If it is really such a serious bug, than it will be fixed with the first installation and following windows update. (or OEM patches).
No sane person runs a vanilla installation of windows.
Actually, in the first months when win 7 gets released, a lot of even more serious bugs will surface (because of the wide exposure). They also will be fixed and integrated in the update service. It's known that the first months of release is always the release test and fix cycle.
This is just how things go.
Disclaimer: I don't like windows, this is just an objective view.
Adblock is needed because of all those blinking and colourful flash ads that are all around. Googles ads are quite moderate and most people would not mind to see them, so your statement is false.
This would give a lot of people the motivation to switch to Chrome, which would be a gain for Google while not having big add revenue losses (actually they would gain add revenues, as the js cross site google ads would not be blocked any-more).
They're problem is probably, that this would raise anti-competitive questions they want to avoid, so this could only be done with an open plugin system (via trusted third party plugins).
Yahoo! shares were between $30-$40 for the last few years before the collapse. Thing is, Yahoo! did not innovate and keep market-share according to this, but they had a slow decline as people turned to Google and others more and more because of better services.
This effectively means that they had an over inflated stock value at the time (also called a bubble). When talks with Microsoft began, a lot of actual value assessments were made, but because of the merge possibility the prices stayed hyped. Then they suddenly went down to reasonable values after the merge talks were canceled.
This is a normal market healing mechanism. People who are into stocks should know this, make some sane assessments on the base of performance, evaluate risks and then make sane purchase decisions.
In reality, everyone in that crowd just wants to make a quick buck without any economic reason what so ever. This is why I have zero pity for Yahoo! stock holders.
Whatever happened with the classic scenario of the teacher saying: "If you don't put away that fucking cell phone during class, I'll confiscate it and you can get it after school again!" ??
These people obviously fail to see that social problems can't be solved with technology. They can be solved with education. (Ask a school, oh wait..).
Having 8 words to say is already awesome. Modern law and politics is about saying nothing in hundreds of pages. Average font size is 4, single spaced.. (Don't worry about the boring paragraph on page 538).
Trying to use some common sense, if I wanted more revenue of my games than I would try to figure out what causes all that piracy and modify my market strategy to give the gamers a reason to buy.
Screwing over the paying customers by crippling the software with these so called protection schemes that hurt them more than the copyright infringers would be somewhere at the bottom of the list.. actually not at all.
Anyway, they already managed to lower my interest in games to zero with all this crap, so I don't care much any-more.
Depends on how you see it. Users are dumb, so if you spend your money to train your staff and make them just a tiny bit smarter, then your investment is worth it.
On the other hand, if you search for a purely technical solution, you are borne to fail, there I agree with you.
Sadly management often does not have the foggiest idea on how to allocate resources in a smart way in this area, so I don't expect the situation to improve any-time soon.
So you want to tell me that the security consultant/operator that tells how to implement witch security policies, configure firewalls/access control and the trains the staff - can be cut and you get the same for free out of thin air? How exactly do you want to accomplish that one, please share your wisdom!?
Sure, there are BS expenses, but that's a question of getting the right person to do the job.
And there is another reason why I think geo-ip language settings are a horrible idea:
Let's say you are a UK or US citizen and are traveling with your laptop to Germany. You pug in to some local wireless access point and go to google.com, and you are greeted with "Willkommen auf Google".. "Suche" "Auf gut Glück".
That's when you'll get one of those WTF?? moments. Even more fun when you travel to Japan. (Assuming you don't speak the local language).
Actually http://www.google.com/webhp?hl=en and http://www.google.com/advanced_search?hl=en work fine. It's just kind of annoying to figure out this option. Especially if all sites are starting to use geo-locations.. even more since there is a setting in the browser that is transmitted with the HTTP request - exactly for this purpose.
I'm in a Germany and my browser language preference is set to English (because I prefer it).
Now most sites (including Google) manage to get my geo-location and annoy me with a German start page (ignoring my language preferences). (At least I could set my prefs. at google, but its bothering to do this for every site I visit).
Now visiting Bing gave me something unusual: a hybrid l10n. The controls were partly in English and the search suggestions (random stuff at the button of the screen) came in German. Searching for something gave only German results.
And there I thought it couldn't get worse than it is already.. but this irks the hell out of me.
ps. And the scaling of mostly everything was messed up too.. Way to go if you want to convince technical folks, Microsoft..
I watched the last news video of them. Here is my impression:
* They recreated the feel of the 80's hacker optic mixed with matrix in an endless loop
(no, that was not a compliment) * 20 % of the show was advertisement (maybe more) * The news are mostly a summary on what you read here on security.slashdot.com * The tone of the show gets boring.. well, immediately
The basic idea is nice, but the actual show is not that impressive. Could get better though..
Most people don't know the difference between a browser and the Internet.
If you ask them if they want cookies, they will say yes.
Then the website admin will have to deal with fun support calls:
"You promised me cookies on your website, but I did not get any! Where are my damn cookies?"
I personally started out with Pascal in the mid nineties, and it was nice back then (before Delphi came around).
Nowadays I would suggest Python as firs language as it is fairly easy, clean and powerful general purpose scripting language. Then extend it with C/C++.
Just don't start with VB, PHP, Java or C# as it will screw the person up for lifetime.
It's what I think too. If the price is reasonable and the content appropriate, then a small fee is ok and people will also pay for it.
Problem is that these people either try to overprice it from the beginning or screw up with the content or do something else that irritates the heck out of people.
Would just take a little common sense, maybe a trial subscription and adequate content in the right form (not too restricted) and they could have a business model. They still manage to screw up most of the time.
Most people don't know what a browser is. Statistically most people don't know shit about computers. Now I don't expect the average Joe/Jane to be a computer guru, but come on, we are in the 21st century, the century of information age. People sit 8+ hours a day in front of a computer screen and they don't have the foggiest idea what they are working with.
That's very sad and shows a severe lack of education in the area.
Now where do you get that from? There are vendors that sell boxed and/or subscription based Linux distributions (most known are Red Hat and Novel (SuSE), but there are others too).
And there is a lot more money in support, money that actually is helpful for the local economy.
Also there are other commercial operating systems that are sold (e.g. QNX).
They just don't have the power and ruthlessness of OEM bribery and monopoly like Microsoft, but they are there.
So you see there is a big, slimy thing floating in the water and you don't like it.. What do you do?
a, Take probes, issue some press reports and analyse it while letting in float around. b, No nothing, let someone else deal with it. c, Clean up the god damn ugly slime before it starts to eat Alaska, and analyse it later. d, Make a documentary on how the big unidentified slimy thing ate Alaska and make profit with it.
Many companies will deploy Windows 7 in maybe 1 or 2 years when it had some prime time and the strength/weaknesses are explored, fixed or can be coped with.
Not many sane IT people will deploy it immediately after the first release, but they wait until the test bunnies (OEM consumers) had their experiences and the most severe bugs are fixed.
Until then they will carefully poke it with a stick, evaluate deployment strategies, test with existing company applications for compatibility and decide later on.
Some time next year or the year after that the migration process should get some more traction because of the EOL for XP and newer hardware compatibility issues as they get a bigger hassle with time.. but come on, we all knew that already.
I mean, who is the target audience for the article??
People who just want massive amount of data storage for private use just buy a few NAS units, plug them in a gigabit Ethernet or USB hub and keep the more needed data on the internal HDD's.
On the other side, people who want fast, reliable and a lot of data storage buy something like a HP Proliant, IBM or similar Rack server with redundant PSU's, RAID controller with battery packs and SAS HDD's at 10-15k rpm (and possibly a tape drive).
The later setup costs more in the short run, but you spare your self a lot of head aches (repair service, configuration, downtime, data loss) in the long run, as this hardware is designed for this kind of tasks.
So who is the article targeted at: wannabe computer leet folks? And why on earth is this article on the Slashdot frontpage??
Well, yes, if your system is easily compromised by key-loggers than it is irrelevant how strong your password is.
I like to use systems where this is not the case.
I also use passwords generated by random generators with a length of at least 12 characters.
Still, the best choice is to isolate sensitive stuff to other user accounts so your compromised ones only do limited damage.
If someone gets root privileges on your box, than you are SOL anyway, so rounding up this with IDS systems to ensure system integrity and maybe put most of it on read only partitions improves the situation.
Not even I'm that paranoid though. User level security on a Linux box is enough to make me sleep good at night.
The fact that they hacked ImageShack shows that there is a vulnerability, probably one that was exposed before. In terms of natural selection this is a good thing to make the severity of the vulnerability clear. I think it would be a good thing if this kind of attacks would happen more often to get a better relation to security situation overall, because many companies and individuals tend to ignore otherwise.
Their message is complete bullocks tough. Full disclosure in combination with destructive exploiting would harden the technology, but their agenda is to just 'not talk' about holes in the security, which is completely stupid, as it would only produce a temporal or no relief at all and then someone would wreck much more havoc.
So their statement "Security through obscurity" is complete crap, but we already know that.
Now away from wishful thinking, what will probably happen?
1. As these guys/girls (probably script kiddies, as they don't seem to have much cognitive power) did cause some financial damage, they will probably be tracked down and sentenced to something not nice for them (as they stepped on both sides toes).
2. People with financial interest exploiting vulnerabilities will continue to do so while they'll be staying below the radar (full disclosure or not, it stays like this), as companies don't give a damn in cases where the damage is not obvious or not on their side.
3. Security industry will stay as it is - because the white hat approach works better than the alternative.
Slashdot Mirror
If it is really such a serious bug, than it will be fixed with the first installation and following windows update. (or OEM patches).
No sane person runs a vanilla installation of windows.
Actually, in the first months when win 7 gets released, a lot of even more serious bugs will surface (because of the wide exposure). They also will be fixed and integrated in the update service. It's known that the first months of release is always the release test and fix cycle.
This is just how things go.
Disclaimer: I don't like windows, this is just an objective view.
Adblock is needed because of all those blinking and colourful flash ads that are all around. Googles ads are quite moderate and most people would not mind to see them, so your statement is false.
This would give a lot of people the motivation to switch to Chrome, which would be a gain for Google while not having big add revenue losses (actually they would gain add revenues, as the js cross site google ads would not be blocked any-more).
They're problem is probably, that this would raise anti-competitive questions they want to avoid, so this could only be done with an open plugin system (via trusted third party plugins).
Yahoo! shares were between $30-$40 for the last few years before the collapse. Thing is, Yahoo! did not innovate and keep market-share according to this, but they had a slow decline as people turned to Google and others more and more because of better services.
This effectively means that they had an over inflated stock value at the time (also called a bubble). When talks with Microsoft began, a lot of actual value assessments were made, but because of the merge possibility the prices stayed hyped. Then they suddenly went down to reasonable values after the merge talks were canceled.
This is a normal market healing mechanism. People who are into stocks should know this, make some sane assessments on the base of performance, evaluate risks and then make sane purchase decisions.
In reality, everyone in that crowd just wants to make a quick buck without any economic reason what so ever. This is why I have zero pity for Yahoo! stock holders.
You know that most articles have the "(source: AP)" tag on them in most major news outlets. Guess what: they are a damn big chunk of the system.
As for your assertion: morally and by the law of about 100 years ago the answer is yes, today..
Whatever happened with the classic scenario of the teacher saying: "If you don't put away that fucking cell phone during class, I'll confiscate it and you can get it after school again!" ??
These people obviously fail to see that social problems can't be solved with technology. They can be solved with education. (Ask a school, oh wait..).
And yes, it's illegal too..
Having 8 words to say is already awesome. Modern law and politics is about saying nothing in hundreds of pages. Average font size is 4, single spaced.. (Don't worry about the boring paragraph on page 538).
Trying to use some common sense, if I wanted more revenue of my games than I would try to figure out what causes all that piracy and modify my market strategy to give the gamers a reason to buy.
Screwing over the paying customers by crippling the software with these so called protection schemes that hurt them more than the copyright infringers would be somewhere at the bottom of the list.. actually not at all.
Anyway, they already managed to lower my interest in games to zero with all this crap, so I don't care much any-more.
Depends on how you see it. Users are dumb, so if you spend your money to train your staff and make them just a tiny bit smarter, then your investment is worth it.
On the other hand, if you search for a purely technical solution, you are borne to fail, there I agree with you.
Sadly management often does not have the foggiest idea on how to allocate resources in a smart way in this area, so I don't expect the situation to improve any-time soon.
So you want to tell me that the security consultant/operator that tells how to implement witch security policies, configure firewalls/access control and the trains the staff - can be cut and you get the same for free out of thin air? How exactly do you want to accomplish that one, please share your wisdom!?
Sure, there are BS expenses, but that's a question of getting the right person to do the job.
And there is another reason why I think geo-ip language settings are a horrible idea:
Let's say you are a UK or US citizen and are traveling with your laptop to Germany. You pug in to some local wireless access point and go to google.com, and you are greeted with "Willkommen auf Google" .. "Suche" "Auf gut Glück".
That's when you'll get one of those WTF?? moments. Even more fun when you travel to Japan.
(Assuming you don't speak the local language).
Actually http://www.google.com/webhp?hl=en and http://www.google.com/advanced_search?hl=en work fine. It's just kind of annoying to figure out this option. Especially if all sites are starting to use geo-locations.. even more since there is a setting in the browser that is transmitted with the HTTP request - exactly for this purpose.
I'm in a Germany and my browser language preference is set to English (because I prefer it).
Now most sites (including Google) manage to get my geo-location and annoy me with a German start page (ignoring my language preferences). (At least I could set my prefs. at google, but its bothering to do this for every site I visit).
Now visiting Bing gave me something unusual: a hybrid l10n. The controls were partly in English and the search suggestions (random stuff at the button of the screen) came in German. Searching for something gave only German results.
And there I thought it couldn't get worse than it is already.. but this irks the hell out of me.
ps. And the scaling of mostly everything was messed up too.. Way to go if you want to convince technical folks, Microsoft..
I watched the last news video of them. Here is my impression:
* They recreated the feel of the 80's hacker optic mixed with matrix in an endless loop
(no, that was not a compliment)
* 20 % of the show was advertisement (maybe more)
* The news are mostly a summary on what you read here on security.slashdot.com
* The tone of the show gets boring.. well, immediately
The basic idea is nice, but the actual show is not that impressive. Could get better though..
I don't use Microsoft products, and I don't like their corporate agenda, but I don't hate them. It's very counter productive.
Making ironic jokes here and there is fun, but there are better things to do than hating someone/something.
As long as I/anybody is actively forced to use Microsoft products, I'm fine with them being around.
People who don't have a clue about the topic irritate me at times (OSS fanatics and clueless users and OEM's that don't give me choice).
Most people don't know the difference between a browser and the Internet. If you ask them if they want cookies, they will say yes. Then the website admin will have to deal with fun support calls: "You promised me cookies on your website, but I did not get any! Where are my damn cookies?"
I personally started out with Pascal in the mid nineties, and it was nice back then (before Delphi came around).
Nowadays I would suggest Python as firs language as it is fairly easy, clean and powerful general purpose scripting language. Then extend it with C/C++.
Just don't start with VB, PHP, Java or C# as it will screw the person up for lifetime.
It's what I think too. If the price is reasonable and the content appropriate, then a small fee is ok and people will also pay for it.
Problem is that these people either try to overprice it from the beginning or screw up with the content or do something else that irritates the heck out of people.
Would just take a little common sense, maybe a trial subscription and adequate content in the right form (not too restricted) and they could have a business model. They still manage to screw up most of the time.
You are sadly right.
Most people don't know what a browser is. Statistically most people don't know shit about computers. Now I don't expect the average Joe/Jane to be a computer guru, but come on, we are in the 21st century, the century of information age. People sit 8+ hours a day in front of a computer screen and they don't have the foggiest idea what they are working with.
That's very sad and shows a severe lack of education in the area.
Now where do you get that from? There are vendors that sell boxed and/or subscription based Linux distributions (most known are Red Hat and Novel (SuSE), but there are others too).
And there is a lot more money in support, money that actually is helpful for the local economy.
Also there are other commercial operating systems that are sold (e.g. QNX).
They just don't have the power and ruthlessness of OEM bribery and monopoly like Microsoft, but they are there.
So you see there is a big, slimy thing floating in the water and you don't like it.. What do you do?
a, Take probes, issue some press reports and analyse it while letting in float around.
b, No nothing, let someone else deal with it.
c, Clean up the god damn ugly slime before it starts to eat Alaska, and analyse it later.
d, Make a documentary on how the big unidentified slimy thing ate Alaska and make profit with it.
Many companies will deploy Windows 7 in maybe 1 or 2 years when it had some prime time and the strength/weaknesses are explored, fixed or can be coped with.
Not many sane IT people will deploy it immediately after the first release, but they wait until the test bunnies (OEM consumers) had their experiences and the most severe bugs are fixed.
Until then they will carefully poke it with a stick, evaluate deployment strategies, test with existing company applications for compatibility and decide later on.
Some time next year or the year after that the migration process should get some more traction because of the EOL for XP and newer hardware compatibility issues as they get a bigger hassle with time.. but come on, we all knew that already.
I mean, who is the target audience for the article??
People who just want massive amount of data storage for private use just buy a few NAS units, plug them in a gigabit Ethernet or USB hub and keep the more needed data on the internal HDD's.
On the other side, people who want fast, reliable and a lot of data storage buy something like a HP Proliant, IBM or similar Rack server with redundant PSU's, RAID controller with battery packs and SAS HDD's at 10-15k rpm (and possibly a tape drive).
The later setup costs more in the short run, but you spare your self a lot of head aches (repair service, configuration, downtime, data loss) in the long run, as this hardware is designed for this kind of tasks.
So who is the article targeted at: wannabe computer leet folks? And why on earth is this article on the Slashdot frontpage??
Well, yes, if your system is easily compromised by key-loggers than it is irrelevant how strong your password is.
I like to use systems where this is not the case.
I also use passwords generated by random generators with a length of at least 12 characters.
Still, the best choice is to isolate sensitive stuff to other user accounts so your compromised ones only do limited damage.
If someone gets root privileges on your box, than you are SOL anyway, so rounding up this with IDS systems to ensure system integrity and maybe put most of it on read only partitions improves the situation.
Not even I'm that paranoid though. User level security on a Linux box is enough to make me sleep good at night.
The fact that they hacked ImageShack shows that there is a vulnerability, probably one that was exposed before. In terms of natural selection this is a good thing to make the severity of the vulnerability clear. I think it would be a good thing if this kind of attacks would happen more often to get a better relation to security situation overall, because many companies and individuals tend to ignore otherwise.
Their message is complete bullocks tough. Full disclosure in combination with destructive exploiting would harden the technology, but their agenda is to just 'not talk' about holes in the security, which is completely stupid, as it would only produce a temporal or no relief at all and then someone would wreck much more havoc.
So their statement "Security through obscurity" is complete crap, but we already know that.
Now away from wishful thinking, what will probably happen?
1. As these guys/girls (probably script kiddies, as they don't seem to have much cognitive power) did cause some financial damage, they will probably be tracked down and sentenced to something not nice for them (as they stepped on both sides toes).
2. People with financial interest exploiting vulnerabilities will continue to do so while they'll be staying below the radar (full disclosure or not, it stays like this), as companies don't give a damn in cases where the damage is not obvious or not on their side.
3. Security industry will stay as it is - because the white hat approach works better than the alternative.