When Windows first came on the market it was not the market leader. It did not have years of legacy code or legacy applications holding it back. It could have been built more secure from the ground up.
No, it could not have been built securely from the ground up. It was built on the legacy of MS-DOS, which was more of a boot-loader than an operating system. The security model was the old one of physical isolation - if you wanted the contents to be secure, you put it in a room and locked the door. As all security was external, there was no consideration of security in the products being written, and there were a lot of them. As Windows evolved from 1 to 2 to 3, they still had a rich legacy of DOS apps they had to continue to support. End point security came in the form of protecting the system from disk-borne viruses. Then along came Ethernet adapters, and with networking began the job of isolating users. Security was handled at the server level, because the primary threat model was unauthorized people accessing applications and data. Windows still didn't have a networking API at the time -- networking meant remotely mounted files.
When Windows 95 came around, they did a better job of hiding DOS beneath the covers, while retaining the ability to run MS-DOS programs. But that still meant no security at the OS level. A true multitasking kernel was required to secure the machine. They had one in the form of NT, but NT's incompatibility with the PC games of the day meant it was never suitable for average home users.
In the 1990s, what was far more important to Microsoft's security than "cybercriminals" was IBM. OS/2 was a real 32-bit multitasking OS, and Warp was being released in 1995. Microsoft had to get something out the door immediately. Keep in mind that they were still six years of work away from releasing a real multitasking kernel suitable for the home, but they didn't have six years, so they rushed Windows 95 out the door. They used that time to get people writing Win32 games and wean people off the legacy of DOS. But that meant security continued to take a back seat to everything.
Had Microsoft bit the bullet and tried the NT kernel route for the home users back in 1995, they would have sold nothing to the home market, and OS/2 would have sealed the fate of Windows.
Microsoft made their choices based solely on dominating the market. Delivering real security would have meant the death of Windows, and everyone on Slashdot would probably be bitching about OS/2 and AIX today. It would have been better for the world, but that's the way the cards played out.
Don't be ridiculous. You don't have to modchip your motherboard. The TPM chip is, and always has been, something that provides services to the CPU on demand. It can't control your computer.
It can, however, be used to authenticate the BIOS image and the host OS, and completely refuse to run if the machine isn't running a stock BIOS with a manufacturer-signed OS. It's great for securing industrial controllers, web servers, tablet PCs, smartphones, routers, laptops, notebooks, netbooks, embedded systems, desktops, and home entertainment systems who are obviously owned by people just trying to pirate stuff. But no, it doesn't control your computer. Dell and Microsoft do that.
Why add the "non-harmful" qualifier to your list? Does it really devalue society as a whole if you voluntarily undergo a "Flowers for Algernon" enhancement like Charlie?
If someone could take a pill that they knew would enable them to develop the cure for breast cancer, but also knew it would kill them in a month, don't you think we'd have had thousands of volunteers already?
Or what if I cut off my perfectly good left arm and had a titanium cyber-arm implanted instead? Is that harmful or non-harmful?
I have no way of knowing if your friends are typical or atypical. But my American medicine cabinet contains an expired bottle of generic aspirin, an expired bottle of brand name ibuprofen, an unexpired bottle of generic acetaminophen, a few bandaids, some Vitamin D, and an expired tube of goo to spread on cuts to help reduce infections. Oh, and some anti-diarrhea pills. It would be a starvation zone for junkies. It certainly isn't big business for big pharma.
My refrigerator, on the other hand, has about 20 grams of caffeine left in it. Tomorrow, it will have 19. I keep a much closer eye on that stock.
No, it's not nearly the same thing as steroids in sports today. Steroids are used to gain an advantage in an playing field kept as level as possible through external rules and a large suite of referees watching every move, in order to maximize the entertainment value. But this is about life, where the playing field is never level, the rules are far more vague, and enforcement all but non-existent.
In school, the idea is that these drugs improve your grades. But that might mean you remember "more", or somehow end up "smarter" than you would have otherwise. You might go be a more productive member of society. What if these drugs make the difference, enhancing someone enough to recognize a novel cure for some horrible disease, or design a new class of CPUs, or a new energy source?
Many of us spend our livelihoods trying to enhance human knowledge and experience and abilities through improved software. Hell, half of us would sign up today for an internet implant chip. What's wrong with improving the wetware directly?
Yeah, I agree with you that number seems off. TFA has a little more insight, though. This is a sample from ice carried back on the drill bit, and they found a total of four microbes on it - three of which matched contamination from the drilling oil, and they suspect the fourth is as well. Maybe they only recovered 0.4 mL of water total - but then, why not report it that way?
The article is concluding that there are zero microbes down there, so any nutrients present would be irrelevant.
The article states that the 10 microbes per mL figure is likely due to contaminants being carried down on the drill or present in the measuring equipment, because it is similar to the levels found in a clean room environment.
You could watch the original Fern Gully, but I also like the 2009 remake, "Avatar".
Seriously, line them up. They're both animated movies about a foreign environment, rich in resources valuable to humans. You've got a human male protagonist, who is originally a member of the first wave of humans planning to harvest the natural resources without concern for the natives. Through some external technical wizardry, protagonist changes size and ends up in the middle of the new environment, where he meets a beautiful native female. As the human initially navigates his way around the environment with his new size and point of view, predictably comedic results occur. Overconfidence quickly leads him in over his head into a near-fatal situation, where the native female uses her intimate knowledge of the environment to rescue him from his own ineptitude. The male is attracted to the female, who rejects him. Over time the human discovers the previously ignored beauty of the ecosystem and learns to respect the environment; which enables the female to grow attracted to him. The female is conflicted, though, and consults with her wise parent, an important elder of the natives. The human continues to learn the native ways, culminating with taming and flying on the native flying animals. The massive wave of normal sized humans then arrive in giant machines to harvest the resources. The movies climax when the protagonist fully changes sides and defends the environment from the encroaching humans, using his knowledge of the human systems and ways to organize the natives to defeat the invaders. The female finally acknowledges her love of the male.
Even the scenery is the same. Both movies have large trees that are important to the natives. Both feature loops of stone reminiscent of magnetic flux lines.
The only thing missing from Avatar is the Robin Williams character, Batty. The human sidekick in Avatar isn't nearly as humorous.
You should really post a warning when linking to a site that uses a geocities template. And even though it's not as NSFW as goatse, my monitor is now on fire, the fabric is burning off the walls of my cubicle, and my retinas are bleeding.
...Captain Charles Yeager became the first man to travel faster than the speed of sound in his X-1 aircraft. Daredevil Felix Baumgartner just became the first man to accomplish the same feat without a plane — or indeed any assistance at all.
What about gravity?
Gravity doesn't really exist. It's actually Intelligent Pushing, where an external all-powerful creator stretches his invisible arm out to make sure that nobody floats off the Earth, or falls off its edge.
Oh, I suspect there'd be a long line of people willing to do this. But very few of them would have the means to do so, or the time or dedication required.
The path into the history books isn't guaranteed to be paved with gold.
Locking one's self into one platform at the exclusion of others is the GOAL of every single manufacturer of anything. As long as upgrade is easier or cheaper than a change, the vast majority of customers will choose upgrade regardless of any other factors, such as quality, support, price, etc., thus preserving the income stream.
Or you could simply, you know, not connect your 3D printer to the internet.
Are you forgetting "Software as a Service"? It's much easier to restrict anything that resides in their systems, not yours.
The design would be simple enough: the box would have the servos and hardware bits, plus enough CPU to open an SSL connection to the mothership. The ObjectCompany servers would make sure you paid for your designs, and were current on your software licenses, and only then would it stream the G code down to your printer.
And that would be enough. Buy the commercial printer, build a Gen7 or Sanguinololu board, download Marlin, and gut the commercial printer's DRM-laden electronics. Print any model you like, as many times as you like. Win.
The thing most people don't see has nothing to do with the UI. It has to do with the hard shove of Microsoft products towards the cloud, and moving to a rental model.
There is little reason to buy a new word processor or email client. They are stable, mature products. But Office is a good half of Microsoft's revenue stream. If they can no longer entice you with "features" of questionable value, why would you ever give them another dollar? They need to wean people off local apps and on to their word-processing-as-a-cloud-service, where the pay as you go model ensures a continual profit center.
So they need two things: a locked down computing environment, and locked down services. Apple has shown people are willing to give up control to the cloud if it makes it easy for average people. Microsoft wants the same with the desktop. Governments and corporations also want to control apps for different reasons, so look for the changes to be adopted there first.
So pagers only get one shot to receive a page? And they broadcast over all transmitters in the country at once? Doesn't sound very reliable without an acknowledgement.
Actually, digital pagers get a few shots to receive a page, because the packet is retransmitted a few times over the course of a minute for redundancy. Some of the fancy pagers had a reply transmitter (they acknowledged receipt, and had four buttons you could press to return one of four answers.) And depending on the paging service you subscribed to, pages could be sent from a local tower, all towers in a region, or all towers across the country. At least all this was true back in 2000 when I still carried a nationwide receive-only pager for work.
'A senior network engineer had disabled the company's WatchGuard firewalls and routed all of the broker-dealer's IP traffic--including trades and VoIP calls--through his home cable modem.
That's got to be the funniest thing I've ever read on/. Seriously, it sounds like something from an Onion story.
The thing I'm really struggling with is why on Earth would anyone do such a thing
This article is so incredibly biased that it's hard to discover what's actually wrong with the Stanford research. This one reads like a raving lunatic jumping up and down because "the study didn't account for pesticides!" Well, it was a study that compared nutrition based on the nutrient content of the different production methods of food. Imagine that - they studied a bunch of numbers and totaled up their findings. Note that they did not study "which is worse for the environment", or "which food contains more residual agricultural chemicals", or "which tomato tastes better", or "which food contains more antibiotic resistant bacteria", yet those were the arguments he continually raised. That was not what this study studied!
Then he blames the study because “[t]he researchers started with a narrow set of assumptions and arrived at entirely predictable conclusions." Again with the "not really surprised" response. What did he think they were supposed to do, poll the newspaper food editors and ask them which variables to study? If they don't start with a specific set of assumptions and control for as many variables as possible, the results will be meaningless. So he's outraged because they didn't pick his particular variables? Get over it.
Now, could someone study the amount of residual pesticides in ordinary produce versus organically grown produce? Of course. Could someone study the human health effects of those doses of residual chemicals? Sure.
I, too, would like to see the study go even further. I'd ask the researchers to add just a few more data points and have it become meaningful not just to outraged food writers but to all Americans. They should compare the nutrition value per dollar spent in the grocery store, instead of nutrition values per gram. Then the food writers can publish that right next to the unemployment and poverty statistics, and maybe they can write another article about "how low-income people are ruining the ecology of this country because they don't buy as much organically grown food as gainfully employed newspaper food editors." Then we'd could measure his reaction to having both organically grown and genetically modified tomatoes being thrown at him.
I just wish NIST would not just pick one candidate, but perhaps 2-3 at a time [1]. The reason for this is that if something happened that made the algorithm insecure, the standard libraries would have a backup. It also means that embedded controllers that are made to the standard wouldn't have to be chucked and replaced should one algorithm be cracked.
As with anything, be careful what you wish for. I've seen successful attacks on protocols that support multiple versions or algorithms, made possible by devices that support them all for various compatibility reasons. Let's suppose someone does discover an attack on SHA-3A but SHA-3B remains secure. Everybody switches their servers to SHA-3B. A flexible protocol might allow an attacker to generate an error that forces clients to re-hash their passwords with SHA-3A. This has happened more often than you might think; NTLMv2 implementations falling back to NTLM being one of the more spectacular of the exemplary failures.
Your example creates a theoretical weakness - a failure in either SHA-3A or SHA-3B could put such a device at risk. If you try to prevent this by building in an environmental protocol switch, so the device could be set in the future as to which algorithm to use, why not initially design the device to support loading a more modern algorithm in the future?
Slashdot Mirror
When Windows first came on the market it was not the market leader. It did not have years of legacy code or legacy applications holding it back. It could have been built more secure from the ground up.
No, it could not have been built securely from the ground up. It was built on the legacy of MS-DOS, which was more of a boot-loader than an operating system. The security model was the old one of physical isolation - if you wanted the contents to be secure, you put it in a room and locked the door. As all security was external, there was no consideration of security in the products being written, and there were a lot of them. As Windows evolved from 1 to 2 to 3, they still had a rich legacy of DOS apps they had to continue to support. End point security came in the form of protecting the system from disk-borne viruses. Then along came Ethernet adapters, and with networking began the job of isolating users. Security was handled at the server level, because the primary threat model was unauthorized people accessing applications and data. Windows still didn't have a networking API at the time -- networking meant remotely mounted files.
When Windows 95 came around, they did a better job of hiding DOS beneath the covers, while retaining the ability to run MS-DOS programs. But that still meant no security at the OS level. A true multitasking kernel was required to secure the machine. They had one in the form of NT, but NT's incompatibility with the PC games of the day meant it was never suitable for average home users.
In the 1990s, what was far more important to Microsoft's security than "cybercriminals" was IBM. OS/2 was a real 32-bit multitasking OS, and Warp was being released in 1995. Microsoft had to get something out the door immediately. Keep in mind that they were still six years of work away from releasing a real multitasking kernel suitable for the home, but they didn't have six years, so they rushed Windows 95 out the door. They used that time to get people writing Win32 games and wean people off the legacy of DOS. But that meant security continued to take a back seat to everything.
Had Microsoft bit the bullet and tried the NT kernel route for the home users back in 1995, they would have sold nothing to the home market, and OS/2 would have sealed the fate of Windows.
Microsoft made their choices based solely on dominating the market. Delivering real security would have meant the death of Windows, and everyone on Slashdot would probably be bitching about OS/2 and AIX today. It would have been better for the world, but that's the way the cards played out.
Don't be ridiculous. You don't have to modchip your motherboard. The TPM chip is, and always has been, something that provides services to the CPU on demand. It can't control your computer.
It can, however, be used to authenticate the BIOS image and the host OS, and completely refuse to run if the machine isn't running a stock BIOS with a manufacturer-signed OS. It's great for securing industrial controllers, web servers, tablet PCs, smartphones, routers, laptops, notebooks, netbooks, embedded systems, desktops, and home entertainment systems who are obviously owned by people just trying to pirate stuff. But no, it doesn't control your computer. Dell and Microsoft do that.
Why add the "non-harmful" qualifier to your list? Does it really devalue society as a whole if you voluntarily undergo a "Flowers for Algernon" enhancement like Charlie?
If someone could take a pill that they knew would enable them to develop the cure for breast cancer, but also knew it would kill them in a month, don't you think we'd have had thousands of volunteers already?
Or what if I cut off my perfectly good left arm and had a titanium cyber-arm implanted instead? Is that harmful or non-harmful?
I have no way of knowing if your friends are typical or atypical. But my American medicine cabinet contains an expired bottle of generic aspirin, an expired bottle of brand name ibuprofen, an unexpired bottle of generic acetaminophen, a few bandaids, some Vitamin D, and an expired tube of goo to spread on cuts to help reduce infections. Oh, and some anti-diarrhea pills. It would be a starvation zone for junkies. It certainly isn't big business for big pharma.
My refrigerator, on the other hand, has about 20 grams of caffeine left in it. Tomorrow, it will have 19. I keep a much closer eye on that stock.
No, it's not nearly the same thing as steroids in sports today. Steroids are used to gain an advantage in an playing field kept as level as possible through external rules and a large suite of referees watching every move, in order to maximize the entertainment value. But this is about life, where the playing field is never level, the rules are far more vague, and enforcement all but non-existent.
In school, the idea is that these drugs improve your grades. But that might mean you remember "more", or somehow end up "smarter" than you would have otherwise. You might go be a more productive member of society. What if these drugs make the difference, enhancing someone enough to recognize a novel cure for some horrible disease, or design a new class of CPUs, or a new energy source?
Many of us spend our livelihoods trying to enhance human knowledge and experience and abilities through improved software. Hell, half of us would sign up today for an internet implant chip. What's wrong with improving the wetware directly?
My mistake too. I just re-read TFA - it's three out of the four phylotypes that matched, not three out of four total microbes.
Yeah, I agree with you that number seems off. TFA has a little more insight, though. This is a sample from ice carried back on the drill bit, and they found a total of four microbes on it - three of which matched contamination from the drilling oil, and they suspect the fourth is as well. Maybe they only recovered 0.4 mL of water total - but then, why not report it that way?
What, you didn't see the resemblance when you watched Avatar?
I think maybe Fern Gully just stuck with me more because it was one of the first movies I took my son to.
The article is concluding that there are zero microbes down there, so any nutrients present would be irrelevant.
The article states that the 10 microbes per mL figure is likely due to contaminants being carried down on the drill or present in the measuring equipment, because it is similar to the levels found in a clean room environment.
You could watch the original Fern Gully, but I also like the 2009 remake, "Avatar".
Seriously, line them up. They're both animated movies about a foreign environment, rich in resources valuable to humans. You've got a human male protagonist, who is originally a member of the first wave of humans planning to harvest the natural resources without concern for the natives. Through some external technical wizardry, protagonist changes size and ends up in the middle of the new environment, where he meets a beautiful native female. As the human initially navigates his way around the environment with his new size and point of view, predictably comedic results occur. Overconfidence quickly leads him in over his head into a near-fatal situation, where the native female uses her intimate knowledge of the environment to rescue him from his own ineptitude. The male is attracted to the female, who rejects him. Over time the human discovers the previously ignored beauty of the ecosystem and learns to respect the environment; which enables the female to grow attracted to him. The female is conflicted, though, and consults with her wise parent, an important elder of the natives. The human continues to learn the native ways, culminating with taming and flying on the native flying animals. The massive wave of normal sized humans then arrive in giant machines to harvest the resources. The movies climax when the protagonist fully changes sides and defends the environment from the encroaching humans, using his knowledge of the human systems and ways to organize the natives to defeat the invaders. The female finally acknowledges her love of the male.
Even the scenery is the same. Both movies have large trees that are important to the natives. Both feature loops of stone reminiscent of magnetic flux lines.
The only thing missing from Avatar is the Robin Williams character, Batty. The human sidekick in Avatar isn't nearly as humorous.
OW! MY EYES!
You should really post a warning when linking to a site that uses a geocities template. And even though it's not as NSFW as goatse, my monitor is now on fire, the fabric is burning off the walls of my cubicle, and my retinas are bleeding.
"Hello Ground!" or "oh no, not again"
I bet it was one of them though.
Initial camera footage of his passing a bowl of petunias was mysteriously erased.
What about gravity?
Gravity doesn't really exist. It's actually Intelligent Pushing, where an external all-powerful creator stretches his invisible arm out to make sure that nobody floats off the Earth, or falls off its edge.
Oh, I suspect there'd be a long line of people willing to do this. But very few of them would have the means to do so, or the time or dedication required.
The path into the history books isn't guaranteed to be paved with gold.
Locking one's self into one platform at the exclusion of others is the GOAL of every single manufacturer of anything. As long as upgrade is easier or cheaper than a change, the vast majority of customers will choose upgrade regardless of any other factors, such as quality, support, price, etc., thus preserving the income stream.
Or you could simply, you know, not connect your 3D printer to the internet.
Are you forgetting "Software as a Service"? It's much easier to restrict anything that resides in their systems, not yours.
The design would be simple enough: the box would have the servos and hardware bits, plus enough CPU to open an SSL connection to the mothership. The ObjectCompany servers would make sure you paid for your designs, and were current on your software licenses, and only then would it stream the G code down to your printer.
And that would be enough. Buy the commercial printer, build a Gen7 or Sanguinololu board, download Marlin, and gut the commercial printer's DRM-laden electronics. Print any model you like, as many times as you like. Win.
The thing most people don't see has nothing to do with the UI. It has to do with the hard shove of Microsoft products towards the cloud, and moving to a rental model.
There is little reason to buy a new word processor or email client. They are stable, mature products. But Office is a good half of Microsoft's revenue stream. If they can no longer entice you with "features" of questionable value, why would you ever give them another dollar? They need to wean people off local apps and on to their word-processing-as-a-cloud-service, where the pay as you go model ensures a continual profit center.
So they need two things: a locked down computing environment, and locked down services. Apple has shown people are willing to give up control to the cloud if it makes it easy for average people. Microsoft wants the same with the desktop. Governments and corporations also want to control apps for different reasons, so look for the changes to be adopted there first.
So pagers only get one shot to receive a page? And they broadcast over all transmitters in the country at once? Doesn't sound very reliable without an acknowledgement.
Actually, digital pagers get a few shots to receive a page, because the packet is retransmitted a few times over the course of a minute for redundancy. Some of the fancy pagers had a reply transmitter (they acknowledged receipt, and had four buttons you could press to return one of four answers.) And depending on the paging service you subscribed to, pages could be sent from a local tower, all towers in a region, or all towers across the country. At least all this was true back in 2000 when I still carried a nationwide receive-only pager for work.
I admit I don't know how they operate.
Then you made a good set of guesses.
'A senior network engineer had disabled the company's WatchGuard firewalls and routed all of the broker-dealer's IP traffic--including trades and VoIP calls--through his home cable modem.
That's got to be the funniest thing I've ever read on /. Seriously, it sounds like something from an Onion story.
The thing I'm really struggling with is why on Earth would anyone do such a thing
It sounds like a case of Munchausen syndrome ...
[ puts on sunglasses ]
by proxy!
YEEEAAAAAAHHHHHHHH!!!!
Is Curiosity rover male or female?
"It's complicated."
This article is so incredibly biased that it's hard to discover what's actually wrong with the Stanford research. This one reads like a raving lunatic jumping up and down because "the study didn't account for pesticides!" Well, it was a study that compared nutrition based on the nutrient content of the different production methods of food. Imagine that - they studied a bunch of numbers and totaled up their findings. Note that they did not study "which is worse for the environment", or "which food contains more residual agricultural chemicals", or "which tomato tastes better", or "which food contains more antibiotic resistant bacteria", yet those were the arguments he continually raised. That was not what this study studied!
Then he blames the study because “[t]he researchers started with a narrow set of assumptions and arrived at entirely predictable conclusions." Again with the "not really surprised" response. What did he think they were supposed to do, poll the newspaper food editors and ask them which variables to study? If they don't start with a specific set of assumptions and control for as many variables as possible, the results will be meaningless. So he's outraged because they didn't pick his particular variables? Get over it.
Now, could someone study the amount of residual pesticides in ordinary produce versus organically grown produce? Of course. Could someone study the human health effects of those doses of residual chemicals? Sure.
I, too, would like to see the study go even further. I'd ask the researchers to add just a few more data points and have it become meaningful not just to outraged food writers but to all Americans. They should compare the nutrition value per dollar spent in the grocery store, instead of nutrition values per gram. Then the food writers can publish that right next to the unemployment and poverty statistics, and maybe they can write another article about "how low-income people are ruining the ecology of this country because they don't buy as much organically grown food as gainfully employed newspaper food editors." Then we'd could measure his reaction to having both organically grown and genetically modified tomatoes being thrown at him.
Oh, snapski!
Now that the computer overloards can measure how messy my desk is I better make the place look respectible!
Does this mean I need to dress up to use my computer now?
Pants are optional, but recommended for you.
Q: What do Bruce Perens and an 82-year old nun have in common?
Both are creatures of habit?
You can kiss a nun once or twice, but don't get into the habit.
I just wish NIST would not just pick one candidate, but perhaps 2-3 at a time [1]. The reason for this is that if something happened that made the algorithm insecure, the standard libraries would have a backup. It also means that embedded controllers that are made to the standard wouldn't have to be chucked and replaced should one algorithm be cracked.
As with anything, be careful what you wish for. I've seen successful attacks on protocols that support multiple versions or algorithms, made possible by devices that support them all for various compatibility reasons. Let's suppose someone does discover an attack on SHA-3A but SHA-3B remains secure. Everybody switches their servers to SHA-3B. A flexible protocol might allow an attacker to generate an error that forces clients to re-hash their passwords with SHA-3A. This has happened more often than you might think; NTLMv2 implementations falling back to NTLM being one of the more spectacular of the exemplary failures.
Your example creates a theoretical weakness - a failure in either SHA-3A or SHA-3B could put such a device at risk. If you try to prevent this by building in an environmental protocol switch, so the device could be set in the future as to which algorithm to use, why not initially design the device to support loading a more modern algorithm in the future?