FWIW - I don't know if it could be related or quite how, exactly, but I am a T-mobile client in the SE US, and noticed yesterday and the evening before that calls were dropping like crazy. Very, very inconsistent from their usual service, IME. T-mobile has shown good network 'uptime' since they bought out a smaller cellular company I was with about 18 months ago. (They *have* tried to dick me for a little extra cash here and there on my bill, but were good after a call to billing.) The unusual poor performance I was witness to yesterday in conjunction with this story makes me go "Hmmm...", while hoping it bears out as untrue.
I'm not confused or tricked in the least - quite the contrary, in fact.
Parse the 'security' definition a little further and/or with more care; in particular, pay attention to the use of the word "assure", as opposed to "ensure", which, based on how you are arguing this point, seems to be your expectation of what is implicit in the term and/or idea of 'security'.
Security (3) reads: "Something that gives or assures safety,"
1. To inform positively, as to remove doubt.
2. To cause to feel sure.
3. To give confidence to; reassure.
I do understand the point you are trying to make, and why. In fact, we are likely largely in agreement. I am simply pointing out that the statements you are making are overbroad and general, and that you could make them more effective in order to get the point across.
That said - the efficaciousness of said can be brought into doubt, but the fact that there is more of it (or at least, an attempt at such) cannot.
No matter how much you believe to the contrary. Sorry, but you might want to put more thought into how you are phrasing/making your argument. This is a tough crowd.;)
James said that these contests might be fun, but they don't provide a realistic measure of real security because they are encumbered with rules. The StrongWebmail contest prohibits working with a company insider, for example.
I had a client bring me a 1st gen Macbook 13" that had been having intermittent kernel panic issues. The issue became more and more frequent, to the point where she just couldn't use the machine at all.
I searched teh intertubes and found out that many people had the same problem, and that the problem was a design fault. A small plastic 'bridge' which held in the wireless card would loosen over time, allowing the card to start shorting enough that it caused the kernel panic. Apple tech support solution was: replace the motherboard. To the tune of some ~$800. !!! And that for an identical mobo that would likely eventually develop the same problem (being the same design...).
Apple has never fessed up to the problem being a design fault. 2nd gen of the exact same Macbook, Apple changed the design of the internals, and moved the wireless card to a more accessible spot without using the 'bridge' to hold it in place, all the while never admitting nor compensating its customers whose system were crashing due to the faulty 1st gen design.
The fix I used? Disassemble the Macbook, fold a small square of paper so that it was 1/32-1/64th" thick, and put it under the plastic 'bridge'. Problem solved. The clients mother called 2 weeks ago regarding needing her PC fixed, so I asked how the Macbook was doing now, a year later. It is still working just fine.
I tell any of my clients who are considering moving to the Mac platform to never ever purchase the 1st gen hardware. Unless they want to pay for the opportunity to beta test. Sure, Mac's are nice, but as with anything else, caveat emptor if you are an early adopter.
My bad - I should have specified that they would be mostly home users, attempting to run their own systems but not very knowledgeable about said, who are not afraid to acknowledge that at times they need help due to the fact that they really have no idea what this or that pop-up asking to install or update means, and/or how clicking "Yes" or "OK" might affect their system stability and/or security. These are people I see monthly or more it seems, for reasons like to restart the printer spool, or to add applications which have updated into their firewall rules list. Mostly older folks. People I wish the whole "internet appliance" idea would have taken off for.:)
I don't think you'd fall into that category, or you wouldn't be here, FWIW.;)
One way for Microsoft to make it a Sure Thing: instead of having proper security be a simple 'best practice', continue to have it be simply The Most Expensive Option.
FTFA -
"AppLocker, meanwhile, gives companies granular control over the applications - right down to the version number - that employees can install on their office machines.
"Both of these will require Windows 7 Enterprise Edition, available only to organisations with Software Assurance, or Windows 7 Ultimate," the Gartner analysts warn."
Foot, meet bullet.
This is not just something for corporate use. I have plenty of clients who would be glad to benefit from letting me use this tool on their systems (and boy would it make my job easier...). Parents could use it for the kids, geeks could use it on the systems they invariably get asked to fix for a buddy, etc... MS keeps getting their asses handed to them on the issue of basic security. When are they going to finally learn that they *need* to implement/make available good security across _all levels_ of their OS? The totally free software that I use has a bare fraction of both the potential and the real-world security problems MS OS'es have.
So why does MS continue to act as if charging for security is a Good Thing, when it can so easily be had for free? And why don't more "expert tech analysts" call them out on this?
Begging your pardon, but - I'm from South Carolina, you insensitive clod!
What makes you think we want even the remotest association with SCOm? Our river otters are fine, pure and noble beasts, not scum-sucking bottom feeders, as they would be inferred to be by the use of that domain in such a manner.
Perhaps your efforts would be better spent studying the relationship between Sporocarp and Chipmunks in Oregon.
"The people" are the problem. There are just too damned many of them. And *that*, my friend, is the elephant in the room that very few address.
When I see population control being a part of the discussion, then I'll know that the discussion is being real.
Instead, most of the folks that are famous for publicly gnashing their teeth and pulling their hair about saving the world go home in their private jets and limos and make more babies, more future consumers that will use an ever-increasing amount of the limited natural resources of this planet.
Here's a mash-up site that purports to show the effects of global sea level rising in increments of 1 meter, up to +14m. I make no claim as to the accuracy of the info it presents, I just happened to find it a while back while researching hurricane storm surge.
Personally, none of this worries me in the least - I live on a boat.:D Maybe that's something more people, especially global warming fanatics, should consider.
Wait, then they would be my neighbors. Ugh, scratch that. I can't stand fanatics. Except for the hot-nyphomaniac-in-a-bikini sort of fanatic. Those, I don't mind...;)
And also once you publish it, you can't file for a patent on it outside the US, and you can only file for a US patent within a year.
Regarding "publishing": just to point out that the word publish in this context means:
"1 a: to make generally known b: to make public announcement of"(link)
not necessarily to produce something in the printed form.
So, once your idea gets into the public domain at all (regardless of any non-compete/non-disclosure agreements, even), that starts the patent-process clock ticking. Show it to a friend, and you have begun...
As nweaver notes, you'll have one year to begin filing for the patent process thru the USPTO, or you'll lose your patent rights.
Full public disclosure, and most importantly, a way to prove when that took place will establish prior art for anyone who would like to contest a patent application filed after that date.
No, IANAPL, but I have paid money to them for the understanding I have passed along here.;)
Now multiply that complexity by a dozen and you've covered probably 90% of the carriers in the US... but wait, some of these aren't US based carriers! We have quite a few carriers with circuits or presence in the US where the organization is legally located elsewhere. What do you do then?
Nationalize 'em, tax 'em 90%, and put salary caps in place on all the execs - they'll toe the Party line from there on out!
"Everybody wants to go to heaven, Nobody wants to go now."
Maybe these folks just love life, and regard it as a great gift, something they don't want to end so soon...?
Nope, this is not a religion-bashing post, so I doubt it gets much support. I do find it interesting that so many here have to be so critical of other peoples life choices.
Standard disclaimer: Not a religious person, personally. But so long as your religion doesn't call for you to kill me because I don't pledge my life to your Deity, then it's fine with me that you believe whatever you want to. His Noodly Greatness forgives all, in the End.;)
Reading the various forums and comments, I also noticed that there were/are several people who have checked their logs and seen that the 'pifts.exe' file was uploaded to their system several days prior to the "3 hour window" in which the patch was distributed/activated last night (this info is according to the Symantec spokesperson official statements I have seen so far).
It is obvious that Symantec really fumbled the ball, PR-wise. Yet even as they have picked it back up, their statements on what happened do not seem cohesive with the experiences of people that I've read in many different places. I still feel "It will be interesting to see what this story turns out to be all about.", because I don't think that the full truth about this has come out. Too many inconsistencies...
Maybe not just Slashdot, but the whole intertubes is getting socially engineered...;)
1) Crack the NAV update process, inject a timed release 'pifts.exe'. 2) At the appointed time, firewall alerts get users to start massive concurrent searches on 'pifts.exe', and while Norton tries to figure out WTF is going on, they make the deadly mistake of censoring their forums to disguise their bafflement, which creates huge internets buzz on various security and tech related sites like here and Digg and ZA. 3) Have your malware sites primed and ready to go, optimized for the expected Google results, creating a nice giant influx of "new users" for your botnets. 4) Profit!!!
Okay, just joking... Possible, but highly unlikely. It will be interesting to see what this story turns out to be all about.:)
As of this writing, if you do a Google search for "PIFTS.exe" (like was noted in the above summary), the first several links will take you to compromised/attack vector sites.
Did/. just get social engineered?
(Yes, Offtopic to the posts above, but maybe this will have kept someone from getting a nasty surprise...)
Actually, it looks almost just like what the Elonex One was originally supposed to be: a Linux-based netbook/tablet with a removable keyboard. Yet going to the current Elonex site, it appears they abandoned that unique form factor for something more traditional.
It's interesting, then, that the company in this story calls themselves "Always Innovating"...;)
Had they, I would have told them that I do use the Flash browser plugin, and that it has improved greatly over the past year with far fewer lockups/crashes, and I would add a "Thanks" for them for supporting Linux.
I would also ask them that they Please, For The Love Of God And All That Is Holy, PLEASE actively discourage web developers from making Flash-only websites, or at least provide alternate, non-Flash ways to access the site content along with the "bling".
Not that there aren't some good, purely Flash-based sites out there, but because well functioning, appropriate implementation of the technology does seem to be in the minority in my experience. After all, they don't want Flash to become the new Front Page...;)
It is the "data gathering process". The lines are what has *actually* been mapped, the tracks of the ships who pinged the bottom - not just extrapolation of what might be down there (as most of it is).
I believe in is in this TED talk that Robert Ballard says basically this same thing. We have actually only mapped a very, very small percentage of the ocean floor, and explored even less than that. A great talk, interesting and informative - well worth the time to watch it.
BeOS was not only fast on their own hardware, it was fast on 'regular' hardware, too. I ran it alongside Win98 and several Linii;) on a few different systems (both desk- and laptop), and it blew the other OS'es away. Not just the boot and overall speed and multitasking it had once it was running, but the install was much faster as well, along with excellent hardware detection and compatibility in my experience. It has been a long time with lots of systems in the meanwhile, but I think I only had one piece of hardware that proved problematic out of the 4-5 systems I tried it on (no, I don't remember what that was...).
I was really looking forward to seeing more of BeOS, but that was not too long before they abandoned it. I check in on Haiku every so often, and hope that the devs there are having both fun and success with their efforts.
Slashdot Mirror
FWIW - I don't know if it could be related or quite how, exactly, but I am a T-mobile client in the SE US, and noticed yesterday and the evening before that calls were dropping like crazy. Very, very inconsistent from their usual service, IME. T-mobile has shown good network 'uptime' since they bought out a smaller cellular company I was with about 18 months ago. (They *have* tried to dick me for a little extra cash here and there on my bill, but were good after a call to billing.) The unusual poor performance I was witness to yesterday in conjunction with this story makes me go "Hmmm...", while hoping it bears out as untrue.
I'm not confused or tricked in the least - quite the contrary, in fact.
:)
Parse the 'security' definition a little further and/or with more care; in particular, pay attention to the use of the word "assure", as opposed to "ensure", which, based on how you are arguing this point, seems to be your expectation of what is implicit in the term and/or idea of 'security'.
Security (3) reads: "Something that gives or assures safety,"
The first half of Assure defined states:
1. To inform positively, as to remove doubt. 2. To cause to feel sure. 3. To give confidence to; reassure.
I do understand the point you are trying to make, and why. In fact, we are likely largely in agreement. I am simply pointing out that the statements you are making are overbroad and general, and that you could make them more effective in order to get the point across.
Have a good Friday evening yourself.
+1 Funny. :)
Wrong. There IS more security today. Lots of it - just go to an airport and look.
;)
Security definition. Check 3(b).
That said - the efficaciousness of said can be brought into doubt, but the fact that there is more of it (or at least, an attempt at such) cannot.
No matter how much you believe to the contrary. Sorry, but you might want to put more thought into how you are phrasing/making your argument. This is a tough crowd.
James said that these contests might be fun, but they don't provide a realistic measure of real security because they are encumbered with rules. The StrongWebmail contest prohibits working with a company insider, for example.
So, for the time being at least, the Crocodile Keyboard for touchscreen phones remains just a dream.
So what we have here is a /. story about, well, nothing other than a concept for a patent application, really.
'slownewsday' as a Tag, anyone?
I had a client bring me a 1st gen Macbook 13" that had been having intermittent kernel panic issues. The issue became more and more frequent, to the point where she just couldn't use the machine at all.
I searched teh intertubes and found out that many people had the same problem, and that the problem was a design fault. A small plastic 'bridge' which held in the wireless card would loosen over time, allowing the card to start shorting enough that it caused the kernel panic. Apple tech support solution was: replace the motherboard. To the tune of some ~$800. !!! And that for an identical mobo that would likely eventually develop the same problem (being the same design...).
Apple has never fessed up to the problem being a design fault. 2nd gen of the exact same Macbook, Apple changed the design of the internals, and moved the wireless card to a more accessible spot without using the 'bridge' to hold it in place, all the while never admitting nor compensating its customers whose system were crashing due to the faulty 1st gen design.
The fix I used? Disassemble the Macbook, fold a small square of paper so that it was 1/32-1/64th" thick, and put it under the plastic 'bridge'. Problem solved. The clients mother called 2 weeks ago regarding needing her PC fixed, so I asked how the Macbook was doing now, a year later. It is still working just fine.
I tell any of my clients who are considering moving to the Mac platform to never ever purchase the 1st gen hardware. Unless they want to pay for the opportunity to beta test. Sure, Mac's are nice, but as with anything else, caveat emptor if you are an early adopter.
For a backup, use a BRS - Ballistic Recovery System.
Pics at this site.
+5 Insightful. Don't get it? Read Ishmael...
My bad - I should have specified that they would be mostly home users, attempting to run their own systems but not very knowledgeable about said, who are not afraid to acknowledge that at times they need help due to the fact that they really have no idea what this or that pop-up asking to install or update means, and/or how clicking "Yes" or "OK" might affect their system stability and/or security. These are people I see monthly or more it seems, for reasons like to restart the printer spool, or to add applications which have updated into their firewall rules list. Mostly older folks. People I wish the whole "internet appliance" idea would have taken off for. :)
I don't think you'd fall into that category, or you wouldn't be here, FWIW. ;)
{snip}...certainly will happen when Win7 fails.
One way for Microsoft to make it a Sure Thing: instead of having proper security be a simple 'best practice', continue to have it be simply The Most Expensive Option.
FTFA -
"AppLocker, meanwhile, gives companies granular control over the applications - right down to the version number - that employees can install on their office machines.
"Both of these will require Windows 7 Enterprise Edition, available only to organisations with Software Assurance, or Windows 7 Ultimate," the Gartner analysts warn."
Foot, meet bullet.
This is not just something for corporate use. I have plenty of clients who would be glad to benefit from letting me use this tool on their systems (and boy would it make my job easier...). Parents could use it for the kids, geeks could use it on the systems they invariably get asked to fix for a buddy, etc... MS keeps getting their asses handed to them on the issue of basic security. When are they going to finally learn that they *need* to implement/make available good security across _all levels_ of their OS? The totally free software that I use has a bare fraction of both the potential and the real-world security problems MS OS'es have.
So why does MS continue to act as if charging for security is a Good Thing, when it can so easily be had for free?
And why don't more "expert tech analysts" call them out on this?
Yeah, yeah - I know...
I suggested that back in January. :)
See McUnix.
Begging your pardon, but - I'm from South Carolina, you insensitive clod!
What makes you think we want even the remotest association with SCOm? Our river otters are fine, pure and noble beasts, not scum-sucking bottom feeders, as they would be inferred to be by the use of that domain in such a manner.
Perhaps your efforts would be better spent studying the relationship between Sporocarp and Chipmunks in Oregon.
Good day to you, sir!
Sounds great. BUT...
"The people" are the problem. There are just too damned many of them. And *that*, my friend, is the elephant in the room that very few address.
When I see population control being a part of the discussion, then I'll know that the discussion is being real.
Instead, most of the folks that are famous for publicly gnashing their teeth and pulling their hair about saving the world go home in their private jets and limos and make more babies, more future consumers that will use an ever-increasing amount of the limited natural resources of this planet.
But hey, they feel better, so... {rolleyes}
Here's a mash-up site that purports to show the effects of global sea level rising in increments of 1 meter, up to +14m. I make no claim as to the accuracy of the info it presents, I just happened to find it a while back while researching hurricane storm surge.
http://flood.firetree.net/
Personally, none of this worries me in the least - I live on a boat. :D Maybe that's something more people, especially global warming fanatics, should consider.
Wait, then they would be my neighbors. Ugh, scratch that. I can't stand fanatics. Except for the hot-nyphomaniac-in-a-bikini sort of fanatic. Those, I don't mind... ;)
And also once you publish it, you can't file for a patent on it outside the US, and you can only file for a US patent within a year.
Regarding "publishing": just to point out that the word publish in this context means:
"1 a: to make generally known b: to make public announcement of" (link)
not necessarily to produce something in the printed form.
So, once your idea gets into the public domain at all (regardless of any non-compete/non-disclosure agreements, even), that starts the patent-process clock ticking. Show it to a friend, and you have begun...
As nweaver notes, you'll have one year to begin filing for the patent process thru the USPTO, or you'll lose your patent rights.
Full public disclosure, and most importantly, a way to prove when that took place will establish prior art for anyone who would like to contest a patent application filed after that date.
No, IANAPL, but I have paid money to them for the understanding I have passed along here. ;)
Now multiply that complexity by a dozen and you've covered probably 90% of the carriers in the US ... but wait, some of these aren't US based carriers! We have quite a few carriers with circuits or presence in the US where the organization is legally located elsewhere. What do you do then?
Nationalize 'em, tax 'em 90%, and put salary caps in place on all the execs - they'll toe the Party line from there on out!
Oh... :/
"Everybody wants to go to heaven,
Nobody wants to go now."
Maybe these folks just love life, and regard it as a great gift, something they don't want to end so soon...?
Nope, this is not a religion-bashing post, so I doubt it gets much support. I do find it interesting that so many here have to be so critical of other peoples life choices.
Standard disclaimer: Not a religious person, personally. But so long as your religion doesn't call for you to kill me because I don't pledge my life to your Deity, then it's fine with me that you believe whatever you want to. His Noodly Greatness forgives all, in the End. ;)
Reading the various forums and comments, I also noticed that there were/are several people who have checked their logs and seen that the 'pifts.exe' file was uploaded to their system several days prior to the "3 hour window" in which the patch was distributed/activated last night (this info is according to the Symantec spokesperson official statements I have seen so far).
It is obvious that Symantec really fumbled the ball, PR-wise. Yet even as they have picked it back up, their statements on what happened do not seem cohesive with the experiences of people that I've read in many different places. I still feel "It will be interesting to see what this story turns out to be all about.", because I don't think that the full truth about this has come out. Too many inconsistencies...
That does seem to be the case.
Maybe not just Slashdot, but the whole intertubes is getting socially engineered... ;)
1) Crack the NAV update process, inject a timed release 'pifts.exe'.
2) At the appointed time, firewall alerts get users to start massive concurrent searches on 'pifts.exe', and while Norton tries to figure out WTF is going on, they make the deadly mistake of censoring their forums to disguise their bafflement, which creates huge internets buzz on various security and tech related sites like here and Digg and ZA.
3) Have your malware sites primed and ready to go, optimized for the expected Google results, creating a nice giant influx of "new users" for your botnets.
4) Profit!!!
Okay, just joking... Possible, but highly unlikely. It will be interesting to see what this story turns out to be all about. :)
As of this writing, if you do a Google search for "PIFTS.exe" (like was noted in the above summary), the first several links will take you to compromised/attack vector sites.
Did /. just get social engineered?
(Yes, Offtopic to the posts above, but maybe this will have kept someone from getting a nasty surprise...)
Actually, it looks almost just like what the Elonex One was originally supposed to be: a Linux-based netbook/tablet with a removable keyboard. Yet going to the current Elonex site, it appears they abandoned that unique form factor for something more traditional.
It's interesting, then, that the company in this story calls themselves "Always Innovating"... ;)
Not me, they didn't... :P
Had they, I would have told them that I do use the Flash browser plugin, and that it has improved greatly over the past year with far fewer lockups/crashes, and I would add a "Thanks" for them for supporting Linux.
I would also ask them that they Please, For The Love Of God And All That Is Holy, PLEASE actively discourage web developers from making Flash-only websites, or at least provide alternate, non-Flash ways to access the site content along with the "bling".
Not that there aren't some good, purely Flash-based sites out there, but because well functioning, appropriate implementation of the technology does seem to be in the minority in my experience. After all, they don't want Flash to become the new Front Page... ;)
It is the "data gathering process". The lines are what has *actually* been mapped, the tracks of the ships who pinged the bottom - not just extrapolation of what might be down there (as most of it is).
I believe in is in this TED talk that Robert Ballard says basically this same thing. We have actually only mapped a very, very small percentage of the ocean floor, and explored even less than that. A great talk, interesting and informative - well worth the time to watch it.
BeOS was not only fast on their own hardware, it was fast on 'regular' hardware, too. I ran it alongside Win98 and several Linii ;) on a few different systems (both desk- and laptop), and it blew the other OS'es away. Not just the boot and overall speed and multitasking it had once it was running, but the install was much faster as well, along with excellent hardware detection and compatibility in my experience. It has been a long time with lots of systems in the meanwhile, but I think I only had one piece of hardware that proved problematic out of the 4-5 systems I tried it on (no, I don't remember what that was...).
I was really looking forward to seeing more of BeOS, but that was not too long before they abandoned it. I check in on Haiku every so often, and hope that the devs there are having both fun and success with their efforts.