Rocket engines are more efficient (see: specific impulse)when the exhaust velocity of the escaping gas is higher. The shape of the bell of the "traditional" rocket nozle is static and thus operates at maximium efficiency at a particular altitude. The linear aerospike engine makes one side of it's bell continuously variable -- by using the air as one side of the nozle and taking advantage of the changing atmospheric pressure as the rocket ascends. The rocket engine will then have a continuously variable, uh, "transmission", to borrow the terminology of this discussion which beats a five-speed hands down. : )
The article summary, the RP/ZDNet press release rehash, and indeed the original press release itself are all very poorly written.
Regarding your 2nd point, and your "err, 1983/84", please allow me to disambiguate.
The Wikipedia article refers to the discovery of AIDS, which is the modern label applied to the clusters of disease cases with similar histories and symptoms which first identified (apparently) in 1981, although it seems some doctors and researchers were aware of unusual disease clusters for a few years leading up to that point. Recognition of AIDS as a disease led to researchers looking for a cause, which led to the subsequent discovery of the HIV virus. In any case, all of this activity took place in the 1980s within a few years, not "sometime in the 1970's".
Clearly you read neither my comment, which clearly refers to the article summary (a Slashdot feature) which incorrectly states that AIDS was discovered "sometime in the 1970's" nor the BBC article, which doesn't mention when AIDS was discoverd. I recalled from prior reading on the topic that AIDS was discovered in the 1980s. Wikipedia happened to get that one right, so I used it as the link. I also noticed that this particular Wikipedia article is extensively referenced.
Regarding your three questions: No, not really, unless you assume that I've directly executed a trojan with admin rights, in which case the box is already compromised. Unlike the scenario I proposed for Vista (waiting until the security monitor is disabled by the user) the mechanisms you propose are not really very promising as mechanisms to gain root on UNIX. (They are not entirely without potential, but they are a far cry from a "sure thing".) By contrast, there have been many locally exploitable privilege escalation paths on (at least pre-Vista) Windows which can be fully automated and chained (which I assumed in my previous example). If it were that easy to own a UNIX box, you would see a poostorm of UNIX malware on Linux and Mac OS X. Instead you see a poostorm of Windows malware.
Privilege elevation is trivial on most systems once malicious software is running on the system.:(
Although a given local privilege escalation defect might be trivial to exploit, exploiting the class of defects to automatically gain control of 20% of the installed base of a given platform is not trivial on most UNIX platforms because at any given time there are no such defects known which can be easily or automatically exploited. Historically (e.g. prior to Windows XP) the design of Windows had numerous official mechanisms for local privilege escalation which were considered to be part of the normally functioning system, and which had design and other defects which could be exploited. New such defects were discovered at a rate of one to several each month, nearly every month throughout the life of Windows 2000 and at a slightly slower rate for Windows XP. (Vista's history is not yet long enough to tell, but presumably this might slow down a bit more.) Consequently, on any given Windows system there have been several known ways to achieve privilege escalation throughout much of the life of the product, even on systems which are patched regularly which unfortunately many are not. The insane ambient infestation rate for adware and spyware is due largely to this class of issues (exploit chaining including local privilege escalation).
(Although some exploits lead directly to admin rights, "Exploit chaining" has also been used by malware authors -- get on the box using a remote defect, or social engineering to get the malware running as a non-admin user, then find a "local" way to elevate privilege using a separate exploit. )
If it were "trivial" to do this on Mac OS X, for example, the twenty million Mac OS X machines in the world would be worth a lot of money to spammers. The same botmasters who own fleets of Windows machines would own fleets of Mac OS X machines, too. At the present time, they don't seem able to easily own Mac OS X systems. Heck, even if we only consider the six or or eight million Mac OS X systems which run Intel processors that's still a sufficiently tempting target.
The point is that the malicious process does *not* need to be running as admin, and the user doesn't need to do anything if the process can attack the system with a privilege escalation exploit. This is not my opinion, it is fact, supported by a mountain of malware evidence.
No, it's really not the same as "su root". The UAC aspect of the Vista security model, granting for the moment that it's not so convoluted that the term "model" shouldn't be applied, is at best inverted. The principle of least privilege on which most UNIX security is based would have:
you, the authorized user,
delegate permission to (elevate privilege for),
the relevant user or process rights,
just high enough and
just long enough
to get the job done. If I'm logged into, say, Linux or Mac OS X and installing software, the running process has it's privilege escalated if I authorize it (for example using "sudo" in a Terminal window). To the degree that I'm familiar with or trust the process that I'm running, I can "trust" that the system will allow it to do its work and won't allow other random things that just happen to occur at the same time but which I didn't authorize to employ those same elevated privileges. For example, actions that I may perform in other windows at the same time, or actions by other users on the same system, or actions by other processes will continue to function with their respective limited (and different) permission sets. This model has been employed and refined on multi-user, multi-processing general purpose computing systems for over forty years (the general ideas pre-dates UNIX) and it works reasonably well, largely without annoying the end user.
By contrast, under the Vista model, a malicious program could hop onto your system with limited rights, and then just wait until the inevitable day when the user disabled UAC. Then it can happily write itself to the filesystem, change the registry and install the keystroke logger with Admin rights. Disabling the security monitor is, well, a mind-numblingly bad idea that probably resulted from months and months of design meetings which utterly failed to consider looking *outside* of Microsoft to consider ideas or experience that other operating systems or research projects might have to offer.
You wrote:
For repeated, but seperate operations (like installing a lot of applications when you're setting up your machine), you can disable UAC. This is basically the same thing as su root if your account is an admin account.
The value of OS X to Apple is clearly increasing, not decreasing. Selling it off would be stupid. The gap between Windows and OS X may have narrowed a bit with the release of Vista improving the security of the platform, but it is about to get a lot wider again with the coming release of Leopard.
Vista wasn't released, it escaped, leaving a trail of bloody offal all the way back to the Microsoft executive meeting room where they were forced (by the sheer weight of industry analyst, shareholder, and employee skepticism about their ability to deliver *anything*) to jettison many of the interesting features they were shooting for. Vista looks like Mac OS X because Microsoft realized they had to blow some smoke and lay some mirrors about or they were going to get their clock cleaned. Importantly, Vista doesn't lay the foundation for the next decade of computing that Microsoft initially bragged about, and the decade is more than half over.
Vista is clearly a release of desperation. Bill Gates had to lie about Mac security to get any attention for his comments about Vista in the pundit space. He's clearly depressed because all the pundits do these days is ask him about the Macintosh. Senior executives at Microsoft want Macintosh systems. (Senior executives that I know at a surprising number of technology companies are already running Macintosh computers at home, often at work as well, and in a few cases pondering how they can migrate their enterprise).
Compared to the steady forward march of OS X (and iPod) Vista (and Zune) and you see in Vista the software equivalent of a towel applied to a horrible wound. Microsoft's arms are off and, like the Dark Knight of Monty Python and the Holy Grail, they're hopping up and down on one leg taunting an opponent who really isn't even interested in them all that much, having more important things to do, like satisfy customers.
(By the way, You posted AC because you are a troll. Perhaps a paid troll even? Nonetheless, since you were modded up so absurdly high, it seemed a response was in order.)
Not so fast! Apple's systems have been booting from network images and supporting network installation, if memory serves, before such tricks were even possible on the Windows PC due in part to their use of Open Firmware way back when (they use EFI now-a-days). Network boot and install was difficult and unreliable on the Windows PC until quite recently. I was told by various vendors including Dell as recently as two years ago (some of their models worked and some of them didn't) that limitations of the firmware in most PCs were to blame. In private conversations the engineers working on these products admitted that they were basically waiting for the hardware to catch up and that certain models which my client had just purchased (by the many thousands) would probably never work reliably for network booting and network install due to these issues. On the PC platform there were various remote management hacks, uh, initiatives, like WOL and PXE designed to help get around the hurdle of broken-by-design PC firmware. Finally a modern (e.g. extensible and thus as capable as the decades-old Open Firmware platform) firmware for the PC was designed by Intel, the EFI - Extensible Firmware Interface.
On the Macintosh, by contrast, remote booting and remote installation "just worked". For years. Even before the Intel based Macintosh. Yes. It did. No kinda sorta about it. When Windows LAN administrators were wasting bazillions of dollars in the systems integration labs of Fortune 500 and government agencies all over the world, this "just worked" on the Macintosh.
Various products, including some from IBM, are available to assist with remote management of the Macintosh, not to mention the nice built-in stuff like OpenDirectory.
IBM, by the way, makes multiple overlapping (and sometimes competing) software distribution and imaging products. You have, I think, seen one of their other products, the name of which keeps changing to escape it's reputation as being utterly craptastic, but which usually has something like "Remote" in the name. What you (most likely) saw was called (if memory serves) RIM (Remote Installation Manager) and is presently marketed as IBM Remote Deployment Manager part of a product suite called IBM Director. This product doesn't support the Macintosh but that doesn't imply that the Macintosh isn't ready for the enterprise. It might, in fact, imply the opposite -- that Windows isn't really ready for enterprise scale deployment.
There are litterally tens of billions of dollars per year worth of enterprise systems management products on the market which are totally irrelevant to managing an enterprise network of Macintosh computers not because they don't support the Macintosh (which I freely admit most of them do not) but because the Macintosh doesn't need them to be deployed and managed at a large scale. These products largely exist to fix things which are broken in Windows, things which are problems only when you need to deploy and manage lots of machines, things which are not broken in Mac OS X. (I know this because I am an enterprise systems and network architecture consultant, and I help fix scalability problems related to enterprise systems management for Fortune 500 and government clients.)
I wish that I could do a case study comparing two interesting organizations with which I am intimately familiar, but unfortunately I learned this stuff off the record and cannot reveal the organization names.
The scenario you suggest -- that systems designs which allow a graphics card udpate would reduce Apple's ability to maintain a stable platform -- is not correct. Graphics cards are upgradable in the Mac Pro tower and those systems are rock solid stable. If the device and the driver are well made and well tested, stability won't suffer. The systems will cost more and the designs will be larger and clunkier than a Mac Mini or an iMac, and very few of the upgrade slots will ever be used.
Actually, from the important perspective of the difficulty of building a new machine around it, the Intel "dual-dual" core chips really are quad core -- they drop into the same socket as the previous dual core chip, placing four cores into the socket. That certainly helped speed the time to market for the chip.
Consider the Findings of Fact in the case, and see in particular Section H, Paragraphs 62 through 67.
The point concerning Intel is a red herring Courts typically don't recognize the "Sure I'm guilty but look over there! He's even more guilty than me!" defense.
I do agree that courts seem to be poorly equipped to deal with complicated technical issues and other elements of this case were absurd. That really doesn't undermine the relevant point, which wooshed past again. The acceptance by courts of suspect science like bite-mark analysis and their over-reliance on eyewitness testimony support your assertion that it's best if one minimizes interaction with courts.
The first iPod is what made all the other iPods possible. It was sexy, it did cool stuff very well, and it was too expensive. Now you can get an iPod Nano for a fraction of the cost of the original iPod and yet it does more stuff better.
Soon people willing to spend extra money to get cool features will be buying very expensive iPhones, and in a few years the spawn of the iPhone will be cheaper and do more stuff. Hooray!
"NASA's current archetype of highly-driven, task-oriented people might be precisely the wrong type for a Mars expedition"
OK, the opposite of this would be laid-back herb-toking free-love hippies. While it's true that such folk will be disinclined to kill each other in a jealous rage, but they are also not likely to be inclined to get into a tin can with no weed for three years and walk around on Mars collecting rocks they won't even get to keep or sell on EBay.
Maybe, but Microsoft the convicted monopolist is guilty of forcing several large PC vendors to *sell* Windows with their computers, which has dramatically restricted the range of choice for consumers. Are you new in these here parts?
Uhm... in case you hadn't noticed, everyone who uses a cell phone in the United States is talking about the Apple iPhone. I'd say the current status of the iPhone is more like: "the most insanely successful publicity coup that has ever been executed by a corporation for a single product."
The claim that the "Mac community is arrogant" mystified me until I realized that people who make this claim are probably masking an inferiority complex of some sort. Most Macintosh users don't know enough about computers to be arrogant. They are, if anything, rather meek on the whole. I suspect that IT professionals whose experience is limited to Windows (which is, after all, most of them) resent the honestly dumbfounded looks they get from these fawn-eyed Mac users who innocently say things like, "Why is my computer at work so flakey? I've never had a problem like this on my Mac at home."
It seems more likely to me that the professional IT community, which has backed the wrong horse, is resentful.
Slashdot Mirror
The problem you were pondering is not solved by a transmission. It's solved this way...
Aerospike Engines (how they work)
Aerospike Engine (history)
Linear Aerospike Engine (see the "efficient at all altitudes" section)
Rocket engines are more efficient (see: specific impulse)when the exhaust velocity of the escaping gas is higher. The shape of the bell of the "traditional" rocket nozle is static and thus operates at maximium efficiency at a particular altitude. The linear aerospike engine makes one side of it's bell continuously variable -- by using the air as one side of the nozle and taking advantage of the changing atmospheric pressure as the rocket ascends. The rocket engine will then have a continuously variable, uh, "transmission", to borrow the terminology of this discussion which beats a five-speed hands down. : )
The article summary, the RP/ZDNet press release rehash, and indeed the original press release itself are all very poorly written.
No, you shouldn't add to your post. You really should not post at all regarding this topic as you clearly are impervious to clue.
Regarding your 2nd point, and your "err, 1983/84", please allow me to disambiguate.
The Wikipedia article refers to the discovery of AIDS, which is the modern label applied to the clusters of disease cases with similar histories and symptoms which first identified (apparently) in 1981, although it seems some doctors and researchers were aware of unusual disease clusters for a few years leading up to that point. Recognition of AIDS as a disease led to researchers looking for a cause, which led to the subsequent discovery of the HIV virus. In any case, all of this activity took place in the 1980s within a few years, not "sometime in the 1970's".
This page includes some audio clips from interviews with some of the researchers: NIH researchers discuss the history of AIDS.
Clearly you read neither my comment, which clearly refers to the article summary (a Slashdot feature) which incorrectly states that AIDS was discovered "sometime in the 1970's" nor the BBC article, which doesn't mention when AIDS was discoverd. I recalled from prior reading on the topic that AIDS was discovered in the 1980s. Wikipedia happened to get that one right, so I used it as the link. I also noticed that this particular Wikipedia article is extensively referenced.
Go trust yourself.
The article summary needs further assistance. AIDS was identified in 1981.
(Although some exploits lead directly to admin rights, "Exploit chaining" has also been used by malware authors -- get on the box using a remote defect, or social engineering to get the malware running as a non-admin user, then find a "local" way to elevate privilege using a separate exploit. )
If it were "trivial" to do this on Mac OS X, for example, the twenty million Mac OS X machines in the world would be worth a lot of money to spammers. The same botmasters who own fleets of Windows machines would own fleets of Mac OS X machines, too. At the present time, they don't seem able to easily own Mac OS X systems. Heck, even if we only consider the six or or eight million Mac OS X systems which run Intel processors that's still a sufficiently tempting target.
The point is that the malicious process does *not* need to be running as admin, and the user doesn't need to do anything if the process can attack the system with a privilege escalation exploit. This is not my opinion, it is fact, supported by a mountain of malware evidence.
You keep using that word. I do not think it means what you think it means.
- you, the authorized user,
- delegate permission to (elevate privilege for),
- the relevant user or process rights,
- just high enough and
- just long enough
to get the job done. If I'm logged into, say, Linux or Mac OS X and installing software, the running process has it's privilege escalated if I authorize it (for example using "sudo" in a Terminal window). To the degree that I'm familiar with or trust the process that I'm running, I can "trust" that the system will allow it to do its work and won't allow other random things that just happen to occur at the same time but which I didn't authorize to employ those same elevated privileges. For example, actions that I may perform in other windows at the same time, or actions by other users on the same system, or actions by other processes will continue to function with their respective limited (and different) permission sets. This model has been employed and refined on multi-user, multi-processing general purpose computing systems for over forty years (the general ideas pre-dates UNIX) and it works reasonably well, largely without annoying the end user.By contrast, under the Vista model, a malicious program could hop onto your system with limited rights, and then just wait until the inevitable day when the user disabled UAC. Then it can happily write itself to the filesystem, change the registry and install the keystroke logger with Admin rights. Disabling the security monitor is, well, a mind-numblingly bad idea that probably resulted from months and months of design meetings which utterly failed to consider looking *outside* of Microsoft to consider ideas or experience that other operating systems or research projects might have to offer.
You wrote:
Was it actually confirmed that spammers were able to DDoS Blue Security out of existence? Last I recall the evidence for that was weak.
You haven't hung out with an alpha geek, nor with anyone who hangs out with an alpha geek for ten years? How did you find Slashdot?
I would think a BOINC project might produce enough muscle to get a really big brain going. Imagine a BOINC cluster of...
;-)
The value of OS X to Apple is clearly increasing, not decreasing. Selling it off would be stupid. The gap between Windows and OS X may have narrowed a bit with the release of Vista improving the security of the platform, but it is about to get a lot wider again with the coming release of Leopard.
Vista wasn't released, it escaped, leaving a trail of bloody offal all the way back to the Microsoft executive meeting room where they were forced (by the sheer weight of industry analyst, shareholder, and employee skepticism about their ability to deliver *anything*) to jettison many of the interesting features they were shooting for. Vista looks like Mac OS X because Microsoft realized they had to blow some smoke and lay some mirrors about or they were going to get their clock cleaned. Importantly, Vista doesn't lay the foundation for the next decade of computing that Microsoft initially bragged about, and the decade is more than half over.
Vista is clearly a release of desperation. Bill Gates had to lie about Mac security to get any attention for his comments about Vista in the pundit space. He's clearly depressed because all the pundits do these days is ask him about the Macintosh. Senior executives at Microsoft want Macintosh systems. (Senior executives that I know at a surprising number of technology companies are already running Macintosh computers at home, often at work as well, and in a few cases pondering how they can migrate their enterprise).
Compared to the steady forward march of OS X (and iPod) Vista (and Zune) and you see in Vista the software equivalent of a towel applied to a horrible wound. Microsoft's arms are off and, like the Dark Knight of Monty Python and the Holy Grail, they're hopping up and down on one leg taunting an opponent who really isn't even interested in them all that much, having more important things to do, like satisfy customers.
(By the way, You posted AC because you are a troll. Perhaps a paid troll even? Nonetheless, since you were modded up so absurdly high, it seemed a response was in order.)
Not so fast! Apple's systems have been booting from network images and supporting network installation, if memory serves, before such tricks were even possible on the Windows PC due in part to their use of Open Firmware way back when (they use EFI now-a-days). Network boot and install was difficult and unreliable on the Windows PC until quite recently. I was told by various vendors including Dell as recently as two years ago (some of their models worked and some of them didn't) that limitations of the firmware in most PCs were to blame. In private conversations the engineers working on these products admitted that they were basically waiting for the hardware to catch up and that certain models which my client had just purchased (by the many thousands) would probably never work reliably for network booting and network install due to these issues. On the PC platform there were various remote management hacks, uh, initiatives, like WOL and PXE designed to help get around the hurdle of broken-by-design PC firmware. Finally a modern (e.g. extensible and thus as capable as the decades-old Open Firmware platform) firmware for the PC was designed by Intel, the EFI - Extensible Firmware Interface.
On the Macintosh, by contrast, remote booting and remote installation "just worked". For years. Even before the Intel based Macintosh. Yes. It did. No kinda sorta about it. When Windows LAN administrators were wasting bazillions of dollars in the systems integration labs of Fortune 500 and government agencies all over the world, this "just worked" on the Macintosh.
Various products, including some from IBM, are available to assist with remote management of the Macintosh, not to mention the nice built-in stuff like OpenDirectory.
NetBoot and Network Install
NetOctopus
IBM TIvoli Storage Manager
IBM, by the way, makes multiple overlapping (and sometimes competing) software distribution and imaging products. You have, I think, seen one of their other products, the name of which keeps changing to escape it's reputation as being utterly craptastic, but which usually has something like "Remote" in the name. What you (most likely) saw was called (if memory serves) RIM (Remote Installation Manager) and is presently marketed as IBM Remote Deployment Manager part of a product suite called IBM Director. This product doesn't support the Macintosh but that doesn't imply that the Macintosh isn't ready for the enterprise. It might, in fact, imply the opposite -- that Windows isn't really ready for enterprise scale deployment.
There are litterally tens of billions of dollars per year worth of enterprise systems management products on the market which are totally irrelevant to managing an enterprise network of Macintosh computers not because they don't support the Macintosh (which I freely admit most of them do not) but because the Macintosh doesn't need them to be deployed and managed at a large scale. These products largely exist to fix things which are broken in Windows, things which are problems only when you need to deploy and manage lots of machines, things which are not broken in Mac OS X. (I know this because I am an enterprise systems and network architecture consultant, and I help fix scalability problems related to enterprise systems management for Fortune 500 and government clients.)
I wish that I could do a case study comparing two interesting organizations with which I am intimately familiar, but unfortunately I learned this stuff off the record and cannot reveal the organization names.
The scenario you suggest -- that systems designs which allow a graphics card udpate would reduce Apple's ability to maintain a stable platform -- is not correct. Graphics cards are upgradable in the Mac Pro tower and those systems are rock solid stable. If the device and the driver are well made and well tested, stability won't suffer. The systems will cost more and the designs will be larger and clunkier than a Mac Mini or an iMac, and very few of the upgrade slots will ever be used.
Apple will begin to appear on the enterprise desktop once these people graduate and start working in corporations, launching their own companies, etc.
Actually, from the important perspective of the difficulty of building a new machine around it, the Intel "dual-dual" core chips really are quad core -- they drop into the same socket as the previous dual core chip, placing four cores into the socket. That certainly helped speed the time to market for the chip.
Slow scanning worms already exist.
Consider the Findings of Fact in the case, and see in particular Section H, Paragraphs 62 through 67.
The point concerning Intel is a red herring Courts typically don't recognize the "Sure I'm guilty but look over there! He's even more guilty than me!" defense.
I do agree that courts seem to be poorly equipped to deal with complicated technical issues and other elements of this case were absurd. That really doesn't undermine the relevant point, which wooshed past again. The acceptance by courts of suspect science like bite-mark analysis and their over-reliance on eyewitness testimony support your assertion that it's best if one minimizes interaction with courts.
The first iPod is what made all the other iPods possible. It was sexy, it did cool stuff very well, and it was too expensive. Now you can get an iPod Nano for a fraction of the cost of the original iPod and yet it does more stuff better.
Soon people willing to spend extra money to get cool features will be buying very expensive iPhones, and in a few years the spawn of the iPhone will be cheaper and do more stuff. Hooray!
Perhaps you meant: Death and Taxes: A Visual Guide to Where Your Federal Tax Dollars Go rather than the domain squatting site budgetgraph.com.
Uhm... in case you hadn't noticed, everyone who uses a cell phone in the United States is talking about the Apple iPhone. I'd say the current status of the iPhone is more like: "the most insanely successful publicity coup that has ever been executed by a corporation for a single product."
The claim that the "Mac community is arrogant" mystified me until I realized that people who make this claim are probably masking an inferiority complex of some sort. Most Macintosh users don't know enough about computers to be arrogant. They are, if anything, rather meek on the whole. I suspect that IT professionals whose experience is limited to Windows (which is, after all, most of them) resent the honestly dumbfounded looks they get from these fawn-eyed Mac users who innocently say things like, "Why is my computer at work so flakey? I've never had a problem like this on my Mac at home."
It seems more likely to me that the professional IT community, which has backed the wrong horse, is resentful.