Loss of privacy is merely a symptom of a government run amok. By itself, it is not the primary problem. But, unless you fix the problem, those seemingly larger problems will become small compared to those looming on the horizon. Yes, campaign finance reform is needed - but, that is assuming we have free elections in the first place. Without privacy, we might not, and any progress toward campaign finance reform would be irrelevant at that point.
I am quite frankly, sick of what I've been hearing:
"Install a firewall...."
"Use a router..."
"Download and burn your service packs onto CD"
"Use software X, which prevents infection..."
It seems as if we've forgotten who the typical Windows user is. No, they won't do any of the things mentioned above, because, well, frankly, that would require thought and actually retaining a little knowledge of how computers work. The typical Windows user doesn't know and doesn't want to know how computers work; they just want to do their websurfing, email, and games.
Really, when it comes down to it, why not just recommend Linux? With all the hoops you'd jump through to secure a Windows box, you might as well just have the user install Linux. Imagine you instructing someone how to install Linux and Windows (separately):
Linux: "Here's a distro CD. You need to first partition your hard drives..."
Windows: "Your machine has become infected, you need to go to the Windows update site..."
Linux: "Oh, it looks as if you've screwed up the partition table - here, I'll fix it. There, now just go through the default install..."
Windows: "Ah, yeah... Well, it appears that you were infected during the download of SP2. Can't really do much about that. Now install this antivirus software and have it scan your drive..."
Linux: "Oh, yeah, configuring X is kinda difficult, my bad. Type XConfigurator after logging on as root, and it should do the trick..."
Windows: "Um, well, the antivirus didn't find a virus, but with all the CPU usage, you've probably got some spyware going. Download and run spyware blaster..."
Linux: "Root - yeah, you have to type r o o t . Ok? yeah - XConfigurator. No, capital X, capital C, all the rest in lower case...."
Windows: "Well, we've cleaned up your system, but you were re-infected when you connnected to the network. Re-install SP2. Then configure your firewall to block everything except DNS, HTTP, POP, and SMTP."
Linux: "Yeah, you have to use Mozilla instead. You need to download Java from Sun's website, as well as the Linux Flash player."
Windows: "SMTP,POP - oh, forget it. Just use the default settings for the firewall..."
Linux: "Well, those games only run under Windows. There's a few sites that you can download Linux games from...."
Windows: "Well, you've blocked access to the ports your games use for communication.... No, I don't know which ones they are... Yeah, you'll have to look through the documentation that came with the game, or use their online help... No, I really don't know which ports they are using... NO, YOU SHOULD NOT OPEN ALL PORTS! - that's how this happened in the first place...
I think you get the point...
Yes, Windows used to be easier to use than Linux. But with the growing security problems, it has become easier for the end user to simply install Linux than to understand, install, and configure the plethora of specialty applications and hardware required to protect Windows from its own poor design.
I'm kind of suspicious of these "Let's defend the government" types. Usually, when people voice opinions like this, they're trying to deflect suspicion from them, because they really do have something to hide.
For example, "Maybe I heard a rumor that someone heard that you were thinking about planning a terrorist event..."
Or maybe I didn't. But it doesn't matter, though. If you've even stopped for coffee at the same Starbucks used by a terrorist once, you are now "linked to terrorists..." Never mind the fact that you never met them in person, nor would ever take part in such crimes. Suspicion alone is enough to warrant arrest; any inkling of negative hearsay sufficient to be detained indefinitely as a "terrorist".
The real problem I see is a "Justice Department" more interested in detaining suspects than actually delivering justice. For the number of people detained, the convictions are few and far between, a fact made even more damnable by the notorious inaccuracy of the current judicial system (about two-thirds of those sentenced to die are later found to be factually innocent).
Microsoft knows how to do technology and software. They don't know how to tell a story.
I fear that this is actually false; they know more about telling stories than technology:
They tell stories about "Enterprise Class" operating systems that must be patched on a monthly basis to remain "secure". Of course, the absence of auto-update on mainframes means that they must be inherently insecure; after all, nobody could code a secure OS from the start, right?
They tell stories about managing your business with their software, yet disclaim any responsibility whatsoever for customer data after the install. Which is exactly what I want - right? I mean, if I lose a "mission critical" business system to a Blaster-type worm, the last thing I want, or expect, is for the vendor to take responsibility for their shoddy design practices.
They tell stories about "low total cost of ownership", yet their analyses conveniently forget to include virus cleanup, constant patching, and damage due to loss of proprietary information through security breaches.
And no, a company which is not content with 95% of the desktop share wouldn't possibly try to buy Hollywood, now would they? I mean, that would be so out of character for them - those felonies, drumming competition out of business, etc... - those were just a few minor slips, right? I mean, gosh, deep down inside, Microsoft is really just a misunderstood giant...
Not that I'd cry for Hollywood, though. But it does seem a little insincere on Microsoft's part.
From a patent perspective, the assemblers on IBM mainframes in the 60's had an assembler directives like this:
LABEL DC CL132'A'
Basically, what this is: Declare Constant, Character Lenth 132, filled with 'A'. It is a Run Length Encoding, and it preceded GIF, JPEG, etc... by more than 15 years.
Likewise, the dup directive was available in PC assemblers long before RLE was patented.
So, anyone with the guts to fight these guys could easily invalidate their patent with prior art. The idea of run length encoding as a compression technique occurred to me when I was about 12, and even then I didn't think it particularly noteworthy.
At 299, I have to wonder...
on
You've Got PC
·
· Score: 1, Insightful
why doesn't it run Linux? Granted, AOL, if you're going to use a PC as a loss leader, you might as well use Linux - at least you won't be paying the Redmond tax.
I take it that this PC is intended for newbies, which is why Linux makes a perfect choice:
Newbies don't know *NOT* to click on every attachment in Outlook. Using Linux will avoid numerous support calls due to viruses and spyware.
Newbies don't know they need to patch Windows every month. Explaining this to them is going to consume even more of AOL's support resources, increasing the cost of the computer for AOL. With Linux, this wouldn't be an issue.
Newbies won't have to unlearn bad habits from Windows in order to use Linux - as this will be the *FIRST* system they've owned, it will be easier to get them started out right.
For most people, a PC is a glorified word processor with internet access and email. For this, Linux would be a better choice than Windows.
Okay, there is one caveat: games and off the shelf software. A good Wine setup could handle the latter; the former, well, maybe not so much. But then, what would you expect for $259?*
The ex-Jenkens lawyers filed a counterclaim to recover millions of dollars in past and possibly future fees they say they're entitled to as the architects of Forgent's patent-licensing strategy.
So basically, these lawyers patented the business model of suing other companies for patent infringement and are now trying to collect royalties on Forgent collecting royalties from the JPEG patent. Follow that?
But it gets better:
Already, Forgent has reaped nearly $50 million...
Jenkens receives 50 percent of the revenue from licensing the patent, plus some expenses. The law firm's take so far is an estimated $50 million.
So, let me get this straight:
Forgent has paid out 50 Million in legal fees, so that:
Forgent could receive 50 Million in patent royalties, and
They now owe the lawyers half of any remaining royalties they collect...
So basically, they've made no profit on their first $50M in revenues, their lawyers own half of all their subsequent royalties, and their ex-law firm is suing them for whatever is left.
What can I say, but that I'm glad I don't own stock in Forgent.... They may have a patent portfolio, but they don't have a clue.
Really? Now, granted, I haven't used GNOME in about 2 or 3 years, but perhaps you can explain the following:
While giving a Linux demonstration on the virtues of dual boot, several in my audience noted that Windows explorer noticeably faster than the GNOME filebrowser. Believe me, spending 45 seconds watching a watch icon isn't going to convince Windows users to switch.
When I last installed GNOME, it was on a 500MHz box with 128 MB of RAM. And even then, it was slow as molasses - I felt like I was using a 486 with Windows95. Upgrading to 512 MB improved things a little, but not much.
Why on earth does the GNOME clock applet need more than a megabyte of memory? It's almost as if the developers are competing for the most trivial use of memory award.
I used to consider Windows the epitome of bloat until I ran GNOME. But I can't, by any stretch of the imagination, call something lightweight when the clock applet alone uses more memory than the original IBM PC.
Hopefully, things have gotten better. But GNOME really embarrassed me during a time when Windows was considered the epitome of bloat.
If you develop on the platform your IP may belong to the world and the value of that IP is part of your Linux price. I'm waiting for the day that someone at GM realizes that Linux developers there regularly talk to their Ford counterparts to solve critical problems and, because may they need to, provide access and confidential information about the company in the process. The Ford executives shouldn't feel too smug because similar information is flowing out of them. And key technologies may not belong to either because of this practice.
[emphasis mine]
Wow, I don't know if I could point out a more misunderstood statement regarding the GPL than this.
In the first place, developing on Linux doesn't obligate you to release your code under the GPL. So, unless you're an idiot and release your code to the world, you could market and sell Linux applications without ever revealing your source. But that would be selfish - you've benefitted greatly from the benevolence of others, yet you feel no need to give back to the same community that gave so much to you? Let me guess, you're still trying to avoid paying taxes, too?
Basically, the GPL prevents IP theft. The terms are simple - if you steal our code, you have to make your code available to the public, or risk a lawsuit. In fact, GPL'ing a piece of software is a sort of insurance policy against code theft - if someone copies my GPL'd code into their product, I can then demand they distribute their source code as well. Hence, it serves as a deterrent to the corporate parasites and leeches who make their living by stealing and repackaging the work of others.
No, using GPL'd software for development won't give your IP to the world, as you suggest. But, the GPL ensures that code leeches can't steal the work of others for the sake of personal profit. You, Rob, didn't write the Linux kernel, nor the GNU utilities and libraries, and hence, have no right to use code you haven't written against the will of the author. Why is this so hard to understand? All the GPL says is that if you use someone else's code, you have to respect their terms. Is that really so hard?
Has anyone talked about the patent risks in Microsoft's code?
I mean, Microsoft's customers were sued by Timeline after Microsoft shipped Timeline's IP in their SQL server.
And then, there's the Eolas case - everyone using Internet Explorer could owe Eolas patent royalties... Think about that for a moment.
With more than 50 million lines of code in the Windows 2000 kernel alone, why isn't anyone talking about Microsoft's patent liability? Do you think even Microsoft can audit every line for a patent violation? And what is the likelihood that, in 50 million lines of code produced by a company known for predatory tactics, there are no patent violations?
To pursue a patent suit against Linux users, three fundamental problems would have to be overcome:
The plaintiff would have to show actual damages. As Linux is available for free, it would be very difficult to establish the worth of any foregone licensing fees.
A plaintiff is required to show that they have done everything reasonable to avoid incurring damages. Thus, they have a duty to inspect the source code for infringements and inform the kernel maintainers in a timely manner. If they try to pull a submarine-style ambush, the openness of the source code eliminates the "But we couldn't mitigate damages because we didn't know... " excuse.
Because the source is open, a user in violation of a given patent could simply rewrite the offending sections of the source tree (or apply the equivalent patch).
Granted, a patently holder could still enjoin Linus from distributing infringing code. I doubt, however, that this would have any effect, as the community would probably provide a suitable workaround on short notice.
But, because of the open nature of the code, any infringements that do exist in the code would probably be moot, because the patent holders have not shown due diligence in protecting their patents. It is not likely that one could be sued for using past code that has been available for several years - the fact that said code was openly available and the patent holder failed to persue licensing from Linus, et al, serves as prima facie evidence that the patent holder considered the patent worthless.
If don't have time to do it right the first time, you'll make time the second...
I understand that configuring Linux is, quite frankly, a chore. However, it only needs to be done once.
The "Just Works" argument runs both ways - I've had more problems getting some hardware to work under Windows than under Linux. And then, there's the quarterly, preventive maintainance of backing up and reinstalling Windows. Yes, I suppose I could let them go for longer, but experience has taught me that when it comes to Windows, it's often easier just to reinstall at regular intervals than attempt to recover from the inevitable crash. Win2k is a little better, but not by much.
And in spite of this, I can't just plug and play with a Windows machine. I've had numerous pieces of hardware which, at first "appeared" to work with Windows, only to have drivers which later "disappeared", or refused to work entirely. Hence the growing collection of "Windows only" hardware gathering dust in the closet. Granted, it isn't Microsoft's fault that shoddy hardware vendors can't write stable drivers, but then, when I want something that Just Works:
I can run Linux. I have to restrict my hardware selection to what it supports, but at least I can be reasonably certain that it will work. I spend a considerable amount of time on hardware selection and setup.
I can run Windows on cheap hardware, and suffer stability problems because of buggy drivers. I now spend my time reinstalling Windows and drivers, trying to find a configuration in which there's no driver conflict, or stability problems.
I can run Windows on expensive hardware. I spend less time setting up and configuring hardware, but I've still got virus and security issues to tend to (patching monthly, etc...). Additionally, I've trading the increased price for a reduction in the frustration I'll have with hardware issues.
Simply put, there's no easy way out. You're either going to spend a lot of time or a lot of money, or a little bit of both getting a good system these days.
Plug in your digital camera and watch the machine freeze for a few minutes....
Start to download your pictures, only to find that about halfway through, "This program has performed an illegal operation..."
Curse when you realize that your vacation pictures no longer exist - the files weren't saved, and your camera marked them for delete when the download started.
Curse even more when you discover that you're just another victim of Crappy Drivers Syndrome(TM). Keep cursing as you realize that Crappy Driver Syndrome seldom happens to Linux Zealots.
Generally come to realize that there's a good reason why Linux drivers were never written for the device... Perhaps the hardware is crap? Or maybe the manufacturer doesn't want you to fully utilize the device (DRM in driver software?)...
Yes, we know that almost all devices "work" with windows - as in, you can plug them in, and load drivers for them. But I've found that this is irrelevant; I could care less whether Big Buy's Bargain Basement Webcam "works" with Linux. Cheap hardware is cheap for a reason. What good is having a Windows driver for your cheap hardware if the driver crashes your machine?. Yes, I've had this happen on more than one occasion. The reason why I use Linux is because I can be reasonably certain that if there aren't Linux drivers written for the hardware, it's probably crap. I don't have to worry about some shoddily written driver crashing my machine so much with Linux as I do with Windows.
I'd like to expand on your statement about drones and geeks. Geeks are almost never in hiring positions. The next time I'm asked by a drone "what was your biggest challenge...", this is what I'll say:
"My biggest challenge in professional life has not been professional development - I like my job and keep myself current. Nor is it technical - I've never found a problem which I could not solve given enough time and energy. My biggest challenge has been other people. If you are thinking I don't communicate well, that's only half of it. You see, the average person can not learn something without formal training; even the few who can often never take the initiative to do so. I love computer science; I keep myself current - I follow it the way a sports fan follows baseball or football or golf. But, because the hiring manager often cannot learn of their own volition, and certainly not without formal training, they naturally believe that if I haven't formal documentation of training or experience in a particular skill, I can't possibly know it, much less have mastered it. The notion of one thinking about their profession every waking moment is completely foreign to them; they cannot understand how someone can learn, and even master a skill without formal training. And sadly, they often pick someone of lesser skill and intelligence because that person happened to realize that they couldn't teach themselves; that person chose to be formally trained rather than to discover and understand."
"I would say that overcoming ignorance is probably the largest challenge that I've ever faced. The problem is two-fold; first, there is an unwillingness to learn, and second, there is an inability to understand. Yes, I can explain it to them as I've just explained it to you. However, to someone who understands only what has been formerly taught to him, my words are of no effect - you see, he doesn't learn unless in the classroom. Explaining anything to such a person won't enlighten them, but only confuse them. Such a person resists adding to their knowledge, because they themselves lack the ability to discern truth from falsehood - instead, they rely on authority to form their opinions. And since I'm not in a position of authority, they simply disregard whatever I've said, unless I happen to mention terms with which they are familiar. They understand facts, not relationships; they can grasp buzzwords, but don't understand the technology. And unfortunately, they lack the ability to think anything beyond what they immediately perceive."
I think my point was more along the lines of this: if aliens are attempting to contact us, we would know by now. I don't believe it is a case of "we're too stupid to figure it out". They either aren't talking, or they're not talking to us....
Linux at some point could be good enough to run home PCs.
Yes, but he forgets that Linux could be ready for the home PC as early as 1998. What will Microsoft do then?
No, we're not just a little biased, are we? I've been running RedHat on my home machine since 1998. I've had non-computer-genius friends and family running Linux on their desktops since 1999. If this guy had a brain, he'd be dangerous...
Can Linux really handle crucial areas such as security and e-mail? The Microsoft people are ready with answers...
And those answers would be... "install this patch and reboot..."? Can Linux handle email and security? I mean, really?! Gosh, I just don't know... Of course, to Microsofties, one Linux hole per year makes the OS insecure, but 100 security vulnerabilities a month make Windows "The choice for reliability throughout the enterprise..." As if MS even understood the term "Enterprise computing".
"I just want the decision to be based on facts, not religion," says Taylor. "People are saying, 'It's not Microsoft, so it must be great.'
No, actually, you don't want a decision... based on facts... - because it wouldn't be favorably to Microsoft. People are looking to leave Microsoft for Linux because of the facts, not in spite of them:
They want an OS that Just Works(TM) for years on end.
They don't want to be forced into draconian EULAs.
They don't want to pay for the same software twice, or in some cases, three times.
They need something that runs, securely, out of the box. They don't have time to test dozens of "critical security patches", or the risk of applying them to a production server in a mission critical environment.
They want the ability to simply remove software they don't need, especially when said software has more security holes than swiss cheese.
They don't want to worry about viruses.
Allchin points to new features in the version of Windows due in 2007 that will allow users to remotely turn PCs on or off, with programs still running. Searches will extend across all data like e-mail, photos, Word. "We're creating things," he says.
I turn off my machine with programs still running all the time - it's called FreeDOS. But yes, you are creating things - more security vulnerabilities. Why on earth would a home user want to power off their machine from a remote location? What - in your hurry to get out the door you forgot to shut down the computer, and at work you now have the sudden urge to turn it off?
Tell us what Linux does that we can't do. Don't tell us you're deploying Linux just because you can."
Linux can be installed without any risk of violating licensing provisions and incurring unseen financial liability on my employer. But also, the number one reason why I deploy Linux:
Microsoft doesn't understand Enterprise Computing.
I could go on for hours on this, but I'll spare you. Suffice to say, Microsoft can't build a secure or stable Windows because they lack the mindset to do so.
How would we know if there was a message in our genomes? Presumably ET would make it easy for us to spot. Some sort of in-your-face pattern would be best, something that stood out from the random scatter of genetic letters.
I would posit that an ET intelligence smart enough to create a pattern in our DNA would also be smart enough to make the evidence of their existence readily apparent to even those without the ability to decode DNA. I mean, if the point of sending a message is to communicate, why would you require such sophisticated techniques to understand it, with the attendant risk of misinterpretation?
Replace ET with God, and you've got a good paraphrase of the "intelligent design" argument for God's existence.
I think what irks me the most is the assumption that aliens are trying to contact us. When we think about communication, there are some interesting principles:
The sender of a message fulfills some need in sending the message. Perhaps it is a call for help; perhaps "they" need some more friends.
A message is always sent with a reasonable expectation that the recipient will be able to understand it.
The sender usually wants some sort of response from the recipient, even if it is merely an acknowledgement.
This leaves us with some fundamental problems regarding ET's contacting us with "sophisticated" techniques:
An alien intelligence seeking to make contact with other civilizations would probably choose the most easily recognized form of communication, not one which required sophisticated technology or a considerable degree of intelligence to decode.
What purpose would such a message serve? If they are more advanced technologically, why would they contact us - we don't have anything that they need? If less so, then we would be able to decode their messages with ease.
If "they" are sending messages, then surely they must already know, or strongly suspect, our existence. If this is the case, then why don't they already know how to communicate with us?
It would seem to me that if aliens were trying to contact us, we would have known it by know. I suspect that if SETI discovers any "intelligent signals", we'll come to discover that they were not intended for us to decode. Perhaps some alien military communications, or ARIA (Alien Recording Industry Association) encrypted music broadcasts, etc...
Just a rhetorical exercise here: Would God qualify as the sender of such a message?
The fact that mankind is the only animal with free will and moral choice is an in-your-face pattern represented nowhere else in the known universe. Furthermore, this is easily recognized by the message recipient (mankind).
The desire for a loving relationship is the reason for communication.
Our existence is certain to the one who created us.
With what we know now, only our Creator would possess the knowledge of our existence, the desire to communicate, and the means to do so. I wonder if this occurs to the SETI team, or if they are trying to find God in outer space...
All computer systems involved in patient care (and paper tracking as well) are forced to go through governmental processes for design, documentation and testing
So, if the hospital installs an uncertified piece of software on the machine, then they would be at risk if death or injury occurs, not the vendor.
If someone was injured by an unpatched machine, the hospital could pass liability back to the manufacturer - after all, they were in full compliance with the federally tested machine configuration. In which case, the manufacturer would be held liable for any injuries.
But it doesn't stop there. The manufacturer could easily and convincingly claim that Microsoft overstated the reliability of their operating systems, and the failure was due to Microsoft's code. Convincing a jury that a Windows crash caused the injury would be a trivial exercise for even the most inexperienced attorney; almost everyone has had some experience with a Blue Screen of Death.
Now comes the interesting part. Yes, the manufacturer may have agreed to the EULA, and may not be able to sue Microsoft. The patient, however, did not agree to the EULA, and having been damaged by Microsoft's code, could easily convince a jury, that in spite of the EULA, because Microsoft knew that their code was being used in medical devices failed to show due diligence to protect the user. Microsoft can't weasel their way out of this one, because the EULA doesn't apply to the patient. And, unlike the software liability cases, a medical malpractice case could easily charge the defendant with millions, or even billions of dollars in punitive damages.
Intellectual property is a misnomer. In fact, arguing that copyrighted content is somehow property dilutes the meaning of physical property:
A seller cannot legally sell the same physical property to more than one buyer. If intellectual property is indeed property, the likes of the MPAA and RIAA have been committing fraud on a heretofore unknown scale.
The act of theft involves removing someone's property from their possession. If intellectual property is indeed property, then copying it cannot be considered theft, because the article in question - the copyrighted material - never leaves the owner's possession.
You cannot own something intangible in the same manner as physical property. The philosophy of physical property and laws thereof are contingent on the fact that physical property is scarce - that is, no two entities can fully possess it simultaneously. But intellectual property - if it can be called that - is not scarce; it can be reproduced almost effortlessly.
I understand the unfairness in taking a person's work without compensation, however, someone who could not afford, or does not esteem the work to be worth the asking price does not defruad the worker by copying their work. The exception to this is when a person does value the content, and chooses instead to search for a "free" copy out of greed. Unfortunately, only the conscience of the individual truly knows if they are unable to buy, or merely being greedy; for this reason copyright laws are necessary. This does not justify the RIAA's and MPAA's inordinate greed, though.
Treating ideas and the tangible expressions of such as property is a dangerous thing to do. On one hand, it dilutes the meaning of physical property - imagine a homeowner being forced to "license" his his front yard for a road expansion; he still legally owns it and pays taxes on it, yet cannot deny others from occupying "his" property. OTOH, if intellecutal property is indeed property, I could republish all of the songs on a CD without penalty, because "buying the CD" establishes me as the new owner - with full ownership of the content.
We should be talking about what is ethical, not what is legal:
Is it ethical for a performer to get paid every time their work is played, even though there is no additional effort expended on their part?
Is it ethical to use one's monopoly status to charge more than the content is worth?
Is it ethical to deny developing countries the software they need because they simply can't afford it - even when additional copies costs the producers nothing?
You say you love music. Fine - but do you respect the artists? Is it ethical to redistribute their work for free, to those who can afford the content, but refuse to do so out of pure greed? Would you do that to one of your friends?
You say you don't like the DMCA. You've got DVD cracking software - you claim it is for your fair use rights..... But why do you demand fair use rights, and yet buy hardware that is designed to take them away?
Being ethical isn't merely a matter of obeying the letter of the law. We need instead to start thinking about how our actions are affecting those around us. It isn't purely a matter of copyright law, but rather, of how we view those people who produce the products we use.
Simple: You can determine where and when a cruise missile crashes into something. Since it runs Windows XP, wherewhen it crashes cannot controlled, nor predicted in advance... Therefore, it is not a cruise missile. Install Linux, OTOH....
We view with equal alarm reports that at least some P2P file-sharing services are adding encryption features to those services.... Encryption only reinforces the perception that P2P technology is being used primarily for illegal ends. Accordingly, we would ask you to refrain from making design changes to your software that prevent law enforcement in our States from investigating and enforcing the law.
I find the notion that encryption implies criminal activity particularly troublesome, especially considering:
Millions of workers every day are able to work from home thanks to VPN. Without encryption, the possibility of divulging sensitive information would keep these workers in their cubicles, rather than caring for children or staying home sick.
Industrial espionage is contingent on the absence of encrypted communications. On more than one occasion, the lack of encryption in communication facilities has inadvertently disclosed trade secrets. In at least one instance, the entire source tree for a popular software product was divulged.
Without encryption, the proceedings of supposedly "secret" court proceedings - those involving children, or sexual abuse - may be inadvertently disclosed to associates of the accused, enabling revenge on the victims.
Without encryption, e-commerce would cease to exist - who would send their credit card info over the internet unencrypted?
Without encryption, political dissidents in terrorist controlled countries could not organize a resistance movement for the sake of furthering democracy. Saddam Hussein successfully thwarted overthrow for more than 10 years partly because he effectively outlawed encryption.
More often than not, criminals and terrorists do not use encryption - the 9/11 hijackers didn't, nor did Timothy McVeigh.
A recent FBI report concluded that during the last 5 years, not one case was stymied by an inability to decrypt communications between suspects. In fact, of all federal cases, less than 4% involved the use of encryption, and even then it didn't help the suspects.
The problem with the "only criminals use encryption..." mantra is that it just isn't true. Encryption is used far more often for legal, productive activities than illegal ones.
Furthermore, P2P file-sharing technology can allow its users to access the files of other users, even when the computer is "off" if the computer itself is connected to the Internet via broadband.
Because, as everyone knows, a broadband connection is so powerful, it can steal bits from a stopped hard drive!? I'm sorry, but this is sheer ignorance:
In the first place, a PC has to be on to serve files, and cannot be remotely turned on, except for:
Those rare cases in which computer users are sophisticated enough to enable wake-on-LAN in their bios and remember to put the machine into sleep mode, rather than powering it down with the switch. Even then, it's still anyone's guess as to whether an incoming P2P request would wake the machine.
The likelihood that the above users would be sharing files without their knowledge is between slim and none. I'd posit that the overwhelming majority of "I didn't know I was sharing my whole hard drive..." types believe that a firewall sits adjacent the fireplace and AOL is "the Internet".
Last time I checked Linux was "difficult to use". Everyone knows Linux is "difficult to use
I'd agree, with the following corrections:
Linux is difficult to install and configure. Using it is easy.
Everyone doesn't know that Linux is difficult to use (or install, whatever...) because everyone hasn't tried installing it. OTOH, just about everyone has used Windows.
Yes, I know Linux can be a pain. I recompiled my kernel last night... and the kernel was too big. I doubt a Windows user would recompile a kernel to get sound to work; even if they did, they wouldn't know what to do with "Error 2: Kernel too big..." And yet, this is actually an improvement - it used to be that if a kernel was too big, you would find out when you tried to reboot and failed!
But thankfully, most people think Linux is a penguin, if they've heard of it at all. They have no experience with kernel panics, recompiling kernels, writing init scripts, etc...
From their viewpoint, anything (GUI) which stays running for years on end and doesn't get viruses has got to be better than Windows...
Linux doesn't have to overcome a bad first impression, that's all. It wasn't thrust upon the masses before it was truly ready, and the FOSS process keeps software failures from becoming marketing successes. Now Microsoft can't shake their image of being unreliable because, "first impressions are lasting impressions..."
It doesn't matter how long it's been since you've seen a blue screen... because blue screens are a trademark of the Microsoft experience, much like viruses. Everyone knows what a blue screen means, and Microsoft will never shake their reputation as being a shoddy OS vendor.
Besides, it doesn't help our IT department mandated daily rebooting for every Win2k desktop in the department. It seems that a reboot-a-day keeps the help desk away... We used to have numerous "strange" and intermittent problems until this policy was implemented. I've seen my WinNT/2k desktop crashed twice.
When I took my freshmen chemistry courses in college, we had electronic stirs - you'd drop this plastic coated magnetic "plug" in a beaker, and then set the beaker on the machine. An alternating magnetic field would cause the plug to spin, stirring the fluid.
And now, 15 years later, someone finally figured out that you could apply the same principle to moving blood. Amazing.
I've always wondered why people bleed to death on the operating room table from trauma. When I worked as a mechanic, I had a supply of various diameter tubings readily available so I could plug a vacuum leak when diagnosing a carburetor malfunction. I've never understood why surgeons can't do the same with blood vessels - the patient is bleeding from a major artery, and it never occurs to them that the could slice the artery in half and connect the ends with surgical tubing?
I had always thought that there must be some really scientific reason for this, but now it occurs to me that it might just be ignorance. It took medical science 15 years to figure out that a lab stir would work better than bearings? I knew that as a freshmen! Ask the hubble designers - it uses frictionless magnetic bearings - maybe they could have clued someone in?
In this context, a rule-of-thumb definition of security is often cited: a system is considered secure if its "secure-time" is greater than its "insecure-time." Secure time is simply the time during which a system is protected, that is, free of "incidents". Insecure time is the sum of the time it takes to detect an incident and the time it takes to react to the incident (summed over all incidents in a given interval):
I've never heard such a naive definition of security. Apparently, regardless of how many security holes my system has, or how many times I get hacked, I can call it secure as long as it can be recovered quickly.
So, by this definition, my system is still secure even when:
A hacker exploits IIS and downloads all my customer names and CC numbers.
A hacker destroys all of my data from the last backup; as long as I can recover it quickly, data loss doesn't matter, right?
A hacker DDOS' our server and we lose several days worth of business. Our system is still up, so obviously it's not secure.
A hacker installs a rootkit on our server. You see, it doesn't matter if the box is owned, as long as its up and running, right?
A hacker zombies the machine and uses it to send SPAM, or worse, host illegal content.
Need I go on?
I don't think I could come up with a better explanation of why Microsoft will never design secure software than this one: they're definition of what constitutes a secure system is simply out of touch with the requirements of running a business.
Slashdot Mirror
Loss of privacy is merely a symptom of a government run amok. By itself, it is not the primary problem. But, unless you fix the problem, those seemingly larger problems will become small compared to those looming on the horizon. Yes, campaign finance reform is needed - but, that is assuming we have free elections in the first place. Without privacy, we might not, and any progress toward campaign finance reform would be irrelevant at that point.
I am quite frankly, sick of what I've been hearing:
It seems as if we've forgotten who the typical Windows user is. No, they won't do any of the things mentioned above, because, well, frankly, that would require thought and actually retaining a little knowledge of how computers work. The typical Windows user doesn't know and doesn't want to know how computers work; they just want to do their websurfing, email, and games.
Really, when it comes down to it, why not just recommend Linux? With all the hoops you'd jump through to secure a Windows box, you might as well just have the user install Linux. Imagine you instructing someone how to install Linux and Windows (separately):
I think you get the point...
Yes, Windows used to be easier to use than Linux. But with the growing security problems, it has become easier for the end user to simply install Linux than to understand, install, and configure the plethora of specialty applications and hardware required to protect Windows from its own poor design.
I'm not going to do anything illegal...
Not when jailed for being a terrorist, you won't.
I'm kind of suspicious of these "Let's defend the government" types. Usually, when people voice opinions like this, they're trying to deflect suspicion from them, because they really do have something to hide.
For example, "Maybe I heard a rumor that someone heard that you were thinking about planning a terrorist event..."
Or maybe I didn't. But it doesn't matter, though. If you've even stopped for coffee at the same Starbucks used by a terrorist once, you are now "linked to terrorists..." Never mind the fact that you never met them in person, nor would ever take part in such crimes. Suspicion alone is enough to warrant arrest; any inkling of negative hearsay sufficient to be detained indefinitely as a "terrorist".
The real problem I see is a "Justice Department" more interested in detaining suspects than actually delivering justice. For the number of people detained, the convictions are few and far between, a fact made even more damnable by the notorious inaccuracy of the current judicial system (about two-thirds of those sentenced to die are later found to be factually innocent).
Microsoft knows how to do technology and software. They don't know how to tell a story.
I fear that this is actually false; they know more about telling stories than technology:
And no, a company which is not content with 95% of the desktop share wouldn't possibly try to buy Hollywood, now would they? I mean, that would be so out of character for them - those felonies, drumming competition out of business, etc... - those were just a few minor slips, right? I mean, gosh, deep down inside, Microsoft is really just a misunderstood giant...
Not that I'd cry for Hollywood, though. But it does seem a little insincere on Microsoft's part.
From a patent perspective, the assemblers on IBM mainframes in the 60's had an assembler directives like this:
LABEL DC CL132'A'
Basically, what this is: Declare Constant, Character Lenth 132, filled with 'A'. It is a Run Length Encoding, and it preceded GIF, JPEG, etc... by more than 15 years.
Likewise, the dup directive was available in PC assemblers long before RLE was patented.
So, anyone with the guts to fight these guys could easily invalidate their patent with prior art. The idea of run length encoding as a compression technique occurred to me when I was about 12, and even then I didn't think it particularly noteworthy.
why doesn't it run Linux? Granted, AOL, if you're going to use a PC as a loss leader, you might as well use Linux - at least you won't be paying the Redmond tax.
I take it that this PC is intended for newbies, which is why Linux makes a perfect choice:
Okay, there is one caveat: games and off the shelf software. A good Wine setup could handle the latter; the former, well, maybe not so much. But then, what would you expect for $259?*
* - price of computer sans Windows XP license....
The ex-Jenkens lawyers filed a counterclaim to recover millions of dollars in past and possibly future fees they say they're entitled to as the architects of Forgent's patent-licensing strategy.
So basically, these lawyers patented the business model of suing other companies for patent infringement and are now trying to collect royalties on Forgent collecting royalties from the JPEG patent. Follow that?
But it gets better:
Already, Forgent has reaped nearly $50 million...Jenkens receives 50 percent of the revenue from licensing the patent, plus some expenses. The law firm's take so far is an estimated $50 million.
So, let me get this straight:
So basically, they've made no profit on their first $50M in revenues, their lawyers own half of all their subsequent royalties, and their ex-law firm is suing them for whatever is left.
What can I say, but that I'm glad I don't own stock in Forgent.... They may have a patent portfolio, but they don't have a clue.
it's also better designed, faster and lighter....
Really? Now, granted, I haven't used GNOME in about 2 or 3 years, but perhaps you can explain the following:
I used to consider Windows the epitome of bloat until I ran GNOME. But I can't, by any stretch of the imagination, call something lightweight when the clock applet alone uses more memory than the original IBM PC.
Hopefully, things have gotten better. But GNOME really embarrassed me during a time when Windows was considered the epitome of bloat.
If you develop on the platform your IP may belong to the world and the value of that IP is part of your Linux price. I'm waiting for the day that someone at GM realizes that Linux developers there regularly talk to their Ford counterparts to solve critical problems and, because may they need to, provide access and confidential information about the company in the process. The Ford executives shouldn't feel too smug because similar information is flowing out of them. And key technologies may not belong to either because of this practice. [emphasis mine]
Wow, I don't know if I could point out a more misunderstood statement regarding the GPL than this.
In the first place, developing on Linux doesn't obligate you to release your code under the GPL. So, unless you're an idiot and release your code to the world, you could market and sell Linux applications without ever revealing your source. But that would be selfish - you've benefitted greatly from the benevolence of others, yet you feel no need to give back to the same community that gave so much to you? Let me guess, you're still trying to avoid paying taxes, too?
Basically, the GPL prevents IP theft. The terms are simple - if you steal our code, you have to make your code available to the public, or risk a lawsuit. In fact, GPL'ing a piece of software is a sort of insurance policy against code theft - if someone copies my GPL'd code into their product, I can then demand they distribute their source code as well. Hence, it serves as a deterrent to the corporate parasites and leeches who make their living by stealing and repackaging the work of others.
No, using GPL'd software for development won't give your IP to the world, as you suggest. But, the GPL ensures that code leeches can't steal the work of others for the sake of personal profit. You, Rob, didn't write the Linux kernel, nor the GNU utilities and libraries, and hence, have no right to use code you haven't written against the will of the author. Why is this so hard to understand? All the GPL says is that if you use someone else's code, you have to respect their terms. Is that really so hard?
Has anyone talked about the patent risks in Microsoft's code?
I mean, Microsoft's customers were sued by Timeline after Microsoft shipped Timeline's IP in their SQL server.
And then, there's the Eolas case - everyone using Internet Explorer could owe Eolas patent royalties... Think about that for a moment.
With more than 50 million lines of code in the Windows 2000 kernel alone, why isn't anyone talking about Microsoft's patent liability? Do you think even Microsoft can audit every line for a patent violation? And what is the likelihood that, in 50 million lines of code produced by a company known for predatory tactics, there are no patent violations?
To pursue a patent suit against Linux users, three fundamental problems would have to be overcome:
Granted, a patently holder could still enjoin Linus from distributing infringing code. I doubt, however, that this would have any effect, as the community would probably provide a suitable workaround on short notice.
But, because of the open nature of the code, any infringements that do exist in the code would probably be moot, because the patent holders have not shown due diligence in protecting their patents. It is not likely that one could be sued for using past code that has been available for several years - the fact that said code was openly available and the patent holder failed to persue licensing from Linus, et al, serves as prima facie evidence that the patent holder considered the patent worthless.
Anything worth doing is worth doing right...
If don't have time to do it right the first time, you'll make time the second...
I understand that configuring Linux is, quite frankly, a chore. However, it only needs to be done once.
The "Just Works" argument runs both ways - I've had more problems getting some hardware to work under Windows than under Linux. And then, there's the quarterly, preventive maintainance of backing up and reinstalling Windows. Yes, I suppose I could let them go for longer, but experience has taught me that when it comes to Windows, it's often easier just to reinstall at regular intervals than attempt to recover from the inevitable crash. Win2k is a little better, but not by much.
And in spite of this, I can't just plug and play with a Windows machine. I've had numerous pieces of hardware which, at first "appeared" to work with Windows, only to have drivers which later "disappeared", or refused to work entirely. Hence the growing collection of "Windows only" hardware gathering dust in the closet. Granted, it isn't Microsoft's fault that shoddy hardware vendors can't write stable drivers, but then, when I want something that Just Works:
Simply put, there's no easy way out. You're either going to spend a lot of time or a lot of money, or a little bit of both getting a good system these days.
Yes, we know that almost all devices "work" with windows - as in, you can plug them in, and load drivers for them. But I've found that this is irrelevant; I could care less whether Big Buy's Bargain Basement Webcam "works" with Linux. Cheap hardware is cheap for a reason. What good is having a Windows driver for your cheap hardware if the driver crashes your machine?. Yes, I've had this happen on more than one occasion. The reason why I use Linux is because I can be reasonably certain that if there aren't Linux drivers written for the hardware, it's probably crap. I don't have to worry about some shoddily written driver crashing my machine so much with Linux as I do with Windows.
I'd like to expand on your statement about drones and geeks. Geeks are almost never in hiring positions. The next time I'm asked by a drone "what was your biggest challenge...", this is what I'll say:
"My biggest challenge in professional life has not been professional development - I like my job and keep myself current. Nor is it technical - I've never found a problem which I could not solve given enough time and energy. My biggest challenge has been other people. If you are thinking I don't communicate well, that's only half of it. You see, the average person can not learn something without formal training; even the few who can often never take the initiative to do so. I love computer science; I keep myself current - I follow it the way a sports fan follows baseball or football or golf. But, because the hiring manager often cannot learn of their own volition, and certainly not without formal training, they naturally believe that if I haven't formal documentation of training or experience in a particular skill, I can't possibly know it, much less have mastered it. The notion of one thinking about their profession every waking moment is completely foreign to them; they cannot understand how someone can learn, and even master a skill without formal training. And sadly, they often pick someone of lesser skill and intelligence because that person happened to realize that they couldn't teach themselves; that person chose to be formally trained rather than to discover and understand."
"I would say that overcoming ignorance is probably the largest challenge that I've ever faced. The problem is two-fold; first, there is an unwillingness to learn, and second, there is an inability to understand. Yes, I can explain it to them as I've just explained it to you. However, to someone who understands only what has been formerly taught to him, my words are of no effect - you see, he doesn't learn unless in the classroom. Explaining anything to such a person won't enlighten them, but only confuse them. Such a person resists adding to their knowledge, because they themselves lack the ability to discern truth from falsehood - instead, they rely on authority to form their opinions. And since I'm not in a position of authority, they simply disregard whatever I've said, unless I happen to mention terms with which they are familiar. They understand facts, not relationships; they can grasp buzzwords, but don't understand the technology. And unfortunately, they lack the ability to think anything beyond what they immediately perceive."
I think my point was more along the lines of this: if aliens are attempting to contact us, we would know by now. I don't believe it is a case of "we're too stupid to figure it out". They either aren't talking, or they're not talking to us....
From the article:
Linux at some point could be good enough to run home PCs.
Yes, but he forgets that Linux could be ready for the home PC as early as 1998. What will Microsoft do then?
No, we're not just a little biased, are we? I've been running RedHat on my home machine since 1998. I've had non-computer-genius friends and family running Linux on their desktops since 1999. If this guy had a brain, he'd be dangerous...
Can Linux really handle crucial areas such as security and e-mail? The Microsoft people are ready with answers...
And those answers would be... "install this patch and reboot..."? Can Linux handle email and security? I mean, really?! Gosh, I just don't know... Of course, to Microsofties, one Linux hole per year makes the OS insecure, but 100 security vulnerabilities a month make Windows "The choice for reliability throughout the enterprise..." As if MS even understood the term "Enterprise computing".
"I just want the decision to be based on facts, not religion," says Taylor. "People are saying, 'It's not Microsoft, so it must be great.'
No, actually, you don't want a decision ... based on facts... - because it wouldn't be favorably to Microsoft. People are looking to leave Microsoft for Linux because of the facts, not in spite of them:
Allchin points to new features in the version of Windows due in 2007 that will allow users to remotely turn PCs on or off, with programs still running. Searches will extend across all data like e-mail, photos, Word. "We're creating things," he says.
I turn off my machine with programs still running all the time - it's called FreeDOS. But yes, you are creating things - more security vulnerabilities. Why on earth would a home user want to power off their machine from a remote location? What - in your hurry to get out the door you forgot to shut down the computer, and at work you now have the sudden urge to turn it off?
Tell us what Linux does that we can't do. Don't tell us you're deploying Linux just because you can."
Linux can be installed without any risk of violating licensing provisions and incurring unseen financial liability on my employer. But also, the number one reason why I deploy Linux:
- Microsoft doesn't understand Enterprise Computing.
I could go on for hours on this, but I'll spare you. Suffice to say, Microsoft can't build a secure or stable Windows because they lack the mindset to do so.How would we know if there was a message in our genomes? Presumably ET would make it easy for us to spot. Some sort of in-your-face pattern would be best, something that stood out from the random scatter of genetic letters.
I would posit that an ET intelligence smart enough to create a pattern in our DNA would also be smart enough to make the evidence of their existence readily apparent to even those without the ability to decode DNA. I mean, if the point of sending a message is to communicate, why would you require such sophisticated techniques to understand it, with the attendant risk of misinterpretation?
Replace ET with God, and you've got a good paraphrase of the "intelligent design" argument for God's existence.
I think what irks me the most is the assumption that aliens are trying to contact us. When we think about communication, there are some interesting principles:
- The sender of a message fulfills some need in sending the message. Perhaps it is a call for help; perhaps "they" need some more friends.
- A message is always sent with a reasonable expectation that the recipient will be able to understand it.
- The sender usually wants some sort of response from the recipient, even if it is merely an acknowledgement.
This leaves us with some fundamental problems regarding ET's contacting us with "sophisticated" techniques:- An alien intelligence seeking to make contact with other civilizations would probably choose the most easily recognized form of communication, not one which required sophisticated technology or a considerable degree of intelligence to decode.
- What purpose would such a message serve? If they are more advanced technologically, why would they contact us - we don't have anything that they need? If less so, then we would be able to decode their messages with ease.
- If "they" are sending messages, then surely they must already know, or strongly suspect, our existence. If this is the case, then why don't they already know how to communicate with us?
It would seem to me that if aliens were trying to contact us, we would have known it by know. I suspect that if SETI discovers any "intelligent signals", we'll come to discover that they were not intended for us to decode. Perhaps some alien military communications, or ARIA (Alien Recording Industry Association) encrypted music broadcasts, etc...Just a rhetorical exercise here: Would God qualify as the sender of such a message?
With what we know now, only our Creator would possess the knowledge of our existence, the desire to communicate, and the means to do so. I wonder if this occurs to the SETI team, or if they are trying to find God in outer space...
All computer systems involved in patient care (and paper tracking as well) are forced to go through governmental processes for design, documentation and testing
So, if the hospital installs an uncertified piece of software on the machine, then they would be at risk if death or injury occurs, not the vendor.
If someone was injured by an unpatched machine, the hospital could pass liability back to the manufacturer - after all, they were in full compliance with the federally tested machine configuration. In which case, the manufacturer would be held liable for any injuries.
But it doesn't stop there. The manufacturer could easily and convincingly claim that Microsoft overstated the reliability of their operating systems, and the failure was due to Microsoft's code. Convincing a jury that a Windows crash caused the injury would be a trivial exercise for even the most inexperienced attorney; almost everyone has had some experience with a Blue Screen of Death.
Now comes the interesting part. Yes, the manufacturer may have agreed to the EULA, and may not be able to sue Microsoft. The patient, however, did not agree to the EULA, and having been damaged by Microsoft's code, could easily convince a jury, that in spite of the EULA, because Microsoft knew that their code was being used in medical devices failed to show due diligence to protect the user. Microsoft can't weasel their way out of this one, because the EULA doesn't apply to the patient. And, unlike the software liability cases, a medical malpractice case could easily charge the defendant with millions, or even billions of dollars in punitive damages.
Intellectual property is a misnomer. In fact, arguing that copyrighted content is somehow property dilutes the meaning of physical property:
Treating ideas and the tangible expressions of such as property is a dangerous thing to do. On one hand, it dilutes the meaning of physical property - imagine a homeowner being forced to "license" his his front yard for a road expansion; he still legally owns it and pays taxes on it, yet cannot deny others from occupying "his" property. OTOH, if intellecutal property is indeed property, I could republish all of the songs on a CD without penalty, because "buying the CD" establishes me as the new owner - with full ownership of the content.
We should be talking about what is ethical, not what is legal:
- Is it ethical for a performer to get paid every time their work is played, even though there is no additional effort expended on their part?
- Is it ethical to use one's monopoly status to charge more than the content is worth?
- Is it ethical to deny developing countries the software they need because they simply can't afford it - even when additional copies costs the producers nothing?
- You say you love music. Fine - but do you respect the artists? Is it ethical to redistribute their work for free, to those who can afford the content, but refuse to do so out of pure greed? Would you do that to one of your friends?
- You say you don't like the DMCA. You've got DVD cracking software - you claim it is for your fair use rights..... But why do you demand fair use rights, and yet buy hardware that is designed to take them away?
Being ethical isn't merely a matter of obeying the letter of the law. We need instead to start thinking about how our actions are affecting those around us. It isn't purely a matter of copyright law, but rather, of how we view those people who produce the products we use.Simple: You can determine where and when a cruise missile crashes into something. Since it runs Windows XP, where when it crashes cannot controlled, nor predicted in advance... Therefore, it is not a cruise missile. Install Linux, OTOH....
From the article:
We view with equal alarm reports that at least some P2P file-sharing services are adding encryption features to those services.... Encryption only reinforces the perception that P2P technology is being used primarily for illegal ends. Accordingly, we would ask you to refrain from making design changes to your software that prevent law enforcement in our States from investigating and enforcing the law.
I find the notion that encryption implies criminal activity particularly troublesome, especially considering:
The problem with the "only criminals use encryption..." mantra is that it just isn't true. Encryption is used far more often for legal, productive activities than illegal ones.
From the article:
Furthermore, P2P file-sharing technology can allow its users to access the files of other users, even when the computer is "off" if the computer itself is connected to the Internet via broadband.
Because, as everyone knows, a broadband connection is so powerful, it can steal bits from a stopped hard drive!? I'm sorry, but this is sheer ignorance:
Last time I checked Linux was "difficult to use". Everyone knows Linux is "difficult to use
I'd agree, with the following corrections:
Yes, I know Linux can be a pain. I recompiled my kernel last night... and the kernel was too big. I doubt a Windows user would recompile a kernel to get sound to work; even if they did, they wouldn't know what to do with "Error 2: Kernel too big..." And yet, this is actually an improvement - it used to be that if a kernel was too big, you would find out when you tried to reboot and failed!
But thankfully, most people think Linux is a penguin, if they've heard of it at all. They have no experience with kernel panics, recompiling kernels, writing init scripts, etc... From their viewpoint, anything (GUI) which stays running for years on end and doesn't get viruses has got to be better than Windows...
Linux doesn't have to overcome a bad first impression, that's all. It wasn't thrust upon the masses before it was truly ready, and the FOSS process keeps software failures from becoming marketing successes. Now Microsoft can't shake their image of being unreliable because, "first impressions are lasting impressions..."
It doesn't matter how long it's been since you've seen a blue screen... because blue screens are a trademark of the Microsoft experience, much like viruses. Everyone knows what a blue screen means, and Microsoft will never shake their reputation as being a shoddy OS vendor.
Besides, it doesn't help our IT department mandated daily rebooting for every Win2k desktop in the department. It seems that a reboot-a-day keeps the help desk away... We used to have numerous "strange" and intermittent problems until this policy was implemented. I've seen my WinNT/2k desktop crashed twice.
When I took my freshmen chemistry courses in college, we had electronic stirs - you'd drop this plastic coated magnetic "plug" in a beaker, and then set the beaker on the machine. An alternating magnetic field would cause the plug to spin, stirring the fluid.
And now, 15 years later, someone finally figured out that you could apply the same principle to moving blood. Amazing.
I've always wondered why people bleed to death on the operating room table from trauma. When I worked as a mechanic, I had a supply of various diameter tubings readily available so I could plug a vacuum leak when diagnosing a carburetor malfunction. I've never understood why surgeons can't do the same with blood vessels - the patient is bleeding from a major artery, and it never occurs to them that the could slice the artery in half and connect the ends with surgical tubing?
I had always thought that there must be some really scientific reason for this, but now it occurs to me that it might just be ignorance. It took medical science 15 years to figure out that a lab stir would work better than bearings? I knew that as a freshmen! Ask the hubble designers - it uses frictionless magnetic bearings - maybe they could have clued someone in?
In this context, a rule-of-thumb definition of security is often cited: a system is considered secure if its "secure-time" is greater than its "insecure-time." Secure time is simply the time during which a system is protected, that is, free of "incidents". Insecure time is the sum of the time it takes to detect an incident and the time it takes to react to the incident (summed over all incidents in a given interval):
I've never heard such a naive definition of security. Apparently, regardless of how many security holes my system has, or how many times I get hacked, I can call it secure as long as it can be recovered quickly.
So, by this definition, my system is still secure even when:
- A hacker exploits IIS and downloads all my customer names and CC numbers.
- A hacker destroys all of my data from the last backup; as long as I can recover it quickly, data loss doesn't matter, right?
- A hacker DDOS' our server and we lose several days worth of business. Our system is still up, so obviously it's not secure.
- A hacker installs a rootkit on our server. You see, it doesn't matter if the box is owned, as long as its up and running, right?
- A hacker zombies the machine and uses it to send SPAM, or worse, host illegal content.
Need I go on?I don't think I could come up with a better explanation of why Microsoft will never design secure software than this one: they're definition of what constitutes a secure system is simply out of touch with the requirements of running a business.