The register generally has very whitty and sharp commentary surrounding many facets of the computing industry. Their review of SP2 however, lacked a reasonable level of objectivity.
The first section of the article goes on to explain how a number of services are left on that "shouldn't be". This is for the most part a subjective rant about services that have traditionally been a source of system compromise. The "Hate On Microsoft" stick was made apparent when the author went so far as to proclaim that the DHCP client service and DNS client service should be off by default, "DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default."DNS Client, automatic. Unnecessary on most home machines. Should be disabled by default." that wouldn't be a very useful computer would it? How about hitting up google for an answer to "Why can't I check my mail, browse the web, or do ANYTHING online?" - oh, wait...
Among some of the old favorites that were left on, file and print services made the list. That would be pretty bogus if the system's firewall wasn't turned on by default:
"The new "Windows Firewall" packet filter is turned on by default, finally. However, an exception for Remote Assistance connections is enabled, which is preposterous, although file and printer sharing, and UPnP, are blocked by the firewall as they should be."
Since it's firewalled, it's a non-issue. In fact, most of the article is written as if the system's firewall is not installed. Remote assistance is referenced in almost all of the help documents it would be a pretty bad user experience if you wanted help - but couldn't get it. As far as I can tell there has been no exploit based on this service since the introduction of XP.
Generally speaking unused services should be turned off. The only reasonable way to address this would have been yet another wizard that would ask the user how they use the computer and set services setting accordingly. However, the question of "Is sp2 remotely exploitable out of the box? More to the point is it secure from a network perspective, now and into the future?" The answer to that question is generally yes. Unless there is a nasty buffer overflow of some kind in the firewall (one hasn't been found, not to say it won't) an SP2 box is pretty safe on the network.
Wasn't that the point of SP2?
When evaluating the effectiveness of SP2 the net result needs to be evaluated. Many critics have evaluated the implementation. A lot of people might NOT AGREE with File sharing, RPC, Remote Assistance, or any number of the other services being on by default for that matter, but does it matter from an exploitability perspective? Only if that port is available for remote exploitation -- which is not the case.
Network issues aside, IE and the shell both do a good job of throwing up warning dialogs when the user is about to run an executable. There is also the "Data Execution Prevention" feature that detects when "data" is trying to execute as a program, though for it to work well the hardware has to support non-executable memory regions. Only time will tell how well those measures aid in stopping the propagation of worms.
Did this guy just wake up from a coma? The shuttle has been around since the early 80's. Hurricanes have been around, right, since well, as long as any human can remember. Why is this even news worthy? It's always been a risk, it will continue to be a risk.
Silly rabbit, upgrades are for other OS's. You see, the term "upgrade" doesn't really fit into the subscription based model that MS has been alluding to. You'll "subscribe" to the windows platform after purchasing your new PC in 2006 and you'll continue to pay and you'll continue to receive things like winFS, avalon, indigo and whatever else they think up. the fact that MS is stating that they will be available as updates indicates such a strategy. the problem however... is microsoft's "it's done when it's done" philosophy. this philosophy doesn't work well for people who pay money on a recurring basis to get new and exciting features. They, and most software companies seem to have a history of delayed software releases.
The parent wasn't racist. It's well known that compton and watts have a high crime rate. There was nothing said about ethnicity, with execption for your post.
$100/shr. * 6 million outstanding shares = $600,000,000
Microsoft spent 2 billion on the settlement with sun. No one was concerned, why? With QUARTERLY profits of 10 BILLION dollars, MSFT can buy most anything it wants. They also have tremendous cash reserves.
If microsoft wants google, there is a good chance that they can get it.
transfers now take place over the internet instead of via a private banking network.
A private banking network is the ultimate level of security through obscurity. In such a closely "protected environment" one could get away with being very lazy, but we don't know if they have or not, becuase it's private. All we DO know is that it seems to have work reliably for a long time. Generally, this would give me faith in the architects ability to construct a well built, resilient network.
Might a DDOS attack on the Fed's computers bring down the entire banking system?" The banks have put some thought into security.
Not likely. A well thought out network pan can prevent this from happening.
They aren't specifying the types of security measures that will be used (security through obscurity?)
Why should they? For "peer review"? I'm thinking that the banks have this one covered. In their case it is in their best interests to have the best security possible. In fact, I read somewhere that banking institutions are testing the use of entangled particles for use in secure transactions, sorry no link.
Am I the only one who thinks that this is a very bad idea?
Probably not, but I think so far they have done a good job, I'm not worried.
I think my beef is with the X Prize foundation. Just offering a whacker of cash to achive the goal of sub-orbital flight isn't enough. They should be doing more to help the people reach the goal - and in the process help ensure a greater degree of safety. Given the places where they are testing their rockets, e.g. Mojave - I think you won't end up with too much "collateral damage".
These events speak for themselves. It's frightening to see launch tests take place.
NASA spent such a rediculously large amount of money testing and building rockets, as did the russians. Some might say that's exactly the problem. But both agencies had a number of spectacular failures. To this day there is no rocket in existance that has a 100% success rate.
That should be an indication that it's extremely difficult to build and launch rockets. I'm just worried about when someone actually gets in one of their own personal roman candles, hoping to make it to the edge of space they will find themselves going home in a body bag.
I'd say in general that the X-Prize should have some rules around who and how people compete. The real key is having A) Money B) Talent. The foundation should at least provide talent, expert guidance and such. Money, can come from sponsors etc. I just think the foundation has an obligation to ensure the safety of the teams competing.
Hope and optimism can be very dangerous, especially in the context of engineering.
"They have to actually, in order to keep a balance"
No. The card could have a unique id, which is then linked to an account stored on a very large system. Everytime you walk through the turnstyle, the account, with the associated ID, is updated.
To update your card, a cash machine accepts money and places it in your account.
Oh wait, thats the OTHER global transactional system.
In the context of subways, the method is also tamper proof, unless of course you lose your card.
It doesn't work. Scaled has been so meticulous about testing, and it's paid off. I don't see the same level of testing in the the competing team. Component level testing only works to a point... Then you need to test the whole shebang.
Someone is going to get hurt. It's not all about that.
Better to understand how the computer works, and learn to type as you use it. I don't think that voice and other technologies are going replace the KeyBwa anytime soon though.
My point is that if you want them to NOT require a registration, you can't visit the site that requires a registration.
Their ad revenue is dependent on your click to the article. If you don't click, that's one less person visiting the site. It doesn't matter if you use someone elses login. There is a very good chance that most sites cannot tell that the same login is being used to visit a particular article. Most sites are not built in a way that would allow them to report that sort of information.
Clicks = Dollars. No click - no dollar. No dollar - no more registrations.
Common misconception -- they are driven by the number of dollars that advertisers are willing to pay to get their message into some number of eye balls.
Eye balls = advertiser $$$. I didn't think it needed to be spelled out.
Online advertisers don't care as much about reaching the widest audience possible as they are about reaching the segment of the audience most likely to result in sales.
This is true, but has nothing to do with what i'm proposing. A reduction of traffic in general, will result in lost revene, and less interest to advertise. The site will ultimately have less of a case for the media networks to choose their site when buying on-line media.
A site operator can make more money with 10,000 users he knows everything about than he can with 10,000,000 users he knows nothing about.
It's not just about profile but traffic volume. There are other ways to prove who is visiting your site than by an online profile. Focus groups, surveys, and other tools can be used (and deliver higher quality data) than self reported information. In addition - a profile is only as good as the answers. Considering that there is no incentive for properly anserwing the site reg. questions - the probabiltiy of junk data is high.
Also consider that no matter how good your advertising is - an outstanding click rate is in the neighborhood of 2%. An average rate is slightly below 1%. Clicks are directly proportional to volume.
Register, and don't read it. The companies will see this in their traffic stats and realize that registration effects readership reach. They are after all driven by the number of eye balls that grace their sites.
Using fake data isn't going to help becuase it doesn't lower the traffic volume.
Slashdot Mirror
The register generally has very whitty and sharp commentary surrounding many facets of the computing industry. Their review of SP2 however, lacked a reasonable level of objectivity.
The first section of the article goes on to explain how a number of services are left on that "shouldn't be". This is for the most part a subjective rant about services that have traditionally been a source of system compromise. The "Hate On Microsoft" stick was made apparent when the author went so far as to proclaim that the DHCP client service and DNS client service should be off by default, "DHCP Client, automatic. Unnecessary on most home machines. Should be disabled by default. "DNS Client, automatic. Unnecessary on most home machines. Should be disabled by default." that wouldn't be a very useful computer would it? How about hitting up google for an answer to "Why can't I check my mail, browse the web, or do ANYTHING online?" - oh, wait...
Among some of the old favorites that were left on, file and print services made the list. That would be pretty bogus if the system's firewall wasn't turned on by default:
"The new "Windows Firewall" packet filter is turned on by default, finally. However, an exception for Remote Assistance connections is enabled, which is preposterous, although file and printer sharing, and UPnP, are blocked by the firewall as they should be."
Since it's firewalled, it's a non-issue. In fact, most of the article is written as if the system's firewall is not installed. Remote assistance is referenced in almost all of the help documents it would be a pretty bad user experience if you wanted help - but couldn't get it. As far as I can tell there has been no exploit based on this service since the introduction of XP.
Generally speaking unused services should be turned off. The only reasonable way to address this would have been yet another wizard that would ask the user how they use the computer and set services setting accordingly. However, the question of "Is sp2 remotely exploitable out of the box? More to the point is it secure from a network perspective, now and into the future?" The answer to that question is generally yes. Unless there is a nasty buffer overflow of some kind in the firewall (one hasn't been found, not to say it won't) an SP2 box is pretty safe on the network.
Wasn't that the point of SP2?
When evaluating the effectiveness of SP2 the net result needs to be evaluated. Many critics have evaluated the implementation. A lot of people might NOT AGREE with File sharing, RPC, Remote Assistance, or any number of the other services being on by default for that matter, but does it matter from an exploitability perspective? Only if that port is available for remote exploitation -- which is not the case.
Network issues aside, IE and the shell both do a good job of throwing up warning dialogs when the user is about to run an executable. There is also the "Data Execution Prevention" feature that detects when "data" is trying to execute as a program, though for it to work well the hardware has to support non-executable memory regions. Only time will tell how well those measures aid in stopping the propagation of worms.
We'll be fine, hopefully. :-)
Did this guy just wake up from a coma? The shuttle has been around since the early 80's. Hurricanes have been around, right, since well, as long as any human can remember. Why is this even news worthy? It's always been a risk, it will continue to be a risk.
90% of the population of canada lives within 300 miles of the border.
IIS exploit attempts
the default config in 2k3 is very pessimistic. can't say that i've had one of those work since the orginal code red.
thanks for the support, it was a joke.
must be so happy that his child has grown up to unite the people of the world.
I wonder what the internet got al gore on fathers day?
Silly rabbit, upgrades are for other OS's. You see, the term "upgrade" doesn't really fit into the subscription based model that MS has been alluding to. You'll "subscribe" to the windows platform after purchasing your new PC in 2006 and you'll continue to pay and you'll continue to receive things like winFS, avalon, indigo and whatever else they think up. the fact that MS is stating that they will be available as updates indicates such a strategy. the problem however... is microsoft's "it's done when it's done" philosophy. this philosophy doesn't work well for people who pay money on a recurring basis to get new and exciting features. They, and most software companies seem to have a history of delayed software releases.
And that would be...?
The parent wasn't racist. It's well known that compton and watts have a high crime rate. There was nothing said about ethnicity, with execption for your post.
$100/shr. * 6 million outstanding shares = $600,000,000
Microsoft spent 2 billion on the settlement with sun. No one was concerned, why? With QUARTERLY profits of 10 BILLION dollars, MSFT can buy most anything it wants. They also have tremendous cash reserves.
If microsoft wants google, there is a good chance that they can get it.
transfers now take place over the internet instead of via a private banking network.
A private banking network is the ultimate level of security through obscurity. In such a closely "protected environment" one could get away with being very lazy, but we don't know if they have or not, becuase it's private. All we DO know is that it seems to have work reliably for a long time. Generally, this would give me faith in the architects ability to construct a well built, resilient network.
Might a DDOS attack on the Fed's computers bring down the entire banking system?" The banks have put some thought into security.
Not likely. A well thought out network pan can prevent this from happening.
They aren't specifying the types of security measures that will be used (security through obscurity?)
Why should they? For "peer review"? I'm thinking that the banks have this one covered. In their case it is in their best interests to have the best security possible. In fact, I read somewhere that banking institutions are testing the use of entangled particles for use in secure transactions, sorry no link.
Am I the only one who thinks that this is a very bad idea?
Probably not, but I think so far they have done a good job, I'm not worried.
And the 3500+ and the Xeon are in the same processor class how?
The 3500+ is a mainstream, desktop processor. For a more accurate comparison, the FX series, and the opteron line should have been used.
I wasn't saying that the card's information wasn't changed. Simply, that that's not the only way to approach such a system.
I think my beef is with the X Prize foundation. Just offering a whacker of cash to achive the goal of sub-orbital flight isn't enough. They should be doing more to help the people reach the goal - and in the process help ensure a greater degree of safety. Given the places where they are testing their rockets, e.g. Mojave - I think you won't end up with too much "collateral damage".
These events speak for themselves. It's frightening to see launch tests take place.
NASA spent such a rediculously large amount of money testing and building rockets, as did the russians. Some might say that's exactly the problem. But both agencies had a number of spectacular failures. To this day there is no rocket in existance that has a 100% success rate.
That should be an indication that it's extremely difficult to build and launch rockets. I'm just worried about when someone actually gets in one of their own personal roman candles, hoping to make it to the edge of space they will find themselves going home in a body bag.
I'd say in general that the X-Prize should have some rules around who and how people compete. The real key is having A) Money B) Talent. The foundation should at least provide talent, expert guidance and such. Money, can come from sponsors etc. I just think the foundation has an obligation to ensure the safety of the teams competing.
Hope and optimism can be very dangerous, especially in the context of engineering.
"They have to actually, in order to keep a balance"
No. The card could have a unique id, which is then linked to an account stored on a very large system. Everytime you walk through the turnstyle, the account, with the associated ID, is updated.
To update your card, a cash machine accepts money and places it in your account.
Oh wait, thats the OTHER global transactional system.
In the context of subways, the method is also tamper proof, unless of course you lose your card.
It doesn't work. Scaled has been so meticulous about testing, and it's paid off. I don't see the same level of testing in the the competing team. Component level testing only works to a point... Then you need to test the whole shebang.
Someone is going to get hurt. It's not all about that.
For the record - I just assume that people would think that it's most efficient to use all available digits to type.
Better to understand how the computer works, and learn to type as you use it. I don't think that voice and other technologies are going replace the KeyBwa anytime soon though.
Subject: Don't Register, and don't read it.
Don't register, and don't read it.
My point is that if you want them to NOT require a registration, you can't visit the site that requires a registration.
Their ad revenue is dependent on your click to the article. If you don't click, that's one less person visiting the site. It doesn't matter if you use someone elses login. There is a very good chance that most sites cannot tell that the same login is being used to visit a particular article. Most sites are not built in a way that would allow them to report that sort of information.
Clicks = Dollars. No click - no dollar. No dollar - no more registrations.
Common misconception -- they are driven by the number of dollars that advertisers are willing to pay to get their message into some number of eye balls.
Eye balls = advertiser $$$. I didn't think it needed to be spelled out.
Online advertisers don't care as much about reaching the widest audience possible as they are about reaching the segment of the audience most likely to result in sales.
This is true, but has nothing to do with what i'm proposing. A reduction of traffic in general, will result in lost revene, and less interest to advertise. The site will ultimately have less of a case for the media networks to choose their site when buying on-line media.
A site operator can make more money with 10,000 users he knows everything about than he can with 10,000,000 users he knows nothing about.
It's not just about profile but traffic volume. There are other ways to prove who is visiting your site than by an online profile. Focus groups, surveys, and other tools can be used (and deliver higher quality data) than self reported information. In addition - a profile is only as good as the answers. Considering that there is no incentive for properly anserwing the site reg. questions - the probabiltiy of junk data is high.
Also consider that no matter how good your advertising is - an outstanding click rate is in the neighborhood of 2%. An average rate is slightly below 1%. Clicks are directly proportional to volume.
Register, and don't read it. The companies will see this in their traffic stats and realize that registration effects readership reach. They are after all driven by the number of eye balls that grace their sites.
Using fake data isn't going to help becuase it doesn't lower the traffic volume.
It's time for some "Virtual Boycotting"!
Of course you will, you just bought it.