Can anyone comment on the level of Firewire support in FC3? I tried to get FW working with FC2, but eventually gave up...
The only problem I've had with firewire was when the hardware was defective.^ Other than that, it just worked under FC1, 2, and 3 pre-release.
How doesn't FC2 work for you? (Details if you have them.)
(^. Tested an old external dual firewire/USB box with different kernels, boot CDs, and finally Windows...all acted strangely; hanged, lost HD data, corrupted CDs and DVDs. Bought another dual firewire/usb box and plugged it it...worked like a charm with burners and hard drives. Tossed the old device.)
They dont even mention the fact there is a network install option. By reading that statement, it sounds like you need to get all the iso's.
They are trying to keep it simple...or just forgot.
Either way, it's not much of a hardship. Anyone who knows about network installs already knows that they are available and can figure out what to grab from the mirror sites. This has not changed in many years and is a given for most multi-CD distributions and most of the *BSD forks, not just Feora or RH.
Is it possible to use the Xen VM that was on Slashdot earlier today to run multiple OSes and use one OS on the machine as a firewall for the other?
If you mean stacking VMs up to filter traffic...no...that won't work.
If you mean stacking VMs so that only specific VMs 'see' each other at the network level, yes. That works with VMs or connected systems with properly configured routers.
The reason? Firewalls are not designed to block the network. Firewalls are designed to allow access for specific ports in specific ways. If you chain systems together, and each hands off the allowed packets to the destination system, you've just punched a hole through the firewall to that final system.
By isolating systems so that only ones that are required to 'see' each other can 'see' each other, you've added a meaningful level of protection. This does not require a firewall. It requires router configuration even if the router is software running in another VM and routes for VMs on the same machine. It also requires that you design services and apps to work in this environment; seperate the web server from the DB for example. If it is a web server, and you just remap the default web server port 80 to another port, you've done nothing; the data still passes both ways and the destination is still potentially exposed.)
You're missing most of the important methods. A sample list;
* Turn off or uninstall what you don't absolutely require. * Don't use unsafe software. * Scan all systems using internal external tools for known system exploits. * Restrict abuse by enforcing permissions and security policies.
Properly secured, most of the items on your checklist aren't necessary or can be given fewer system resources.
Also, some of the items on your list implicitly trust the tool to do the job for you...though you should be aware of times that the tools fail. When they do, you still have to do something to protect the systems -- as if the tools weren't even installed.
It's not a place where next generation tech-elites will submit their resume. Every techie I knew working for the NSA was better with politics than technology.
Excellent! The machines are working properly! Muhahah! Muhahahahh! Muhahahahahahahah!
ActiveX in general; it is treated often as a system process or library loaded from a 'trusted' external source; injected on to the local machine. IE is just the main vector for it appearing, not the only one. DLLs are not injected across networks (minus through other known exploits).
WSH; is a bad implementation because it by default has hooks into too many areas of the system that haven't been vetted. That's why it keeps being used in viruses. Any scripting language that allows external scripts to be executed *should* be properly locked down to the user level or even sandboxed (Java, CLR) if sent from a remote source. It shouldn't be trusted automatically.
If that makes the Windows version of Perl a bad implementation too, so be it, though I don't know of any cases where Perl was used as part of a system exploit.
In the end the solution was to rename patch.exe as patch.bmp, which wasn't even scanned by the gateway virus checker, and instruct the user to rename and run. I didn't want to use a vulnerability to bypass overzealous security, but posting floppies was too slow. Of course that's the last thing you want to do for ordinary users.
That your workaround was even possible shows how bad the extentions issue is for Windows; even a 'virus detector' took the extention as the truth -- not the contents of the file itself!
Unfortunately, this extentions-centric way of doing things has been used on *nix desktops too. You'd think that the hard lessons of Windows would not have to be relearned elsewhere...bah!
Of course that doesn't happen in every case. The problems Microsoft should fix are fairly broad, though -- and some of them were mentioned in the parts of my previous comments you left out this time.
Is ActiveX a bad idea: Yes. Implemented poorly: YES. (They won't remove it since it's both a lockin tool and a marketing idea...it does nothing for the customer that couldn't be done more safely with other methods.)
Is WSH a bad idea: No. Implemented poorly: Yes. (If not, it would not be abused. Since it has to be turned off to secure a system...it's not very valuable. Other scripting languages on other systems don't have these problems.)
Are any executibles a bad idea: No. If implemented poorly: Yes. If integrated poorly: Yes. If easily confused with different data or executibles: Yes. If easily re-enabled and abused: Yes.
Look at the various exploits that Windows and Windows applications have suffered with over the years -- specifically Outlook and IE -- and you'll find examples of each of these.
So what exactly is your problem with WSH (or Outlook, for that matter)?
My problem? It's not my problem as I don't use WSH or Outlook anymore. Microsoft has a problem and instead of fixing it they reluctantly disable the defective part and allow it to be turned right back on again.
Yes, if the user goes out of his way to enable.vbs attachments in Outlook, and then is stupid enough to execute them, he's screwed. Same as with.exe or any other executable type. Which is exactly why these types are blocked by default.
Q. If WSH and other executibles are turned off by default in Outlook or at the system level, why have them at all?
If they can be made secure, then having them on is no problem. If not, they aren't reliably available and can be abused. Having WSH and other disabled dangerous services on the system at all makes turning them right back on again that much easier.
Beyond that, another problem that Microsoft has is sticking to the data-as-executible concept. Yes, data and programs are just strings of bits, though treating them with equal privilidges is a bad idea.
Windows uses data-as-executible everywhere -- making trivially changed things like file extentions important. Windows in general and many Windows applications specifically wouldn't know what to do with one file or the other without file extentions...allowing not only users to be fooled but applications as well. Manually making exceptions for each defective implementation of this only works if the systems never change...yet they are being changed constantly and reintroduce this defect over and over again.
I once watched somebody do that while logged in as root on a unix machine. The guy was a really fast typist with an ushakable faith in his ability, before I had a chance to stop him he had managed to type and commit the command:
root@localhost# rm -rf / somedir/somesubdir
instead of:
root@localhost# rm -rf/somedir/somesubdir
Solution: Tab completion. As a habit, always press tab to complete each file or directory. If tab doesn't complete the path automatically, don't hit enter!
You will often have to type a character or two to pick a specific file. Also, you will often have to erase part of the tab completed string to widen the scope.
Did you read the article? It says " the most recent versions of Outlook, where such features are switched off as standard, will be protected." This has been the same with many recent exploits. They only affect old versions of ms software, but it immediately gets spun here to say that no one should be using the current, safe versions. It's similar to the recent status bar spoofing issue posted here which affected firefox rc1 and opera and pre-sp2 IE, but not sp2 IE, and was of course disscussed as being a "hole in IE".
Why are WSH and ActiveX even an options for Outlook? Bad ideas, poorly implemented, and not secure.
Sadly, I have to say that I'm not impressed with the demo version. It's a real pain to use, gives no feedback at times if it is doing something. It's also not obvious how to manually run the applications; it's not automatic enough to avoid known problems, and not discoverable enough to find an easy fix.
One positive comment: Once I was able to get a game working -- Civilization III -- it was much quicker than earlier versions of WineX when I was a subscriber.
That said, I'd rather have the old interface and the new backend; it wasn't as slick, though I didn't feel as helpless attempting to dig through it.
Right now, I've been entirely frozen out;
"Access to the downloaded file is forbidden."
OK. What does this mean?
Here's what happened leading up to the above problem;
1. Installed the demo version. Note: It reports "This product was installed in:/". Installing in root would be bad...so I checked...nope. Not in/. 2. Ran cedega_timedemo to bring up the menu. 3. Installed a couple different programs. 4. Install went fine. 5. Running the programs returned the "Error=21" message. 6. Did some hunting on the Internet. 7. Cedega is incompatable with exec-shield. Exec shield can be turned off (as root);
8. Some programs worked...kinda. Civilization III would run, fast, though the sound had to be disabled or the background chirping noise would have driven me crazy. (Noted as a defect in Civ III...though does not happen as much in real Windows.) Updated Civ III to latest relase...no change in chirping. 9. Other programs still reported "Error=21" message. Noted that one last ditch effort that worked for users of the full version was to remove the directory and try again. Nuked the _user_ timedemo directories. 10. After entering in registration information, this message apears;
"Access to the downloaded file is forbidden."
11. Ran uninstall_cedega_timedemo. 12. Reported some directories had data. Nuked them too. 13. Reinstalled again. 14. As before -- after entering in registration information -- the message appears again;
I just want to say to the rest of the world that I am truly sorry that the American people are too shortsighted to vote for change and that you will most likely have to endure another Bush presidency... I have never felt so ashamed to be an American than I do today.
You forgot 'and depressed' after 'so ashamed'. Otherwise, perfect.
I downloaded some, and I just realized I don't have any application installed to watch SVG's in my Mac. Does anyone know of a SVG viewer for Mac? And perhaps a converter? I can really use some of these images on a couple of OmniGraffle diagrams that I'm working on...
Take a look at Inkscape in the Fink ports repository;
Vendetta is truely a multi-player team game. While you can play it by yourself, the real fun kicks in when there are a few dozen ships from different factions in the same sector and they are at war. That and either killing pirates or being one.
I expect that early on, people will not love the game. As enough people rise in power and wealth, the newer members will also benifit. Looking at how large the Vendetta universe is, I expect that it could handle 10,000 players at the same time without a problem -- and probably beyond 100,000. A couple thousand playing at the same time would probably be when things start getting interesting.
There are promises of improvements to the universe over time. I'd be very interested in how the community grows and the changes impact the players in the next 3-6 months.
Firewalls are necessary...no doubt. I have 2 running right now; one on the system I'm using and another on the internet gateway.
I am opposed to the "We're protected -- we have a firewall!" attitude. I've had arguments with people who should know better -- who are paid to know better -- insist that the firewall is all that is needed. ARRRRRGGGGHHHHH!!!
windows: rpc can not be turned off, although it should only listen to localhost (only firewalls can do this) smb ports (if needed) should only listen on localhost (firewall)
Yep. It's a design flaw in Windows.^^ Can't wait till they make it optional.
(^^. Having the firewall block it shows that it is optional...if not, the system would fail when the firewall is enabled.)
linux - some servers wont run behind an inetd type application, (although most allow you to specify ipaddress/netmask's to allow from, some dont) you need a firewall to protect these applications if you dont want the whole world to have access to them.
I'm more brutal; if you don't need it -- inetd or not -- disable or remove it entirely. Files and all. If you do need it, you should make sure that whatever is exposed can be secured as much as possible. Keep in mind that inetd provides low overhead to services that may not be used heavily and some protection. It is not an assurance of security; if the service is exposed the service should be capable of being abused and not fall over.
I'm very excited with how SELinux is progressing. It's not the only way to lock down systems, though it is part of a long term progression in security. Too bad that Microsoft will probably not push systems like it for a couple years if at all.
See? You answered your own question. Creationism got dragged into it because the scientists went looking for proof of what they wanted to believe, that creationists are wrong.
*BLINK*
Ohhh-Kayyy...well, I'm just going to go over here. No! No no! You stay there and the Easter Bunny and Santa Claus will be right along. I *PROMISE*. Sure. No no! Wait! Stay! That's it!
Wow I'd hate to have you as a friend/someone I pay/get to fix my computer. I'd hate to have someone install programs on my computer without letting me know why they're doing so and asking if it's okay. Nevermind they can just uninstall, and nevermind I'm likely to say "sure, go ahead if it's as good as you say."
Hmmm...I can see where you might see it that way. Since you seem to be a novice at system repair or might never do it yourself, you probably see no other option. If so, read on. If you actually do have specialized knowledge on system repair, I'll likely not convince you; look at my original post for the reasons why.
Note: I'm only addressing problems with computers that friends and small clients encounter and ask help for -- not as a system administrator for a large commercial system installation (clients and servers). The two are very different.
While I *DO* ask if it's OK if I install other software -- Firefox or not -- it's really just a formality; if the answer is *NO* I tell them I can't help.
Adding patches or reinstalling is one level of a fix. Removal or isolation of defective or harmful parts is another necessary part of fixing a system. Checking and changing system settings is yet another. Adding better tools is also part of the fix. Just repairing what is currently broken is irresponsible and a waste of time for the person asking for help; if it is broken, and I can deal with it, I am asked to deal with it. To stop short would be wrong.
As a bonus, using Firefox or another secure browser when asked to fix web-related problems and not using IE allows other tools to be skipped -- reducing potential cruft. Allowing them to get used to Firefox before having to install the other tools is a low-impact way of dealing with potential problems.
As a tool, Firefox is ideal. It does not suffer from many of the problems IE suffers from. It can be removed cleanly; it's not spyware and has no trailing cruft. Because of that, it has no negitive impact past some disk space use and a few registry entries.
Note that I've verified there is no negitive impact and don't take it as a fact just because I trust the developers. Look for yourself if you know how; dump and compare the registry (before/during/after removal), look over the files, check what gets installed, check the dependencies of what is installed,... . It's not rocket science, though you do need to have the right tools.
I have offered to several people to put on a different browser, and make their bookmarks work. I get the dreaded face of 'no' from them.
Anyone I've tried to talk into using Firefox has not switched. Anyone who I've installed Firefox for and shown them how easy it is has switched. No exceptions.
People hate to change or commit themselves to anything. It means that they have lost control. They 'just want to have it fixed'. When you asked, you asked if they wanted to change...and the obvious response is 'no...just fix it'.
Here's my suggestion;
Install Firefox.
Import the settings and bookmarks into Firefox.
Ask them what sites they use frequently. Chances are there are 3-5 sites they like.
Put the sites in seperate tabs.
Bookmark the set of tabs.
Change the default home page to this set of tabs.
Do not make Firefox the default browser.
Do make extra icons and put Firefox in easy to find locations.
Now, show them Firefox and how nice and simple it is to have the group of tabs.
Let them know that Internet Explorer is still there and is the default browser...but if they want, they can make Firefox the default by answering the question that appears when they start Firefox.
the likes of programs such as protowall and peerguardian, both of which have huge active communities constantly updating IP block lists, blocking all the p2p evils out there like bayTSP and other monitoring agencies.
A huge amount of p2p clients (most kazaa lite buids, azureus, one of the most popular bit torrent clients) have methods built in to support these block lists, and are turned on by default.
These could be helpful...though here's the problem;
If someone offered you $1,000, could
you discover the IP address of a couple to a couple hundread people sharing on any Bittorrent client without being blocked yourself?
Would you use the block lists to discover what IPs not to use yourself?
That's easy money, and no block list would prevent that from happening when each peer can see the connected peers and what they are sharing. The only thing these block lists do is temporarily lower the profile of the clients that use the block lists -- not eliminate them.
I say bull. This election is possibly the LEAST important ever. Bush and Kerry are so similar it is sickening.
I had a long response and decided to drop it.
Fans and foes of President G.W. Bush alike see stark differences in forign policy as well as many domestic issues between Predident G.W. Bush and his father President Bush let alone G.W. and Kerry.
Compare how President Bush I handled war with Iraq vs. President Bush II. I'm surprised they are related!
Slashdot Mirror
The only problem I've had with firewire was when the hardware was defective.^ Other than that, it just worked under FC1, 2, and 3 pre-release.
How doesn't FC2 work for you? (Details if you have them.)
(^. Tested an old external dual firewire/USB box with different kernels, boot CDs, and finally Windows...all acted strangely; hanged, lost HD data, corrupted CDs and DVDs. Bought another dual firewire/usb box and plugged it it...worked like a charm with burners and hard drives. Tossed the old device.)
They are trying to keep it simple...or just forgot.
Either way, it's not much of a hardship. Anyone who knows about network installs already knows that they are available and can figure out what to grab from the mirror sites. This has not changed in many years and is a given for most multi-CD distributions and most of the *BSD forks, not just Feora or RH.
If you mean stacking VMs up to filter traffic...no...that won't work.
If you mean stacking VMs so that only specific VMs 'see' each other at the network level, yes. That works with VMs or connected systems with properly configured routers.
The reason? Firewalls are not designed to block the network. Firewalls are designed to allow access for specific ports in specific ways. If you chain systems together, and each hands off the allowed packets to the destination system, you've just punched a hole through the firewall to that final system.
By isolating systems so that only ones that are required to 'see' each other can 'see' each other, you've added a meaningful level of protection. This does not require a firewall. It requires router configuration even if the router is software running in another VM and routes for VMs on the same machine. It also requires that you design services and apps to work in this environment; seperate the web server from the DB for example. If it is a web server, and you just remap the default web server port 80 to another port, you've done nothing; the data still passes both ways and the destination is still potentially exposed.)
Excellent! The machines are working properly! Muhahah! Muhahahahh! Muhahahahahahahah!
Yes, and Microsoft is so enthusiastic about allowing Linux to work that they don't even mention it even on the list of supported operating systems. The only non-Microsoft OS listed is OS/2 -- a product that Microsoft had helped initially develop.
Not a product I'd care to use in a mixed environmnet.
AH! On that note, I predict great sucess on Windows!
ActiveX in general; it is treated often as a system process or library loaded from a 'trusted' external source; injected on to the local machine. IE is just the main vector for it appearing, not the only one. DLLs are not injected across networks (minus through other known exploits).
WSH; is a bad implementation because it by default has hooks into too many areas of the system that haven't been vetted. That's why it keeps being used in viruses. Any scripting language that allows external scripts to be executed *should* be properly locked down to the user level or even sandboxed (Java, CLR) if sent from a remote source. It shouldn't be trusted automatically.
If that makes the Windows version of Perl a bad implementation too, so be it, though I don't know of any cases where Perl was used as part of a system exploit.
That your workaround was even possible shows how bad the extentions issue is for Windows; even a 'virus detector' took the extention as the truth -- not the contents of the file itself!
Unfortunately, this extentions-centric way of doing things has been used on *nix desktops too. You'd think that the hard lessons of Windows would not have to be relearned elsewhere...bah!
Of course that doesn't happen in every case. The problems Microsoft should fix are fairly broad, though -- and some of them were mentioned in the parts of my previous comments you left out this time.
Is ActiveX a bad idea: Yes. Implemented poorly: YES. (They won't remove it since it's both a lockin tool and a marketing idea...it does nothing for the customer that couldn't be done more safely with other methods.)
Is WSH a bad idea: No. Implemented poorly: Yes. (If not, it would not be abused. Since it has to be turned off to secure a system...it's not very valuable. Other scripting languages on other systems don't have these problems.)
Are any executibles a bad idea: No. If implemented poorly: Yes. If integrated poorly: Yes. If easily confused with different data or executibles: Yes. If easily re-enabled and abused: Yes.
Look at the various exploits that Windows and Windows applications have suffered with over the years -- specifically Outlook and IE -- and you'll find examples of each of these.
My problem? It's not my problem as I don't use WSH or Outlook anymore. Microsoft has a problem and instead of fixing it they reluctantly disable the defective part and allow it to be turned right back on again.
Q. If WSH and other executibles are turned off by default in Outlook or at the system level, why have them at all?
If they can be made secure, then having them on is no problem. If not, they aren't reliably available and can be abused. Having WSH and other disabled dangerous services on the system at all makes turning them right back on again that much easier.
Beyond that, another problem that Microsoft has is sticking to the data-as-executible concept. Yes, data and programs are just strings of bits, though treating them with equal privilidges is a bad idea.
Windows uses data-as-executible everywhere -- making trivially changed things like file extentions important. Windows in general and many Windows applications specifically wouldn't know what to do with one file or the other without file extentions...allowing not only users to be fooled but applications as well. Manually making exceptions for each defective implementation of this only works if the systems never change...yet they are being changed constantly and reintroduce this defect over and over again.
Solution: Tab completion. As a habit, always press tab to complete each file or directory. If tab doesn't complete the path automatically, don't hit enter!
You will often have to type a character or two to pick a specific file. Also, you will often have to erase part of the tab completed string to widen the scope.
Why are WSH and ActiveX even an options for Outlook? Bad ideas, poorly implemented, and not secure.
This is a repost of mine from other forums.
/". Installing in root would be bad...so I checked...nope. Not in /.
/proc/sys/vm/legacy_va_layout /proc/sys/kernel/exec-shield
------
Sadly, I have to say that I'm not impressed with the demo version. It's a real pain to use, gives no feedback at times if it is doing something. It's also not obvious how to manually run the applications; it's not automatic enough to avoid known problems, and not discoverable enough to find an easy fix.
One positive comment: Once I was able to get a game working -- Civilization III -- it was much quicker than earlier versions of WineX when I was a subscriber.
That said, I'd rather have the old interface and the new backend; it wasn't as slick, though I didn't feel as helpless attempting to dig through it.
Right now, I've been entirely frozen out;
"Access to the downloaded file is forbidden."
OK. What does this mean?
Here's what happened leading up to the above problem;
1. Installed the demo version. Note: It reports "This product was installed in:
2. Ran cedega_timedemo to bring up the menu.
3. Installed a couple different programs.
4. Install went fine.
5. Running the programs returned the "Error=21" message.
6. Did some hunting on the Internet.
7. Cedega is incompatable with exec-shield. Exec shield can be turned off (as root);
echo 1 >
echo 0 >
8. Some programs worked...kinda. Civilization III would run, fast, though the sound had to be disabled or the background chirping noise would have driven me crazy. (Noted as a defect in Civ III...though does not happen as much in real Windows.) Updated Civ III to latest relase...no change in chirping.
9. Other programs still reported "Error=21" message. Noted that one last ditch effort that worked for users of the full version was to remove the directory and try again. Nuked the _user_ timedemo directories.
10. After entering in registration information, this message apears;
"Access to the downloaded file is forbidden."
11. Ran uninstall_cedega_timedemo.
12. Reported some directories had data. Nuked them too.
13. Reinstalled again.
14. As before -- after entering in registration information -- the message appears again;
"Access to the downloaded file is forbidden."
You forgot 'and depressed' after 'so ashamed'. Otherwise, perfect.
Awesome. Bookmarked. Thank you!
Take a look at Inkscape in the Fink ports repository;
List of ported graphics tools in Fink.
The Fink Inkscape page (booring but functional).
Inkscape will import or save/export a few common formats. A couple other programs in the list also handle SVG.
...for well over a year.
Vendetta is truely a multi-player team game. While you can play it by yourself, the real fun kicks in when there are a few dozen ships from different factions in the same sector and they are at war. That and either killing pirates or being one.
I expect that early on, people will not love the game. As enough people rise in power and wealth, the newer members will also benifit. Looking at how large the Vendetta universe is, I expect that it could handle 10,000 players at the same time without a problem -- and probably beyond 100,000. A couple thousand playing at the same time would probably be when things start getting interesting.
There are promises of improvements to the universe over time. I'd be very interested in how the community grows and the changes impact the players in the next 3-6 months.
I am opposed to the "We're protected -- we have a firewall!" attitude. I've had arguments with people who should know better -- who are paid to know better -- insist that the firewall is all that is needed. ARRRRRGGGGHHHHH!!!
Yep. It's a design flaw in Windows.^^ Can't wait till they make it optional.
(^^. Having the firewall block it shows that it is optional...if not, the system would fail when the firewall is enabled.)
I'm more brutal; if you don't need it -- inetd or not -- disable or remove it entirely. Files and all. If you do need it, you should make sure that whatever is exposed can be secured as much as possible. Keep in mind that inetd provides low overhead to services that may not be used heavily and some protection. It is not an assurance of security; if the service is exposed the service should be capable of being abused and not fall over.
I'm very excited with how SELinux is progressing. It's not the only way to lock down systems, though it is part of a long term progression in security. Too bad that Microsoft will probably not push systems like it for a couple years if at all.
*BLINK*
Ohhh-Kayyy...well, I'm just going to go over here. No! No no! You stay there and the Easter Bunny and Santa Claus will be right along. I *PROMISE*. Sure. No no! Wait! Stay! That's it!
[runs away from nine-times as fast as possible]
Have you inforced network-level (router + firewall) segmentation yet? (Ex: Systems A & B and B & C can see each other, though not A & C.)
Hmmm...I can see where you might see it that way. Since you seem to be a novice at system repair or might never do it yourself, you probably see no other option. If so, read on. If you actually do have specialized knowledge on system repair, I'll likely not convince you; look at my original post for the reasons why.
Note: I'm only addressing problems with computers that friends and small clients encounter and ask help for -- not as a system administrator for a large commercial system installation (clients and servers). The two are very different.
While I *DO* ask if it's OK if I install other software -- Firefox or not -- it's really just a formality; if the answer is *NO* I tell them I can't help.
Adding patches or reinstalling is one level of a fix. Removal or isolation of defective or harmful parts is another necessary part of fixing a system. Checking and changing system settings is yet another. Adding better tools is also part of the fix. Just repairing what is currently broken is irresponsible and a waste of time for the person asking for help; if it is broken, and I can deal with it, I am asked to deal with it. To stop short would be wrong.
As a bonus, using Firefox or another secure browser when asked to fix web-related problems and not using IE allows other tools to be skipped -- reducing potential cruft. Allowing them to get used to Firefox before having to install the other tools is a low-impact way of dealing with potential problems.
As a tool, Firefox is ideal. It does not suffer from many of the problems IE suffers from. It can be removed cleanly; it's not spyware and has no trailing cruft. Because of that, it has no negitive impact past some disk space use and a few registry entries.
Note that I've verified there is no negitive impact and don't take it as a fact just because I trust the developers. Look for yourself if you know how; dump and compare the registry (before/during/after removal), look over the files, check what gets installed, check the dependencies of what is installed, ... . It's not rocket science, though you do need to have the right tools.
Anyone I've tried to talk into using Firefox has not switched. Anyone who I've installed Firefox for and shown them how easy it is has switched. No exceptions.
People hate to change or commit themselves to anything. It means that they have lost control. They 'just want to have it fixed'. When you asked, you asked if they wanted to change...and the obvious response is 'no...just fix it'.
Here's my suggestion;
Now, show them Firefox and how nice and simple it is to have the group of tabs.
Let them know that Internet Explorer is still there and is the default browser...but if they want, they can make Firefox the default by answering the question that appears when they start Firefox.
Works like a charm.
A huge amount of p2p clients (most kazaa lite buids, azureus, one of the most popular bit torrent clients) have methods built in to support these block lists, and are turned on by default.
These could be helpful...though here's the problem;
Would you use the block lists to discover what IPs not to use yourself?
That's easy money, and no block list would prevent that from happening when each peer can see the connected peers and what they are sharing. The only thing these block lists do is temporarily lower the profile of the clients that use the block lists -- not eliminate them.
I had a long response and decided to drop it.
Fans and foes of President G.W. Bush alike see stark differences in forign policy as well as many domestic issues between Predident G.W. Bush and his father President Bush let alone G.W. and Kerry.
Compare how President Bush I handled war with Iraq vs. President Bush II. I'm surprised they are related!