I won't say whether or not MS is participating in any program of this sort. I've no way of knowing.
However, I am a long-time participant in a mailing list that shares certain characteristics with this forum. The population of that forum is at least slightly above the norm in technical experience and is quite diverse in terms of the platforms used.
In that forum, I find that there's an informal cadre of MS defenders. Some, I believe, do argue from their perspective of the truth. That might be true of all of these people, in fact. But there is certainly an air of self-interest at play. When you ask an MSCE, expect to hear positive comments about MS products and environments.
This isn't universally true, thankfully. There is at least one MSCE in that forum that is as critical of MS products as others. In fact, his insights often prove quite interesting, given the "inside information" (at least, from the perspective of one such as myself that avoids MS products {8^) he can cite.
But remember that there are a lot of people that depend upon the universal acceptance of MS products for their financial well being. That may very well be behind the pro-MS postings read here.
>A little QA testing (and don't even start with me >about it being "hardcore" - it just plain sucks) >would have prevented this whole issue. And >where, pray tell, does that leave your >argument, my dear idiot?
I don't want to discount the utility of QA work. However, neither security nor quality can be "tested" into a system. They must be a part of the original goal to be achieved by the system being designed and implemented.
As long as security and quality are of lower priority to the designers than "ease of use" or "performance", one will end up with easily used systems that are easily hacked, or where a bug in a piece of software can take out the entire OS.
I cannot speak to the Windows 2000 product from MS, but NT4 had some...choices...that could not have been made if security were at all a consideration. My favorite of these is putting user-modifiable information (profiles, desktops, etc.) under the system directory. This leads to the default situation where users have write access to system software.
Just imagine how much more difficult it would be to damage a machine's software via email or the web if users lacked write access to system (and application) directories. This is a trivial thing, standard practice on any multiuser system I've used - except for those running MS environments - since 1978.
It is less of an "infrastructure challenge" then you might thing. Actually, I can think of a couple of easy technological solutions just off the top of my head. Likely these aren't even the best.
However, the "alliance" comment is right on the mark. I've no idea how likely or unlikely such a thing is. But it is worth noting that it doesn't require this alliance with all sites displaying DoubleClick ads; only a few.
Let's consider one interesting case: Yahoo. Let's also assume that they display DoubleClick ads (I believe so, but I've not checked this). Yahoo has various means of inducing people to "sign up". That's a pool of identities that can be matched to DoubleClick's database. One the names from Yahoo are matched to DoubleClick cookies, your identity is tracked on *every* site displaying DoubleClick ads.
Does Yahoo provide this information to DoubleClick? I've no idea, but they're only one example.
Another point to consider is whether there is a way to get this information w/o the cooperation of the site displaying the ads. I'm thinking, for example, of email addresses being embedded in query strings.
Given the problems that, for example, Hotmail has had with security, such a thing would not amaze me.
A final point: mail messages with embedded HTML that accesses banner ads. This is a perfect way to match email addresses (and therefore people) to cookies.
The worst aspect to this, from my perspective, is that it will only take a small abuse of this sort to generate a potentially nasty backlash against Internet commerce. Whatever form this takes, I'd not look forward to it.
At least at the moment, the real cookies being used are 8 hex digits representing an increasing value, with the name of 'id'. There's also what appears to be a temporary of A=id that is replaced at the second ad view.
I've used a few, but the latest appears to be around d81af???, where the final three digits are missing because...well, guess.
So a perfectly valid value would likely be id=d81af000.
>they dont have name->cookie pairs. so how >are they going to make use of the name database?
First, recall that most browsers send - as a part of every HTTP request - a field called HTTP_REFERER. In the case of an image, this tells the web server the URL of the page on which the image has been displayed.
Therefore, DoubleClick's servers get not just the cookie, but also the URL of the page on which the ad is displayed. This includes the query string of that URL. More, many uses of banner ads include query strings in the URLs to those banners, passing even more information.
What DoubleClick has, based upon the above, is an easy way to map between a DoubleClick cookie and a visitor to all those many web sites which display DoubleClick ads. This means that they know a great deal about a person's browsing history.
But you're correct that this isn't enough to get a name. However, once you pass your name (ie. as a part of a purchase, or even just a request for information via a form) to one of those sites which uses DoubleClick ads, that site's information can be combined with DoubleClick's to determine precisely who you are.
Note that it only takes one "leak" of this information. Because your name is now associated with a DoubleClick cookie, all activity associated with that cookie - past, future, and all web sites - is now associated with you.
>I would rather have to know what I am doing and >have something very simpe and manageable to work >with rather than have some huge incomprehensible >nest of crap that I am shielded from by an >extravagant GUI.
You'd think, after the debacle of @Home's clients' lack of security bringing that UDP so close, people would be a little more aware that "system administration" is not a "point-n-click" job. It takes some awareness of the environment of the machine as well as the environment in which the machine will be operating.
Pretty buttons are irrelevent, and a GUI can often get in the way by reducing flexibility.
>What this all comes down to is that companies are >trying to save a buck and are using so called >'web developers' that don't know what they are >doing
That, plus "going cheap" by not hiring a network administrator that can pronounce "firewall", not running DB and web on separate machines, etc.
Certainly not all companies are this cheap, but many are. However, an important point is that they get away with it. Why?
Too many "e-commerce" clients want As Cheap As Possible. They want their web/db server costs at "the usual $20/month". So the vendors which spend more on security and infrastructure are out of luck for being overpriced.
Looking at this from a different perspective, I have to cite an ex-client. They decided - for security reasons - to host a machine at a "secure" location (ie. Exodus). However, they run the web server on the same machine as the Sybase server. The Sybase server is listening on a port that is completely open to the Internet. They have finally put an SA password in place, but the server itself is still wide open.
The dataserver is also configured so that all devices are on file systems. This is an invitation to corruption.
How did these occur? Because the technical staff at this company has no idea what it is doing. Why does the management of the company permit this? Because they've no idea what they're missing. Since Internet Businesses are "for the young", the owners of the company decided that a young senior techie was a normal thing.
And perhaps it is. This is not the first time I've seen this sort of thing.
Note: this company is using Solaris, Stronghold, and Sybase. These are all products that I very much respect. So it may be a mistake to look too closely at *any* product, if you're looking to place blame. No product is good enough - at least today - to survive improper administration.
Perhaps that is the next level to which we must take our products: secured against administrative abuse .
Partially, for historical reasons. For example, the 'kill' command found in most UNIX shells is a signal transmitter. Only some of the signals which may be sent involve terminating a process. At least one is the opposite: SIGCONT to *continue* a stopped process.
Then there's C's STDLIB's abort(), which has its own nasty ring, or resource "deadlocks", the wait(2) man page which talks about a "child process terminated"...
Why this history? Because we software people are a morbid bunch, I think, laughing in the face of a universal truth even nastier than taxation.
>After my complaint email was sent, I received an >automated reply stating: > a)that I would likely not ever hear >anything from them regarding this matter, and > b)that they would take no action >unless I included my system logfiles and other >detailed information.
I've done that (submitted router and tcp_wrapper logs) and received exactly the same reply as you: silence.
In a sense, @Home is trapped by a problem not of their making. This is true of all vendors of "high bandwidth" and "always on" connectivity, of course, but that doesn't make it any less relevent to @Home.
The issue is that computers are not as easy to administer as some companies like to claim.
Consider: is a computer more or less complex than an automobile? Yet how many people maintain their own cars? Yes, I know that some hobbyists do. And I expect that this will always be true of computers as well.
But there's this entire support system out there for automobile users that have neither the interest nor the knowledge to maintain their own cars. No equivilent exists for computer users. Ask nontechnical users, and they won't even perceive a need. Ask many of these if they maintain their own autos, and you'll receive something like "of course not" in the vast majority of cases.
For good or ill, the general population has been convinced that computers are trivial devices that are as easy to run as a VCR. Easier, in fact, given the number of blinking 12:00 displays to be seen. Companies like @Home are feeling the weight of this grand untruth.
This hits them every time an @Home user has an open NNTP or SMTP relay, an insecure system that turns into a stepping stone for system crackers, or a machine which broadcast its entire disk to the world.
Another issue, less important in my opinion but still true, is that there are Bad People around. On a 9600 modem, they're annoying. On a DSL or Cable connection, they're more of a threat. This is yet another "cost" of being @Home. Unfortunately, this is also a cost of being a (topological) neighbor of @Home.
Kutos to PBI for handling the situation so much better, and Congrats on your ISP choice.
Unfortunately, "good enough" is the enemy of excellence. MS products, VCRs, and even bathtubs (yes!) are examples.
So is the idea of "bundling". Like storing only two digits of a year, there may have been a time when this was the easiest solution for the light-weight user. But I firmly believe that this is no longer the case. By making bundling more difficult, perhaps we leave an economic niche for The Better Way (or at least *a* better way).
So this hypothetical split - which will make bundling more difficult - could easily yield a major improvement in how software is purchased and installed. That would be a definite improvement for all users: those that want the ease and those that want the flexibility.
The answer to this question is really beside the point. The question *has* a well defined answer. That the majority of people w/o a CS background might not understand it - or agree with it - is no different than the fact that gravity worked the way it works even before Newton explained it. Reality simply is.
However, I do see what you're saying. There is a strong benefit to some consumers to a "one stop shop" model. That's obvious; otherwise there'd be no one stop shops .
So we've an interesting problem. Bundling is Bad, and yet Bundling is Good. That different audiences weigh these differently just adds to the fun.
Perhaps it is time for a different model for software distribution. Ideally, we'd have a model which replaced bundling's ease and simplicity, but corrected the problems of economic and technologic inflexibility.
This isn't necessarily a major leap. Software installations are getting easier all the time. I think that some major mistakes have been made in this - for example, I've seen installs on MS fail w/o providing a useful error (I guess errors are considered unfriendly). But we're moving, I think, in the right direction. I'm very happy with SUN's pkgadd and Redhat's RPMs, for example.
Add to this some of the 1970s concepts of UNIX that have been lost to MS, such as library versioning (or perhaps runtime-set library search paths), and it should be "safe" to install something. That is, one shouldn't fear installing product X because it might corrupt a library used by product Y.
Finally, plug in decent bandwidth so that software can be downloaded, and the world can be a much simpler place for users.
SUN workstations some with the ability to boot and self-install over "the network". This is normally considered to be a LAN, but I don't see this limit as necessarily valid as bandwidth increases.
Similarly, machines can come with a "product browser". This permits searching for, buying, and installing, desired packages. This could be flexible enough that a local CD can be used to speed things up.
SYBASE does something of this sort. When you select to install products from a CDROM, the CDROM is scanned to see what products are available. Add in a "search the net" option, and we're close to there.
I don't say that I've beaten this nail down completely. In fact, my proposed (incomplete) solution is really besides my major point: that we need a replacement to the idea of "bundling" that provides the same - or greater - ease with improvements to safety and flexibility.
Slashdot Mirror
I won't say whether or not MS is participating in any program of this sort. I've no way of knowing.
However, I am a long-time participant in a mailing list that shares certain characteristics with this forum. The population of that forum is at least slightly above the norm in technical experience and is quite diverse in terms of the platforms used.
In that forum, I find that there's an informal cadre of MS defenders. Some, I believe, do argue from their perspective of the truth. That might be true of all of these people, in fact. But there is certainly an air of self-interest at play. When you ask an MSCE, expect to hear positive comments about MS products and environments.
This isn't universally true, thankfully. There is at least one MSCE in that forum that is as critical of MS products as others. In fact, his insights often prove quite interesting, given the "inside information" (at least, from the perspective of one such as myself that avoids MS products {8^) he can cite.
But remember that there are a lot of people that depend upon the universal acceptance of MS products for their financial well being. That may very well be behind the pro-MS postings read here.
>A little QA testing (and don't even start with me
>about it being "hardcore" - it just plain sucks)
>would have prevented this whole issue. And
>where, pray tell, does that leave your
>argument, my dear idiot?
I don't want to discount the utility of QA work. However, neither security nor quality can be "tested" into a system. They must be a part of the original goal to be achieved by the system being designed and implemented.
As long as security and quality are of lower priority to the designers than "ease of use" or "performance", one will end up with easily used systems that are easily hacked, or where a bug in a piece of software can take out the entire OS.
I cannot speak to the Windows 2000 product from MS, but NT4 had some...choices...that could not have been made if security were at all a consideration. My favorite of these is putting user-modifiable information (profiles, desktops, etc.) under the system directory. This leads to the default situation where users have write access to system software.
Just imagine how much more difficult it would be to damage a machine's software via email or the web if users lacked write access to system (and application) directories. This is a trivial thing, standard practice on any multiuser system I've used - except for those running MS environments - since 1978.
It is less of an "infrastructure challenge" then you might thing. Actually, I can think of a couple of easy technological solutions just off the top of my head. Likely these aren't even the best.
However, the "alliance" comment is right on the mark. I've no idea how likely or unlikely such a thing is. But it is worth noting that it doesn't require this alliance with all sites displaying DoubleClick ads; only a few.
Let's consider one interesting case: Yahoo. Let's also assume that they display DoubleClick ads (I believe so, but I've not checked this). Yahoo has various means of inducing people to "sign up". That's a pool of identities that can be matched to DoubleClick's database. One the names from Yahoo are matched to DoubleClick cookies, your identity is tracked on *every* site displaying DoubleClick ads.
Does Yahoo provide this information to DoubleClick? I've no idea, but they're only one example.
Another point to consider is whether there is a way to get this information w/o the cooperation of the site displaying the ads. I'm thinking, for example, of email addresses being embedded in query strings.
Given the problems that, for example, Hotmail has had with security, such a thing would not amaze me.
A final point: mail messages with embedded HTML that accesses banner ads. This is a perfect way to match email addresses (and therefore people) to cookies.
The worst aspect to this, from my perspective, is that it will only take a small abuse of this sort to generate a potentially nasty backlash against Internet commerce. Whatever form this takes, I'd not look forward to it.
At least at the moment, the real cookies being used are 8 hex digits representing an increasing value, with the name of 'id'. There's also what appears to be a temporary of A=id that is replaced at the second ad view.
I've used a few, but the latest appears to be around d81af???, where the final three digits are missing because...well, guess.
So a perfectly valid value would likely be id=d81af000.
>they dont have name->cookie pairs. so how
>are they going to make use of the name database?
First, recall that most browsers send - as a part of every HTTP request - a field called HTTP_REFERER. In the case of an image, this tells the web server the URL of the page on which the image has been displayed.
Therefore, DoubleClick's servers get not just the cookie, but also the URL of the page on which the ad is displayed. This includes the query string of that URL. More, many uses of banner ads include query strings in the URLs to those banners, passing even more information.
What DoubleClick has, based upon the above, is an easy way to map between a DoubleClick cookie and a visitor to all those many web sites which display DoubleClick ads. This means that they know a great deal about a person's browsing history.
But you're correct that this isn't enough to get a name. However, once you pass your name (ie. as a part of a purchase, or even just a request for information via a form) to one of those sites which uses DoubleClick ads, that site's information can be combined with DoubleClick's to determine precisely who you are.
Note that it only takes one "leak" of this information. Because your name is now associated with a DoubleClick cookie, all activity associated with that cookie - past, future, and all web sites - is now associated with you.
>I would rather have to know what I am doing and
>have something very simpe and manageable to work
>with rather than have some huge incomprehensible
>nest of crap that I am shielded from by an
>extravagant GUI.
You'd think, after the debacle of @Home's clients' lack of security bringing that UDP so close, people would be a little more aware that "system administration" is not a "point-n-click" job. It takes some awareness of the environment of the machine as well as the environment in which the machine will be operating.
Pretty buttons are irrelevent, and a GUI can often get in the way by reducing flexibility.
>What this all comes down to is that companies are >trying to save a buck and are using so called >'web developers' that don't know what they are >doing
That, plus "going cheap" by not hiring a network administrator that can pronounce "firewall", not running DB and web on separate machines, etc.
Certainly not all companies are this cheap, but many are. However, an important point is that they get away with it. Why?
Too many "e-commerce" clients want As Cheap As Possible. They want their web/db server costs at "the usual $20/month". So the vendors which spend more on security and infrastructure are out of luck for being overpriced.
Looking at this from a different perspective, I have to cite an ex-client. They decided - for security reasons - to host a machine at a "secure" location (ie. Exodus). However, they run the web server on the same machine as the Sybase server. The Sybase server is listening on a port that is completely open to the Internet. They have finally put an SA password in place, but the server itself is still wide open.
The dataserver is also configured so that all devices are on file systems. This is an invitation to corruption.
How did these occur? Because the technical staff at this company has no idea what it is doing. Why does the management of the company permit this? Because they've no idea what they're missing. Since Internet Businesses are "for the young", the owners of the company decided that a young senior techie was a normal thing.
And perhaps it is. This is not the first time I've seen this sort of thing.
Note: this company is using Solaris, Stronghold, and Sybase. These are all products that I very much respect. So it may be a mistake to look too closely at *any* product, if you're looking to place blame. No product is good enough - at least today - to survive improper administration.
Perhaps that is the next level to which we must take our products: secured against administrative abuse .
Partially, for historical reasons. For example, the 'kill' command found in most UNIX shells is a signal transmitter. Only some of the signals which may be sent involve terminating a process. At least one is the opposite: SIGCONT to *continue* a stopped process.
Then there's C's STDLIB's abort(), which has its own nasty ring, or resource "deadlocks", the wait(2) man page which talks about a "child process terminated"...
Why this history? Because we software people are a morbid bunch, I think, laughing in the face of a universal truth even nastier than taxation.
>After my complaint email was sent, I received an >automated reply stating:
> a)that I would likely not ever hear >anything from them regarding this matter, and
> b)that they would take no action >unless I included my system logfiles and other >detailed information.
I've done that (submitted router and tcp_wrapper logs) and received exactly the same reply as you: silence.
In a sense, @Home is trapped by a problem not of their making. This is true of all vendors of "high bandwidth" and "always on" connectivity, of course, but that doesn't make it any less relevent to @Home.
The issue is that computers are not as easy to administer as some companies like to claim.
Consider: is a computer more or less complex than an automobile? Yet how many people maintain their own cars? Yes, I know that some hobbyists do. And I expect that this will always be true of computers as well.
But there's this entire support system out there for automobile users that have neither the interest nor the knowledge to maintain their own cars. No equivilent exists for computer users. Ask nontechnical users, and they won't even perceive a need. Ask many of these if they maintain their own autos, and you'll receive something like "of course not" in the vast majority of cases.
For good or ill, the general population has been convinced that computers are trivial devices that are as easy to run as a VCR. Easier, in fact, given the number of blinking 12:00 displays to be seen. Companies like @Home are feeling the weight of this grand untruth.
This hits them every time an @Home user has an open NNTP or SMTP relay, an insecure system that turns into a stepping stone for system crackers, or a machine which broadcast its entire disk to the world.
Another issue, less important in my opinion but still true, is that there are Bad People around. On a 9600 modem, they're annoying. On a DSL or Cable connection, they're more of a threat. This is yet another "cost" of being @Home. Unfortunately, this is also a cost of being a (topological) neighbor of @Home.
Kutos to PBI for handling the situation so much better, and Congrats on your ISP choice.
Unfortunately, "good enough" is the enemy of excellence. MS products, VCRs, and even bathtubs (yes!) are examples.
So is the idea of "bundling". Like storing only two digits of a year, there may have been a time when this was the easiest solution for the light-weight user. But I firmly believe that this is no longer the case. By making bundling more difficult, perhaps we leave an economic niche for The Better Way (or at least *a* better way).
So this hypothetical split - which will make bundling more difficult - could easily yield a major improvement in how software is purchased and installed. That would be a definite improvement for all users: those that want the ease and those that want the flexibility.
> Which pops up the real question: what is an OS?
The answer to this question is really beside the point. The question *has* a well defined answer. That the majority of people w/o a CS background might not understand it - or agree with it - is no different than the fact that gravity worked the way it works even before Newton explained it. Reality simply is.
However, I do see what you're saying. There is a strong benefit to some consumers to a "one stop shop" model. That's obvious; otherwise there'd be no one stop shops .
So we've an interesting problem. Bundling is Bad, and yet Bundling is Good. That different audiences weigh these differently just adds to the fun.
Perhaps it is time for a different model for software distribution. Ideally, we'd have a model which replaced bundling's ease and simplicity, but corrected the problems of economic and technologic inflexibility.
This isn't necessarily a major leap. Software installations are getting easier all the time. I think that some major mistakes have been made in this - for example, I've seen installs on MS fail w/o providing a useful error (I guess errors are considered unfriendly). But we're moving, I think, in the right direction. I'm very happy with SUN's pkgadd and Redhat's RPMs, for example.
Add to this some of the 1970s concepts of UNIX that have been lost to MS, such as library versioning (or perhaps runtime-set library search paths), and it should be "safe" to install something. That is, one shouldn't fear installing product X because it might corrupt a library used by product Y.
Finally, plug in decent bandwidth so that software can be downloaded, and the world can be a much simpler place for users.
SUN workstations some with the ability to boot and self-install over "the network". This is normally considered to be a LAN, but I don't see this limit as necessarily valid as bandwidth increases.
Similarly, machines can come with a "product browser". This permits searching for, buying, and installing, desired packages. This could be flexible enough that a local CD can be used to speed things up.
SYBASE does something of this sort. When you select to install products from a CDROM, the CDROM is scanned to see what products are available. Add in a "search the net" option, and we're close to there.
I don't say that I've beaten this nail down completely. In fact, my proposed (incomplete) solution is really besides my major point: that we need a replacement to the idea of "bundling" that provides the same - or greater - ease with improvements to safety and flexibility.