If you have a file at home that you want to FTP while you are at work, you may not want it to be visible to anyone sniffing the network.
That's why you should be running sftp instead of ftp. Konqueror works with sftp:// very well.
If you edit a file with Emacs and save it, you create a file with a '~' at the end of the filename. If it is a remote file, where do you create that? Locally, or remotely?
That's not an issue specific to the browser. If the user has permission to look at the file, they have the ability to create a local copy. The only real solution to the problem you raise is to keep untrusted users off your local machine.
everyone makes mistakes. Did you select the wrong tab and accidentaly send something in the clear, or to the wrong location? What if you can't undo your mistake? (Permission to create a file, but not delete it.) This is one of the dangers of integration - if it is handled the same, and looks the same, how do you avoid mistakes?
Once again, this is not a browser problem but a browser can help. Konqueror is an excellent tool for moving files across machines. Split screens avoid the need to ever drag to tabs. The easiest way to move files around is to split your screen with the localhost and the targethost on the same tab. When things are done this way, it's harder to make mistakes. That's all a good tool can do.
Once you start doing things this way, it's hard to go back. I still use find and tar for archiving and will often sftp by hand, but one day I'll figure out how to do that graphically with konqueror. If I ever figure out how to use konqueror's built in scripting for routine updating, well, things will be much easier. My life is not that routine yet.
Oh, and do you have any idea how immature using "M$" makes you look? Resorting to petty name calling does nothing to improve your argument.
Quit being so pompous, it's.... immature. M$ is a good name for a company that sues public schools for copying a text editor. Now, kiss my ass.
Interoperability is a two-way street; you can not only help others interoperate with you, you can improve your interoperability with them.
True and free and open software people understand that. It's kind of hard to miss when all your source and formats are published. That's why Gnome and KDE programs happy share data and space with an Enlightenment window manager. It's also why Open Office can suck down any M$ DOC. Taking it a step further, I can use Wine, Crossover Office or Parallels to run any Windoze application on any free computer. It's equally obvious that Microsoft is unable to understand this.
Did he say anything about Linux in there? I don't even see him using the word. He talks about how Microsoft can better themselves by learning from the open source software out there.
The fine article has:
we're a centre of competency for Open Source Software (OSS) inside Microsoft. By running Linux and a variety of other OSS in a highly Microsoft-centric IT environment, we're learning how those technologies can better interoperate with Microsoft's proprietary technologies.
Even your own quote stresses interoperating. Improving M$ junk is a secondary function of his lab.
He's hosed. A M$ man talking about how good Linux is and how much M$ can learn from the FOSS community instead of calling it a "cancer" or "communist" is obviously off message. In a company that fires employees for mentioning Apples computers in a personal blog, breaking groupthink is a bad idea. Not so bad an idea as working for said company or using it's products, but a bad idea. The "internal meeting" is probably going to consist of chair throwing and statements like, "we hired you to understand how we can break this communist shit, not to issue PR statements or set company policy."
It is the word "Superhero" that is being claimed as protected by trademark law. Within the letter of the law, they may have a vaild claim.
So, I can make a trademark out of common language use? Who owns "antihero", "neohero", "nonhero" and other combinations that can pass my spell checker? How about the plural, "heros"? I created that, right? How much of your language do you want to have to beg a publisher to use?
I think that much argument can be made that they have long since lost any claim to the trademark.
Yeah, but they have more money and time than you do, so they are likely to win as often as they want. That's what happened here. As an anti-competitive measure, it backfired. While that's great for GeekPunk, it's bad for anyone else who wants to use their language without asking for permission first.
Big Al is Super. I'd like to see the people from South Park turn him into a superhero or at least an antihero. That would teach these morons a lesson.
Yeah, great. So Microsoft will "fix" spyware as well as they've "fixed" spam.
While the results are the same, the cases are different. In the spam case, they are working to turn the internet into the equivalent of broadcast TV, where only 3 companies have the right to spam. In the case of spyware and malware, they have simply purchased a snake oil vendor and will be breaking all the "products" of the other snake oil vendors. Those products never really worked to begin with but now they will act like poison.
How dare Microsoft enhance the security of their product, putting poor companies that thrive on the shortcomings of Windows out of business?!?!
You bought that one, hook line and sinker, didn't you? A system with reasonable security needs no virus checker. Microsoft's purchase of one or two virus checking software firms is no where near a "security enhancement". The only difference is that M$ will start to break all the other company's work, which is nothing the virus writers themselves don't already do. In other words, the only change is that M$ seeks to capture a large portion of the $97,000,000 spent on "security enhancements".
I'm waiting for the day they announce they are going into the boner pill market. Imagine the Microsoft Boner Pill. They will call it "MS Hard" and get a trade mark on the word Hard. Then no one will be able to write, "securing Microsoft is very hard."
It's even virus and spyware compatible. Just try pointing it at a gambling site. The popups come fast and furious. For extra fun, and to lessen the time you waste, install everyting they offer. Babba-bing-babba-BOOM, your virtual registry and Windoze is hosed! You did tar it up before you started, didn't you?
I just can't imagine installing IE7 on my machine except if I REALLY have to to verify that my websites load and operate with it. And that would be really sad.
I was unable to imagine typing that, so I did. Is there anyone, outside of webdesign and terminally dumb companies, that actually "upgrades" IE? Given a system with a different default or equal ease of install IE, dillo, epiphany, firefox, galeon, konqueror, mozilla and others, would anyone even use IE? It's doubtful, and that's why M$ had to put the screws to their vendors back in the Netscape days and continues the monkey business with Windoze Updater. It would be funny to see it work though. Imagine:
The following extra packages will be installed:
dos8.0 drm0.995 ugly_fonts1993 ie_license_submission
The following NEW packages will be installed
ie7
Recommended packages:
head_exam1.4
Suggested packages:
WMP notepad anti-virus spyware_detection fat_fat_wallet BSA_lawyer hammer
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 800MB/800MB of archives.
After unpacking 2024MB of additional disk space will be used and your computer will be very slow.
Do you really want to continue [Y/n]?
Just post the name of the software package, software company name, and link to their website. Slashdotters will ruin their reputation.
The reputation is ruined by the faulty product, a substandard OS, and a lack of information. People who need to know about the package are going to find out. Better they find out here than waste their money and vow to never buy another program from the company again. Full disclosure protects your reputation.
... the hackers will find the network exploits that almost certainly exist in that package
What makes you think the hackers don't already know? Your ignorance won't protect you. Knowing about a problem will.
The company will either fix the problem or go out of business.
Now you're making sense. Companies with poor products don't last long. Hopefully, they port their fine application to systems that don't have problems.
the first time a pilot requests a feature, you guys will sigh [and tell him to get coding]
Judging by all the features I have that Windoze users never will, I'd say developers get excited when they hear a good idea. For common ideas, they usually have a list of features on the way. It's hard to come up with new ideas, so the same requests might become tiresome but most people are used to it and have a faq. I don't know any free software enthusiast who would intentionally damp another user's enthusiasm. Now let's compare that to the non-free response.
The non free response is much ruder. It's typically a combination of:
You don't need that.
You are too stupid to use that.
That's impossible.
The same response is given whether the non-free market droid understands the request or not. You are not allowed to talk to the developer and the developer is not allowed to make decisions that count. The reasons are:
They may actually believe the above.
Cheapness.
They want to keep the good idea to themselves to be first to market.
They want to disparage a competing program that already has the feature.
Non-free is competitive in only that anti-social way. It's insecurity that drives their secrecy and rudeness.
The website had disclaimers on it (either during the login process or once you are signed in) that states unauthorized access is prohibited and that the web site is for official use only.
What if that disclaimer was used to hide embarrassing but important facts? My knowledge of those facts may have nothing to do with your silly web page. Does the state get to raid your newspaper because I blew the whistle? Who's going to blow the whistle? Do you really want to live in a TIA world, where the government thinks it has the right to know everthing and decide who can know it?
There are serious issues of limited search and seizure and publication in this case. It is being argued that the state is using this as a fishing expedition.
Rumors of any Linux desktop distribution "catching on" in any meaningful way have, unfortunately, been greatly exaggerated.
Yeah, those dudes at IBM don't know what they are talking about. Neither do Lowes, GM or other great big companies who have already migrated. Sleep tight, Steve Bally Boy, everything is just fine. Your employees do not use Ipods either.
We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?
Someone else's or a fake name!
It would be safer for you to use an old box to set up a GNU/Linux server to meet your immediate department's needs than to be caught spending company time writing charters. A change in IT might be a sign of worse things to come. Save your skin by getting your work done while others get mired in the IT morass. Mepis, $400, and 20 minutes of your time will yield you more than a terabyte of SAMBA/SSH server to relieve most of the problems you are talking about. Fix it at home, then stick it under an unused cube.
your kmail suggestion is just funny, if you mean we should first convert 90% of the world's computer users to Linux. Note that I'm also not blaming anybody in particular. The IT industry failed as a collective here.
The failure is that 90% of the world's computer users have not been moved yet. My wife and 4 year old daughter use Linux without problems. I also teach a newbies class, filled mostly with retirees. If they can use it, anyone can. If I can support them, Michael Dell can. There really is no excuse for selling a computer without a proper user based security model, or decent, multi user multi screen GUI. The inconvenience, insecurity and poor performance of Windows is mind boggling.
Check the public research... The vast majority of security failures are social, not technical. Bot net activity is a thorn in the side of security workers but it's not causing the most security breaches.
You're the expert, pass me a link.
My experience and common sense don't verify what you say. Microsoft is easier to break and is broken routinely by automated worms. This weakness makes me think of social attacks as both easier and redundant.
Microsoft simply sucks. Windows has a half life of 12 minutes on any network. Key loggers that call home are common. I've seen the results at big companies, small companies and the retail home user level. I personally got nailed at a fortune 500 company by an Outlook worm that popped right out of the preview. The mail administrator, who had access to everyone's desktops, considered this "ordinary advertising" and promissed me she would not report me as a porn browser. On software install jobs at a fortune 500 bank, my brother and I saw up to 20% failure on upgrades due to viruses and malware. At two small computer shops, both retail and wholesale, and as an independent consultant, I saw how badly small business and home users were mauled. They had machines that would not boot, machines that popped up porn in front of customers and all manner of crap that made their computers less than trustworthy.
Nothing like the above exists for Linux, Solaris, Mac or any non Microsoft operating system I can think of. What's different between those users and Microsoft users besides their choice of software? Why is it that I've never lost a file or had a virus problem in six years of running Linux at my home? I'm not a rocket scientist, and Mac users certainly are not. Yet, because there are no automated worms with keyloggers for our choice of software, it would take a deliberate and skilled attack to screw me over.
Someone running a corporate network would have a much easier time securing any *nix than they would chasing after Bill Gate's mistakes. That forces the would be cracker back to social attacks, which are less damaging and more difficult in a properly designed network than they are in the average corporate mess.
I'm looking around my office, and there is just nothing you can do! Even if you completely lock down desktops (the latest image was set up as to disable all HW and SW installs), and I personally had an admin pw within days!), there is still email.
Would your company be running a notoriously bad OS from Redmond?
RFC 821 (SMTP) was published in 1982. 24 years later on computers with 3,000 times the clock speed, we're still blaming users for the total lack of security in their email applications and infrastructure?
Having port 25 open for users is only considered a security threat where Exchange is your mail server. Really, SMTP works.
You can encrypt your authentication to your mail server. Just pop open kmail and have a look at all the options on your sending mail server to see for yourself.
The disguntled employee has always been the biggest security threat to any company. The only new thing today is how much easier it is to disrupt security and how often security is breached accidentally.
Wow, you mean that Microsoft's three year effort has not made it easier rather than harder to get 0wned in big dumb company land? Are you telling me that all the effort expended to forbid music players and cell phones was just a waste of time? Do we get to pry the epoxy out of the USB ports now? How far do you have to go to apologize for M$'s massive failure to deliver PCs that have half lives longer than 12 minutes and networks that can be compromised by disgruntled employees?
The only thing that has not really changed is Microsoft's inadequate security model. You can blame the user all you want, that won't make it so. Industrial espionage and routine bot net activity is what you should be worried about and the fix is to rip Windows out and replace it with *nix.
Since when exactly has the FSF been concerned about be perceived as anti-commercial? Its been like 20 some years of them fighting "what's good for business".
That's only true if your business happens to be non free software. The FSF advocates the use of free software for commercial ends, such as embedded systems. All they care about is preserving user freedom. This has negative implications for a few greedy companies that don't have the imagination required to make money without violating their customers. It's great for the rest of us and companies like IBM, which made $5,000,000,000 on free software consulting last year.
You can whine all you want, but name calling won't change a thing or win you any more customers.
That's why you should be running sftp instead of ftp. Konqueror works with sftp:// very well.
If you edit a file with Emacs and save it, you create a file with a '~' at the end of the filename. If it is a remote file, where do you create that? Locally, or remotely?
That's not an issue specific to the browser. If the user has permission to look at the file, they have the ability to create a local copy. The only real solution to the problem you raise is to keep untrusted users off your local machine.
everyone makes mistakes. Did you select the wrong tab and accidentaly send something in the clear, or to the wrong location? What if you can't undo your mistake? (Permission to create a file, but not delete it.) This is one of the dangers of integration - if it is handled the same, and looks the same, how do you avoid mistakes?
Once again, this is not a browser problem but a browser can help. Konqueror is an excellent tool for moving files across machines. Split screens avoid the need to ever drag to tabs. The easiest way to move files around is to split your screen with the localhost and the targethost on the same tab. When things are done this way, it's harder to make mistakes. That's all a good tool can do.
Once you start doing things this way, it's hard to go back. I still use find and tar for archiving and will often sftp by hand, but one day I'll figure out how to do that graphically with konqueror. If I ever figure out how to use konqueror's built in scripting for routine updating, well, things will be much easier. My life is not that routine yet.
Quit being so pompous, it's .... immature. M$ is a good name for a company that sues public schools for copying a text editor. Now, kiss my ass.
Interoperability is a two-way street; you can not only help others interoperate with you, you can improve your interoperability with them.
True and free and open software people understand that. It's kind of hard to miss when all your source and formats are published. That's why Gnome and KDE programs happy share data and space with an Enlightenment window manager. It's also why Open Office can suck down any M$ DOC. Taking it a step further, I can use Wine, Crossover Office or Parallels to run any Windoze application on any free computer. It's equally obvious that Microsoft is unable to understand this.
Now, what was your point?
The fine article has:
we're a centre of competency for Open Source Software (OSS) inside Microsoft. By running Linux and a variety of other OSS in a highly Microsoft-centric IT environment, we're learning how those technologies can better interoperate with Microsoft's proprietary technologies.
Even your own quote stresses interoperating. Improving M$ junk is a secondary function of his lab.
He's hosed. A M$ man talking about how good Linux is and how much M$ can learn from the FOSS community instead of calling it a "cancer" or "communist" is obviously off message. In a company that fires employees for mentioning Apples computers in a personal blog, breaking groupthink is a bad idea. Not so bad an idea as working for said company or using it's products, but a bad idea. The "internal meeting" is probably going to consist of chair throwing and statements like, "we hired you to understand how we can break this communist shit, not to issue PR statements or set company policy."
No double standard at all. People don't trust organizations that lie to them. Microsoft is full of shit and everyone knows it.
Oh yeah, people also don't like organizations that sue public schools and threaten everyone.
So, I can make a trademark out of common language use? Who owns "antihero", "neohero", "nonhero" and other combinations that can pass my spell checker? How about the plural, "heros"? I created that, right? How much of your language do you want to have to beg a publisher to use?
I think that much argument can be made that they have long since lost any claim to the trademark.
Yeah, but they have more money and time than you do, so they are likely to win as often as they want. That's what happened here. As an anti-competitive measure, it backfired. While that's great for GeekPunk, it's bad for anyone else who wants to use their language without asking for permission first.
Big Al is Super. I'd like to see the people from South Park turn him into a superhero or at least an antihero. That would teach these morons a lesson.
While the results are the same, the cases are different. In the spam case, they are working to turn the internet into the equivalent of broadcast TV, where only 3 companies have the right to spam. In the case of spyware and malware, they have simply purchased a snake oil vendor and will be breaking all the "products" of the other snake oil vendors. Those products never really worked to begin with but now they will act like poison.
Better you treat the dissease than they symptoms.
You bought that one, hook line and sinker, didn't you? A system with reasonable security needs no virus checker. Microsoft's purchase of one or two virus checking software firms is no where near a "security enhancement". The only difference is that M$ will start to break all the other company's work, which is nothing the virus writers themselves don't already do. In other words, the only change is that M$ seeks to capture a large portion of the $97,000,000 spent on "security enhancements".
I'm waiting for the day they announce they are going into the boner pill market. Imagine the Microsoft Boner Pill. They will call it "MS Hard" and get a trade mark on the word Hard. Then no one will be able to write, "securing Microsoft is very hard."
What makes you think M$ has it's act together this time?
It's even virus and spyware compatible. Just try pointing it at a gambling site. The popups come fast and furious. For extra fun, and to lessen the time you waste, install everyting they offer. Babba-bing-babba-BOOM, your virtual registry and Windoze is hosed! You did tar it up before you started, didn't you?
gift:/home/user# apt-get install ie7
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package ie7
gift:/home/user#
I was unable to imagine typing that, so I did. Is there anyone, outside of webdesign and terminally dumb companies, that actually "upgrades" IE? Given a system with a different default or equal ease of install IE, dillo, epiphany, firefox, galeon, konqueror, mozilla and others, would anyone even use IE? It's doubtful, and that's why M$ had to put the screws to their vendors back in the Netscape days and continues the monkey business with Windoze Updater. It would be funny to see it work though. Imagine:
gift:/home/user# apt-get install ie7
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
dos8.0 drm0.995 ugly_fonts1993 ie_license_submission
The following NEW packages will be installed
ie7
Recommended packages:
head_exam1.4
Suggested packages:
WMP notepad anti-virus spyware_detection fat_fat_wallet BSA_lawyer hammer
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 800MB/800MB of archives. After unpacking 2024MB of additional disk space will be used and your computer will be very slow.
Do you really want to continue [Y/n]?
You mean IE has changed over the last ten years and does not look like IE or Netscape did in 1996? The tabless wonder could have fooled me.
Just post the name of the software package, software company name, and link to their website. Slashdotters will ruin their reputation.
The reputation is ruined by the faulty product, a substandard OS, and a lack of information. People who need to know about the package are going to find out. Better they find out here than waste their money and vow to never buy another program from the company again. Full disclosure protects your reputation.
What makes you think the hackers don't already know? Your ignorance won't protect you. Knowing about a problem will.
The company will either fix the problem or go out of business.
Now you're making sense. Companies with poor products don't last long. Hopefully, they port their fine application to systems that don't have problems.
Judging by all the features I have that Windoze users never will, I'd say developers get excited when they hear a good idea. For common ideas, they usually have a list of features on the way. It's hard to come up with new ideas, so the same requests might become tiresome but most people are used to it and have a faq. I don't know any free software enthusiast who would intentionally damp another user's enthusiasm. Now let's compare that to the non-free response.
The non free response is much ruder. It's typically a combination of:
The same response is given whether the non-free market droid understands the request or not. You are not allowed to talk to the developer and the developer is not allowed to make decisions that count. The reasons are:
Non-free is competitive in only that anti-social way. It's insecurity that drives their secrecy and rudeness.
What if that disclaimer was used to hide embarrassing but important facts? My knowledge of those facts may have nothing to do with your silly web page. Does the state get to raid your newspaper because I blew the whistle? Who's going to blow the whistle? Do you really want to live in a TIA world, where the government thinks it has the right to know everthing and decide who can know it?
There are serious issues of limited search and seizure and publication in this case. It is being argued that the state is using this as a fishing expedition.
Yeah, those dudes at IBM don't know what they are talking about. Neither do Lowes, GM or other great big companies who have already migrated. Sleep tight, Steve Bally Boy, everything is just fine. Your employees do not use Ipods either.
Someone else's or a fake name!
It would be safer for you to use an old box to set up a GNU/Linux server to meet your immediate department's needs than to be caught spending company time writing charters. A change in IT might be a sign of worse things to come. Save your skin by getting your work done while others get mired in the IT morass. Mepis, $400, and 20 minutes of your time will yield you more than a terabyte of SAMBA/SSH server to relieve most of the problems you are talking about. Fix it at home, then stick it under an unused cube.
The failure is that 90% of the world's computer users have not been moved yet. My wife and 4 year old daughter use Linux without problems. I also teach a newbies class, filled mostly with retirees. If they can use it, anyone can. If I can support them, Michael Dell can. There really is no excuse for selling a computer without a proper user based security model, or decent, multi user multi screen GUI. The inconvenience, insecurity and poor performance of Windows is mind boggling.
You're the expert, pass me a link.
My experience and common sense don't verify what you say. Microsoft is easier to break and is broken routinely by automated worms. This weakness makes me think of social attacks as both easier and redundant.
Microsoft simply sucks. Windows has a half life of 12 minutes on any network. Key loggers that call home are common. I've seen the results at big companies, small companies and the retail home user level. I personally got nailed at a fortune 500 company by an Outlook worm that popped right out of the preview. The mail administrator, who had access to everyone's desktops, considered this "ordinary advertising" and promissed me she would not report me as a porn browser. On software install jobs at a fortune 500 bank, my brother and I saw up to 20% failure on upgrades due to viruses and malware. At two small computer shops, both retail and wholesale, and as an independent consultant, I saw how badly small business and home users were mauled. They had machines that would not boot, machines that popped up porn in front of customers and all manner of crap that made their computers less than trustworthy.
Nothing like the above exists for Linux, Solaris, Mac or any non Microsoft operating system I can think of. What's different between those users and Microsoft users besides their choice of software? Why is it that I've never lost a file or had a virus problem in six years of running Linux at my home? I'm not a rocket scientist, and Mac users certainly are not. Yet, because there are no automated worms with keyloggers for our choice of software, it would take a deliberate and skilled attack to screw me over.
Someone running a corporate network would have a much easier time securing any *nix than they would chasing after Bill Gate's mistakes. That forces the would be cracker back to social attacks, which are less damaging and more difficult in a properly designed network than they are in the average corporate mess.
Would your company be running a notoriously bad OS from Redmond?
Having port 25 open for users is only considered a security threat where Exchange is your mail server. Really, SMTP works.
You can encrypt your authentication to your mail server. Just pop open kmail and have a look at all the options on your sending mail server to see for yourself.
Wow, you mean that Microsoft's three year effort has not made it easier rather than harder to get 0wned in big dumb company land? Are you telling me that all the effort expended to forbid music players and cell phones was just a waste of time? Do we get to pry the epoxy out of the USB ports now? How far do you have to go to apologize for M$'s massive failure to deliver PCs that have half lives longer than 12 minutes and networks that can be compromised by disgruntled employees?
The only thing that has not really changed is Microsoft's inadequate security model. You can blame the user all you want, that won't make it so. Industrial espionage and routine bot net activity is what you should be worried about and the fix is to rip Windows out and replace it with *nix.
That's only true if your business happens to be non free software. The FSF advocates the use of free software for commercial ends, such as embedded systems. All they care about is preserving user freedom. This has negative implications for a few greedy companies that don't have the imagination required to make money without violating their customers. It's great for the rest of us and companies like IBM, which made $5,000,000,000 on free software consulting last year.
You can whine all you want, but name calling won't change a thing or win you any more customers.