I think it's probably true that quite a few of the geek priestly class are attracted to Mac OS X, as they are to Linux and other UNIX. However, the Macintosh platform is notorious for a certain segment of its user base being relatively unsophisticated. Only yesterday someone told me that they thought this reflected well on the platform, because, "people who otherwise wouldn't be able to use a computer can use a Macintosh"!
The Witty Worm demonstrated that a market niche as small as perhaps 12,000 systems can be vulnerable to a worm based attack. The Macintosh is not inherently safe due to niche status. Anybody making this claim is seriously not keeping up with the field of information security.
Worms that have targeted other niche platforms including web servers and database servers of various kinds have also demonstrated that platforms with a few hundred thousand deployed systems (much smaller than the deployed base of Macintosh systems) are vulnerable to worm attacks.
Sorry, I wasn't clear on that. It's intended purely to illustrate that the very notion of efficiency considerations are value laden. One of the underlying assumptions of the essay is that the very idea of a society based on economic efficiency is ultimately unsustainable and doomed to collapse. I thought the essay itself was interesting enough in places to include as the example, despite the whacko tendency of the author to imply a grand conspiracy among economists to promote a social darwinist agenda. Clearly he is not aware that if all the economists in the world were laid out end to end, they still couldn't reach a consensus.
It also reminds me of the science fiction work The Mote in God's Eye where an alien civilization is discovered which goes through long term cycles of rise, overpopulation, and warfare driven collapse.
Tying this back into the Boot Camp discussion, I suspect that the very attempt to interpret Apple's Boot Camp strategy via a lens like this is missing the point. Apple has a lot of users who would like this capability, and virtualization, too, built into Mac OS X. Apple doesn't think that providing this capability will hurt them, and they probably suspect it might help them a little, maybe. Grand interpretations of monopolies colliding in the purely competitive market place of the intel processor (heh) will have to wait until Apple decides to ship Mac OS X on Dell, HP, Gateway, etc.
I don't have any direct evidence to support your claims, but I know that we have approached two ISP, one national, one regional, to get them to try our novel anti-worm / anti-botnet system, to no avail. (They do understand that botnets produce spam.) I suspect that they really don't want to do anything about the problem.
Fighting abuse with abuse is bad. Swamping a spammer is not a good idea, because he can either redirect the attacks to an innocent third party, or simply pointless because they use stolen ressources, like trojaned computers that host illegal sites.
From your sig:
Swamp the US Justice dept. with Google sex searches. [zapto.org]
Pareto Efficiency is a special type of efficiency from the field of economics, but you have neglected to mention other efficiency models, several others of which are probably more relevant to consideration of Apple's Boot Camp strategy. Here are some better links:
Pereto Efficiency doesn't have much to say about efficiency in the global scope, and consequently doesn't have as much to say about things like this as would, say, some other allocative efficiency model. It's premise is interesting as an analytical tool, but also somewhat fantastic. In the local universe it assumes, allocations that transfer wealth or other valuable resources from you to me would not normally be regarded by you as a non-event, and I regard transfer of non-valuable items from you to me as a liability, so this model has limitations in real world application from the outset, even with limited scope.
Furthermore, economists also understand that real world markets typically are not all that efficient. If they were, then the hundreds of billions of hours spent futzing with Windows PC systems would have led to the ascendancy of Mac OS X as the dominant computing platform back when it was called NeXTSTEP. In the real world, those futzing hours are not measured, and represent an identifiable inefficiency in the market.
Most economists also understand that efficiency is inherently a value judgement, and even the criteria by which efficiency is measured and even modeled involves value judgments.
Of course, I studied economics for four years at a university, and still regard the entire field of micro-economics with considerable skepticism, so take my observations with a grain of salt. Perhaps it is politicians rather than economists who are to blame for willful misuse of the tools. However, failure to understand the limitations of a given economic analysis tool allows voters to be snowed into supporting all manner of initiatives which are, on the whole, not in their individual nor collective self-interest.
I feel the same way about The Finder in Mac OS X. When Apple finally re-implement that pile of dung to make it work well enough that I won't want to open a Terminal, I probably won't even notice unless they rename it as part of the effort.
your defense: I was framed! (What they all say)
on
Phishers Get Phoney
·
· Score: 1
Even better (worse):
Suppose the bad guys Google the names on their list (or determine from information on the PC from which their bot got the initial identity data) to select people who are likely to have computer skills? They have plenty of names to pick from. Being somewhat selective about the names they use to open phone lines and bank accounts would be downright obfuscational. Heck, the Evil Doers(TM) could pick people with publicly expressed dissatisfaction with government activities like domestic spying, torture, and secret prisons. Once they have their "short list" of mouthy computer guys with a trojan on their PC, they could even plant fake evidence before using their name to Do Evil Things(TM) before silently fixing the hole in their PC, and removing all traces that the trojan was ever there. Ooooh... that would be ugly.
["Evil Doers" and "Do Evil Things" are trademarks of The Bush Administration.]
Well, considering that the phishers have acquired some expertise in identity theft I'd suspect that the elevated risk involved is for the poor sucker in whose name they opened a phone line. Instead of opening the mail one day to find his credit card balance higher than it should be, he'll wake up to the sound of the FBI kicking in his door. BAM!
Of course, they'll let him go as soon as they figure out he doesn't know anything about computers. But what if the bad guys happen at random chance to use *your* name? Establishing probable deniability likely takes a bit longer when you have the skills required to commit the high tech crime and your FBI-confiscated computer shows you've been discussing phishing in Slashdot threads. You might have to fall back to alibi. Doh!
I read a story a few months ago about a well organized shoplifting ring that was stealing stuff and then selling it in a store they had set up for the purpose. A fake retail store is probably a lower bar than a fake bank branch. (Sorry, I looked for a link and can't find it amidst the flood of "organized shoplifting" stories.)
There have been a few cases of fake ATM machines, though. That's probably more effective than a fake bank branch would be anyway.
Isn't that a little bit of FUD? It's not that companies don't trust the content they've put on their webservers, it's that the webserver is the one that is most likely to be compromised, and if it is compromised, you don't want people able to get immediate access into your network.
Well, possibly, but I don't think so. In order to move past this objection however, I will concede that what you have described is exactly the situation which exists. I will yield my own position, which is basically that:
Companies do not (and should not) trust their own web servers enough to allow it access to their internal corporate network, and
there is no logical reason offered by the proponents of this advice (typically Microsoft and the AntiVirus vendors) as to why an end user (e.g. one whose web browser has a security hole which can grant root on their box to a malformed image file without them being aware of it) should trust that trusted and yet sacrificial, DMZ-ensconced web server?
My new starting point is yours. Organizations trust their web servers, they just put them in a DMZ and don't allow them to access the internal network and are prepared to lose any data on them and prepared to re-image them on a moment's notice because they are "most likely to be compromised". The distinction between your position and mine is pretty subtle anyway, but I adopt it heartily here, for the sake of discussion of the relevant point: advising people to avoid untrusted sites is not helpful to the recipients of that advice.
Advising people to "avoid untrusted sites" is the leading contender for "the dumbest advice the security industry has ever given". It's generally given during the time that one's web browser has an un-patched security hole. You can tell it's dumb advice because nobody can answer the natural and simple follow-up question which it evokes: "How does one tell an untrusted site?"
Never mind how one tells before clicking on the apparently innocuous link and actually inspecting the site.
This "loopback evil sites host file" is fine as far as it goes, and I've recommended this as part of a prevention strategy for clients before.
However, the notion of "trusted web sites" is bogus and dangerous (e.g. in web site security, "evil sites are not to be trusted" may be true, but the converse is not necessarily true -- web sites that are not known to be inherently evil are also not "trusted". Companies that build them and run them and put them on the internet for you to puruse don't even trust them. They put them on "sacrificial hosts" in a "DMZ". The *owners* of these web sites don't trust them. Why should anyone else?
The notion of the "trusted web site" is dead. Stone cold it's not pining for the fjords because if it hadn't been nailed there it would be pushing up the daisies, dead.
The reason the AntiVirus vendors keep producing this kind of inflamatory FUD is because it works.
Every time an AntiVirus company issues a fear mongering white paper, press release, or paid article placement in a magazine they get explosive coverage, dozens or hundreds of free articles written about them or their topic of interest, nearly all with links back to their original article. Within limits, bad publicity is publicity and publicity is good.
Meanwhile, companies like mine that are building next-generation network security systems (shameless link to Intrinsic Security AntiWorm) and who try to be good network citizens must work a thousand times harder for links back to our web sites, don't get slashdot stories about us, don't get bazillions of blog entries linking back to us.
Mine is not the only company that suffers this problem. Every time a story by one of these highly bogus AntiVirus FUD spreading companies ticks you off, you should include at the end of your rant about it in your blog a few links to non-bogus internet security companies. We would greatly appreciate it.
Honestly, there are days when I feel like whipping up a FUD press release or scare mongering white paper. It would be easier than taking the publicity high road.
Mainly it's hard because people would like to be able to remember the names of the planets, make posters and whatnot for little kids, write poems about them, name them after greek gods, etc., but it turns out that there are hundreds of round objects circling our sun. Not enough greek gods to go around, and too many for the average person to memorize for sure, especially when they have catalog numbers instead of interesting names.
They have previously survived other blows. I recall that one problem with signature files led some systems to blue screen a year or two ago, but I can't locate the story online. The source CNet article even says that they normally see a false positive about once a quarter. The other vendors suffer false positives, too, as any signature or heuristics based detection method will do.
It's all about cost. At some point in the history of many of these breeches, there was a guy yelling his bloody fool head off that a giant security exposure exists. Management didn't understand the risks, didn't understand the techincal issues that lead to the risk, and do understand one and only one thing: how much does it cost to fix it?
Then they just decide. Fix or not? Oftentimes, not. When the fool keeps yelling his bloody head off, he is eventually marginalized and his career is effectively over.
That's why people who care about this stuff almost all eventually become consultants. Without immediate risk to your job, you can tell 'em what's broke. When they don't like it, you move on and tell somebody else.
Sometimes you want to patch, reboot and repeat. Stability is so *boring*.
Sometimes I *need* to reboot. NEED I say! I can't help myself. There are days I think there should be a 12 step program for Recovering Windows Systems Administrators.
Hi. I'm John. I'm... I'm an MCSE. Every day, I walk up to our Linux server, and I reboot it, just because I have to. You know, it doesn't really need it, but I can't help myself.
In unison, everyone at the OSDN Center for Recovering MCSE says:
Years ago we knew that the first casualty of Linux would be the proprietary Unix companies. The workstations first and then the servers.
This seems to be conventional wisdom around these parts, but it's not backed up by evidence. The UNIX vendors that have died to date have nearly all been killed by inept management, including the next one expected to kick off any day now, SGI.
Of course, they had some assistance from early Windows marketing hype and a lazy trade press that believed that Windows would take over the server market in 1992 or 1994 and continued to believe it for over a decade despite overwhelming evidence that the product wasn't ready for the enterprise server room.
And Linux has been taking over the UNIX workstation market? Give me a break. That market has been dead for almost ten years. Windows took over the market niche formerly occupied by UNIX workstations (including X-Windows stations which were not full UNIX boxen) long before Linux was ready, and the market niche doesn't really exist any longer -- it became part of "the Windows Desktop".
Although Linux hasn't killed off any UNIX vendors yet, they appear to be concerned by the possibility. IBM for example has been perfecting their AIX up-selling technique -- hook clients with Linux advertising, then up-sell them to AIX. They have a different term for it, migration analysis or something, which they do free for their customers. (Apparently it works well enough that one IBM group pays cash money to another IBM group to do it, such that the customers don't need to pay for the proposal, which says something like, "Gosh, who wouldda thunk? It turns out that your situation lends itself to an AIX solution after all. Shucks, it's a good thing we did this study or you would have been migrating to Linux and you wouldn't be able to leverage the AIX value proposition" or something like that.) IBM is also hedging its bets by making some more serious investments in Linux, and trying to create a market for Linux on IBM hardware, both Intel and Power based.
Linux has been making inroads into the server market (as you illustrate by example) but it hasn't killed a UNIX vendor there yet. It's also making hay in the embedded systems market. In the process it is displacing some UNIX and some Windows, but also (and perhaps mainly thus far) growing into new areas where there were no dominant players (network linkup boxes were simpletons until fairly recently and didn't run a full operating system like modern switches do, for example). That didn't kill any UNIX vendors, either.
Windows isn't a stationary target, of course. The expected growth of the product in the server market is finally happening, albeit ten years after the fact. This means the market thinks that Windows is an acceptable substitute for many of the former UNIX server tasks. Even if UNIX administrators have plenty of good reasons why it's not, clearly the show stopping problems which prevented its rise for the last ten years are behind it.
The frame of reference seems even to have a waning validity. At the very least, analyzing the question for the past was fairly simple, but it becomes very much more complicated to analyze contemporary events through this lens, since most of the surviving UNIX vendors are also Linux vendors. Things have changed so much in the last several years that events won't make sense when viewed through this lens at all. Allow me to illustrate the problem:
SGI probably sells more Linux than IRIX at this point. If and when SGI hacks up the last bloody phlem and finally dies, which of the following will have occurred?
This plan leaves no margin for error at the program level. The flight schedule needed to complete the ISS probably cannot be met by a single vehicle. Suppose a year from now they discover a craft-specific problem with one of the remaining shuttles which requires it to be grounded (while the other flies following inspection which determines it to be free of the hypothetical problem)?
The NASA plan already calls for completing the construction of the ISS and then grounding the shuttles, immediately. This of course leaves no way to get to the newly constructed ISS to do research. The plan also doesn't seem to accomodate lifting new modules to the ISS during its fully functioning research lifetime, which was originally part of the ISS vision for a living breathing station.
NASA is in trouble. The Bush Administration has saddled it with goals that are unrealistic given its funding level. A vague return to the Moon, and eventual trip to Mars, as well as completing the construction of the ISS to kinda sorta meet our international obligations on that project are all likely to fail if we cannot choose between them.
Space research needs a reliable transportation system. This might mean more than one new vehicle. Without a significant increase in funding to NASA, the Space Shuttle should be scrapped immediately and the ISS should be mothballed if possible, scrapped if not. NASA should focus on fixing the problem -- reliable access to space is needed before other lofty objectives can be met.
Merrily Microsoft visited their broker, and while they were there, they dumped their stock, right there on her desk. They're happy to this day that Apple's still there, and they're all thrilled that their agreement to renew the Office for Mac is back there again, right on their track.
In a more serious vein, I can see another reason why this is incredibly unlikely . . .
Anybody remember a few years ago, when Apple was circling the bowl? Microsoft was being raked over the coals by DOJ for antitrust issues, remember? That's when Mr. Gates and Company pulled a rabbit out of their hat by investing in (bailing out) Apple.
Well, not quite. There was no bail out. The investment was largely symbolic, and Microsoft dumped there stock a few years later (for a healthy profit, I'm sure). The amount of money involved was chump change. Apple had something like 2 Billion Dollars in the bank at the time.
The investment served a higher purpose, not directly monetary and cannot be characterized as a bail out in any sense. It's actual purpose was to demonstrate a vote of confidence in Apple's future, and cement the agreement between the companies whereby the rights to certain patents were exchanged, expensive legal battles over those suits were dropped, and Microsoft pledged to continue to develop Office for Mac for five years.
Apple knew they had a PR problem with their user base, and more importantly with the community of financial analysts. I think the investment was made so that these two groups would take the deal seriously. The amount of money involved had to be psychologically interesting to both of these groups, so it had to be fairly large, but it was not a bail out. If Apple was close to circling the drain it was due to exhaustion of intellectual capital, not cash, and that problem was self correctly once Steve Jobs returned to the helm (he is a magnet for top talent.)
Remember, Microsoft has spent a lot of cash the last several years buying their way out of the problems of a convicted monopolist. Apple's price was a heck of a lot lower than Sun's price, for example.
Apple didn't need the cash. There was no bailout. The truth is more interesting.
Slashdot Mirror
I think it's probably true that quite a few of the geek priestly class are attracted to Mac OS X, as they are to Linux and other UNIX. However, the Macintosh platform is notorious for a certain segment of its user base being relatively unsophisticated. Only yesterday someone told me that they thought this reflected well on the platform, because, "people who otherwise wouldn't be able to use a computer can use a Macintosh"!
The Witty Worm demonstrated that a market niche as small as perhaps 12,000 systems can be vulnerable to a worm based attack. The Macintosh is not inherently safe due to niche status. Anybody making this claim is seriously not keeping up with the field of information security.
Worms that have targeted other niche platforms including web servers and database servers of various kinds have also demonstrated that platforms with a few hundred thousand deployed systems (much smaller than the deployed base of Macintosh systems) are vulnerable to worm attacks.
Sorry, I wasn't clear on that. It's intended purely to illustrate that the very notion of efficiency considerations are value laden. One of the underlying assumptions of the essay is that the very idea of a society based on economic efficiency is ultimately unsustainable and doomed to collapse. I thought the essay itself was interesting enough in places to include as the example, despite the whacko tendency of the author to imply a grand conspiracy among economists to promote a social darwinist agenda. Clearly he is not aware that if all the economists in the world were laid out end to end, they still couldn't reach a consensus.
It also reminds me of the science fiction work The Mote in God's Eye where an alien civilization is discovered which goes through long term cycles of rise, overpopulation, and warfare driven collapse.
Tying this back into the Boot Camp discussion, I suspect that the very attempt to interpret Apple's Boot Camp strategy via a lens like this is missing the point. Apple has a lot of users who would like this capability, and virtualization, too, built into Mac OS X. Apple doesn't think that providing this capability will hurt them, and they probably suspect it might help them a little, maybe. Grand interpretations of monopolies colliding in the purely competitive market place of the intel processor (heh) will have to wait until Apple decides to ship Mac OS X on Dell, HP, Gateway, etc.
I don't have any direct evidence to support your claims, but I know that we have approached two ISP, one national, one regional, to get them to try our novel anti-worm / anti-botnet system, to no avail. (They do understand that botnets produce spam.) I suspect that they really don't want to do anything about the problem.
Economic Efficiency in a Nutshell (efficiency described in an abstract, mostly model-independent way)
Economic Efficiency (links to descriptions of various models)
Pereto Efficiency doesn't have much to say about efficiency in the global scope, and consequently doesn't have as much to say about things like this as would, say, some other allocative efficiency model. It's premise is interesting as an analytical tool, but also somewhat fantastic. In the local universe it assumes, allocations that transfer wealth or other valuable resources from you to me would not normally be regarded by you as a non-event, and I regard transfer of non-valuable items from you to me as a liability, so this model has limitations in real world application from the outset, even with limited scope.
Furthermore, economists also understand that real world markets typically are not all that efficient. If they were, then the hundreds of billions of hours spent futzing with Windows PC systems would have led to the ascendancy of Mac OS X as the dominant computing platform back when it was called NeXTSTEP. In the real world, those futzing hours are not measured, and represent an identifiable inefficiency in the market.
Most economists also understand that efficiency is inherently a value judgement, and even the criteria by which efficiency is measured and even modeled involves value judgments.
Economic Efficiency (considered as the basis for society)
Of course, I studied economics for four years at a university, and still regard the entire field of micro-economics with considerable skepticism, so take my observations with a grain of salt. Perhaps it is politicians rather than economists who are to blame for willful misuse of the tools. However, failure to understand the limitations of a given economic analysis tool allows voters to be snowed into supporting all manner of initiatives which are, on the whole, not in their individual nor collective self-interest.
I feel the same way about The Finder in Mac OS X. When Apple finally re-implement that pile of dung to make it work well enough that I won't want to open a Terminal, I probably won't even notice unless they rename it as part of the effort.
Even better (worse):
Suppose the bad guys Google the names on their list (or determine from information on the PC from which their bot got the initial identity data) to select people who are likely to have computer skills? They have plenty of names to pick from. Being somewhat selective about the names they use to open phone lines and bank accounts would be downright obfuscational. Heck, the Evil Doers(TM) could pick people with publicly expressed dissatisfaction with government activities like domestic spying, torture, and secret prisons. Once they have their "short list" of mouthy computer guys with a trojan on their PC, they could even plant fake evidence before using their name to Do Evil Things(TM) before silently fixing the hole in their PC, and removing all traces that the trojan was ever there. Ooooh... that would be ugly.
["Evil Doers" and "Do Evil Things" are trademarks of The Bush Administration.]
Well, considering that the phishers have acquired some expertise in identity theft I'd suspect that the elevated risk involved is for the poor sucker in whose name they opened a phone line. Instead of opening the mail one day to find his credit card balance higher than it should be, he'll wake up to the sound of the FBI kicking in his door. BAM!
Of course, they'll let him go as soon as they figure out he doesn't know anything about computers. But what if the bad guys happen at random chance to use *your* name? Establishing probable deniability likely takes a bit longer when you have the skills required to commit the high tech crime and your FBI-confiscated computer shows you've been discussing phishing in Slashdot threads. You might have to fall back to alibi. Doh!
I read a story a few months ago about a well organized shoplifting ring that was stealing stuff and then selling it in a store they had set up for the purpose. A fake retail store is probably a lower bar than a fake bank branch. (Sorry, I looked for a link and can't find it amidst the flood of "organized shoplifting" stories.)
There have been a few cases of fake ATM machines, though. That's probably more effective than a fake bank branch would be anyway.
Friends don't let friends send email drunk.
John C. Dvorak? I thought that was you! How have you been, old buddy, old pal?
My new starting point is yours. Organizations trust their web servers, they just put them in a DMZ and don't allow them to access the internal network and are prepared to lose any data on them and prepared to re-image them on a moment's notice because they are "most likely to be compromised". The distinction between your position and mine is pretty subtle anyway, but I adopt it heartily here, for the sake of discussion of the relevant point: advising people to avoid untrusted sites is not helpful to the recipients of that advice.
Advising people to "avoid untrusted sites" is the leading contender for "the dumbest advice the security industry has ever given". It's generally given during the time that one's web browser has an un-patched security hole. You can tell it's dumb advice because nobody can answer the natural and simple follow-up question which it evokes: "How does one tell an untrusted site?"
Never mind how one tells before clicking on the apparently innocuous link and actually inspecting the site.
This "loopback evil sites host file" is fine as far as it goes, and I've recommended this as part of a prevention strategy for clients before.
However, the notion of "trusted web sites" is bogus and dangerous (e.g. in web site security, "evil sites are not to be trusted" may be true, but the converse is not necessarily true -- web sites that are not known to be inherently evil are also not "trusted". Companies that build them and run them and put them on the internet for you to puruse don't even trust them. They put them on "sacrificial hosts" in a "DMZ". The *owners* of these web sites don't trust them. Why should anyone else?
The notion of the "trusted web site" is dead. Stone cold it's not pining for the fjords because if it hadn't been nailed there it would be pushing up the daisies, dead.
The reason the AntiVirus vendors keep producing this kind of inflamatory FUD is because it works.
Every time an AntiVirus company issues a fear mongering white paper, press release, or paid article placement in a magazine they get explosive coverage, dozens or hundreds of free articles written about them or their topic of interest, nearly all with links back to their original article. Within limits, bad publicity is publicity and publicity is good.
Meanwhile, companies like mine that are building next-generation network security systems (shameless link to Intrinsic Security AntiWorm) and who try to be good network citizens must work a thousand times harder for links back to our web sites, don't get slashdot stories about us, don't get bazillions of blog entries linking back to us.
Mine is not the only company that suffers this problem. Every time a story by one of these highly bogus AntiVirus FUD spreading companies ticks you off, you should include at the end of your rant about it in your blog a few links to non-bogus internet security companies. We would greatly appreciate it.
Honestly, there are days when I feel like whipping up a FUD press release or scare mongering white paper. It would be easier than taking the publicity high road.
Mainly it's hard because people would like to be able to remember the names of the planets, make posters and whatnot for little kids, write poems about them, name them after greek gods, etc., but it turns out that there are hundreds of round objects circling our sun. Not enough greek gods to go around, and too many for the average person to memorize for sure, especially when they have catalog numbers instead of interesting names.
They have previously survived other blows. I recall that one problem with signature files led some systems to blue screen a year or two ago, but I can't locate the story online. The source CNet article even says that they normally see a false positive about once a quarter. The other vendors suffer false positives, too, as any signature or heuristics based detection method will do.
It's all about cost. At some point in the history of many of these breeches, there was a guy yelling his bloody fool head off that a giant security exposure exists. Management didn't understand the risks, didn't understand the techincal issues that lead to the risk, and do understand one and only one thing: how much does it cost to fix it? Then they just decide. Fix or not? Oftentimes, not. When the fool keeps yelling his bloody head off, he is eventually marginalized and his career is effectively over. That's why people who care about this stuff almost all eventually become consultants. Without immediate risk to your job, you can tell 'em what's broke. When they don't like it, you move on and tell somebody else.
This plan leaves no margin for error at the program level. The flight schedule needed to complete the ISS probably cannot be met by a single vehicle. Suppose a year from now they discover a craft-specific problem with one of the remaining shuttles which requires it to be grounded (while the other flies following inspection which determines it to be free of the hypothetical problem)?
The NASA plan already calls for completing the construction of the ISS and then grounding the shuttles, immediately. This of course leaves no way to get to the newly constructed ISS to do research. The plan also doesn't seem to accomodate lifting new modules to the ISS during its fully functioning research lifetime, which was originally part of the ISS vision for a living breathing station.
NASA is in trouble. The Bush Administration has saddled it with goals that are unrealistic given its funding level. A vague return to the Moon, and eventual trip to Mars, as well as completing the construction of the ISS to kinda sorta meet our international obligations on that project are all likely to fail if we cannot choose between them.
Space research needs a reliable transportation system. This might mean more than one new vehicle. Without a significant increase in funding to NASA, the Space Shuttle should be scrapped immediately and the ISS should be mothballed if possible, scrapped if not. NASA should focus on fixing the problem -- reliable access to space is needed before other lofty objectives can be met.
Merrily Microsoft visited their broker, and while they were there, they dumped their stock, right there on her desk. They're happy to this day that Apple's still there, and they're all thrilled that their agreement to renew the Office for Mac is back there again, right on their track.
The investment served a higher purpose, not directly monetary and cannot be characterized as a bail out in any sense. It's actual purpose was to demonstrate a vote of confidence in Apple's future, and cement the agreement between the companies whereby the rights to certain patents were exchanged, expensive legal battles over those suits were dropped, and Microsoft pledged to continue to develop Office for Mac for five years.
Apple knew they had a PR problem with their user base, and more importantly with the community of financial analysts. I think the investment was made so that these two groups would take the deal seriously. The amount of money involved had to be psychologically interesting to both of these groups, so it had to be fairly large, but it was not a bail out. If Apple was close to circling the drain it was due to exhaustion of intellectual capital, not cash, and that problem was self correctly once Steve Jobs returned to the helm (he is a magnet for top talent.)
Remember, Microsoft has spent a lot of cash the last several years buying their way out of the problems of a convicted monopolist. Apple's price was a heck of a lot lower than Sun's price, for example.
Apple didn't need the cash. There was no bailout. The truth is more interesting.