball. Unpacking it, I find a jar file and a readme. Which means, the entire tool is proprietary. I'm not sure if it can be run as a normal user, however, I am running Linux partly because I do not trust proprietary software. And now you're asking me to run one from this random website as root?

(I suppose I could setup a separate account to test it under, but I'm too lazy, especially when... but read on.)

Even if I had source code, where's the md5sum? The PHP signature? Where's my guarantee that the file I downloaded actually did originate from this server, and hasn't been modified in transit?

Never mind all that -- the readme file itself admits that the installation of the tool is not secure:

The NG Scoring Tool installation may make some or all of the Tool files world writable during installation. This is a known issue and we are working very hard to correct this installation issue.

I'm sorry, no. Absolutely not. I will not take a benchmark intended to measure my security when the tool itself is that fucking insecure, and you shouldn't either. Not even on Windows.

However, you're welcome to point me to any tool which attempts penetration testing from the Internet -- in other words, a website where I can click a "hack me" button to test my browser, or to have their server attempt to exploit me over the network. I imagine it would be inconclusive -- it would probably find absolutely nothing to exploit on either of our machines. It might find something wrong with some conscious decisions I've made -- for instance, responding to a ping -- but then it becomes a difference of opinion, rather than "proof" of anything. (Unless we're both wrong, and it's able to root one of us...)

Re:Very... eloquent troll.

"Don't say that we can't beat your security -- that's pure bullshit" - by SanityInAnarchy (655584) on Wednesday August 08, @08:51PM (#20164507)

Anyhow, then, why don't you even try the CIS Tool 1.x, + post your score here so I can examine it + so YOU CAN PROVE THAT STATEMENT?

(... & that's only if you run a *NIX on your PC of somekind, since the test is multiplatform??)

And... lol, I didn't have to fill out any survey form for the Windows model... you sure you're getting the file for your *NIX, from here:

http://www.cisecurity.org/bench.html

?

Plus, please:

If you cannot figure out how to download a program from the internet man & install it?

Honestly? Well... I really do NOT know what to tell you!

(Uhm, maybe @ the risk of not insulting you, I'd say perhaps man... you really don't have the know-how for this test, if you can't manage THAT much, honestly!)

IMO:

Either this person doesn't have the know-how here, OR, is just evading taking as simple test that is the measure of his system's online security, created by "THE CENTER FOR INTERNET SECURITY"!

(... & maybe, I am guessing, he DID try it, & gets a poor score, & is just evading it. There's no shame in posting a score far lower than mine!)

"Next...!!!"

(Please- somebody reply here, who is competent enough to figure out how to do a download, install a program, & perhaps have the courage to post a score on a *NIX rig, please (no "excuse makers" allowed - those with courage or honesty need only apply, not evaders)).

Typically though, iirc? Windows 2000 &/or XP systems, non-hardened, scored between 10,000-24,000, iirc... but, a *NIX score here, with photo proof, would be nice!

APK

P.S.=> "Oh, and get yourself a Slashdot account. Many people don't even bother to reply to Anonymous Cowards." - by SanityInAnarchy (655584) on Wednesday August 08, @08:51PM (#20164507)

First of all - Why?

(... so I can be "tracked around here", just like you? No thanks... 'peer pressure tactics' mean little to mean, like in this case: What does, is the score your *NIX running rig can get on this test... )

Secondly - I actually get quite a lot of replies, & have been modded up around 50 times or so here, that I know of (& each post was done as A/C)... would you like the links?

Here's just one, since it's "DEFCON" again - CODING FOR DEFCON (from last year here iirc):

http://it.slashdot.org/comments.pl?sid=158231&thre shold=1&commentsort=0&mode=thread&cid=13257227 [slashdot.org]

apk

Re:Very... eloquent troll.

http://it.slashdot.org/comments.pl?sid=158231&cid= 13257227

You know, I absolutely HATE the way /. handles "cut & paste" of addresses from previous posts & puts on the [urlofwebsite] @ the end!

SanityInAnarchy:

That's the AMENDED paste of a url that I screwed up, because of the above here lol, so... there's the URL for you to examine on a mod up post of mine, & done as A/C no less, for "Code Auditing for DEFCON", from here, last year... since it's DEFCON now, as I write this.

(Short of it is, I messed up my paste of it earlier in my last reply, but, I still hate the URL formatting here @ times.)

See - anyhow: Getting a permanent ID here's just not my style, in regards to posting as A/C & not getting replies... many of those, but "mod ups" are AOK, posting as "A/C" no less, by me:

APK

P.S.=> ... anyhow, AS "A/C" too... apk

Re:Very... eloquent troll.

[SanityInAnarchy]

First, I did not use the tool you suggested because the tool itself would make my system less secure. Had you read my post, you would know this.

Obviously, you did not read my post. Apparently it was too long for you, so I am trying to make this nice and short. Even so, I've put the thrust of my argument first, so that hopefully you'll get the point before your attention span fades.

Anyhow, then, why don't you even try the CIS Tool 1.x, + post your score here so I can examine it + so YOU CAN PROVE THAT STATEMENT?

And you continue to rant about how obviously, if I didn't run your tool, it must mean that I'm either too stupid to figure out how, or I don't want you to know how insecure my system is.

I'll point you to their own readme file:

The NG Scoring Tool installation may make some or all of the Tool files world writable during installation.

This is a really fucking bad idea. It is a security bug in the software you want me to use to test my security?

Apparently, they know it too, because they go on to say:

This is a known issue and we are working very hard to correct this installation issue.

Oh, and yes, you should get a Slashdot account:

First of all - Why?

Why not?

Oh, by the way, that comment you link to? Got modded +2, started at 0, has no replies. My comments start at 2 (registered + good karma), and routinely get modded to +5. They almost always have replies, unless they are already deep inside a thread.

Also, I do not have to enter a CAPTCHA when commenting, I don't have to preview before posting, and I have to wait far less between posting. As for tracking, it's not about "peer pressure", it's about recognition, and that is a good thing.

Re:Very... eloquent troll.

"This is a really fucking bad idea. It is a security bug in the software you want me to use to test my security?" - by SanityInAnarchy (655584) on Thursday August 09, @06:14AM (#20167447)

You've got to be kidding me man... then, just install SUN's JVM, install the program & run it, improve what you can based on its suggestions, & then? Run it again, get the highest score you are able to get, & then uninstall it.

THIS IS A SECURITY RISK? Come on...

"Why not?" - by SanityInAnarchy (655584) on Thursday August 09, @06:14AM (#20167447)

Gosh, I said why not: I do not feel like being trackable here, pretty simple.

"Oh, by the way, that comment you link to? Got modded +2, started at 0, has no replies." - by SanityInAnarchy (655584) on Thursday August 09, @06:14AM (#20167447)

Karma points don't mean anything to me is a "mod up" that doesn't matter to me, however, being modded up for other reasons does (technically interesting mainly), to more of an extent than the karma stuff.

E.G.-> When I see OTHER folks modded up for instance, for reasons other than "karma points" here? I tend to read their posts MORE than I would for "karma points" reasons (that tends to make me believe they had something really COOL/INTERESTING to say, that I could learn by also.

"Oh, by the way, that comment you link to? Got modded +2, started at 0, has no replies. My comments start at 2 (registered + good karma), and routinely get modded to +5. They almost always have replies, unless they are already deep inside a thread." - by SanityInAnarchy (655584) on Thursday August 09, @06:14AM (#20167447)

Despite the fact you seem to demand that others reply to posts that were modded up? I don't see how that matters, as long as you were modded up for reasons other than "funny" or "karma" (these 2, to myself @ least, don't mean much - technical points mods, however, do)!

Here's others I had then which were modded up, & for technical merits ONLY, & had responders:

http://developers.slashdot.org/comments.pl?sid=155 172&cid=13007974
http://it.slashdot.org/comments.pl?sid=154868&cid= 12988150
http://it.slashdot.org/comments.pl?sid=235621&cid= 19229493
http://it.slashdot.org/comments.pl?sid=236547&cid= 19310513
http://it.slashdot.org/comments.pl?sid=233779&cid= 19020329
http://slashdot.org/comments.pl?sid=161862&cid=135 31817
http://science.slashdot.org/comments.pl?sid=162717 &cid=13598832
http://it.slashdot.org/comments.pl?sid=166850&cid= 13914137
http://hardware.slashdot.org/comments.pl?sid=16879 3&cid=14070783
http://it.slashdot.org/comments.pl?sid=169093&cid= 14095179
http://books.slashdot.org/comments.pl?sid=169549&t hreshold=-1&commentsort=0&tid=109&mode=thread&cid= 14132540

Re:Very... eloquent troll.

[SanityInAnarchy]

It HAS to make some files it creates, writable, in order to create an output file of results I imagine...

I don't care if it makes them writable. It should not have to make them world-writable. Big difference there.

Writable means someone can write to them -- usually the user who created the file.

World-writable means anyone can write to them -- including anonymous/guest accounts, system services that aren't supposed to write to anything, or even just another user who isn't supposed to have admin rights.

THIS IS A SECURITY RISK? Come on...

Yes, I would say so.

Your casual "come on" statement comes up against decades of best practices in Unix, as well as some opinions by some people in security that I actually know of and respect. It's so obvious a bad idea that I can see it for myself, too -- I don't even need a second opinion.

And even if I ran it, what would it prove? If they can't even secure their own security-testing program, I'd say any results they come up with are suspect.

No, that's not a way of "getting out of a bad score" -- even if I got an incredibly good score, I would question the results. I wouldn't just use them to push an agenda, the way you seem to be.

You've got to be kidding me man... then, just install SUN's JVM, install the program & run it...... & then uninstall it.

So your solution to wanting me to run an obviously insecure program is to uninstall it when I'm done?

You're kidding, right?

In that case, I have a challenge for you: Here's a link I found in my spam. Go ahead and download that file, and run it. Then uninstall it. Your system should be secure again, right?

If you aren't willing to do that, you should be able to understand why I'm not willing to download some random, stupidly-insecure program to test my machine.

If you are willing to do that, I imagine you'll get an object lesson in how spyware works.

I don't see how that matters, as long as you were modded up for reasons other than "funny" or "karma" (these 2, to myself @ least, don't mean much - technical points mods, however, do)!

Not that I expect it to change your mind, but registered users get a whole bunch of preferences like that. If you wanted to, you could actually set funny and karma bonuses to have 0 effect on a post's apparent score to you, or even a negative effect.

Re:Very... eloquent troll.

"I don't care if it makes them writable. It should not have to make them world-writable. Big difference there. Writable means someone can write to them -- usually the user who created the file." - by SanityInAnarchy (655584) on Thursday August 09, @02:41PM (#20173047)

Chroot, chown, chmod... @ your disposal, right?

(Common *NIX tools you can use to change that... in a variety of ways!)

I can do more than that, on NTFS (natively), but with SELinux kernel hooks added on?? SO CAN YOU!

APK

P.S.=> You have a fix, already built into your OS, & even moreso, as addons in SELinux... I would think, for the problems you describe! apk

Re:Very... eloquent troll.

[SanityInAnarchy]

Chroot, chown, chmod... @ your disposal, right?

There's still a race condition.

I can do more than that, on NTFS (natively), but with SELinux kernel hooks added on?? SO CAN YOU!

In fact, I could use SELinux or a chroot to lock it down to where it couldn't damage my system. I believe I said this when I said I could "sandbox" it.

But that would defeat the purpose, because it would then be testing the security of my sandbox, not the security of my system. I don't run with SELinux enabled on everything, so enabling it just for this benchmark might give me an artificially high ranking. (See? It's really not that I'm afraid of the results being known.)

Let's not forget that exerting that amount of control means I'm no longer taking the standard test. I mean, while I'm at it, why don't I just run the tool (in a safely sandboxed environment) and edit the results? Hell, I could just upload a screenshot of my system getting 85%, maybe 95%, even 100%... I don't have anything more than your word that you haven't done the same.

Screenshots are not "proof" of anything.

You have a fix, already built into your OS...

So you do admit it's broken?

Why should I have to fix it?

I would think, for the problems you describe!

I did describe some other ones, which you haven't addressed, such as the lack of a PGP signature (or even an MD5) to verify that the file is intact, the lack of trustworthiness of cisecurity.org, lack of source code, and the fact that even if it were possible to create a tool which can compare different OSes and tell you which is more secure, it's not going to be made by some idiots who have such serious security flaws in their own code.

Re:Very... eloquent troll.

"In fact, I could use SELinux or a chroot to lock it down to where it couldn't damage my system. I believe I said this when I said I could "sandbox" it." - by SanityInAnarchy (655584) on Thursday August 09, @07:04PM (#20176465)

Then, why not run it like that...? I knew that chroot, chmod, or chown were "your buddies", & that SELinux would help (glad to see YOU have the latter in fact, & compiled into place)!

Hey: Using the tools I mentioned??

Yes - you have A WAY of installing & running this program, period!

(..., & no less, one you seem VERY supremely confident of - Plus, you have SELinux in place! Perfect test result I wanted to see really!)

"But that would defeat the purpose, because it would then be testing the security of my sandbox, not the security of my system. I don't run with SELinux enabled on everything, so enabling it just for this benchmark might give me an artificially high ranking. (See? It's really not that I'm afraid of the results being known.)" - by SanityInAnarchy (655584) on Thursday August 09, @07:04PM (#20176465)

No, no, "take advantage" of it, (just as I do really, by using NTFS & ACL's) & run it THAT way... I'd like to see a screenshot of the result, thanks!

Go for it... as THIS setup would actually make it an "even test" in theory @ least, vs. my setup using NTFS ACL's... perfect comparison in fact.

(Let's see your results for the hell of it, since you DO possess a way to "secure yourself" vs. this 'dangerous suspect of a program' in your opinion, via a chroot "jail", for instance).

See - I do basically run "like that" here though, on an NTFS filesystem using ACL (acess control lists on EVERYTHING), per the results of my scores you saw!

(In fact - Some things on my system, config-wise, + like I mention in the parent post? I can spot things the test I am fairly certain, scores me wrong on, & actually "owes me points" on!)... apk

APK

P.S.=> " Hell, I could just upload a screenshot of my system getting 85%, maybe 95%, even 100%... I don't have anything more than your word that you haven't done the same" - by SanityInAnarchy (655584) on Thursday August 09, @07:04PM (#20176465)

Oh, I haven't, & in fact, I'd run the test again & will/"have to", soon, as this upcoming "patch Tuesday" from Microsoft, as I always do run this test over it after patching (have to, because the test can detect for that is why, & if you are behind on patches & ALSO if a patch alters a security setting as well (most of them I know anyhow before i ever tried this test on an NTbased rig setup). In either case? It lets you know things need or HAVE changed, which I feel is a good, needed, & decent feature!).

SO, as far as "editing photos", well... if you wish to be dishonest about it? That's up to you... I

  am just looking ESPECIALLY for an SELinux result... & if not you, somebody else from someplace else might provide one then...

However: KEEP THIS IN MIND - Doing a "rembrandt class" fake, might be tough, when the right person's looking @ it, with a fine-toothed comb, remember that! apk

Re:Very... eloquent troll.

[SanityInAnarchy]

(glad to see YOU have the latter in fact, & compiled into place)!

When did I say that?

No, I don't have it compiled or installed. And since I don't normally run programs I don't trust, I see no reason to compile it and learn its intricacies (and very possibly cripple the rest of my system) just to satisfy your curiosity.

I could setup a chroot jail, or something similar. However, chroot jails can be broken out of, and they are a hassle to setup -- and I actually know how to do those. I don't know how to do SELinux.

If you are so curious, it is not difficult to download and install Ubuntu, and you can probably even find a Qemu image to use.

Go for it... as THIS setup would actually make it an "even test" in theory @ least, vs. my setup using NTFS ACL's... perfect comparison in fact.

SELinux is more than just ACLs, which is why I'm reluctant to do it. I doubt ACLs alone are sufficient to sandbox this program, and I don't feel like experimenting with what they might do to the rest of that system.

By the way, I did mention that a perfect comparison between OSes is impossible.

It lets you know things need or HAVE changed, which I feel is a good, needed, & decent feature!).

I have a tool for that, too:

apt-get update && apt-get dist-upgrade

It won't detect a rootkit, maybe, but what's to stop a rootkit from targeting your tool as well?

It wouldn't be hard, if it creates world-writable files during installation.

However: KEEP THIS IN MIND - Doing a "rembrandt class" fake, might be tough, when the right person's looking @ it, with a fine-toothed comb, remember that!

Oh, please. It's a JPEG file, a snapshot of a bunch of text in a table.

I bet I could fake one with HTML, even, in less time than it'd take me to properly configure SELinux. Take a screenshot, give it just the right amount of jpeg compression, and no one would know the difference.

Oh, maybe there's a watermark or something in there... So what? You've mentioned nothing of the kind, yet you hold it up as "proof!!" -- even though you yourself admit it's inaccurate.

At least be honest with that big cut-and-paste troll. Stop calling it "proof" of anything.

Correction.

[SanityInAnarchy]

Whoops.

Even if I had source code, where's the md5sum? The PGP signature?

Sorry about that.

Re:Correction.

Well, there you go!

QUESTION: That info.'s available (apparently), right? Where you felt or thought it was not before, correct??

(It's ok if so/if you overlooked it initially - @ least you can admit things where you may have overlooked them, & that is a "mod up" in MY eyes, as far as "modded posts upwards" go... & actually WORTH some karma points (IF I had them to give you, for your admission there? I actually WOULD (but, A/C's like me, have no mod points))).

E.G.-> I've "slipped" before too (rarely, lol, but if it happens? Usually, when I was misinformed before myself, & this happens as I am sure you realize (& perhaps you too have been, before, & operated on misinformation as well!), & admittedly, a few times for skimming too - "the devil's are in the details" etc. et al).

APK

P.S.=> So, is this something that'd make you @ least TRY this test, & post us a score results image of your score on the *NIX of your choice? If so, great, I'd like to see it, & IF NOT?? WHY NOT??? Thanks for the info. on that note, because it is an objection I'd like to overcome, & grow stronger by in the doing of it... apk

Re:Correction.

[SanityInAnarchy]

QUESTION: That info.'s available (apparently), right? Where you felt or thought it was not before, correct??

No, it's not.

There is no source code. There is no md5sum. There is no PGP signature. There's no blessing from any distro- or repository-maintainer I know of. And I know nothing of the "Center for Internet Security", so why should I trust them?

The only correction was a typo: I said "PHP signature", where I meant "PGP signature". How you managed to turn that into an admission that you're right about this software is beyond me.

I've "slipped" before too (rarely, lol, but if it happens?

More like every single time you've replied to me.

First you thought I lacked the technical knowledge to install the program. I know how, I'm just not stupid enough to do so.

Next, you thought I was complaining that it creates "writable" files -- it's "world-writable" that bothers me.

And now, you've taken my correction of a typo and turned it into something more.

a few times for skimming too

I'm trying to make my posts short enough that you aren't tempted to skim...

Because either you have been skimming (badly) or you have the reading comprehension of a five-year-old.

So try this instead: Go back and read my posts thoroughly. Every word. When you come across a word you obviously don't understand (like PGP), look it up or ask me what it is.

Re:Correction.

" -- it's "world-writable" that bothers me." - by SanityInAnarchy (655584) on Thursday August 09, @02:28PM (#20172879)

Chroot, chown, chmod... @ your disposal, right?

(Common *NIX tools you can use to change that... in a variety of ways!)

I can do more than that, on NTFS (natively), but with SELinux kernel hooks (for LINUX) added on?? SO CAN YOU!

APK

P.S.=> You have a fix, already built into your OS, & even moreso, as addons in SELinux (IF you are a Penguin, NO "BSD Devil's Allowed", lol)... I would think, for the problems you describe on rights to files/folders/disk root permissions assignments etc. et al, you will be ok & can overcome your main objection! apk

Re:Correction.

[SanityInAnarchy]

Let's stick to this thread, especially if you're just going to copy and paste.

In fact, we can let this thread die, unless you want to talk some more about why it's good to admit when you're wrong...

Re:Correction.

"In fact, we can let this thread die, unless you want to talk some more about why it's good to admit when you're wrong..." - by SanityInAnarchy (655584) on Thursday August 09, @07:18PM (#20176613)

Where am I WRONG about chroot jail usage on your end, for securing you as you run this program?

You even said over there (where you wish to keep this @) ->

http://slashdot.org/comments.pl?sid=264303&thresho ld=0&commentsort=0&mode=thread&pid=20175977

THAT YOU CAN DO THIS:

"In fact, I could use SELinux or a chroot to lock it down to where it couldn't damage my system. I believe I said this when I said I could "sandbox" it." - by SanityInAnarchy (655584) on Thursday August 09, @07:04PM (#20176465)

WELL, you may have said 'sandbox' (did you? I did not notice & not that it'd matter as I mentioned the chroot jail first, as well as chown & chmod (the devils that make the details, happen)).

I mean, hey - between a chroot jail, & SELinux label based access control on folders & files like I stated (or heck, chmod/chown usages even ontop of that for layered security)?

Yes, you CAN run this program that way on your rig, safely & YOU KNOW THIS too + are confident in it, & you SHOULD BE:

Mainly, because it's (basically/really) JUST LIKE WHAT I DO ON MY NTFS filesystem, + registries, on the OS I use here (Windows Server 2003), by using ACL's & NTFS + Registry hive access controls rights, & read/write attribs etc. et al!

APK

P.S.=> It'd be perfect, go for it, "even match" on that account in fact & what I want to see tested, the MOST in fact, as a comparison here - ext2/3 filesystems under SELinux (OR, any other filesystems formats for LINUX it supports in fact (the exact & total details of which I am NOT sure of here in fact, as to which filesystems it "meshes with" on LINUX, or the best))...

What I wish to see, MAINLY, is if this test, CIS Tool, in versions for ANY *NIX in fact & not just LINUX, checks for things like folders & files security under say, /etc (state keeping files) on a *NIX rig (like it does for Windows' registry hives), & access control to /etc 's contents, on the *NIX variants of this test, & these conditions (SELinux usage on your part + the chroot jail I mention & you concede WOULD work, in fact, to your advantage) in fact, provide that type of test, so it IS doable on your end, safely... apk

Re:Correction.

[SanityInAnarchy]

Alright, correction: I do, in fact, have selinux installed. Apparently it comes out of the box on Ubuntu, along with ACLs and all the rest. It's still not something I look forward to learning about, for a single-user system.

Where am I WRONG about chroot jail usage on your end, for securing you as you run this program?

Well, first of all, it is possible to break out of a chroot jail, when running as root. So I did create a very minimal chroot jail and attempt to run this as a user...

It didn't work. The installer complained that it could not find where to install to, so I pointed it to the only place it was allowed to write to -- the home directory of a sandbox user I created for this experiment. It then attempted to install, and failed miserably.

Why it can't run from the jar file (keeping tempfiles somewhere else) is beyond me. Unprofessional as hell. No useful error messages, either -- just an exception thrown.

THIS is the only program you can use as "proof" of your system's superiority?

(Hint: Give. It. Up. Only complete newbies to the field of security have delusions of any kind of "proof" of security. You can prove a system insecure; you can't prove a system secure unless you're willing to algebraically verify it, and that's really impossible to do with a desktop system.)

Your screenshot would be a lot more credible if it weren't for the obvious transformation it's undergone already -- apparently, some sort of free image host added a watermark to it, if you can really call it a watermark.

But let's talk about where you were wrong:

You were wrong about the chroot jail; your program doesn't like running under a chroot jail, with the restrictions I used. (This also would not have prevented it from sending spam, now that I think of it -- shouldn't have even gone that far.)

You're wrong about etc:

checks for things like folders & files security under say, /etc (state keeping files)

No, /etc is primarily configuration. State would likely be somewhere in /var/lib, or in users' home directories.

You've been wrong several times about what I was intending to say, in very big ways.

You're still wrong about why I, and others, refuse to take your "test". Maybe when you get it, you'll know what to look for the next time you look for such a test.

And you're wrong that such a test can ever be a fair comparison between completely different OSes.

A chroot jail would help, yes, if done the way I did. Unfortunately, that doesn't work. A chroot jail that's just a fresh install of Ubuntu Minimal isn't going to give me any kind of advantage, other than making it difficult (though not impossible) for anything to get out to my main system.

If you're really that curious, let me know, and I'll do some full virtualization (completely sandboxed, with networking disabled, of course), although qemu does seem a bit unstable for me lately. Just realize that at that point, it's no easier for me than it is for you -- they make virtualizers for Windows, also, even free ones (like qemu), and you can download a CD image as easily as I can. In fact, I'm running kind of low on disk space now...

As for filesystems, ext2 is slightly faster than ext3, and it might make a huge difference under emulation. ext3 will protect you from data loss from crashes, but you can do that somewhat with qemu's snapshot mode, and a corrupted VM isn't really the end of the world. I know XFS supports ACLs also, I'm not sure about ReiserFS, JFS, etc.

"Heart Disease" ~= "Old Age"

[Pfhorrest]

While the on-topic point you're making is fine, I'd like to note, slightly off topic, that the giant burger image next to "heart disease" is a little misrepresentative. "Heart disease" is what's usually put down as cause of death if nothing else gets you first and you just "get old and die". There is no cause of death called "old age" - something specific fails, and that's usually your heart, so most people who live long healthy lives and then keel over in their 70s, 80s, or 90s get lumped in under "heart disease". Thus, the heart disease statistics are greatly inflated beyond what you'd see if it only included people dying in their prime due to bad diet, etc.

Uhhhh...

[FrameRotBlues]

Since 'insight' is kinda related to experience, and since I haven't met anyone who's been to 3027 A.D.... why was this modded 'insightful'? Funny, hell yes, but Insightful? Maybe I should just shut up and let the MetaModerators do their thing.

runas is not the answer much of the time

[myowntrueself]

runas does not help when you want to run software which uses a copy protection scheme which involves loading a driver. Not without a *lot* of gymnastics and deep understanding of the system.

--liberty for one, ++security for another

[myowntrueself]

So why is there talk about trading liberty for security?

The true meaning of the phrase is trading *your* liberty for the security of the *government*.

Re:9/11 was an inside and outside (Israel) job

[dbIII]

Opportunists get mistaken for conspirators by those that think an organisation is omnipotent and not a barely competant seething mass of different agendas pulling in different directions with outright criminals finding their way in through the cracks. All we can do is try to ignore these people or ask them to pay more attantion - circular logic even adds in stuff like people pretending to be incompetant to give us a false sense of security.

We let you down with XP

[wwwillem]

OK, if XP is so bad, does he wants us to go back to Windows 2000. Probably not, so this is just another marketing push to get us from XP to Vista. Yep, it all sounds very embracing, and "we are sorry", but funny coincidence that this talk happens at the same time a new version (which brings in new money) is just released. Duh, isn't this normally called product promotion and shouldn't it happen with Leno or Letterman :-) instead of down-under?

Mod Parent Up

[mjwx]

I don't feel guilty anytime a white person kills children and I feel no need to write letters to the editor condemning their actions or going out in the streets chanting "STOP KILLING THE CHILDREN!".

You have to stop thinking of muslims as some sort of borg collective that has decided to remain quiet about the actions of a statistically insignificant amount of crazies.

This is exactly what makes a moderate a moderate. The fact that they aren't out in the streets chanting or burning effigies. They are ordinary people with ordinary lives, the minute they take a strong public viewpoint (even against extremism) they stop being moderates. The average Muslim wants all their troubles to go away as much as the average westerner, but much like the average westerner the average Muslim does not want to risk their family or livelihood to do it.

I sincerely doubt most Americans would give on cheeseburgers in order to fight "teh evil terrorists(tm)". I sure as hell wouldn't, the trade off just isn't worth it.

Koan

[G-funk]

if one machine goes down due to security vulnerabilities, and it has my social security number on it...

Does it make a sound?

Re:Koan

[Weedlekin]

"Does it make a sound?"

Yes, but to hear it you have to stand in the middle of a forest full of falling trees clapping with one hand.

Re:Koan

[utopianfiat]

Sure, it sounds like "Congratulations on your new mortgage Mr. Shackleford!"

More brainless MS-bashing

[MikShapi]

If you get "Allow or Deny" messages when you try to work done, you're probably working incorrectly (outside your userspace).

I run a gemtpp box, hardly anything to do with MS, and if I stray from my userspace, it asks me exactly the same. I can either sudo, or not be allowed access. Nevertheless, once the proper working habits are adopted, routine work rarely requires you do this. All you're doing is bitching about your own incorrect working habits.

When will you clueless idiots stop bashing MS for doing what is pro'lly the best thing they did in Windows in the last decade, which is moving the home user (or, any use that does not have a policy applied to him) from a work-as-root model to work-as-user+sudo model? No, it doesn't make the box bulletproof, much as it doesn't make my gentoo box bulletproof, but it's a darn good thing, even if it's 20 years late. In fact, it's one of the biggest things we were bashing them about for said 20 years.

Re:XP isn't that bad: DO THIS? XP = GOOD!

"And finally, it failed to run on my system. After pointing it to the location of my java.exe, it gave a NoClassDefFoundError. Besides, I'm running XP Home" - by raylu (914970) on Wednesday August 08, @06:43PM (#20163421)

Uhm... can I get someone competent enough to properly install a program, & install a SUN JAVA RUNTIME engine, from the *NIX world, to run this test, & post a photograph of their score & the test chart settings as I had in the post parent to the one I am replying to?

"Next!!!"

(Thanks!)

QUESTION: *NIX's have files that maintain state, do they not, since you brought up what the other fellow did from one of the posts in trying to evade taking this test, saying it was SAT to ACT, lol... wrong!

HOW CAN I SAY THAT, & WHY?

Well... First, run this test, & see if its tests access to the files that maintain state on your *NIX!

(Like ones under the /etc for instance, or other files that store state on *NIX for the OS & programs & daemons that run on it, to fit your example you question as others had, but I seriously think that is b.s., & another evasion - anyone who knows both OS knows BOTH have files that maintain state as I describe, & I cannot see the people who wrote this test only testing access to ones on NT based OS, but not on the *NIX versions - let's see the photo of your score to anyone who has enough saavy to install & run it, along with a JAVA layer on a *NIX please... thanks!)

SELinux would help here imo, immensely, to see if analogs are tested in *NIX that are like ones in Windows (like the registry, for instance (Windows used to use .ini files, but binary reads from the registry in some data is faster than text file formatted reads, so the registry has both data types)...

APK

P.S.=> LOL, honestly though, imo? This evasion's is the biggest line of bullshit, lol, I HAVE EVER SEEN in evading taking a test, or rather, lol... posting a LOWER SCORE ON IT, than my own, to date from a *NIX person... apk

Go away.

[twitter]

I've been gone for months and the first thing I run into when I load up Slashbork is your usual crap FUD, lies and deficient prose in prosecution of "Micro$haft Windoze".

Not having you around was nice, except your dedazo and Macthorpe sock puppets were still here using identical language. If you really hate "Slashbork" why don't you do something better with your time? Hopefully you will return to the technical limitations of Windoze or Slashdot IP ban that kept you occupied since June.

Re:Go away.

[The+Bungi]

What's wrong twitter? Do you object my calling it Slashbork? Oh my god, someone call the irony police.

And to tell you the truth, I was a little busy the past few months making a shitload of money with all those "Windoze" technical limitations. Sorry I disappeared for that long. But heys, now I got me a subscription and everything!

But we were talking about how you are going to prove that Microsoft firing that blogger qualifies as a bullet point in the never-ending "let me tell you why M$ sucks" campaign you so proudly spearhead. Don't let me stop you.

Re:Go away.

[dedazo]

Welcome to the Sockpuppets Of People Who Disagree With Twitter's Bullshit Therefore They Must Work For M$ club, also known as SOPWDWTBTMWMdollarsign_club. I am a sockuppet of Macthorpe, who is himself a sockuppet of jbl, who is himself a sockpuppet of KeithRussel. You can pick any combination thereof for yourself. Remember to punch your card when you get in, otherwise we have problems getting Bill to give us our bi-weekly check for $12.50.

Re:Go away.

[Macthorpe]

10 Print GENERIC_AGREEMENT$(RND(0))
20 Print "I'm a sockpuppet too!"
30 END

Re:Go away.

[iced_773]

I am a sockuppet of Macthorpe, who is himself a sockuppet of jbl, who is himself a sockpuppet of KeithRussel.

And I'm just this guy, you know?

Re:Go away.

[jb.hl.com]

I thought I was your sockpuppet.

My head hurts. Brain splode now.

Re:Go away.

[dedazo]

Yeah, but you're also a charter member of the Sockuppets Of Sockpuppets Of Sockpuppets Club... Club =)

Holy crap...

[geminidomino]

The creators of VISTA say that the current state of 'security' is overblown?

I don't know which meter is going to blow up, the irony-o-matic or the oh-shit-we're-fucked-o-tron...

Here's what you want

I don't know if these http://www.scienceandsociety.co.uk/results.asp?txt keys1=Death+cigarettes are still available, but I bought some at a Rock Festival once and I still have the empty packet.

I disagree

[FoamingToad]

I'm posting from a corporate network with limited credentials. Whether our accounts are set as 'power user' or just 'user' I can't currently tell. However my base account isn't given full privilege over the file system, etc. Limited user a/c as far as I can tell.

However, setting up and changing file associations using assoc / ftype is perfectly permissible.

And as others have said, runas is perfectly adequate for you to get access to elevated privileges. For the record, the following may come in handy:

runas /user:(admin account) cmd.exe

Command prompt shell which will do about 90% of what you want to do, including the ability to spawn processes with admin privilege

runas /user:(admin account) "c:\program files\internet explorer\iexplore.exe c:"

Spawns a shell under admin privileges for anything you can't do with command prompt.

F_T

I'm stupid.

Hey everyone, it's APK. I'd just like to admit that I am a Microsoft whore. I exist for no higher purpose than to suck Bill Gates' cock.

Who needs permanent IDs? I'll just be anonymous, where anyone can pretend to be me:

APK

P.S.=> ... and lick Steve Ballmer's balls. Mmmm...

Didn't Steve Balmer say, in 2001 ...

[krygny]

" ... We blew it with Windows 98, but trust us with Windows XP. This is it!!"

Doesn't someone from Microsoft say something like that every time the come out with a new OS? "This is the ultimate!! That stuff we sold you the last time - that's dreck."

One design problem is not a fix for another!!!

[brunes69]

A user-mode program should not have write access to binary executables in the first place.

A virus could never propagate via this fashion in a Linux system. Once the original was deleted it would be gone.

Look, it's all crap actually

[TheLink]

Trashing your user account is bad enough. After all, most of the system stuff can be replaced easily, you don't even need to do backups for those - reinstall, update.

The functionality _is_ available in Windows, and many places use it. Not hypothetical at all. I set up my uncle and aunt's notebook PC that way and so far I haven't noticed them complaining that their user account isn't admin. In fact they're asking me to help set up another one for my cousin now.

The thing is, nowadays it makes very little difference in practice - most attackers want zombie machines. You do NOT need root/admin to turn a machine into a zombie.

And that leads us to what bugs me: after so many decades of O/Ses, "Aunt May" running random executables should not automatically cause her to lose that much control over her computer.

It's pathetic that Microsoft spends many years and billions, and all they can produce for "security" is "UAC". And the Linux distros and Apple aren't doing anything much better.

Why should a user have to _predict_ whether a screensaver is really a screensaver? Or some game is really a game? Or some "birthday greeting" is really one? Or some perl script is safe to run?

I'm expecting at least something like _user_friendly_ "security template" system. Applications request a security template and the user decides whether to allow the app to run with that template (popup doesn't appear if it's a default minimal privilege one).

Apple and Microsoft have enough clout to enforce stuff like this.

e.g. "Britney Screensaver requests 'Default Screen Saver Install' privileges to run, Allow Y/N? (checkbox: remember choice)" etc. If the user says yes, the screensaver can only do screensaver stuff. No eavesdropping with the microphone and sending data out over the network, no peeking at your Documents, or browser history/cache/cookies.

It's a lot easier to tell someone to NOT ever run anything that requests "Full System Privileges" (with "danger" red background etc), unless it one of a small list of apps (preferably signed by a trusted party, or a party you have no choice but to trust anyway).

You know it can be done and things can be so much better, but all we get is stuff like UAC aka "Allow Microsoft to blame you for security problems Y/N", or "run make install as root and hope you don't get pwn3d" (like you look through every line of source all the time AND have a good chance of spotting nasties/backdoors).

Forgive my ranting, it's just I'm a bit tired of hearing that one piece of crap is so much better than another piece of crap.

Don't impersonate me: THAT IS LAME, guys

That's "real cool" guys: Impersonating me... give me a break!

As the saying goes: "SHEESH!"

(I'm surprised @ such juvenile behavior here, of ALL sites this could occur @, & that this place might be a "cut above" on that account (maturity & yes, intelligence - see my "p.s.", below as to why I state the latter 'note' on smarts)).

Point-of-fact: I could track anybody here who is registered, for instance, & post stuff like YOU JUST HAVE, far more easily (plus, trolling/flaming them in the doing of it if I wished) BECAUSE THEY ARE REGISTERED! That's the "why" I why I won't go for registering here, unfortunately (as I don't need that in my life or posts here, that easily & directed MY way).

APK

P.S.=> The REAL apk, myself, is replying now... You know - the one whose IP address the mods/admins here can check & see my original IP address here, and verify that for me... then, running my IP thru for example, a pretty cool Win32 tool called "Visual Traceroute" (not sure if *NIX's have an analog here), I can determine WHERE they are posting from on the planet (&, so can the mods IF need be/the need ever arose)

(Pretty lame, whoever did that, give us a break (if you want mods/admins here to see you are lame doing that, fine by me - they can always verify who is WHO, here, in case you did not know that, because of IP address info. on posts))! apk

Re:Don't impersonate me: THAT IS LAME, guys

[SanityInAnarchy]

This was meant to be an object lesson for you.

The point is, it was extremely easy to do, and ip addresses don't prove anything.

Also, from what I remember when I've had mod points, the mods can't check IP addresses at all. Only admins could, theoretically, assuming they're logged. But the admins aren't going to bother with a simple troll like that, meaning the majority of the users who see it may or may not know it was you, depending on how good the troll was.

If you don't want to be impersonated, it's really simple: Register, and no one can impersonate you.

Otherwise, don't complain about the consequences of anonymity.

But go ahead, tell me my IP address, if you can track me so easily. (Actually, you can find out from my email address, but I'm the exception there.)

And your "visual traceroute" won't cover anonymizing proxies. Being registered does not prevent you from using one of those.

virtualising a single application ..

[rs232]

You mean just like the JAVA virtual machine, the one MS hacked Windows to make not work.

"it becomes clear to me that the Java OS will try to conquer the embedded marketplace from palm pilots over game machines to low-end terminals, while infesting all other computing"

"Instead of beating our heads against the wall trying to produce a portable executable + run-time library solution to compete head-on with Java, we decided to do the following: .. Hard-code support for these features into Win3.1 and Mac versions of IE, including VB script"

software filewall ..

[rs232]

"Windows XP was released with no effective firewall software, leaving users exposed in an online world. The situation was eventually remedied with the inclusion of Windows Firewall in XP Service Pack 2. This application in an of itself wasn't considered the best client firewall out there, but it did (and does) effectively stop incoming traffic"

A software filewall is next to useless as it can be disabled by the malware. You need a standalone embedded solution like what comes on the average ADSL router. Blocking outgoing traffic is also considered de rigueur as it prevents the malware from contacting its host, when the machine invariably gets infected with the next virus.

Re: Wait, No, Reason? You can't think of 1?

[trdrstv]

As for file associations, there's no reason for this to be inaccessible by users.

Agreed. In fact I just set the .EXE extension to be associated with Winzip. Let's see what happens.

It's all perspective and framing

How do we know MS hasn't been feigning incompetence all these years? They've practically delivered the world's population (of Windows users) to government and industry. 20 minutes average to own a Windows computer? From the user's standpoint it is utter failure but from another perspective it is total success.

Re:Very... eloquent evader of a test

"When did I say that? No, I don't have it compiled or installed. And since I don't normally run programs I don't trust, I see no reason to compile it and learn its intricacies (and very possibly cripple the rest of my system) just to satisfy your curiosity" - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

You ought to, for your own securities' sake...

"I could setup a chroot jail, or something similar. However, chroot jails can be broken out of, and they are a hassle to setup -- and I actually know how to do those. I don't know how to do SELinux." - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

Well, if you can do it, I am surprised you won't (suddenly though, those chroot jails don't sound all that secure, along with Linux's native security though)...

"If you are so curious, it is not difficult to download and install Ubuntu, and you can probably even find a Qemu image to use." -

I could say the same about SELinux on your end... & I find it tough to believe it is any more difficult to compile in & setup than it would be to do Group Policies + security work on Windows Server 2003 (then again, the "user friendliness" & "ease of use" of LINUX is in question here @ this point it seems, from your feedback here on its security mechanisms, as well as their reliability per your quotes above I cite now here in this reply).

"At least be honest with that big cut-and-paste troll. Stop calling it "proof" of anything." - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

LOL... I am not the one talking about faking a result here (and, if my photograph was a fake, why wouldn't I just post a 100/100 score?)

APK

P.S.=> You're not fooling anybody here with your evasions!

Plus, @ this point? I truly DO think you have already TRIED CIS TOOL on your LINUX rig & could not beat my 84.735/100 score I posted... &

(& YOU DON'T HAVE ENOUGH IN PLACE, security-wise (SELinux kernel hook addons) TO EXCEED THAT SCORE, period!)

Imo, you are also too lazy + apparently unskilled to do so anyhow to add it onto your LINUX setup: Would I trust a result from you @ THIS POINT? No, probably not, after your "work arounds" to post a faked result... apk

UNBELIEVABLE EVASIONS (workarounds inside)

As far as setting up UBUNTU, & doing this test here already? HOW DO YOU KNOW I HAVEN'T?? You don't... I may just be looking for someone more "expert" in LINUX security methods than myself to post a result is all...

Apparently, based on the quotes of yours below & work-arounds OR details I give you (me, the "windows guy", not a "linux expert" here by ANY means)? You are NOT THE PERSON I AM LOOKING FOR - read on:

"(This also would not have prevented it from sending spam, now that I think of it -- shouldn't have even gone that far.)" - - by SanityInAnarchy (655584) on Friday August 10, @12:52AM (#20178969)

Ok, lol... & YOU CALLED ME. the "Windows guy here" a "NEWBIE" (but, I am constantly the one here pointing out the actual tools/details of setting up your "sandbox" for you, & more... read on:)

Can't you setup "iptables firewalling rules" against that on your end? SELinux gives you SOCKETS LEVEL ACCESS CONTROL TOO, mind you... you have ways around that "potential complaint" too here, mind you!

(Hell, there is even ipchains on LINUX, but haven't used them myself AND PACKET FILTERING (a technique I use here on Windows & have for more than a decade too) is built into your LINUX kernel as well)

IN FACT? I show Window users how to do all that, via analogs in modern Windows versions (2000/XP/Server 2003 & VISTA) here, in an EASY 12 step program:

http://forums.techpowerup.com/showthread.php?s=67a 42847a48f0b563e321121355dd438&p=375355#post375355

(SO, if Windows folks can do it, like I have & others have? Are you saying LINUX folks, can't??)

IF this is all "too much for you", though YOU called ME "newbie" and prove who the noob here is??

(OR, is that setting up SELinux. IPChains, Packet filterings, OR IPtables "too hard" or too un-userfriendly, like setting up & configuring SeLinux would be for you too?? These complaints of yours, do NOT 'bode well' for userfriendliness/ease of use, on Linux, period... that, or your skills are weak, & YOU CALLED ME A NOOB, as regards security & setting it up right?? Please...)

BOTTOM-LINE - Can't you just run it, without being online IF NEED BE as well, @ least as a test??? Is this beyond you for a test???? IF IT FAILS TO RUN THIS WAY - there are always the techniques & tools listed above, as well as further onwards below.

"Alright, correction: I do, in fact, have selinux installed. Apparently it comes out of the box on Ubuntu, along with ACLs and all the rest. It's still not something I look forward to learning about, for a single-user system." - by SanityInAnarchy (655584) on Friday August 10, @12:52AM (#20178969)

Do you, OR don't you? Make up your mind man... I strongly suggest that IF you do? Learn it then. Until you set it up right?? You won't score as high as you can, & you certainly are not as secure as you might think, period.

First of all: Access Control Lists (ACL's) & ACE's (Access Control Entries) are terms used on Windows (VMS variants, & Mac too iirc)... SELinux calls this "label based security", & via MAC (mandatory access control (still just POSIX ACL stuff though, how do YOU like the 'word semantics' game played on YOU, by the way?)).

STILL - They are the SAME base idea though, regardless of the terms being used, but being specific for YOU, by OS types & terms typically assigned them BY THE OS PLATFORM in question, here is all.

(Why bother even test security scores vs. you, especially after you said you might fake a test score result & accused ME of it (I would have put up a perfect 100/100 if so, think about it & made myself UNBEATABLE, period))

Bottom-line, based on your statements:

YOU ARE NOT SECURED FULLY ANYHOW & apparently, though YOU called me a "noob", you don't even understand your OS' potentials for sec

Re:UNBELIEVABLE EVASIONS (workarounds inside)

[SanityInAnarchy]

(Hell, there is even ipchains on LINUX, but haven't used them myself AND PACKET FILTERING

Once again, you don't know what you're talking about. (ipchains IS packet filtering, and advanced mangling and routing and such. However, no one has used ipchains since the 2.2 kernel, probably five years ago or more -- we use iptables now.)

Also, iptables without something more (probably SELinux) is incapable of blocking based on user or application. It only operates on packets and hosts. So I could block my entire box from accessing the Internet, but it would take a much more complex policy to block a single sandboxed app.

Do you, OR don't you? Make up your mind man... I strongly suggest that IF you do? Learn it then.

No need. My other post explains why there's no need.

If I start to make a habit of downloading random executables from the Internet and running them with some sort of limited access, then I might put some effort into learning it. But until then, it makes life a lot simpler not having to deal with it.

by making calls to chroot again from itself running under a superuser/root's user context.

Wow, you really don't know, do you...

If I remember right, chroot itself can only be called by root. The easy way for root to break out again is by doing things like creating device nodes and directly accessing the hard disk, among other things. But none of these are available to non-root users.

Don't "run it as root" (superuser etc.), IF POSSIBLE

It's apparently not possible, at least within that chroot environment.

Install & properly setup SELinux (which it is funny you DON'T have it in place configured for your system & needs, since you are SO CONCERNED ABOUT YOUR SECURITY

Well, I'm concerned about physical security, too. But I live in a small town, so I don't feel the need to have an alarm system.

I also don't own a gun. It's not that I'm opposed to guns, I just don't think I need that amount of security.

Now, if I was in an inner-city neighborhood, then I'd have an entirely different approach. Just as if I was running Windows primarily, and it was a server or some other really juicy target, I'd probably seek out advice like yours -- though maybe from another source -- and implement the tightest security I possibly could.

Hey - I am only asking you take this test, & post a result vs. mine, this is all.

You weren't willing to try my "test" involving a random piece of spam, so why should I take yours?

Yup... You are "YAWGA" (in the spirit of yacc) - "yet another webmaster graphic artist"

I'd like to think that I'm a bit more than that. In fact, I'm not a good graphic artist at all.

SeLinux unconfigured & in place says it all

Probably not unconfigured. All Ubuntu setups come with default SELinux policies.

You are the one here, ranting on how this test would make you unsecure, yet you don't even HAVE SeLINUX IN PLACE THERE

So under what restrictions did this test run on your system? I bet it "made you insecure" also.

No, I am not - it was part of a "trap" more or less

And you have the nerve to call me dishonest?

I don't think it was a trap at all. I think that, backed into a corner, your only defense is "I lost on purpose!" -- in other words, once I pointed out how insecure chroot alone is (compared to chroot with other forms of security), your only choice was to claim you knew all along, and just wanted to see if I knew.

Funny, I am the "Windows guy" here, NOT the LINUX guy (you are): & I had to point out SPECIFIC techniques & details of them

Re:UNBELIEVABLE EVASIONS (workarounds inside)

"Once again, you don't know what you're talking about." - - by SanityInAnarchy (655584) on Friday August 10, @05:23PM (#20188931)

LOL, you sure about that? It seems, and anyone can read the posts parent to yours, that I am the one suggesting WHAT TO DO HERE, in detail, for YOU... ME: "the newbie" as you called me, lol!

"(ipchains IS packet filtering, and advanced mangling and routing and such. However, no one has used ipchains since the 2.2 kernel, probably five years ago or more -- we use iptables now.)" - by SanityInAnarchy (655584) on Friday August 10, @05:23PM (#20188931)

Uhm, lol... that IS EXACTLY WHAT I MEANT!

(&, that packet filtering is built into the kernel of LINUX).

Can't you read?

I.E. -> You can do it "old school" via ipchains, or via iptables (of which I mention BOTH TOOLS here first mind you because of your complaints & THEY WORK to overcome your objections), & IT WOULD WORK FOR YOU (why is it I have to tell you constantly, what it is you need to do so secure your rig?) IN STOPPING CIS TOOL FROM "broadcasting any spam" (which it does not).

"Also, iptables without something more (probably SELinux) is incapable of blocking based on user or application. It only operates on packets and hosts. So I could block my entire box from accessing the Internet, but it would take a much more complex policy to block a single sandboxed app." -

Funny - I mentioned that one too, here, first, along with SeLinux/chmod/chroot/chown & layered security in general, before you did... & YOU ADMIT THEY WOULD WORK TO SECURE ANY APP!

SO, that all said? WHY NOT RUN THE CIS TOOL TEST, & POST A VALID RESULT PHOTO (instead of faking it as you insinuated you would!)???

"No need. My other post explains why there's no need." - by SanityInAnarchy (655584) on Friday August 10, @05:23PM (#20188931)

Sure does, lol, where you FIRST stated you did NOT HAVE SELINUX IN PLACE/INSTALLED, here:

----

"When did I say that? No, I don't have it compiled or installed. And since I don't normally run programs I don't trust, I see no reason to compile it and learn its intricacies (and very possibly cripple the rest of my system) just to satisfy your curiosity" - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

O.K., lol... you said that, right, in regards to SELinux being installed & configured on your rig (that you did NOT have it).

(... & later?)

Aha!: Suddenly, you pull a rabbit out of your A$$, & miraculously have it (lol)... but, it's not configured properly though?

Hey - those are YOUR WORDS burying you, not mine!

Here are some more:

"Wow, you really don't know, do you..." - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

OMG, lmao... yes, actually, I DO, & here goes:

"If I remember right, chroot itself can only be called by root. The easy way for root to break out again is by doing things like creating device nodes and directly accessing the hard disk, among other things. But none of these are available to non-root users." - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

Right - SO, if you run this program as your root/superuser (which I recommended against doing for you no less, as 1 of 3 things to overcome your objections) & it lets you... do it!

And, why did I say that? Because of your user context last post, running it as administrator/superuser/root... lol, why are you restating what I did and saying I was wrong (again) for?

Do you have dyslexia? IT seems it... lol!

(I will take back that "lol", if you do though)

"Specifically -- if the app creates something world-writable, even if I then chmod it later, it has been world-writable for some amount of time, during which something else in the system may have written to it." - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

Re:UNBELIEVABLE EVASIONS (workarounds inside)

[SanityInAnarchy]

So, you check it, AFTER you CHMOD it/chroot it/chown it & SeLinux secure it, for layered security IF needed!

Yes, because of course I'd know exactly what size a file should be the instant it's created.

The first can tell you a file's size & see if it has been altered by size, or date/time stamps, for example...

You do know date/time stamps can be modified, right? Manually set? You can also modify a file and avoid using these...

Or are you completely clueless?

Or -- don't tell me -- this was another "trap" for me?

checksumming's another way IF needed

Yes, good point. So please tell me where I can find checksums for this app? I can't even find a checksum for the installer.

you can't even

I know it's hard, but please try to understand the difference between can't and won't.

Re:UNBELIEVABLE EVASIONS (workarounds inside)

"You do know date/time stamps can be modified, right? Manually set? You can also modify a file and avoid using these... Or are you completely clueless?" - by SanityInAnarchy (655584) on Saturday August 11, @02:43PM (#20196971)

Give me a break, lol: I had to point out chroot/chmod/chown to you as native *NIX tools to use... yea, "TOUCH" can do that on a *NIX rig... I knew that, but it is a possible test of file validity (along with checksums/crc32, size, time & date, etc.).

About clueless?

Hey - aren't you the one who:

1.) Felt the multiplatform test of security CIS TOOL, by the center for internet security, was 'malware'? Funny, SANS & COMPUTERWORLD showed otherwise... so much for that.

2.) Didn't you state what I stated about "race condiritions" was false also?? Please - quote what I said, & show what is wrong with it... thanks & GOOD LUCK (You will need it on that account).

3.) Didn't you state that your Ubuntu distro did not have SeLinux in place & later, you said it did???

4.) Didn't you ask me to show you an example of apps being able to use "privelege escalation, via impersonation analogs on *NIX & buffer overflows" to have an app escape a chroot jail via those machinations, & I provided you the info. to look for?? Here is a specific one:

http://www.novell.com/linux/security/advisories/20 03_014_lprold.html

(You felt it could not be done, UNLESS done via the web... I am showing you differently, as per usual in this exchange!)

Please - Don't call others names, especially that one, until you are correct about things, because you have made some BIG blunders here in your trollish method of attempted escape & lessening the value of this fair, multiplatform test noted by SANS called CIS TOOL, & YOU CANNOT BEAT THE SCORE ON A *NIX OF YOUR CHOICE I OBTAIN USING A CUSTOM HARDENED BUILD OF WINDOWS SERVER 2003 SP#2, period...

Back up your b.s. @ least - take the test, & let's see if the F.U.D. I see get spread here @ /. of "(Insert *NIX variant here) is more secure & more securable than Windows" type b.s. (put your monies where your mouth is, put up, or shut up!)

APK

P.S.=> How many more of your "failings" here & attempts @ evasion of taking a valid/legit test of security can you try @ this point?

All your objections are overcome, especially the one where you state this program may be malware...

Plus, the fact that native *NIX tools like chmod/chroot/chown exist to "cage apps" (but you now know about privelege escalation via buffer exploits that could 'escape' a chroot jail & even though I recommended NOT running as ROOT, which that CAN easily escape a chroot jail & you KNOW it too? I said to NOT run as root/superuser IF possible)...

The bufferoverflow/privilege escalations prove, also, that chroot jails are NOT complete solid layered security in & of themselves, OR very secure really!

(This is where SeLINUX can help on ALL accounts you noted (sockets level control to layer ontop of IPTables usage (which I first suggested, alongside my first suggesting chmod/chroot/chown & it turns out to NOT be able to control things on an APP basis, but in Windows, using a software firewall like ZoneAlarm? I can do so, easily, via an easy to use Point-N-Click GUI tool), & also filesystem/userrights/ACL-MAC level control of filesystem for security too))...

YOU HOWEVER, refuse to use it, so you are NOT the "right person for the job here", point-blank as I stated before, for the reasons above & because you don't apparently value your security, by setting up SeLinux for this test... & you refuse to learn its "complexities" as you said (poor usability in LINUX tools for that, eh? NOT IN WINDOWS!)... apk

Re:UNBELIEVABLE EVASIONS (workarounds inside)

[SanityInAnarchy]

I knew that, but it is a possible test of file validity

A test that can be defeated more easily than your screenshot. Why did you even mention mtimes, if you knew they could be altered so easily?

(along with checksums/crc32, size, time & date, etc.).

Again, you show either a lack of knowledge, a lack of intelligence, or an unwillingness to really examine the matter.

Simply put: time & date, or ANY datestamp, is easily modified, so we cannot use these. Size and checksums (of which crc32 is only one possible checksum) would work, if I knew what size or checksum to start with. But your program does not come with this information about the files it installs, so I have no way of knowing if they were modified while they were world-writable.

1.) Felt the multiplatform test of security CIS TOOL, by the center for internet security, was 'malware'?

It's really too bad... Scanning ahead, I see some interesting points I'd like to counter directly.

But again, here's a lie from you, so this post stops here, until you learn the difference between "felt that it was" and "knew that it might be".

"RUN, FORREST: RUN!!!" lol... apk

EVERY ONE OF YOUR POINTS/OBJECTIONS, noted below, & COUNTERED!

(Via your own shortcomings/words, & YES, those of LINUX/SeLinux, in useability, especially)

"FORREST" (lol)? Here goes:

"This was meant to be an object lesson for you." - by SanityInAnarchy (655584) on Thursday August 09, @07:14PM (#20176577)

Then, "here endeth the lesson", lol... for YOU (with evidences of that below in the 2 url's posted):

Right here below, because you SanityInAnarchy, can't even setup your system using SELinux(or chmod/chown/chroot + IPTables/IPChains usages) IN LAYERED SECURITY, for securing yourself, evidenced ESPECIALLY with details, here:

http://slashdot.org/comments.pl?sid=264303&cid=201 82847

& here also, vs. your objections in both places, & overcoming them via showing you methods of securing LINUX in layered security methods no less on many levels

(Mainly SELinux layered security control over sockets, folders, files, etc. & via its MAC (mandatory access control based) control of them, layering it in, ontop of std. chroot/chmod/chown + IPTables/IPChains methods in most *NIX's & certainly LINUX with SELinux added for layered security)):

http://slashdot.org/comments.pl?sid=264303&cid=201 80939

Where you tried to apply a SINGLE method of security only & I KNEW YOU WOULD, & I also KNEW & stated what the faults are in it, programmatically via a technique commonly referred to as impersonation (programmatic impersonation & privelege level escalation thereof)!

(That being chroot jails which I had to suggest to you no less as a detail of your 'sandbox', & I KNEW NO LESS HOW THEY ARE BROKEN PROGRAMMATICALLY (via using "impersonation" knowing you'd try only a SINGLE LAYER of security vs. layered no less) & that you'd 'fall into that trap' as I knew you would!)

All that, vs. your only saying "sandbox" no less + other methods of "layered security" (the BEST way) for LINUX I had to suggest to you, to overcome your objections (running from a fair test gauge of online security on a multiplatform test of it no less)?

BAD MOVES, On your part - In name tossing, impersonating me here, insinuating you'd post a fake result image photo, not knowing how to secure your rig vs. nearly ANYTHING no less, & YES, insecure, because of a lack of layered security in place on your LINUX/SeLinux equipped rig.

Nuff said!

Especially when I can show Windows folks how to do a LAYERED SECURITY SETUP, and IN DETAIL via an easy to use & implement 12 step guide here that WORKS for an 84.735/100 score on a multiplatform security test gauge in CIS Tool 1.x (by the center for internet security):

http://forums.techpowerup.com/showthread.php?s=67a 42847a48f0b563e321121355dd438&p=375355#post375355

Well... proof's in the pudding!

I.E.-> I was talking to the WRONG MAN FOR THE JOB in you, in those 1st 2 URL's above (in my being a "windows guy" having to point out what secures what & HOW in a layered security method/pattern, on LINUX no less, from me for you) & especially evidenced by the 1st URL I posted in this reply, above... no doubt about it @ this point.

----

"And your "visual traceroute" won't cover anonymizing proxies" - by SanityInAnarchy (655584) on Thursday August 09, @07:14PM (#20176577)

LOL! Ummmm - when it shows one post coming from USA (mine, & the REAL ME, because I am in the states), & say, another from Brazil, not even a few minutes later?

OH, I think otherwise, lol...

NO administrator worth his salt would be fooled by THAT first of all!

(but, IP address AND Media Access Control (MAC), in combination

Re:"RUN, FORREST: RUN!!!" lol... apk

[SanityInAnarchy]

can't even setup your system using SELinux(or chmod/chown/chroot + IPTables/IPChains usages)

I simply choose not to.

There's no need for more advanced SELinux than the default policy -- I simply don't let things into my computer which don't need to be there.

You also have no idea how iptables works -- and ipchains hasn't been the default since the 2.2 kernel. Come back when you do. (Short story? There's not an easy way to run untrusted software and deny it access to the Internet, without also denying access to the rest of my system. SELinux may allow for this, but SELinux is a much more complex approach that is simply overkill for the vast majority of systems.)

(That being chroot jails which I had to suggest to you

You really do have an ego trip going, don't you?

I know about chroot jails. I've had to deal with them when setting up Postfix, which ends up chrooting and dropping privileges for some twenty or so processes it runs, leaving an absolutely bare minimum running as root -- or even with access to the mail spool.

For that matter, I used to use Gentoo, which is installed via a chroot "jail" -- a very convenient way of doing it, by the way, as it means you can install from any Linux environment, not just Gentoo's own livecds.

Furthermore, I tried a chroot jail. It didn't work, because your tool doesn't like such a minimal environment. (Or hell, maybe it just had a bad hair day -- not my job to debug it, especially if they give no source code.)

The only reason I didn't start with a chroot jail is that it's a hassle to set one up for a program that isn't designed to run that way.

KNEW & stated what the faults are in it, programmatically via a technique commonly referred to as impersonation (programmatic impersonation & privelege level escalation thereof)!

Where'd you state that they were broken, other than right here?

"Programmatic Impersonation" is a Windows technique, and from a quick glance, it looks to be similar to setuid -- and I have no insecure setuid apps, period, much less in that minimal chroot. Privilege escalation is not an exploit, it's a class of exploit -- that's like saying there might have been a buffer overflow, which is true. But I'm not likely to be vulnerable to either at all, much less inside that chroot jail.

All that, vs. your only saying "sandbox" no less + other methods of "layered security"

I use a sandbox for programs I flatly do NOT trust. "Layered security" makes sense with things like postfix (which I described), but I feel no need to discuss them when they aren't relevant to being able to run your program.

It seems you throw "quotes" around "words" that you don't actually understand, and are just using because they are buzzwords that you read about somewhere.

Especially when I can show Windows folks how to do a LAYERED SECURITY SETUP, and IN DETAIL via an easy to use & implement 12 step guide here that WORKS...

Tell me, what capabilities did your testing program have when you ran it? Can you tell me what entities you had to trust in order to run it, and what capabilities you had to trust them with?

LOL! Ummmm - when it shows one post coming from USA (mine, & the REAL ME, because I am in the states), & say, another from Brazil, not even a few minutes later?

There are anonymizing proxies in the US. There are also people who surf Slashdot from Tor, using completely random IP addresses. I'm not one of them, but it's certainly possible.

NO administrator worth his salt would be fooled by THAT first of all!

Once again: Do you actually think the admins are getting involved? Do you actually think Zonk or CmdrTaco are going to come to your rescue and prove which post is yours and which isn't?

Re:"RUN, FORREST: RUN!!!" lol... apk

"I simply choose not to. There's no need for more advanced SELinux than the default policy -- I simply don't let things into my computer which don't need to be there." - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

LOL, I thought you said you did not have SeLinux in place, & did not want to learn its complexities here:

----

EVIDENCE:

"When did I say that? No, I don't have it compiled or installed. And since I don't normally run programs I don't trust, I see no reason to compile it and learn its intricacies (and very possibly cripple the rest of my system) just to satisfy your curiosity" - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

----

?

So, what is it? Ah, suddenly?? HE HAS SeLINUX in place, it's "just not configured right"... ok, same with me having to suggest chroot/chmod/chown & IPTables or IPChains for packet filtering (a feature that LINUX's kernel has built in, no less) to overcome your objections here.

Man... You EVEN ADMITTED those tools allow for the overcaming of your "objections" - yet you refuse to post a screenshot of your test score on a MULTIPLATFORM TEST FOR ONLINE SECURITY, in a "Windows vs. SeLINUX shootout"... gee, I wonder why?

Maybe, because you are NOT SECURE ENOUGH & DO NOT UNDERSTAND SeLINUX Fully, which you admitted also? Maybe because WITHOUT IT, you cannot score higher than 84.735/100 on a multiplatform test for online security??

Yea... I think (KNOW) so!

ALL OF YOUR OBJECTIONS WERE OVERCOME, you HAVE THE TOOLS FOR THIS... why not test?

(Dude, I KNOW why - you can't beat my score of 84.735/100 on this test, on your SELinux rig, is why... and we ALL know it!)

"Run, Forrest: RUN!!!"

"You also have no idea how iptables works -- and ipchains hasn't been the default since the 2.2 kernel. Come back when you do. (Short story? There's not an easy way to run untrusted software and deny it access to the Internet, without also denying access to the rest of my system. SELinux may allow for this, but SELinux is a much more complex approach that is simply overkill for the vast majority of systems.)" - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

Funny - with windows? You run a firewall like ZoneAlarm, you HAVE APPLICATION LEVEL CONTROL... via an easy point & click GUI interface no less!

SeLINUX has SOCKETS LEVEL CONTROL - use it! Whatever ports/sockets this tool uses? MONITOR FOR IT, & CUT THEM OFF, via this method (or, a tool that does so on LINUX, like ipchains &/or iptables, which I had to bring up here to overcome your objections, alongside chmod/chroot/chown AND SeLINUX!)

" pointed out a security flaw in it, which took TWO ATTEMPTS before you even understood what it was -- and I still doubt it; you haven't addressed the race condition. I wonder if you know what a race condition is." - by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

Which one did the tools I MENTIONED HERE FIRST, not overcome?

ON Race conditions??

I know what they are, & thank God, I don't code them! See this app here in fact (best in the business for what it does, & it's MINE):

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

SCREENSHOT:

http://www.techpowerup.com/downloads/screenshots/3 89.jpg

(I have though, only a couple times, when two-N threads try requests for the SAME resources (data), & that type of design "fine grained multithreading" is a LOT tougher & finding problems that fit it properly are rare as well).

I.E.-> I generally do "coarse multithreading" in apps (working on TOTALLY diff. dat

Re:"RUN, FORREST: RUN!!!" lol... apk

[SanityInAnarchy]

This one's not worth replying to, because you open with such a blatant misunderstanding. A deliberate one?

I simply choose not to. There's no need for more advanced SELinux than the default policy -- I simply don't let things into my computer which don't need to be there.

I thought you said you did not have SeLinux in place, & did not want to learn its complexities here

I did not know I had any kind of SELinux in place, because I had never installed it, and certainly never checked for it. Now I know it comes by default with Ubuntu.

And that is correct -- I do not want to learn its complexities.

There's no contradiction there. You're just trying to find contradictions to "trap" me and make me look bad, rather than address the actual issues I've brought up.

There's no point in bringing them up again if you're just going to pretend not to understand, or evade them again. For example, the race condition. Some of what you say about race conditions is wrong, some of it's good advice, and none of it addresses the race condition in this particular app.

"Safe" my ass.

Re:Very... eloquent evader of a test

[SanityInAnarchy]

Well, if you can do it, I am surprised you won't (suddenly though, those chroot jails don't sound all that secure, along with Linux's native security though)...

They can only be broken out of by root, which is why I won't run this program as root, even chroot'ed.

LOL... I am not the one talking about faking a result here

No, you're just the one who may have faked it. I wouldn't call something so easily faked "proof", would you?

Think back to my impersonation of you. That's proof you're homosexual, right?

Oh wait -- it's not proof of anything. It was faked.

(and, if my photograph was a fake, why wouldn't I just post a 100/100 score?)

To make it more believable.

You're not fooling anybody here with your evasions!

Yes, and how goes that spyware I told you to install?

LOL... read inside, enjoy, lol...

LOL, pretty "pi$$-poor defense", against this:

http://slashdot.org/comments.pl?sid=264303&cid=201 82847

WE REFER YOU, lol, TO YOUR OWN NUMEROUS BLUNDERS ON THIS SUBJECT!

(Albeit, with greater detail, lol, it's needed, for humor's sake)!

APK

P.S.=> Numerous HUGE mistakes, lol... apk

Quit Running "FORREST"... apk

"I did not know I had any kind of SELinux in place, because I had never installed it, and certainly never checked for it. Now I know it comes by default with Ubuntu." - by SanityInAnarchy (655584) on Saturday August 11, @02:56PM (#20197089)

Didn't you state this:

----

"Alright, correction: I do, in fact, have selinux installed. Apparently it comes out of the box on Ubuntu, along with ACLs and all the rest. It's still not something I look forward to learning about, for a single-user system" - by SanityInAnarchy (655584) on Friday August 10, @12:52AM (#20178969)

http://slashdot.org/comments.pl?sid=264303&cid=201 78969

----

AND LATER, THIS:

----

"When did I say that? No, I don't have it compiled or installed. And since I don't normally run programs I don't trust, I see no reason to compile it and learn its intricacies (and very possibly cripple the rest of my system) just to satisfy your curiosity" - by SanityInAnarchy (655584) on Thursday August 09, @10:34PM (#20178127)

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20178127

----

?

That's not contradicting yourself? That's not 'changing horses in midstream'??

Hmmmm... sure looks like it is to myself @ least, lol!

"And that is correct -- I do not want to learn its complexities." - by SanityInAnarchy (655584) on Saturday August 11, @02:56PM (#20197089)

Then, you will continue to be less secure than you possibly CAN be... by NOT using "layered security" & then falling into the trap you already have, depending on chmod, only... chroot/chmod/chown are NOT ENOUGH!

SeLinux usage also would give you more ontop of THAT!

SeLinux gives you more than IPChains &/or IPTables work for control of "things internet" too (AND THERE ARE DIFF.'s between those as well, mind you, per proof below, despite what you stated earlier as well) because SeLINUX kernel hook addons to LINUX give you SOCKETS LEVEL CONTROL also, for layered security ontop of IPTables &/or IPChains usage, just like it gives you layered security over chmod/chroot/chown usage @ the filesystems userrights level!

Here, take a read:

FOR YOUR REFERENCE, THINGS THAT ARE DIFFERENT IN IPCHAINS vs. IPTABLES in LINUX:

http://tldp.org/HOWTO/IP-Masquerade-HOWTO/iptables -vs-ipchains-vs-ipfwadm.html

(That way, you will be better informed on THAT ACCOUNT, as well)

Pretty funny me the "Windows Person here", has to show YOU, the "LINUX person" those differences, & what SELinux GIVES YOU, that overcame all of your objections (ontop of my having to point out to use chroot/chmod/chown as the tools & details to use for layered MAC/ACL type filesystem security control as well).

"There's no contradiction there. You're just trying to find contradictions to "trap" me and make me look bad, rather than address the actual issues I've brought up." - by SanityInAnarchy (655584) on Saturday August 11, @02:56PM (#20197089)

I BEG TO DIFFER (quite the contradiction IS present, & in your OWN words no less)... YOU TRAPPED YOURSELF!

By the way? I addressed EACH OF YOUR OBJECTIONS POINTS, here (point by point, quoting them):

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&cid=20185057

"There's no point in bringing them up again if you're just going to pretend not to understand, or evade them again. For example, the race

Enough lies

[SanityInAnarchy]

Deliberate or not, I'm tired of these mistruths from you:

Didn't you state this:

Yes, I did say that.

AND LATER, THIS:

No, that was earlier. You're the one who brought up modification times, though they're insufficient. Go ahead and look at the post times on those. Here's the timestamp from the first one you quoted:

SanityInAnarchy (655584) on Friday August 10, @12:52AM

And here's the second:

SanityInAnarchy (655584) on Thursday August 09, @10:34PM

I'm not even looking up the quotes -- by your own admission (you copied and pasted those timestamps into your own post), the second one, which you claim was "later" than the first, is actually earlier by at least three hours.

Re:Enough lies (tell me about it - stop already!)

Does it matter WHEN you said it? You SAID IT!

LOL - first you didn't have SeLINUX in place, & then later, you did... sure looks like a contradiction to me, OR that you don't even know your distro's capabilities + init. setup either...

After all - YOU ASKED FOR WHERE YOU CONTRADICTED YOURSELF, didn't you, OR you said you never contradicted yourself, & yet? You clearly did!

NOW, above ALL else?

Didn't you TRY to evade taking CIS Tool as a test, period, saying it is "malware" etc., more-OR-less? Well, "new NEWS":

SANS & COMPUTERWORLD EVEN NOTE THE MULTIPLATFORM CIS TOOLS' USES FOR SECURITY!

(Reputable sources for security & computer stuff, wouldn't you say, as they are often referred to in /. articles?)

COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:

http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)

http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

APK

P.S.=> Your initial argument is shot, it's NOT "rogueware/malware" of ANY kind apparently, yes?

And, hey: "More New NEWS" - Other folks from the *NIX world as shown as trying it, in a FreeBSD guy in my post parent to yours @ its termination as well!

( ... & all your other objections were overcome by tools present in the *NIX realm natively like chroot/chmod/chown which I pointed out no less)

Though, how WELL they work? Questionable, by ALL means now @ this point! NOT in favor of *NIX there, wouldn't you say?? An extremely penetrable defense...

(E.G./I.E.-> Chroot jails via impersonation methods in code don't sound that impervious, w/ out SeLinux in place as layered security over them (for BOTH sockets &/or filesystem control via MAC, which YOU refuse to run, & thus? You are NOT as secure as I'd like to see in a setup vs. my score on this multiplatform gauge of security, especially online today! I said it before here, early on, & I'll say it again - You're the wrong person for this job in this case because of that, mainly. I'd like to see a seriously hardened for security *NIX rig user, take this test, & to see a screenshot of their score))... apk

Re:Enough lies (tell me about it - stop already!)

[SanityInAnarchy]

Does it matter WHEN you said it? You SAID IT!

It does matter when you say "AND LATER THIS", in caps, as if it does matter.

After all - YOU ASKED FOR WHERE YOU CONTRADICTED YOURSELF

Do you understand what it means to contradict ones self?

I said one thing, which was not true -- it was a mistake, and also quite a ways back in the discussion.

I then discovered that it was not true, and corrected myself. (That's why the second post was later -- between the two posts, I discovered I was wrong.) But rather than you saying I should get modded up for being so honest, this time, you bashed me for contradicting myself. I didn't.

Didn't you TRY to evade taking CIS Tool as a test, period, saying it is "malware" etc., more-OR-less?

"Evade" is simply not true here. I chose not to take it. Were it a completely bulletproof test, ridiculously easy to take, and verified by God himself that it would not harm my computer, I might still choose not to take it.

But you insisted on a reason, so I gave you some.

It's a bit like saying "Here, have a smoke." If I say "no", that should be enough. If you want reasons, I can say "Because my lung capacity will drop like a rock, because they'll eventually kill me, because it doesn't even taste that good, and because I already get a high from caffeine." But the reasons are irrelevant -- they're just to get you to shut the hell up and go away.

They are not "evasions".

As for malware? I said it could be malware, which you must admit is true -- it is possible -- unless you have analyzed every single byte of its bytecode yourself.

SANS & COMPUTERWORLD

Why should I trust them any more than I trust CIS?

It's a basic concept you seem to be missing -- security starts by assuming no trust at all. You then trust the absolute minimum number of entities that you reasonably can in order to get the job done. You do this because trust is a weakness -- every act of trust, in security, is a potential avenue of attack.

In fact, that's pretty close to the definition of the word "trust" as used in security: The act of "trusting" an entity means I am granting that entity the ability to compromise me in some way.

Your initial argument is shot, it's NOT "rogueware/malware" of ANY kind apparently, yes?

I've got absolutely no evidence from any entity I trust that it's not.

It may be perfectly reasonable for me to trust the sources you give, but why should I if I don't have to?

I still don't have a single good reason for running your program in the first place, other than to get you to shut up.

Other folks from the *NIX world as shown as trying it, in a FreeBSD guy in my post parent to yours @ its termination as well!

In that same link, someone is quoted as saying: "I tried it some weeks ago on 5.3-RC1. It's a good tool to use as a checklist but don't use the score to rank your systems."

As for the "proof", there's even less here than your screenshot -- someone simply posted their score, in plaintext. But let's forget that for a moment...

Once again, you're assuming I refuse to take the test because I'm afraid of getting a bad score. I don't believe the scores it gives are particularly meaningful, except measured against the same system -- as he said, he started at 5.88 and increased his score to 8.0.

THAT is a fair comparison -- assuming the tool measures things that are worth measuring, an 8.0 on BSD is better than a 5.88 on BSD. But that's not an indicator that 8.0 on BSD is better or worse than whatever score you got on Windows.

Chroot jails via impersonation methods in code don't sound that impervious, w/ out SeLinux in place as layered security over them (for BOTH sockets &/or filesystem control

Kindly giv

Re:Enough lies (tell me about it - stop already!)

First off & bottom-line:

You're the WRONG KIND OF PERSON I WANT TO RUN THIS TEST, as you don't & WON'T use SeLinux + tune it for MAXIMUM security possible on your end!

(Thus, imo? You don't really value your security setup enough, because you don't use "layered security" to even want me to see your score (which I'd almost wager would be less than mine has been shown to be, on a Windows based system no less!))

Once again, you're assuming I refuse to take the test because I'm afraid of getting a bad score." - by SanityInAnarchy (655584) on Monday August 13, @12:45AM (#20208459)

I am, absolutely, for those reasons YOU state yourself: Pretty simple!

(I say this, because it is some of the BIGGEST B.S. I HAVE EVER HEARD, & A COP OUT... plain & simple, thinking the multiplatform CIS TOOL security test is malware or your trying to SAY it is. SANS.ORG is pretty respected & often cited here @ /. & THEY even note it is a legit program!)

APK

P.S.=> By the way:

"Kindly give me an example of how a non-root user can break out of a chroot jail" - by SanityInAnarchy (655584) on Monday August 13, @12:45AM (#20208459)

Look up "impersonation" or "programmatic impersonation" alongside "buffer overflow" online:

GOOGLE THIS -> "buffer overflow" and "impersonation"

(... & understand the idea/technique + mechanisms used, & you'll see how a chroot can be broken out of, because even IF you don't run as root & spawn this process as ROOT user context? It can privelege escalate ITSELF, via impersonations & this is not, afaik, restricted to Windows (why you pursue this, I don't know - don't run as ROOT/SUPERUSER if possible, & I recommended that))!

ANYHOW - 1 possible way, programs CAN find buffer overflows in apps too, mind you, that allow for this possibility (EVEN IF AN APP IS NOT RUN BY THE ROOT/SUPERUSER)... ok?

Verify it, you'll it is is TRUE, & possible! apk

Re:Enough lies (tell me about it - stop already!)

[SanityInAnarchy]

thinking the multiplatform CIS TOOL security test is malware

Please stop putting words in my mouth.

I said that it could be malware. I don't think it is, and I don't think it isn't. I simply have no reason to believe anything about it, one way or the other.

That's one blatant misconstruction here, so I'm ignoring the rest of your post. You know the drill.

Re:Enough lies (tell me about it - stop already!)

"Please stop putting words in my mouth." - by SanityInAnarchy (655584) on Monday August 13, @02:31AM (#20208971)

LOL - You're one to talk!

NOW, since you said I said it wrong -> What is it about "race conditions" that I had wrong, per what I had stated in regards to them??

QUOTE WHAT I SAID, WHERE I SAID IT, & WHAT WAS INCORRECT ABOUT IT... This, I have to see.

APK

P.S.=> "I said that it could be malware." - by SanityInAnarchy (655584) on Monday August 13, @02:31AM (#20208971)

That's nice: However? SANS & COMPUTERWORLD think it's legitimate enough & for GOOD purposes... I wonder who's the more credible - they, vs. you?? apk

Re:Enough lies (tell me about it - stop already!)

[SanityInAnarchy]

QUOTE WHAT I SAID, WHERE I SAID IT, & WHAT WAS INCORRECT ABOUT IT...

I already did that, simply and plainly, in the grandparent to this.

You keep saying that I "think it's malware" or I "said it's malware", which is not true. I said it could be malware.

If you can't understand that distinction, it's a wonder anyone trusts you with their security.

I wonder who's the more credible - they, vs. you??

They are claiming to know something. I am not.

It's not a question of credibility. Anyone can verify that something might be malware through a simple process of logic. It takes trust (blind faith?) to believe that something is not.

Why won't U answer these questions? Your mistakes

"But again, here's a lie from you, so this post stops here, until you learn the difference between "felt that it was" and "knew that it might be"." - by SanityInAnarchy (655584) on Monday August 13, @04:20PM (#20216233)

A lie? No lie @ all... you just do NOT want to face up to your inadequacies & mistakes here is all, of:

1.) Didn't you state what I stated about "race condiritions" was false also?? Please - quote what I said, & show what is wrong with it... thanks & GOOD LUCK (You will need it on that account).

2.) Didn't you state that your Ubuntu distro did not have SeLinux in place & later, you said it did???

3.) Didn't you ask me to show you an example of apps being able to use "privelege escalation, via impersonation analogs on *NIX & buffer overflows" to have an app escape a chroot jail via those machinations, & I provided you the info. to look for?? Here is a specific one:

http://www.novell.com/linux/security/advisories/20 03_014_lprold.html [novell.com]

(You felt it could not be done, UNLESS done via the web... I am showing you differently, as per usual in this exchange!)

4) AND YES - YOU Felt the multiplatform test of security CIS TOOL, by the center for internet security, might be 'malware'?

(Funny - SANS & COMPUTERWORLD showed otherwise)...

So much for that, & it was YOUR MAIN DEFENSE IN AVOIDING TAKING THIS TEST! So much for all of your b.s. really!)

APK

ANSWER THESE QUESTIONS, quit avoiding them

Answer these (quit the partial quoting too, you are using my quotes in partials only, not finishing them (you are WEAK & LAME because of that)):

----

1.) Didn't you ask me to show you an example of apps being able to use "privelege escalation, via impersonation analogs on *NIX & buffer overflows" to have an app escape a chroot jail, EVEN IF YOU DID NOT RUN IT UNDER ROOT/SUPERUSER PRIVELEGE CONTEXTS (which I did recommend against & to run it as non-root IF POSSIBLE) via those machinations, & I provided you the info. to look for??

Here is a specific one:

http://www.novell.com/linux/security/advisories/20 03_014_lprold.html

(You felt it could not be done, UNLESS done via the web... I am showing you differently, as per usual in this exchange!)

----

2.) Didn't you state that your Ubuntu distro did not have SeLinux in place & later, you said it did???

Ha - YOU DON'T EVEN KNOW THE CAPABILITIES & FEATURES OF THE LINUX DISTRO YOU USE!

(& your refusal to use SeLinux as layered security over IPTables (since SeLinux has SOCKETS CONTROL) & also your refusal to learn & use SeLinux as ayered security over chmod/chown/chroot for additional security control @ the filesystem + userrights levels (which I had to mention the specifics on here no less, NOT YOURSELF)? You are NOT A PERSON I WOULD TEST AGAINST ANYHOW, because you don't use layered security, period! It would be TOO EASY to win vs. your setup I suspect @ this point & I think YOU KNOW IT!)

----

3.) Didn't you state what I stated about "race conditions" was false also??

Please - quote what I said, & show what is wrong with it, specifics... & GOOD LUCK (You will need it on that account).

----

"You keep saying that I "think it's malware" or I "said it's malware", which is not true. I said it could be malware." - by SanityInAnarchy (655584) on Monday August 13, @04:44PM (#20216543)

AND, especially THIS one, answer it:

4.) Didn't you state the multiplatform test of security CIS TOOL, by the center for internet security, might be 'malware'?

(Funny, SANS & COMPUTERWORLD showed otherwise - I trust them before I trust you, & I am certain others consider SANS especially more of an authority on security than yourself as well!)

----

No, it's clear that YOUR motivations here now are to either:

A.) STALL, to TRY to learn to use SeLinux capabilities PROPERLY... & thus, to try to reinforce your system up to a score that is higher than mine of 84.735/100 on the multiplatform CIS TOOL test for security!

OR

B.) I'd almost wager you found you cannot exceed my score on CIS TOOL's multiplatform testing (& are trying to avoid taking this test, lol, with PURE B.S. REASONS!)...

APK

P.S.=> So much for that & the rest of your b.s. (answer these questions, quit avoiding them... I know WHY you do though - they show your arguments to be QUITE inadequate & you are unwilling to face your mistakes, period!)...

All this 'playing around' on your end is NOT putting up a score that is better than mine of 84.735/100 on a legitimate test of security that is multiplatform (runs on *NIX's & Win32 platforms) called CIS Tool, which is noted by SANS + COMPUTERWORLD as a legitimate test of security... my guess is you ran it OUT of a chroot jail, put up a much lower score than mine, & are scrambling/stallng to try to get time to TRY TO PASS IT.

Good luck, lol...

AND, above all else?

CIS Tool is NOT a malware like you said it might be!

(Thus, your main defense to avoid putting up a score less than my own of 84.735/100 with myself scoring that on Windows Server 2003 on the multiplatform CIS TOOL, while you run your *NIX not NEARLY AS SECURE AS IT CAN BE, because you avoid using SeLinux OR le

Re:ANSWER THESE QUESTIONS, quit avoiding them

[SanityInAnarchy]

Answer these (quit the partial quoting too, you are using my quotes in partials only, not finishing them (you are WEAK & LAME because of that))

Oh noes! I'm weak and lame!

Everywhere I've quoted you, I've quoted either enough to get the spirit of what you said, or enough to demonstrate the fallacy of it.

Or would you rather I copy and paste the entire thing? The "parent" link is available to both of us. (Do you really think anyone else is reading this thread?)

1.) Didn't you ask me to show you an example of apps being able to use "privelege escalation, via impersonation analogs on *NIX & buffer overflows" to have an app escape a chroot jail

The specific example you cite is not relevant to my chroot jail. There is, in fact, no reason I can think of why I'd give your security tool access to my printer.

Yes, it is theoretically possible that a buffer overflow could be found. It's also possible that a flaw could be found in SELinux itself. Right now, there are no such known vulnerabilities in either SELinux or in the software which was available inside the chroot.

(You felt it could not be done, UNLESS done via the web... I am showing you differently, as per usual in this exchange!)

Quote me. I cannot remember saying that.

While you're at it, dig up one example of you showing me something that I did not know before. (SELinux in Ubuntu does not count, I discovered that on my own.)

2.) Didn't you state that your Ubuntu distro did not have SeLinux in place & later, you said it did???

Yes, I learned something. If you bring it up again, I'm going to simply not reply.

Learning something is a good thing, but from what I've seen in this thread, you're incapable of it.

Ha - YOU DON'T EVEN KNOW THE CAPABILITIES & FEATURES OF THE LINUX DISTRO YOU USE!

If I knew every single feature of the software I use, I wouldn't be on Slashdot. I'd be single-handedly writing a new system, because I'd be a fucking genius. I'd be a god.

Here's one for you: Do you know that it's possible to run an NTFS filesystem with journalling disabled? GUESS YOU DON'T KNOW EVERYTHING THERE IS TO KNOW ABOUT WINDOWS!!!

Oh, by the way -- capslock is lame.

3.) Didn't you state what I stated about "race conditions" was false also?? Please - quote what I said, & show what is wrong with it, specifics... & GOOD LUCK (You will need it on that account).

You first. Where, specifically, did I say that what you said about race conditions was false?

"You keep saying that I "think it's malware" or I "said it's malware", which is not true. I said it could be malware."

Yes, I said that. You still haven't addressed it -- and you continue to construe my position as being that this tool is malware, which is not true.

It's a fine point, but a very important one, and it's infuriating that you keep getting it wrong.

So finally, for once, you've gotten it right:

4.) Didn't you state the multiplatform test of security CIS TOOL, by the center for internet security, might be 'malware'?

Yes. Emphasis on "might be".

Please look up agnosticism.

(Funny, SANS & COMPUTERWORLD showed otherwise - I trust them before I trust you, & I am certain others consider SANS especially more of an authority on security than yourself as well!)

Well, let's start with ComputerWorld. They are doing truly fair and balanced reporting. Nowhere in here is a recommendation. Most of those statements aren't even by ComputerWorld, they are quoting someone else -- like, say, the president

Re:ANSWER THESE QUESTIONS, quit avoiding them

SanityInAnarchy,

Anyone reading this exchange like myself is aware of that fact that you make large mistakes on technical issues at this point. Ones such as you not knowing about buffer overflow exploits allowing privelege escalation even if a program is not run as root superuser logon entity or otherwise even, & that is noted here:

http://slashdot.org/comments.pl?sid=264303&cid=202 19401

I note you completely avoid answering that person's questions, like his 3rd one, for example. You said this:

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20188339

"you haven't addressed the race condition. I wonder if you know what a race
condition is." by SanityInAnarchy (655584) It seems to myself he does, and put you in your place with his reply in regards to that.

Your technical mistakes are 1 thing noted above, but also now including your main objection that cis tool is somekind of malware. Cis tool is not malware per sans and computerworld noting it and your statement that it might be a malware of somekind is pure hogwash! If cis tool is anything it is what the posters here called it in anti-malware, because of what it does, and I will state that below in reply to this quote of yourself:

"And what's the gain? None at all." by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879) Simple (if you would install and run it, but I like others reading here suspect you have and did poorly on it, so poorly, you won't post a valid unfaked photo, which you also insinuated you could do): Cis tool actually helps you secure yourself by suggestions it makes to help you secure yourself based on best practices for any OS platform it is run on.

You have made the linux community here appear badly in your spin master tactics, word games, and technical errors noted in the url above. I must agree, that You are not the right man for the job here in representing other *nix users on this test!

Mainly because your system does not use layered security via selinux being configured and understood by yourself (which you were not even aware your distro had already in place and that you refuse to learn about per your own words in that regard) in combination with iptables, and selinux in combination with chmod-chown-chroot usage, for layered security at both a sockets/ip level, as well as filesystem + user rights level.

Re:ANSWER THESE QUESTIONS, quit avoiding them

"The specific example you cite is not relevant to my chroot jail. There is, in fact, no reason I can think of why I'd give your security tool access to my printer." - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

You're missing the point, it is an example of buffer overflow exploitation, to use it for privelege escalation (via programmatic impersonation, like Su/SuDo can do) to raise userrights to the levels of ROOT (or possibly, better).

"Yes, it is theoretically possible that a buffer overflow could be found. It's also possible that a flaw could be found in SELinux itself. Right now, there are no such known vulnerabilities in either SELinux or in the software which was available inside the chroot." - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

Yes it is possible, but... You're missing the POINT, mainly of the mechanics involved:

E.G.-> If there is a buffer overflow in the APP ITSELF (not chroot, or SeLinux)? It can be exploited to perform privelege escalation, & impersonate ROOT (or possibly better, IF it exists), to do anything that ROOT can do (which is call chroot directly, OR the api's chroot uses to escape it)... EVEN IF YOU DO NOT RUN THE VULNERABLE APP AS "ROOT"/SuperUser!

----

"You first. Where, specifically, did I say that what you said about race conditions was false?" - by SanityInAnarchy (655584) on Monday August 13, @09:26PM (#20219879)

Here:

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&cid=20188339

"I wonder if you know what a race condition is."by SanityInAnarchy (655584) on Friday August 10, @04:46PM (#20188339)

And, here was my reply to you:

http://slashdot.org/comments.pl?sid=264303&thresho ld=-1&commentsort=0&mode=thread&cid=20190031

****

"ON Race conditions??

I know what they are, & thank God, I don't code them! See this app here in fact (best in the business for what it does, & it's MINE):

APK REGISTRY CLEANING ENGINE 2002++ SR-7:

http://www.techpowerup.com/downloads/389/foowhatev ermakesgooglehappy.html

SCREENSHOT:

http://www.techpowerup.com/downloads/screenshots/3 89.jpg

(I have though, only a couple times, when two-N threads try requests for the SAME resources (data), & that type of design "fine grained multithreading" is a LOT tougher & finding problems that fit it properly are rare as well).

I.E.-> I generally do "coarse multithreading" in apps (working on TOTALLY diff. data in threads, like e.g.-> Updating the application interface with a child thread, while running a loop in the parent thread)... code multithread design this way? You don't HIT race conditions!"

****

UHM - what EXACTLY is wrong in my reply regarding multithreaded programming methods I use & what race conditions are? See, I actually DO THIS FOR A LIVING (code & admin networks)... do you?

----

"Irrelevant. It is NOT an apples-to-apples comparison. Getting as high a score as possible isn't even the goal -- from the FAQ:

When I run the system testing tool, should all of my systems score a perfect "10"? No. Different sites will have different operational requirements, and may choose to leave certain services running or choose not to configure certain security-related parameters. The benchmark documents merely give sites information to make informed decisions about certain availa

Re:ANSWER THESE QUESTIONS, quit avoiding them

[SanityInAnarchy]

If there is a buffer overflow in the APP ITSELF (not chroot, or SeLinux)?

Has to be an app which is already allowed to be run as root, yet initiated by a user. In other words, something with the setuid bit set.

I did make pretty certain there wasn't anything in that chroot that didn't have to be there, so basically, your argument is that sudo or su might have a vulnerability in it. The chroot is gone now, so I can't verify it, but I seriously doubt there's anything else there set as setuid root.

"I wonder if you know what a race condition is."

I said this because you didn't seem to understand the problem, which was: Unless I completely isolated the app such that it could not write to anywhere that anything else can read (chroot helps here), it's possible for the app to create files that are writable by other users. Your solution, to "chmod", has an obvious race condition in that between the app creating those files and either it or me reading them -- or me chmod'ing them to no longer be world-writable -- they could be modified by something else.

You see, on a multi-user system, race conditions aren't limited to databases or to thread management. They can occur between programs or between users; it can be a flaw in how you access the filesystem itself.

In fact, the default installation method of this program, as far as I can see, is to run as root on the "main" system to be tested, making this even more dangerous -- it now becomes a potential target itself for privilege escalation, and it doesn't necessarily need a buffer overflow.

You suggested checksums, mtimes, etc, and I believe you then crowed about how you knew they existed and I didn't. Yet again, your claims to know more about my system than I do fall short -- I know about checksums. In fact, I asked, very early on, where I could find a checksum for this program, so I know it hasn't been modified since I downloaded it from CIS? (Or even in-transit from CIS, given it's plaintext HTTP anyway.) But I can't even find that, let alone a checksum for the individual files that are unpacked.

See, I actually DO THIS FOR A LIVING (code & admin networks)... do you?

Yes.

AND, how exactly does that show the tests are not scored the same on the same analogous areas in both Windows NT-based OS', & those of *NIX nature?

It doesn't. However, there are not always even analogous areas.

But even if it were completely accurate in the way in which you say, having a high score doesn't necessarily mean you have better security, because of the relative and economic nature of security. In fact, here's another quote from the SANS link you included -- it works now:

enterprises have to beware of using lots of one-off tools. Using one configuration checker for Windows, another for Linux, another for Macintosh, etc - not a good idea in the long run.

And another quote:

Every time it runs it feeds the results to a central database where the data cane be fed right into vulnerability management systems.

Sounds like spyware to me.

NO, it's not: BUT, YOU POSTED IT AS "BROKEN"

Check it back in your original quote. Maybe it's changed now, but when I clicked it there, I got taken to the URL which I pasted into my comment.

Given that it actually supports my position -- that at best, it's a useful tool, but still not a be-all and end-all, and it does send information about my system to a central database -- I can't see why I'd want to deliberately avoid that link. Thanks for posting a good URL this time, then!

SANS & COMPUTERWORLD NOTE THIS PROGRAM IS NOT MALWARE

You may have admined, but you cannot have been very involved in the security community if you believe that's sufficient, even if

Re:ANSWER THESE QUESTIONS, quit avoiding them

" your argument is that sudo or su might have a vulnerability in it" - by SanityInAnarchy (655584) on Wednesday August 15, @03:09PM (#20240085)

I never said Su/Sudo have vulnerabilities specifically - I pointed out, that ANY APP (any) with a buffer overflow exploit present in it CAN be used for privelege escalation of ITSELF & its userrights/abilities, regardless if it is run under ROOT user rights, or not (by a less priveleged user entity) - if that gets used against it (buffer overflows)? It can set its OWN RIGHTS, or that of the code it runs in the overflowed buffers!

(Please, don't try to put words in my mouth... I was stating @ that point, if a buffer overflow IS PRESENT? An app that gets exploited by one becomes its OWN Su/Sudo... it can be used to raise its OWN privelege level, EVEN IF IT IS NOT RUN AS ROOT/SuperUser by yourself running it... get it??)

"Unless I completely isolated the app such that it could not write to anywhere that anything else can read (chroot helps here), it's possible for the app to create files that are writable by other users. Your solution, to "chmod", has an obvious race condition in that between the app creating those files and either it or me reading them -- or me chmod'ing them to no longer be world-writable -- they could be modified by something else." - by SanityInAnarchy (655584) on Wednesday August 15, @03:09PM (#20240085)

Do you know what "copy on write" functionality is? In a multiuser scenario, in Windows @ least, if a multiuser program has to distribute copies of a single file, it gives EACH USER A COPY OF THE DATA... this is like memory-mapped files too.

"You see, on a multi-user system, race conditions aren't limited to databases or to thread management. They can occur between programs or between users; it can be a flaw in how you access the filesystem itself." - by SanityInAnarchy (655584) on Wednesday August 15, @03:09PM (#20240085)

If I were to place, say, write protect attributes on a file, while it was being written to, no less JUST AS IT IS BEING WRITTEN TO (and I am just applying attribs to it)? It would get its FINAL WRITE COMMMISSION, then the attrib +r (for example), would take.

Tell me, tell us all reading: Are those the cases in *NIX too? Watch yourself, could be a "trick question/trap" again... lol!

"In fact, the default installation method of this program, as far as I can see, is to run as root on the "main" system to be tested, making this even more dangerous -- it now becomes a potential target itself for privilege escalation, and it doesn't necessarily need a buffer overflow." - by SanityInAnarchy (655584) on Wednesday August 15, @03:09PM (#20240085)

The point is/was this, about buffer overflows: Doesn't MATTER if it a program is not run as ROOT/superuser, or NOT run as root/superuser... the buffer overflow can be exploited & the code it can run then is subject to whatever it places on itself and it can use privelege escalation to RUN AT ANY PRIVELEGE LEVELS IT WANTS/NEEDS.

"Also, pretty much all Unix vulnerabilities are discovered by the same people patching them, meaning you can have a 0-day patch. A large number of Windows vulnerabilities are discovered by people who then go exploit them, so you have a 0-day exploit." - by SanityInAnarchy (655584) on Wednesday August 15, @03:09PM (#20240085)

OR, those configuring their systems, improperly, OR not keeping up on patches... today, that just happened to a *NIX setup, & why, it seems along the lines of yourself not using SeLinux (or rather, yourself stating you were unwilling to learn its complexities):

UBUNTU SERVERS HACKED/CRACKED (08/15/2007):

http://it.slashdot.org/it/07/08/15/1341224.shtml

"Or here: Compare Securina's alerts for Windows XP -- unpatched vulnerabilities? Currently 15% out of 188 vulnerabilities, worst one rated Highly Critical! Linux kernel: 129 vulnerabilites, 12% unpat

Re:ANSWER THESE QUESTIONS, quit avoiding them

[SanityInAnarchy]

Either you are coming late to this exchange and reading a lot more than I would have, or you are APK, trying to appear more respectable. I'm assuming the former, benefit of the doubt.

Anyone reading this exchange like myself is aware of that fact that you make large mistakes on technical issues at this point. Ones such as you not knowing about buffer overflow exploits

First, you used completely jargon-y terms when you first brought it up -- "impersonation" or some other bullshit, which had nothing to do with buffer overflows or privilege escalation.

Second, and more importantly: I don't bring up things that I think are irrelevant, even if I know them.

For example, neither of us has brought up keyloggers. OMG YOU MUST NOT KNOW WHAT A KEYLOGGER IS, U NOOB! Or not.

Buffer overflow exploits are irrelevant to a minimal chroot, because there's so little other executable code that a program in a minimal chroot has access to, all of it highly-audited stuff. That's like saying that there might be a buffer overflow in SeLinux itself -- sure, there might be, but it's insanely unlikely.

I note you completely avoid answering that person's questions

You cite an example in which I asked for a specific quote. You quoted what was meant as a taunt...

...and he still hasn't addressed the race condition inherent in that software. It's so simple and obvious that it seemed unlikely he knew what a race condition was. It seems he knows about a few specific varieties of them, but maybe not the one in question.

Your technical mistakes are 1 thing noted above, but also now including your main objection that cis tool is somekind of malware. Cis tool is not malware per sans and computerworld noting it

Yep, sounds like APK.

In at least one of those links, there's a specific reference made to the CIS tool collecting information and sending it back to a central database.

Nowhere in its own readmes or documentation do I see a mention of this.

This is what is generally meant by "spyware" -- it collects personal data (in this case, the state of my system's security) and sends it back to someone else, without my knowledge or consent.

Furthermore, my objection is not that it is malware, although we both now know it's spyware. My objection is that it might be malware, and I don't have sufficient reason to want to trust any additional entity in order to run this software -- even if it meant trusting God Himself.

Cis tool actually helps you secure yourself by suggestions it makes to help you secure yourself based on best practices for any OS platform it is run on.

I can do that by reading about best practices, which would actually help me understand them. CIS provides PDF documents and such for this purpose.

But his purpose was never to help me understand anything, it was only to demand a score -- for what purpose, I don't know. I suspect he'd rather not have the score, because as you can see here, he's built an entire argument around no one being able to beat his score, and that falls apart if anyone can.

You have made the linux community here appear badly in your spin master tactics, word games, and technical errors

I would guess that I am a better man than someone who actively lies. I can point to specific posts if you like. But so far, the only "technical error" is "not knowing about something", when in reality, I simply didn't think it worth mentioning.

You are the only other person to have commented in this thread since the original post -- on which I see perhaps ONE comment by another user -- and the "object lesson" about anonymity.,/p>

But hey, it looks like anonymity helps you here. Here, you can pretend not to be APK. It's actually a lot nicer talking to you, APK or not, because at least here you aren't using "lol" or CAPSLOCK, or copying and pasting your entire argument. You've neatly summed it up, and actually reworded it, which helps.

Re:ANSWER THESE QUESTIONS, quit avoiding them

"Either you are coming late to this exchange and reading a lot more than I would have, or you are APK, trying to appear more respectable. I'm assuming the former, benefit of the doubt." - by SanityInAnarchy (655584) on Thursday August 16, @04:51AM (#20246659)

I am fairly respectable in this field as is, already & for the past decade or so:

WINDOWS NT-Magazine (forerunner of today's .NET magazine) 1997 (iirc, Oct. issue pg. 83) issue review by Mr. John Enck, a technical editor of theirs for SuperCache & SuperDisk by EEC Systems (now SuperSpeed.com - first part was writing up an article featured on their corp. website alongside Mr. Enck no less, about the technical effective uses of Ramdisks, & the latter was on PAID CONTRACT to improve the mathematics & algorithm for tuning their SuperCache product w/ a programmatic addon they shipped w/ their product, & now is incorporated into the main program itself (Mr. Eric Dickman is their CEO iirc, & offered me a job w/ them back in 2003, but life took me to NYC instead of BOSTON) - they ARE A CERTIFIED Microsoft Partner you know, by the by)

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

GERMAN PC BOOK, 2001, Data Becker publisher "PC Aufrusten und Repairen" my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), my work is there, first one featured, yet again[/b]

There's a couple more from out of the U.K. in 2003-2004 or so, but those will/should do, as far as my appearing in written publication...

(Along with corporate websites like CENATEK who also featured articles on Ramdisks I did on their front page, over all other reviewers (for the "rocketdrive", no longer there because the server it was hosted on went down, not mine... you can write them on that account IF you wish, they will verify it!))

AND... this IS "APK", the REAL APK - Not someone you can IMPERSONATE here again, as you did here:

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20168031

"I can do that by reading about best practices, which would actually help me understand them. CIS provides PDF documents and such for this purpose." -

Fine, and you can (as I did initially, & got around a 60.xxx score on the CIS TOOL, but when using it as an advisor, I raised it again, to 76.xxx, & then beyond that on my own (beacuse the tool does advise SOME, on some points specifically... others, however, it does not, & this is where you have to "dig in/around some", yourself) to finally get the 84.735/100 score I did)...

"I would guess that I am a better man than someone who actively lies. I can point to specific posts if you like" -

Do you mean like someone who impersonates someone, as the url above shows you have done already? Those types of specifics??

Do you mean like someone who first says their Linux distro has no SeLinux "baked in" already, & then suddenly does???

Do you mean like someone who is most likely delaying & trying to custom-harden their machine in the meantime, to eventually post a score, since all of his objections to it are overcome????

"But his purpose was never to help me understand anything, it was only to demand a score -- for what purpose, I don't know. I suspect he'd rather not have the score, because as you can see here, he's built an entire argument around no on

Re:ANSWER THESE QUESTIONS, quit avoiding them

[SanityInAnarchy]

I am fairly respectable in this field as is, already & for the past decade or so:

By "this exchange", I meant this exchange of posts. But hey, looks like you are APK, just didn't feel like signing that one for some reason.

Maybe to see if I'd respond differently to someone else? Kind of a cheap, deceptive tactic there.

Of course, if I really wanted to play dirty, I could point out that there are no good uses of ramdisks anymore (that I can think of) that aren't better served by tmpfs, which is not technically a ramdisk, or necessarily entirely RAM. On bootdisks, unionfs combined with tmpfs is even better. But that would be playing with semantics, and you'd whine about changing the subject, so let's just leave it at that. God forbid you should have to learn anything.

Do you mean like someone who impersonates someone, as the url above shows you have done already? Those types of specifics??

I'm very capable of actually fooling you, and everyone else, with a post like that. It was intended so that anyone who read that post could see that it was an impersonation, and also see my point about why anonymity (in the form of Anonymous Coward) is not a good thing.

Do you mean like someone who first says their Linux distro has no SeLinux "baked in" already, & then suddenly does???

You say you started with a score of 6, but suddenly, now you have a score of over 8??? YOU MUST BE LYING!!!

Learning is not evidence of lying. Please stop pretending that it does, and I will stop sarcastically implying that you hate learning.

Do you mean like someone who is most likely [makes up some more bullshit about me]

And how about that test I sent you? Or those meaningful statistics you can't come up with? Are you stalling for time?

You accuse me of "spin" and "playing with words", yet you keep making strawmen about me as your main argument. Most intelligent people on Slashdot would simply ignore you, for that reason alone. I've had it happen to me -- "I was going to make a pointed reply, but I just can't get past the fact that you opened with a strawman." Since then, I've learned better -- but according to you, learning is bad.

Look, saying I might be trolling because of some way I could be acting is asinine, especially when you've got no evidence for it and significant evidence against it. I'm tempted to post a fake image (WITH A NOTE explaining that it's fake) simply to point out that, were I so untrustworthy, I could have ended this discussion days ago.

Nothing "falls apart" if you post a better score - We BOTH get stronger for it

I wish I could believe you, but the way in which your original copy-and-paste troll is worded is still (fallaciously) claiming that no one has even posted a score, which is not true. I imagine if someone does post a better score, you'll simply ignore it -- it makes your own guide look more compelling that way.

It overcomes yet another objection for you complaining about checksums, & via WinRar, which supports formats from the *NIX world for file compression iirc... it can & does do CRC32 checks of files!

...

Either you don't know what you're talking about, or you're not telling me the whole story.

I don't remember which, but the download from CIS was either a zipfile or a gzipped/bzip2'd tarball. These formats may actually support internal checksums, but there's nothing inherent about an internal checksum which proves nothing was changed in transit, or, indeed, that my entire connection wasn't redirected to somewhere other than CIS.

YOUR FRIEND - Have a friend from someplace else on the planet (not in your network segment/isp OR even same ip octet) download it too, & also look @ it in WinR

Re:ANSWER THESE QUESTIONS, quit avoiding them

"Of course, if I really wanted to play dirty, I could point out that there are no good uses of ramdisks anymore (that I can think of)" - by SanityInAnarchy (655584) on Thursday August 16, @09:05AM (#20248065)

Hmmm, doesn't Linux bootup & install from a ramdisk in part, initially? IIRC, it does... I saw this in place the first time I installed Linux, Slackware 1.02 iirc, around 1994 in fact!

No good uses for them, eh?? That sounds pretty good for starters... Even LINUX uses them @ installation time (or, I have seen them used for this before, in the LINUX world).

Also - Go to SuperSpeed.com, & look up SuperDisk (there should still be some material for uses of Ramdisks that make them practical for things listed there, with graphs/charts/tests etc.).

I use them for these functions here in this list below (on a solidstate hardware based ramdrive, the CENATEK RocketDrive, 2gb unit, split into 1 partition for A-D, & 1 partition for pagefile.sys placement, for D):

A.) Webpage cache placement for ALL of my webbrowsers (IE, Opera, FireFox)

B.) Temp ops (from apps &/or the OS, both for the SYSTEM & USER logged on currently, via environment strings variables changes (ala SET statement OR NT-based OS gui front for this)

C.) Comspec placements (command interpreters, ala cmd.exe & environment variables changes per B above)

D.) Logging placements (A-D partition #2, @1gb size) - such as NT-based OS' event logs & logs from apps, & this is nice, because it removes the burden of that on the booting or OS + Programs housing disk & is easily moved in the registry, via these locations:

PLUS, for ALL of the above? I do it on an NTFS COMPRESSED volume, effectively DOUBLING the space I have for webpage caches, logging, & TEMP ops...

I.E.-> The files are smaller, & thus, read up faster from a ramdisk that is compressed, & seektimes on RAMDisks are untouchable (often 0ns speeds)...

(Writes to them are slower due to compression, but today's CPU's are SO FAST, it's negligible PLUS the speed of the ramdisk itself offsets that also along with the speed of access to the files AND the FACT I CAN LITERALLY DOUBLE THE STORAGE SPACE FOR THEM, by using compressed volumes on a ramdisk for the tasks noted A-D!)

E.) Pagefile.sys placement (partition #1, @ 1gb size)

& more...

Such as the work I did for EEC Systems/Superspeed.com that took them to a FINALIST placement @ Microsoft Tech-Ed (circa 2000-2002) in the hardest category there is there: SQLServer Performance Enhancement... they got there, using principles I outlined, for database performance increases, using their SuperDisk product as the ramdisk program (software based), & tips I noted on that account (db work))).

I didn't do the judging @ Microsoft Tech Ed, either, on that last account: Tech Ed folks did...

----

"by you started with a score of 6, but suddenly, now you have a score of over 8??? YOU MUST BE LYING!!!" - by SanityInAnarchy (655584) on Thursday August 16, @09:05AM (#20248065)

No, that is EXACTLY how it "went down" for me...

E.G.-> I had a set of .reg file hacks in place, some other things as well, & I got an initial 60.xxx score on CIS TOOL!

(Which is a LOT better than Windows 2000 SP #4 + hotfixes, Windows XP SP2 + hotfixes, or even Windows Server 2003 SP #2 full hotfix patched get out of the box on this test, mind you - even more than VISTA!)

I.E. -> From what I saw on tests in regard to this CIS Tool multiplatform security test... VISTA does well! Better than other MS' OS' by a long shot in fact.

(Testing was done with folks over @ techpowerup.com, the same site where I did the write up on HOW to get the score I did for Windows users - it just works!)

VISTA, as is/oem distributed by MS, iirc? Bats off around 60's on CIS TOOL, without the tweaking I did to my Windows Server 2003 SP #2 setu

Re:ANSWER THESE QUESTIONS, quit avoiding them

[SanityInAnarchy]

Hmmm, doesn't Linux bootup & install from a ramdisk in part, initially?

First, this part is optional for the vast majority of most setups, at least at boot.

And second, it's not a ramdisk anymore. It all revolves around tmpfs.

tmpfs is a virtual memory filesystm. Basically, it expands or contracts in the same way that your filesystem cache would -- it essentially is a filesystem cache, only without the filesystem -- whereas Linux ramdisks actually emulate a physical disk, to some extent, in that they're a fixed size, and need another filesystem on top of them, which is hugely inefficient.

The initrd (initial ramdisk) system -- like I said, optional -- has been replaced with initramfs, which takes an optionally gzipped CPIO archive (loaded in by the bootloader) and unpacks it into a tmpfs filesystem, and uses that as its root filesystem for the first few seconds (or milliseconds) of boot. After it's done with whatever has to happen there -- which includes things like scripts running to set up RAID and such, and maybe even networking if you want to run off a network -- it switches to the real root filesystem, and drops the ramfs.

This gives it much more flexibility than (I think) Windows has, because you can do almost anything in that initial ramfs environment before you access the root filesystem. A very simple example: You could put your kernel, bootloader, and initramfs image on a USB stick and boot from that, then take it out -- enter a passphrase, which is then used to gain access to the hard disk. The ENTIRE hard disk can then be encrypted, and they have to physically get a hold of your USB key and your password in order to crack it. Or, they would have to take your USB key, modify the files on it, and give it back to you without you noticing.

Another example is boot CDs -- you want to keep your boot CD image as small as possible, so the ENTIRE thing, except for the kernel and the bootloader, can be compressed. The kernel and the bootloader are, altogether, less than five megabytes, probably around one or two.

Unionfs is a sort of copy-on-write filesystem, that's used for the install, and for LiveCDs. I'm not sure Windows has anything like it.

Basically, Unionfs takes two filesystems -- one read-only (or it accesses it read-only), one read-write. You then mount those two as the third "union" filesystem. Any reads from that filesystem that aren't satisfied by the read-write filesystem are passed on to the read-only filesysetm.

On a boot CD, this means that any file you don't change is simply read off the CD, and need not consume RAM. However, any file you write to, or even delete, causes some data to be saved in the tmpfs (ram filesystem).

This means that if you have enough RAM, you can, quite literally, do anything to a running boot CD you can do to a live system, short of rebooting. Ubuntu Linux now installs from this environment, but you can, in fact, try it out before installing, or even while it's installing. If you're running low on RAM, you can create swap space -- in fact, if you're doing an install, it will start using swap space as soon as you create it, and I think it will also detect any swap that was already on your system and use that. This is somewhat equivalent to the pagefile on Windows.

A useful example: The livecd I tried most recently did not support wireless cards out of the box. So, when trying to use wireless on a powerbook, I could boot off the CD, plug it in physically, download and install the packages I needed (through the package manager, no less), and pull the firmware out of the OS X partition that was already there. Then I could unplug and walk around, and have wireless internet on a laptop -- AS ITS OS WAS INSTALLED.

Also - Go to SuperSpeed.com, & look up SuperDisk (there should still be some material for uses of Ramdisks that make them practical for things listed there, with graphs/charts/tests etc.).

Re:ANSWER THESE QUESTIONS, quit avoiding them

"whereas Linux ramdisks actually emulate a physical disk, to some extent, in that they're a fixed size, and need another filesystem on top of them, which is hugely inefficient." - by SanityInAnarchy (655584) on Thursday August 16, @11:16AM (#20249777)

Explain to me then, for the list of HOW I use Ramdisks here (a solid state one, backed by its own independent powersupply that plugs into it, which plugs into an APC UPS here) are inefficient in the capacities for which I use them?

Thanks! I can use objections like that... to overcome them.

----

"The ENTIRE hard disk can then be encrypted, and they have to physically get a hold of your USB key and your password in order to crack it. Or, they would have to take your USB key, modify the files on it, and give it back to you without you noticing." - by SanityInAnarchy (655584) on Thursday August 16, @11:16AM (#20249777)

By my use of NTFS, for compression? I could opt for encryptions instead (NTFS 5 does provide this, since Windows 2000 onwards).... so you know (but, I'd have to OMIT using compression & I gain too much from it, for the purposes I use it for).

----

"One example of a place where a ramdisk does not need to be used: rapidly-changing, temporary files." - by SanityInAnarchy (655584) on Thursday August 16, @11:16AM (#20249777)

What about webpage caches then...? They change, but often not, & quick access speeds helps me reload cached data faster for my browsers, PLUS, the fact the files are smaller on disk (SSD here) means they read up faster from disk.

What makes you think it does not HELP to move temp files off of the main C: (in Windows) disk? That removes burdening that Programs/OS disk with temp writes... same idea as moving pagefile.sys off of it! Same with log files too...

The work is done on ANOTHER drive, totally (albeit, one that has MASSIVELY FAST SEEKS/ACCESS RATES, for the typical File Open, File Read/Write, File Close cycle (in an SSD ramdisk that I currently use))!

Thus, allowing loads of programs &/or data to be unencumbered by obtrusive writes/reads (head movement) to temp files, webpage caches, paging operations, & more...

----

"And yes, I admit, there's a possibility that it's useful. There's also a possibility that it's malware. Hell, there's a possibility of both" - by SanityInAnarchy (655584) on Thursday August 16, @11:16AM (#20249777)

Well, again: IF it's a malware (it's not, SANS & COMPUTERWORLD both note it, AND its intended purpose - to help secure systems via suggestions it makes where it finds weakness in your security "armor")?

It'd have to be the DUMBEST "malware" I EVER SAW/of ALL TIME, lol, because it helps you secure yourself.

----

"In this case, there's also the objection wherein the program itself incorporates insecure practices. This makes its results suspect -- why would a security specialist write an insecure program -- especially one designed to test security? And the specific nature of this vulnerability means I'd want another set of checksums, these being the checksums of the program once installed." - by SanityInAnarchy (655584) on Thursday August 16, @11:16AM (#20249777)

----

"You said that dismissively -- like "They aren't everything, but they're the best we've got to make a comparison." That's why I brought up statistics." - by SanityInAnarchy (655584) on Thursday August 16, @11:16AM (#20249777)

Still I said it: "Benchmarks aren't everything"... it's truly, more the pilot @ the helm, for security... hence, the example brought up of an UBUNTU SERVER being hacked, yesterday no less here @ /., due to POOR SECURITY PRACTICES & MAINTENANCES.

And, it's true about benchmarks of ANY kind: It's why they exist - to provide guidelines to a degree... why else DO they exist after all?

And yes, STATISTICS can be skewed, this much I know from actually taking STAT I & II while in academia... they a

We're at an impasse.

[SanityInAnarchy]

You have completely evaded the point I made there, and instead simply copied and pasted your responses.

I will happily address those -- and yes, I can -- AFTER you address your mistake here. It will take more than "No lie @ all".

But hey, you can copy and paste, and so can I:

Learn the difference between "felt that it was" and "knew that it might be". Otherwise, this conversation is over.

Simply answer these 4 questions: No more evasions

B.S., pure b.s., lol... you won't face up to your mistakes, here:

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20218887

Let's reiterate them:

====

1.) Didn't you state what I stated about "race condiritions" was false?

Please - quote what I said, & show what is wrong with it... thanks & GOOD LUCK (You will need it on that account).

----

2.) Didn't you state that your Ubuntu distro did not have SeLinux in place & later, you said it did??

Hey - YOU AREN'T EVEN AWARE OF THE CAPABILITIES OF YOUR DISTRO of LINUX YOU USE (and you certainly are not willing to use "layered security" via SeLinux, per your own words, regardless of #3 no less below!)

I.E.-> SeLinux can be used to secure things (& acts as layered security) @ A SOCKETS LEVEL, to aid IPTables (which I had to mention as far as specifics) usage, & also @ a filesystem & userrights ACL level (via MAC) supplementing & reinforcing chmod/chroot/chown (which I had to mention as far as specifics to use no less, NOT YOU)

----

3.) Didn't you ask me to show you an example of apps being able to use "privelege escalation, via impersonation analogs on *NIX & buffer overflows" to have an app escape a chroot jail via those machinations even IF YOU DO NOT RUN IT AS A ROOT/SUPERUSER's context, & I provided you the info. to look for??

Here is a specific one:

http://www.novell.com/linux/security/advisories/20 03_014_lprold.html

(You felt it could not be done, UNLESS done via web apps)...

Well - NOW, I am showing you differently, as per usual in this exchange!

"Programmatic impersonation" is possible on *NIX's, via buffer overflow exploits, and you do NOT have to be online or use online tools as you stated, for this to occur (& thus, even IF you DO NOT RUN a program as ROOT/SUPERUSER, it can still escape chroot jails via these machinations, period!)

AND, on that note? So much for their efficacy vs. a machination of that nature... @ least by themselves, that is, hence why layered security ROCKS! Beat one? You hit another (& the limit is only that of your imagination, if you can code to create more ONTOP of it, logging things OR cleaning things, lol, once the std. tools run out OR do not fit a specific purpose you need).

----

4) AND YES - YOU Felt the multiplatform test of security CIS TOOL, by the center for internet security, might be 'malware'?

(Funny - SANS & COMPUTERWORLD showed otherwise)...

So much for that, & it was YOUR MAIN DEFENSE IN AVOIDING TAKING THIS TEST! So much for all of your evasions in posting a score from this test really!

APK

P.S.=> Long & Short of it? I think you are either:

----

A.) Scrambling to TRY to learn SeLinux & raise your score on the multiplatform CIS Tool test, & finally post a score on it via your *NIX rig setup, as good as the 84.735/100 I can gain on Windows Server 2003 SP #2 fully hotfix patched & custom hardened by myself...

OR

B.) YOU KNOW YOU CANNOT EXCEED THAT SCORE @ this point, you cannot answer those simple questions above, & your body of objections appear to be overcome (such as SANS + COMPUTERWORLD articles, sources who are often cited @ /. no less, note the CIS TOOL as well, & it is NOT "malware", heck, it is "ANTI-MALWARE" IF ANYTHING, lol... for Pete's sake!)... period!

====

Either way, you are running from simply installing & taking this test of security, in a competition between myself as a Windows user, & you as a *NIX user, on a multiplatform test that runs on them both (variants thereof, & its not Windows

Re:Simply answer these 4 questions: No more evasio

[SanityInAnarchy]

Let's reiterate them:

Let's not. How about you go answer my other post? Or should I copy and paste that here?

Now I know why you don't want Slashdot tracking you -- people would find out right away just how many of your posts are literally copied and pasted.

Re:Simply answer these 4 questions: No more evasio

http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20219969

"Too easy... TOO EASY!!!"

APK

New NEWS 08/15/2007: UBUNTU SERVERS HACKED!

UBUNTU SERVERS HACKED/CRACKED (08/15/2007):

http://it.slashdot.org/it/07/08/15/1341224.shtml

Might as well add "insult to injury" per this earlier reply of mine, here in this thread:

http://slashdot.org/comments.pl?sid=264303&cid=202 35261

Which was in reply to yourself (and, a challenge I issued & have issued here repeatedly which NO *NIX USER HAS MET, mind you, including yourself) AND overcame your objections, including your MAIN one, that insinuated that CIS TOOL was somekind of possible "malware" & I post links from SANS + COMPUTERWORLD which note it is ANYTHING BUT THAT, no less!

APK

P.S.=> Ubuntu, even left like YOU have it, in not using + UNDERSTANDING & CONFIGURING SeLinux (or, other apps) for layered security over chmod-chroot-chown &/or IPTables usage (since SeLinux offers ACL/MAC for filesystems + userrights & SOCKETS LEVEL CONTROL over IPTables alone)?

Well - there you have it: Lack of layered security AND THE RIGHT MAN FOR THE JOB @ THE WHEEL SECURING THEM?? Makes all the difference... see the above!

AGAIN: This is the reason you ought to NOT take this test as I said before - YOU ARE NOT THE RIGHT MAN FOR THE JOB, & just like the admins of that UBUNTU rig were (not using layered security sufficiently apparently, & not config'ing their systems + apps for it, like you are resistant to regarding SeLinux, per your own words in this exchange!).

(All because you literally said you "don't want to learn the complexities of SeLinux" & thus, layered security it offers - Heck, in your "CORRECTION" post? You had to realize that UBUNTU had SeLinux in place, & you did not even KNOW that!)...

In fact - I showed you HOW apps, via buffer overflow privelege escalation exploitation & even IF an app IS NOT run as ROOT/SuperUser, can escape chroot jails (the single layer of security I KNEW YOU'D RESORT TO & that alone)... layered security? Matters, as well as GOOD SOLID CONFIGURATIONS, all the way from the OS itself, into apps too that run on it! apk

An additional note, if you're curious...

[SanityInAnarchy]

I don't know much about the Windows filesystem API, but I know that the UNIX/POSIX API is not rich enough, by itself, to support the kind of filesystem I'd like to write -- or at least, the kind I think should be written. What I'd love to see is a solid transaction API on top of it, instead of all this laziness of calling sync or fsync whenever we need to make sure one thing hits the disk before another, or to implement a pseudo-transaction via tempfiles which can be "rolled back" by deleting said tempfiles.

An API like this would let us do things like... oh... atime updates on flash media, without destroying the media. Or actually delay full transactions, not even allocate the disk space, until memory pressure forces a write -- so people don't need tmpfs or ramdisks for temporary files anymore, as there's a good chance the file will never hit the disk.

But I've got a lot of ideas like this, and right now, I'm sticking to the ones that can get me work.

(A simple example: I think an entire OS could be created without... I think it's called memory segmentation. All programs, even untrusted ones, could share the same address space, technically, yet the system would be secure. If you're interested, we can go off on a tangent about that, but it's not relevant to this discussion, I think -- this discussion is about the security of existing real OSes.)

Re:An additional note, if you're curious...

"I don't know much about the Windows filesystem API" - by SanityInAnarchy (655584) on Thursday August 16, @11:24AM (#20249857)

There's more to it, than just the filesystems drivers, depending on where the writes/reads go to/come from.

Registry, iirc, it's also governed by the kernel components subsystems of IO Manager (overall governor component iirc), then Cache Manager (backing executable files back/from their file on disk), & Memory Manager (VM access to actual chips AND ON DISK in paging, data here only) + for registry iirc/additionally is Configuration Manager!

(The last being unique to registry IO, & it too is buffered (once a minute writes lazy deferred, but the API does have an IMMEDIATE WRITE override, but it has overheads, but makes sure data's written to the registry immediately if needed for security purposes NOT PERFORMANCE))...

The subsystems above that govern IO, PLUS the filesystem + disk drivers queue I/O to disk in Windows NT-based OS' thru the HAL (hardware abstraction layer) to the disk hardware itself & then its onboard circuitry on the drives, if any, buffer & write from there on disks...

Copy On Write functionality for shared data also helps here vs. shared data & corrupting it...

I.E.-> Each app calling the data has a LOCAL COPY of a file's data, to itself, & the writes are queued by the above, in order as best it can be done.

"An API like this would let us do things like... oh... atime updates on flash media, without destroying the media. Or actually delay full transactions, not even allocate the disk space, until memory pressure forces a write" - by SanityInAnarchy (655584) on Thursday August 16, @11:24AM (#20249857)

A database driven filesystem was the goal for VISTA, driven by SQLServer db engines, which could handle it... I think the shell & kernel teams missed deadline is all, complex task & all that...

zOS & older As/400 OS400 IBM midrange stuff has it already, DB/2 filesystems & they work well!

Technology "trickling down" to us, just like dedicated subprocessor hardware has, & ScSi...

" so people don't need tmpfs or ramdisks for temporary files anymore, as there's a good chance the file will never hit the disk." - by SanityInAnarchy (655584) on Thursday August 16, @11:24AM (#20249857)

I need & LIKE them, because of what you said: I DON'T "HIT DISK", but instead, a SOLID STATE MEMORY BANK ACTING LIKE A DISK (which can be spanned or striped & extended up to 16gb size)...

For:

1.) FASTER speed of access to files on it like pagefile.sys, temp ops, logs, webpage caches (many orders of magnitude faster than mechanical hdd's are, like 8-12x depending on the hdd type compared)

2.) NTFS compression (literal MORE THAN DOUBLING of memory storage on it (or encryption))!

@ superfast speeds, often MORE THAN DOUBLING of storage, with text based data (largely most of it in logs, temp ops, & webpage cache data files), via compression & thus MORE SPEED (smaller files reads by far, from RAM no less) - the data on it, in LOGS & html files for example?

SUPER COMPRESSION results (not much for jpegs & such though, but bitmaps & text, bigtime - most of what's there on it in fact)...

Superpuny files = superfast access & READS into memory by programs reaccessing them (@ 0ns speeds of RAM too).

3.) Pagefile.sys placement

4.) Logging (compression speed gain on reads, text data = tinier files to read)

5.) Temp ops (big compression speed gain on reads, text data = tinier files to read/reread)

6.) Comspec/command interpreter placement

7.) Webpage caching (big compression speed gain on reads, text html data = tinier files to read/reread)

8.) BEST OF ALL, & NO EXCESSIVE HEAD MOVEMENTS ON MY MAIN PROGRAM + OS BEARING MECHANICAL HARDDISKS!

All by putting logs, webpage caches, temp ops, or command interpreter accesses from disk (all RAM spee

Re:An additional note, if you're curious...

[SanityInAnarchy]

Registry, iirc, it's also governed by the kernel components subsystems of IO Manager (overall governor component iirc), then Cache Manager...

And so on.

I'm not counting Registry as part of what I want, because as far as I can see, the Registry sits on top of the Filesystem itself -- in the *.reg files. (System.reg, User.reg, etc.) To me, the Registry is just another database sitting on top of the filesystem, an alternate API to the filesystem API itself.

The other things you bring up are valid, but they are not APIs, they are part of a particular filesystem implementation, or of the generic Windows filesystem facilities. When writing a program, it helps to know about things like page cache, and yes, I would like to see filesystems/OSes implement this better. But the actual filesystem API itself -- the open/read/write/sync library calls -- is too limiting/low-level to let the OS/filesystem do the kind of optimizations I'd like, without risking corruption.

once a minute writes lazy deferred

See, the Registry may just have an API that lets it do that... But in this case, that behavior isn't always what you want.

On a desktop or server, where the disk is always spinning and you want max performance, you just defer the write till there's not many reads happening, then write immediately, everything you can, till someone needs to read. Increases disk wear, but it means you never have a situation where you have to flush madly due to lack of RAM, and if you're careful, it won't affect read performance much, if at all. It certainly won't affect write performance, for asynchronous stuff, and anything synchronous really should be written to permanent storage.

However, take a Flash laptop. You're probably not likely to crash, and you want to save power. If your main storage is Flash, you can probably afford to sacrifice a little performance for media longevity and batter life. So, here, you delay as long as you possibly can, maybe even ignore syncs (bad idea, though), and write everything as late as possible, probably as little as you can, with proper wear-leveling -- by then you'll have a good idea of how you want to allocate it so as to overwrite the fewest number of sectors.

Or take a laptop with a magnetic disk. Delay everything as long as possible, but as soon as there's a disk read -- as soon as the drive spins up for any reason -- you write everything pending. Linux Laptop Mode does this, but I don't think it knows enough about the filesystem internals to be smart about it -- for instance, the case where a temporary file is created and destroyed before it hits disk, or a file is modified so rapidly that there's no point trying to write it to disk unless you have to.

What you want is a filesystem API that will support all of these behaviors, without corrupting application data, and implement them in the same place, so you don't have, for example, Registry writes being lazy and NTFS writes being immediate or even synchronous.

Copy On Write functionality for shared data also helps here vs. shared data & corrupting it...

Is this possible from a user perspective? For example, can a non-admin create a complete or partial copy-on-write copy of a file? Or splice multiple files together that way?

If so, that's a point against Unix, which has no "copy" system call at all -- cp is implemented with reads and writes, so the actual decision of how to copy is made within the application itself -- and copy-on-write must then be implemented by the application, and not the filesystem -- meaning applications have to cooperate if all want to see the copy-on-write effect.

I.E.-> Each app calling the data has a LOCAL COPY of a file's data, to itself, & the writes are queued by the above, in order as best it can be done.

Oh... looks like you were talking more about cache and read/write tricks than... well... wh

Re:An additional note, if you're curious...

"I'm not counting Registry as part of what I want, because as far as I can see, the Registry sits on top of the Filesystem itself -- in the *.reg files. (System.reg, User.reg, etc.) To me, the Registry is just another database sitting on top of the filesystem, an alternate API to the filesystem API itself." - by SanityInAnarchy (655584) on Thursday August 16, @10:43PM (#20256775)

The things I noted, are kernel subsystems, in IOManager, Cache Manager, Memory Manager, Configuration Manager,& one I omitted earlier in Object Manager.

(They're not API calls exported from a library, they're literally part of the OS kernel itself & subsystems (in windows' case, libs = dll's (dynamic link libraries), where ONLY the portion of what needs to be loaded is called from the dll, & loading INTO THE CALLING APP's MEMORY SPACE (thus, dynamically "linked"))...

The REGISTRY "HIVES" (flat file tables linked to one another, not like a typical relational database though) not called SYSTEM.REG/USER.REG by the way... the hives are called:

SYSTEM
SAM
SECURITY
DEFAULT
UserDiff

AND, Everything does "sit on" (use) those subsystems mentioned above, that performs I/O... IF I were to draw it? It'd look something like this:

----

1.) Application (performing a read operation NtReadFile) -> I/O Manager (fielding a read Interrupt Request Packet (IRP))-> FileSystem Driver

(Gets "trickier" here, because a read can be marked 'cached' OR 'non-cached', & thus, you have a possible branch here to) ->

2A.) Cache Manager (if cached & if cache miss, off the Memmgr below, because of page faults)->

OR

2B.) Memory Manager (if non-cached)->

3.) Then, lastly, off to the Disk Driver (actually talking to disk)

----

& that's pretty much how IO is governed by Windows NT-based OS... on reads.

"When writing a program, it helps to know about things like page cache, and yes, I would like to see filesystems/OSes implement this better. But the actual filesystem API itself -- the open/read/write/sync library calls -- is too limiting/low-level to let the OS/filesystem do the kind of optimizations I'd like, without risking corruption" - by SanityInAnarchy (655584) on Thursday August 16, @10:43PM (#20256775)

AMD is releasing kits for multiprocessor systems, for JUST THAT VERY THING (the ability to meter cache hits/misses to help optimize an app's I/O, by optimizing how it uses the cache pretty much by letting a dev analyze this himself (supposedly, it does not require OS lib/dll API functions, OR, a filtering driver either, though I don't know HOW they could do this, without that):

http://www.eetimes.com/news/latest/showArticle.jht ml;jsessionid=TZEX4EJZT3L1CQSNDLSCKHA?articleID=20 1500201

"See, the Registry may just have an API that lets it do that" - by SanityInAnarchy (655584) on Thursday August 16, @10:43PM (#20256775)

On deferred/lazy writes? Well, so does other diskbound I/O, albeit, via the cache manager subsystem... noted above, in my Application READ "illustration", & like you are describing, here below next (quoting you):

****

"On a desktop or server, where the disk is always spinning and you want max performance, you just defer the write till there's not many reads happening, then write immediately, everything you can, till someone needs to read." - by SanityInAnarchy (655584) on Thursday August 16, @10:43PM (#20256775)

****

"Is this possible from a user perspective? For example, can a non-admin create a complete or partial copy-on-write copy of a file?" - by SanityInAnarchy (655584) on Thursday August 16, @10:43PM (#20256775)

Copy on write (COW) occurs ONLY if say, you & I are chasing the same file on disk to make edits of somekind to it... I get a COPY (or you)

Re:An additional note, if you're curious...

[SanityInAnarchy]

Ugh, I hope that is all accurate above... I need coffee this a.m.!

I know the feeling... I'll try to keep that in mind as I read through this. Couple mistakes, not many, I think.

The REGISTRY "HIVES" (flat file tables linked to one another, not like a typical relational database though) not called SYSTEM.REG/USER.REG by the way... the hives are called:

Ok, so it looks like I was right here. The registry hives are files. Doesn't matter much to me what they're called, there are still a very small number of them, and they are a layer separate than the filesystem.

One goal I have is to improve the filesystem to where you don't need anything like a Registry.

1.) Application (performing a read operation NtReadFile)

NtReadFile is what I'm interested in here, and what I meant when I said "API".

It doesn't matter to the application developer what actually happens, or how it gets loaded into their app -- it's all about semantics. It's about: I have NtReadFile, maybe NtWriteFile, NtMoveFile, etc.

Is there something like: NtCopyFile? If so, the OS could implement copy-on-write files without having to alter applications. By that I mean, when the user right-click-drags a file to somewhere else, and says "copy here", it doesn't make an actual copy, only a copy-on-write link (something like a hardlink).

Unix-like systems can't do this without rewriting applications. We have read, write, rename, unlink, and so on. But we don't have a "copy" system call. If one were created, most apps would not already be using it. So if a filesystem were created which supported this kind of transparent copy-on-write-ness, most apps would not be able to take advantage of it -- including the Unix "cp" command -- until they were updated.

AMD is releasing kits for multiprocessor systems, for JUST THAT VERY THING (the ability to meter cache hits/misses

"Page cache" in Linux is more like disk cache. It has nothing to do with the CPU cache, which is probably what AMD's kit is about.

On deferred/lazy writes? Well, so does other diskbound I/O, albeit, via the cache manager subsystem...

Your example was about reads.

But the problem isn't whether an app can suggest that a write be deferred/lazy, but whether it can do so safely (transactions). Right now, databases and such, like MySQL and PostgreSQL, can be built on top of a Unix filesystem, but essentially, they have to duplicate a lot of the effort of the filesystem in their own code. They have to implement their own transactions, sync them properly, do journaling, and so on.

But I want this in filesystem operations. Take, for example, updating a simple text config file. Let's say it's /etc/passwd, because everyone knows what that is. The proper way to do this, to prevent /etc/passwd from ever being in an inconsistent state, is to write to a new file first, something like "/etc/passwd.new", and then rename the new file on top of /etc/passwd. The rename is an atomic operation on journaled filesystems.

The problem is, do the writes to passwd.new hit disk before or after the rename of passwd.new to passwd? Ideally, we want the filesystem to be able to reorder writes intelligently, but in this case, we want to be sure passwd.new is complete and consistent first, so we fsync it -- we tell the FS to write it to disk, and let us know when that's done -- and then we rename it.

That fsync should not be necessary.

So, package managers do this kind of thing all the time, and they do it enough that all those fsync calls could be a strain on performance. But so could having the filesystem forced into ordered mode. And really, the user doesn't care if one particular file is updated and synced to disk RIGHT NOW. What we want is to be sure that nothing's left completely corrupt and unusable if

Re:An additional note, if you're curious...

"This is what I meant by "a truly dumb idea" -- in this case, it's truly dumb behavior by Windows to not allow you to disable the pagefile completely." - by SanityInAnarchy (655584) on Friday August 17, @07:51PM (#20269653)

Remember my statement above, in the parent post to yours?

It's where I said Explorer.exe was showing pagefaulting in taskmgr.exe (processes tab, once you go to view menu, select columns submenu, & check off page faults column to be visible) like mad, even though I turned off Windows use of a pagefile.sys ANYWHERE, in a permanent one?

WELL - this post gave ME, the answer: I explained it above, prior to your guess above about it... pagefile.sys GETS DATA & DATA ONLY!

HOWEVER, the EXECUTABLE FILES page back, to their backing file on disk (their .exe named one).

It completely explains the paging I saw, & I can see it too - Explorer.exe is a pretty complex piece of equipment, & my operating w/ out a pagefile.sys present & I NEVER ONCE SAW THE TEMP PAGEFILE.SYS WHERE ITS LOCATED, OR ON ANY OF MY DISKS, so the low RAM situation for Explorer.exe was probably making it page in & out of being diskbound + into RAM again, & vice-a-versa, constantly!

Not such a "dumb idea" after all - it's only doing what any .exe file would anyways in a low memory situation, in paging (but, pagefile.sys isn't what you need on .exe files... for datafiles it is, but not .exe types)... & it makes your statement incorrect... it's a smart idea, keeps your programs running @ least.

----

"One goal I have is to improve the filesystem to where you don't need anything like a Registry." - by SanityInAnarchy (655584) on Friday August 17, @07:51PM (#20269653)

Well, I like 1 thing about using .ini files (windows' state keeping files for apps in the old days, & currently): 1 grenade does not take out the WHOLE PLATOON... but, they're .txt text files, so their access is slower than registry binary storage.

Answer? Use data files for apps that are in binary form (.dat is what I used to call those in my C/C++ days in DOS in the early 90's) - more speed results than text file reads/writes.

----

"Again, truly stupid behavior. Apps should not know or care about this kind of thing. Virtual memory is supposed to be transparent." - by SanityInAnarchy (655584) on Friday August 17, @07:51PM (#20269653)

Well, the ONLY PEOPLE I EVER HEAR COMPLAIN ABOUT THIS HAPPENING TO THEM? GRAPHICS ARTISTS!

Adobe Photoshop users usually, but, it makes some sense: They CAN work in some pretty LARGE data, in photography oriented data, @ least @ times & by NOT using a pagefile with that app? You had best be working with 'smaller' data (purely relative term, hence the sarcasm quotes).

Plus, since iirc, again: Photoshop uses its OWN memory mgt. & processor thread management (explicit multithreading - SetThreadPriority & SetThreadProcessorAffinity API calls, instead of just doing what I tend to use, implicit multithreading: Letting the OS Process Scheduler shunt threads in multithreaded apps I build off to the least saturated processor available, if one goes under too much "load")...

Lack of a pagefile.sys might 'upset' that cpu mgt./memmgt. they use (iirc, I am correct on that note, on the thread mgt. but also almost sure on the memmgt ones in Photoshop too - but, don't quote me on that latter one).

----

"But of course, we want apps to have the ability to force stuff to be synced to disk RIGHT NOW" - by SanityInAnarchy (655584) on Friday August 17, @07:51PM (#20269653)

Well, I can do that, right now, in Windows: IMMEDIATE REGISTRY WRITES, & to stop deferred writes to the registry, & commit them IMMEDIATELY (good for application security/stability/logging even) & also for making the diskcache not grab hold of something?

IMMEDIATE WRITES TO DIS

Getting back 2U, 1 single point you made I missed

?But the problem isn't whether an app can suggest that a write be deferred/lazy, but whether it can do so safely (transactions)" - by SanityInAnarchy (655584) on Friday August 17, @07:51PM (#20269653)

Well, the I/O mgt. subsystems work I noted above? It's the "best" we have, CURRENTLY, on Windows on that note, & it works, + on a GREAT filesystem in NTFS (plus, Windows allows for IFS (installeable filesystems, but I do not believe they are bootable))...

WinFS (an omitted part of VISTA) was SUPPOSED to do that... a DB driven filesystem, based on the SQLServer engine... more on that below, from IBM...

ANYHOW - & it's NOT THAT DIFFERENT on other Os' too, how layered subsystems manage & "QUEUE" read/write to disk!

(In fact, I noted earlier on in our exchanges here, that "little original thought exists" today in comp. sci. & yes, OS design... mostly incremental small improvements on existing ideas, but nothing "radically different", @ least not in the mainstream... Reiser FS might be one of the more radical vs. other filesystems, but I am not an expert on it!)

By the way - my example on NtRead? It's NOT MUCH DIFFERENT than for writes, even cached ones... (just think "in reverse" of my read example. I used a read example because you stated READ first, before WRITE per what I quoted...)

So, I am finishing that off now & addressing your point from a tech perspective:

Writes are ALMOST JUST LIKE the Reads (NtRead): Instead of the cache mgr. calling CCopyRead? It calls CCCopyWrite ("CC" calls are cache mgt. function calls, NT/ZwAPI native mode stuff in RPL0/Ring0/kernel mode iirc)...

So, instead of copying data from the cache to an app's buffer/memory space on a write (if data is NOT cached)?

It calls the 'reverse': It copies data from the app's buffer INTO THE CACHE (if the data is marked as CACHEABLE, sometimes, as in benchmarks, it's not OR rather, can be marked that way).

Caching FIFO, or whatever type? It's all going to hit disk though, sooner or later... once changes appear in the cache data map, or rather, SHARED Cache data map, marking them as "DIRTY"? Then, it's ONLY A MATTER OF TIME, before they hit disk again... to keep the state of the data, as current as possible of course.

This stuff? Again - imo?? It is the MOST complex topic there is in computer OS architecture... caching, & memmgt. & HOW THEY INTERACT WITH ONE ANOTHER, especially & how/why/when.

I am omitting HUGE details here too... if I went "into it" more? I don't think a std. /. post could hold it all...

(You want instant commits though, & on Windows? As I said in my other reply to you: I can do this for the REGISTRY, easily (API has an instant commit call, but it has overheads of Open/Write/Close registry hives of course, based on the IO management model I illustrated in my parent reply to yours)... & for other diskbound I/O?? Well, benchmarks do it - they mark data as "non-cached", & it works (to stop caching performance advantages say, on "raw disk performance oriented benchmarks" etc.).

"Right now, databases and such, like MySQL and PostgreSQL, can be built on top of a Unix filesystem, but essentially, they have to duplicate a lot of the effort of the filesystem in their own code. They have to implement their own transactions, sync them properly, do journaling, and so on." - by SanityInAnarchy (655584) on Friday August 17, @07:51PM (#20269653)

Agreed here, & iirc, this is WHY say, SQLServer has its OWN memory & devices space on disk and in RAM - to manage its OWN read/write cycle, much as how the pagefile.sys in Windows is "raw written", bypassing the filesystem, completely (and, faster too).

"But I want this in filesystem operations" - by SanityInAnarchy (655584) on Friday August 17, @07:51PM (#20269653)

You want what I mentioned IBM has working on Os/400 - zOS series, in a DB/2 driven database managed filesystem... looking into THAT design (solid, works, & proven for more than a decade++ now iirc) MAY lend you additional insights.

Good luck, nice discussion (even though we got sort of "stupid" on one another @ points)...

APK

WHOOPS: 2 last things, 1 will interest you GREATLY

Ontop of the Os400-zOS DB/2 Driven Filesystem I suggested you look @:

(As well as how pagefile.sys uses "raw writes" to bypass filesystems (iirc that is, could be wrong here on SQLServer as well, since I do know that in RAM it maintains its OWN "filesystem for devices"))

For your research?

CHECK THESE OUT! ZFS & after that, "IRON FILESYSTEMS" in the 2nd URL below:

http://blogs.zdnet.com/storage/?p=123

(A great read, & great model for a filesystem (I like the fact you do NOT have to "manage disks" anymore in it, & have a "storage pool", singular one... which is PROBABLY WHY spanning & striping is SO EASY in it...))

Yes - MacOS X users have a treat coming... @ least on the server models!

(Perhaps, later on, maybe even on end-user/home models too, but I don't even KNOW if there are distinctions like that on MacOS X, though I have used it & actually LIKE IT, quite a lot, I do not do much research into them (market share & all that - have to go where the dollars are made, to live, & that my friend...? Is WINDOWS!)

BETTER YET, GET A READ FROM THIS FELLOW (PhD) on "IRON FILESYSTEMS":

http://www.cs.wisc.edu/wind/Publications/vijayan-t hesis06.pdf

This one? I think you will LOVE, a great deal... & good luck on your quest/researches into it... this guy? HE HAS THE RIGHT IDEA!

(Combine it with ZFS features, + the possibility of bypassing filesystems drivers, even if ONLY @ TIMES (such as SQLServer does, maintaining its OWN devices in RAM & on DISK iirc, doing so, much as pagefile.sys read/write does, & faster than normal read/write I-O by far too) & man... WoW!)

On a related note - you KNOW somebody is a "nerd/geek", when they get excited about filesystems... lol!

APK

P.S.=> And, on the thing that MIGHT NOT exactly have you "too enthusiastic"?

I have my score on CIS TOOL now up to 85.185!

(Exceeding in fact, the "theoretical max" on this test MOST folks have obtained (around 84/85 range, & in fact, the BSD user who has tried it I cited earlier on here was told, iirc, that is the "usual max"... so much for THAT!)... apk