By the time thunderbolt and associated cables are consumer price, USB 4 will be commonplace. And the high end users who need high end throughput will have moved onto thunderbolt 3.
GigE is last decade. Yes the market for 10 GigE on portables is small, but if no one ever builds it the use cases won't ever exist. Thunderbolt likely costs a few dollars to include on a motherboard, the expense is in the transceivers in the cables.
Sure, it won't be as fast as the same card running in a desktop. But it will be FAR quicker than any mobile GPU available, even running on PCIe x4. Why? Because even at PCIe x16, transfers across the PCIe bus are slow. This is why cards have onboard memory.
Because 10GBe doesn't expose PCI to your peripherals. Thunderbolt isn't JUST for 10GBe NICs, although that is a popular high bandwidth application that no other external connector can currently provide.
Depends what you're doing. If you want to hook up to a fibre-channel SAN or a 10 gig network port (1GBe will get nowhere near saturating your SSD), nothing else will cut it. There already exist use cases for thunderbolt today. They just aren't home-user scenarios.
Except for those use cases where it isn't good enough. Which is where thunderbolt is used. People seem to be expecting it to be as ubiquitous as USB or SATA, which is not ever going to happen, because its not a cheap CPU driven consumer-oriented bus.
It exists so that users of portable machines can plug in high speed peripherals. Not single external hard drives, but arrays, fibre channel, external GPUs, etc.
Most users don't do that. And that's fine. But if you DO need to do that, then USB3 just won't cut it.
Yes, password reset disk. That isn't DOMAIN ADMIN, which is what we're talking about here, and requires physical access to the machine. At which point, all bets are off - it is trivially easy to get root on a linux box you have physical access to also. Unless you're running drive encryption which will make that not possible in both Windows' case as well as Linux, without having the decryption key.
Yes, I believe the user should have the authority to add certificates to the machine's CA store, or otherwise run their own code. As you can do with secure boot, apple devices (dev cert from dev program), etc. I've done it.
Yes, in apple's case you need to pay for a developer cert. It's about the same price as a virus scanner subscription, and virus scanners don't generally work. Unfortunately, without some sort of verifiable chain of trust, other efforts thus far in computing history over the past 30+ years have proven to be ineffective.
Also. Please explain how you can "easily get domain admin" via a compromised windows workstation? I've been administering Windows domains for 15 years now and have yet to see a domain admin account compromise via a workstation compromise.
You're only proving my point - it's a user problem. Get enough retards running Linux and the same situation will emerge. You can secure Windows just fine (well, good enough) without needing to change platform, and without ditching your software library, knowledge base, etc.
Microsoft have discouraged running Windows with a logged in admin user since at least Windows NT4. I wasn't in the industry for NT3.51.
Yup. And the core problem is this: Windows 7 is currently good enough to do whatever people ask of it. I don't particularly like it (I'm an OS X guy by preference these days), but it is good enough.
To justify spending $ in terms of time and money to upgrade to 8, it needs to offer something compelling. "Does basically the same stuff but is more frustrating to use, and breaks a heap of old stuff" is not a compelling argument.
Are they maintaining their own machines, with full administrative access as they would with a typical Windows install that gets owned? If the answer is no, to compare apples to apples, have you removed admin access from their Windows installs and kept those up to date with security fixes?
I have, at work I keep 600+ windows machines up to date with a much smaller than 1% malware rate over the past 3 years.
It's not the operating system, its the way you administer it. If you're going to restrict the users to non-admin status on their Linux boxes, you should compare this to doing so with whatever other operating system. The malware infection rates won't be far off.
Note the use of quotes around "free shit". I'm talking stuff like "free" movies. "Free" social media apps. "Free" porn. Not "free" as in open source.
People will try to get something for nothing outside of open source software whatever platform they are on. The end result is stuff like skype, which uses your network/resources to route other people's calls, or the old porn-dialer software which hijacked your dialup networking stack to route you through a $/hr premium phone number.
So yes, I'm saying that sort of thing will still happen on Linux. It's nothing necessarily to do with the platfrm you are running on, but people's desire to get something for what apears to be nothing, but is in reality paid for by other means, such as targeted advertising (see: chromebook - which is in fact an example of this happening on linux machines), etc.
To clarify my "education will not work" stance: the industry has been attempting to tell end users not to install dodgy shit for at least 15-20 years now to no avail. It doesn't work, unfortunately.
This will be no different if these same users are given an OS X box or Linux machine, and an equal level of market penetration - as these trojans aren't relying on operating system exploits to work. They aren't a Windows problem per-se, they just happen to target that platform for the maximum strike rate vs. effort expended. They are dumb user exploits, and these are portable across any operating system that isn't locked down to only run authorised code.
Ergo, Linux, OS X or any other OS that allows users to run whatever code they like is not a solution. The only workable solution is either widespread user education or code-signing in my opionion. The former being preferable in theory, but even educated users can be tricked with a sufficiently advanced trojan if their trusted software source is compromised - and most end users simply don't care (or alternatively have time to care) about security enough to be sufficiently educated.
Like it or not, code signing is here to stay. No, currently it is not perfect either, but it is more reliable than relying on all of your end users to reliably make the call as to whether software should be trusted or not. Most will get it wrong a lot of the time. Some will get it right most of the time, but still be caught out occasionally. And even fewer will probably get it right in 99% of cases unless overly tired, accidentally click wrong option, their otherwise trusted respository is owned, or whatever.
There is plenty of colourful language and embarassing code in open source, don't you worry. Closed source code is audited before open source release as a matter of course and it isn't just for code quality (otherwise, how do you explain the hideous Netscape source that was released?). It's also to ensure that the company is actually authorised to release everything included.
The possibility of bugs being introduced by unqualified volunteers is also much greater, however. Such as the openSSL bug introduced in debian back in 2006.
Slashdot Mirror
By the time thunderbolt and associated cables are consumer price, USB 4 will be commonplace. And the high end users who need high end throughput will have moved onto thunderbolt 3.
GigE is last decade. Yes the market for 10 GigE on portables is small, but if no one ever builds it the use cases won't ever exist. Thunderbolt likely costs a few dollars to include on a motherboard, the expense is in the transceivers in the cables.
Show me a laptop with SCSI, fibre channel or 10GBe please.
Sure, it won't be as fast as the same card running in a desktop. But it will be FAR quicker than any mobile GPU available, even running on PCIe x4. Why? Because even at PCIe x16, transfers across the PCIe bus are slow. This is why cards have onboard memory.
Because 10GBe doesn't expose PCI to your peripherals. Thunderbolt isn't JUST for 10GBe NICs, although that is a popular high bandwidth application that no other external connector can currently provide.
Depends what you're doing. If you want to hook up to a fibre-channel SAN or a 10 gig network port (1GBe will get nowhere near saturating your SSD), nothing else will cut it. There already exist use cases for thunderbolt today. They just aren't home-user scenarios.
Compare a thunderbolt cable to a Cisco 10 gig copper cable and tell me thunderbolt is overpriced.
Except for those use cases where it isn't good enough. Which is where thunderbolt is used. People seem to be expecting it to be as ubiquitous as USB or SATA, which is not ever going to happen, because its not a cheap CPU driven consumer-oriented bus.
It exists so that users of portable machines can plug in high speed peripherals. Not single external hard drives, but arrays, fibre channel, external GPUs, etc.
Most users don't do that. And that's fine. But if you DO need to do that, then USB3 just won't cut it.
It's not a mass market consumer technology. Itsa the modern day equivalent of SCSI.
How is it the best? If you dont think anyone would want a facebook phone, you've clearly had nothing to do with women.
You mean like myspace?
Let us know when you have some users.
Yes, password reset disk. That isn't DOMAIN ADMIN, which is what we're talking about here, and requires physical access to the machine. At which point, all bets are off - it is trivially easy to get root on a linux box you have physical access to also. Unless you're running drive encryption which will make that not possible in both Windows' case as well as Linux, without having the decryption key.
Yes, I believe the user should have the authority to add certificates to the machine's CA store, or otherwise run their own code. As you can do with secure boot, apple devices (dev cert from dev program), etc. I've done it.
Yes, in apple's case you need to pay for a developer cert. It's about the same price as a virus scanner subscription, and virus scanners don't generally work. Unfortunately, without some sort of verifiable chain of trust, other efforts thus far in computing history over the past 30+ years have proven to be ineffective.
Windows XP shipped with IE6. Browsing the internet with an un-patched machine is silly regardless of OS.
Also. Please explain how you can "easily get domain admin" via a compromised windows workstation? I've been administering Windows domains for 15 years now and have yet to see a domain admin account compromise via a workstation compromise.
Microsoft have discouraged running Windows with a logged in admin user since at least Windows NT4. I wasn't in the industry for NT3.51.
Yup. And the core problem is this: Windows 7 is currently good enough to do whatever people ask of it. I don't particularly like it (I'm an OS X guy by preference these days), but it is good enough.
To justify spending $ in terms of time and money to upgrade to 8, it needs to offer something compelling. "Does basically the same stuff but is more frustrating to use, and breaks a heap of old stuff" is not a compelling argument.
Are they maintaining their own machines, with full administrative access as they would with a typical Windows install that gets owned? If the answer is no, to compare apples to apples, have you removed admin access from their Windows installs and kept those up to date with security fixes?
I have, at work I keep 600+ windows machines up to date with a much smaller than 1% malware rate over the past 3 years.
It's not the operating system, its the way you administer it. If you're going to restrict the users to non-admin status on their Linux boxes, you should compare this to doing so with whatever other operating system. The malware infection rates won't be far off.
And does she maintain her own machine? Or does a technical user do so?
Note the use of quotes around "free shit". I'm talking stuff like "free" movies. "Free" social media apps. "Free" porn. Not "free" as in open source.
People will try to get something for nothing outside of open source software whatever platform they are on. The end result is stuff like skype, which uses your network/resources to route other people's calls, or the old porn-dialer software which hijacked your dialup networking stack to route you through a $/hr premium phone number.
So yes, I'm saying that sort of thing will still happen on Linux. It's nothing necessarily to do with the platfrm you are running on, but people's desire to get something for what apears to be nothing, but is in reality paid for by other means, such as targeted advertising (see: chromebook - which is in fact an example of this happening on linux machines), etc.
To clarify my "education will not work" stance: the industry has been attempting to tell end users not to install dodgy shit for at least 15-20 years now to no avail. It doesn't work, unfortunately.
This will be no different if these same users are given an OS X box or Linux machine, and an equal level of market penetration - as these trojans aren't relying on operating system exploits to work. They aren't a Windows problem per-se, they just happen to target that platform for the maximum strike rate vs. effort expended. They are dumb user exploits, and these are portable across any operating system that isn't locked down to only run authorised code.
Ergo, Linux, OS X or any other OS that allows users to run whatever code they like is not a solution. The only workable solution is either widespread user education or code-signing in my opionion. The former being preferable in theory, but even educated users can be tricked with a sufficiently advanced trojan if their trusted software source is compromised - and most end users simply don't care (or alternatively have time to care) about security enough to be sufficiently educated.
Like it or not, code signing is here to stay. No, currently it is not perfect either, but it is more reliable than relying on all of your end users to reliably make the call as to whether software should be trusted or not. Most will get it wrong a lot of the time. Some will get it right most of the time, but still be caught out occasionally. And even fewer will probably get it right in 99% of cases unless overly tired, accidentally click wrong option, their otherwise trusted respository is owned, or whatever.
Humans are fallible. Some more than others.
There is plenty of colourful language and embarassing code in open source, don't you worry. Closed source code is audited before open source release as a matter of course and it isn't just for code quality (otherwise, how do you explain the hideous Netscape source that was released?). It's also to ensure that the company is actually authorised to release everything included.
The possibility of bugs being introduced by unqualified volunteers is also much greater, however. Such as the openSSL bug introduced in debian back in 2006.