Re:CNN Microsoft poll results (as of 3:46pm centra
on
Microsoft Quickies
·
· Score: 1
Hmm... well, at least they invented the graphical user interface.
---
CNN Microsoft poll results (as of 3:46pm central)
on
Microsoft Quickies
·
· Score: 2
I was watching Burden of Proof on CNN today, and they had an online pollon their page(this link subject to change, I think) that made me think to myself "Hm, if Microsoft doesn't go to Canada maybe I will."
The poll asked the question "Has Microsoft's marketing strategies harmed consumers?" and right now reads 31% Yes, 69% No. Are that many people really thinking that the Microsoft way is the best way? Or have they simply forgotten about the trail of failed businesses with true innovations that Microsoft left in its wake after promising lucrative deals and partnerships and instead stealing their ideas? Perhaps they missed the latest news on Slashdot about how Microsoft is going to cut back on piracy and increase their profits by making us pay twice for their software?
I think Minesweeper was a pretty cool innovation. I'm not so hot on the blue screens, security holes, or the I-own-your-soul EULAs though.
...in fact, one could argue that everything we're doing with computers today is old hat and has been at least through the 80s, depending on the degree you want to nitpick. What innovation in the computer industry means to me is the process of making systems faster, more powerful, more reliable, more efficient, and easier to use. We obviously haven't stretched any of these characteristics to the limit yet in any operating system or in hardware, so that alone indicates to me that systems research is not dead.
People seem to think that we need some radical new paradigm in the way we're doing things in order to indicate progress; Microsoft is all too eager to jump in with a spiffy new standard and a handful of TLAs to placate this crowd and keep us all on the frequent-upgrade track. This is not good innovation (and while I'm talking about Microsoft, this isn't either). Sometimes different and more complex doesn't beat tried-and-true. Can't innovation be combining yesterday's solutions with today's needs to make a new product? Why are people so willing to attach the label of innovation on things that are new but not better?
I work in a Microsoft NT / IBM AS/400 / Linux environment. The AS/400 feels archaic, but does what we need it to. Linux feels archaic, but does what we need it to. Microsoft NT looks good.
This is a bit trite, but I'm gonna reply to my own post in case there are others out there reading this that have Outlook users to support. I ran across this page when I was (somewhat cynically) looking for Microsoft's response to this virus. From the page:
Updates to Outlook 97, Outlook 98 and Outlook 2000 are available that make it more difficult to inadvertently launch attachments. The updates provide a more explicit warning dialogue, and prevent attached executables from being launched directly from e-mails; instead, they must be saved to disk and launched as a separate step. The update also is included as part of Office 2000 SR1.
This patch looks like it'll help prevent easy attachment abuse in e-mail, though I wouldn't be surprised to see a variant that gives the end user a set of revised instructions about how to see their valentine. There is only so much Microsoft can do, though... I bet people are still falling for the 'This is (ISP) security. Your account may have been stolen. Please reply via e-mail with your password and credit card number to validate your account. Your cooperation is appreciated.' letters. Hopefully, the amount of attention that this virus has drawn will encourage better user education at the workplace and ISP level.
I think your points are valid. Despite my dislike for most things Microsoft, this situation is really the same as someone running any other executable attachment. The virus relied more on social engineering than any operating system weakness to replicate.
I took the opportunity to analyze and comment the entire virus to get a better idea of what this thing was doing to our clients. I tried to think of some things that could be changed in the Windows model to make it tougher for this type of virus to succeed, and came up with the following:
1. The operating system should minimize the kinds of things that can be done behind the user's back. One of my biggest pet peeves is the fact that Windows has several different locations for programs to be triggered at startup (including registry entries like.../Run,.../RunOnce,.../RunServices, and.../RunServicesOnce). We've got a Startup folder already; why doesn't Windows force programs to use that?
2. Users tend to be kept in the dark about important features in the Windows OS. I put IE5 on my computer at home without paying attention to the Windows Scripting Host aspect; don't you think that if another executable format is being added to my system I'd like to know about it? This is a feature I neither want nor need (and, actually, so is IE5...)
3. Crucial system features and files can be casually modified without tripping any alerts. A user on a Windows 9x system is always the equivalent of root. On Linux, you can sandbox the effects of a hostile application somewhat by running it as an unprivileged user.
4. Documents should be documents, not programs. Macros and scripts are nice, but should they really be a part of e-mail? Was plaintext e-mail such a bad thing really?:) When people get a.DOC, aren't they expecting a standard document? Really, I think much of the problem is integration where we don't need it and/or least expect it. Should a HTML page be able to access your hard drive?
The biggest part of the problem is that some users click blindly on attachments that they receive. Many use attachments as part of their job daily and still believe that attachments are only part of the document, not a separate file or executable. Education is the best answer to this, but if Microsoft worked to add better prevention and damage control to their OS we'd all be happier.
1. Many companies chose to/had to shut down their e-mail, or were overloaded to the point where e-mail shut itself down. I'm not sure how much of an effect the virus had on disk space, but it certainly had an effect on bandwidth, server CPU usage, productivity, and security (Loveletter also mailed passwords from Windows out to someone's e-mail account -- I wasn't able to analyze this part because I couldn't get my hands on the.EXE that did it.) All of the computers it hit have to be cleaned with a virus scanner (or manually by someone who examined the virus), probably by a computer tech. I'm guessing many passwords will have to be changed also, not to mention the warnings that had to be circulated around. We weren't affected that strongly, but we did have to drop what we were doing for the day to help out clients.
2. If you're a web page designer, the.jpg and.jpeg thing could hurt. If you are big on the Windows Host Scripting thing the.vbs part would hurt. Then again, if you do either you should already know enough to be careful of attachments...
3. Employees everywhere are going to have to dig deep into their pockets and pay Lars now. This might be the break Metallica needs to get out of those cardboard boxes on the side of the road and back into the penthouse.
So, the 'backdoor' in IIS is 50% jumping to conclusions and 50% media hype. The reason the 'weenies' string is in two.DLLs is because one belongs to IIS (the server) and one to Visual InterDev (the client), and one obfuscates a request before sending and the other one deobfuscates the request before interpreting it, AFAIK. Mystery solved; now we have no more to fear from running programs that we can't examine from a monopoly we don't trust.
Regardless of how you feel about the open source movement, doesn't this recent fiasco indicate that (veteran) computer users have a fear about trusting programs that aren't open to peer review? Just because this 'backdoor' was probably a misunderstanding doesn't mean that there aren't security problems with the current model of releasing only binaries.
What do you think the temptation is for someone at Microsoft, knowing the vast number of computers Windows is going to be preinstalled on, to intentionally add a flaw to a range check or otherwise backdoor the code in a less-than-obvious way? This can happen with open source too, of course, but with a greater risk of detection -- with closed source, we've got no choice but to accept that our vendors have our best interests at heart. And if that doesn't send chills up your spine...
In elementary school, when a few kids would screw around at lunchtime, none of us got recess. In high school, when someone defaced a bathroom it got locked. All of our local convenience stores had signs up that said 'No more than three students in the store at a time.' in an attempt to deter a few shoplifters by discriminating against an entire age group.
What do all of these reactions (and this IRC strike) have in common? They got people who had no connection to creating the problem and no way of resolving it to resent the people in control of the situation. This unfocused 'strike' isn't going to discourage the problems; rather, it'll drive people away from one of the net's few remaining useful non-commercial resources. What are you running an IRC server for if you're going to be this spiteful to users who have never caused a problem? I mean, I appreciate the fact that these servers are available for free public use (though I quit using them three years ago) but if all it takes is a script kiddie to get you to yank your servers off the net for a day it might be time to leave the scene to someone with a bit more mettle.
Don't get me wrong; I'd feel bad if Amazon went under, got bought out by a corporation like AOL or Wal-Mart, or got swallowed by the earth in a massive earthquake. But I still think that patenting something as generic as one-click shopping is like patenting the concept of a circle -- this just isn't a process complex enough that others couldn't easily arrive at it independently. The fact that this was allowed to slide through the patenting process worries me even more. Sure, Amazon -might- have bought themselves some protection from a mega corporation taking their 'idea' and running them out of business, but they did it at the expense of every other online storefront.
What do you think... is this beneficial or detrimental to the average consumer in the long run?
I understand the irritation many people feel at seeing this sort of scenario. You look at two products that are almost physically identical and figure that the company is screwing the people that need the extra functionality because, obviously, the difference in price isn't caused by any additional difficulty in the physical fabrication of the RAID controller. If all we have to do is a bit of soldering and a BIOS flash, how hard could it be for the company, right?
It might be the case that the real difference between the two cards is the development of the software for the BIOS. An additional possibility is that Promise is giving the folks purchasing the ATA-66 a deal and recouping the losses (or lesser profits) on their RAID controllers. I believe that the reason the cards are so similar wasn't an accident, but the result of some clever engineering on Promise's part to keep the price of fabrication down. The profits are necessary to keep the employees happy, increase growth, and encourage future development of new technology.
I don't think that this story is going to cause Promise any substantial losses, as I think companies going with IDE RAID (all five of them) would rather buy a professionally fabricated card for their production environment instead of having one soldered together by the company hacker. The majority of people who are going to exploit this are the folks who think it's pretty cool that this is all it takes to get IDE RAID out of a $20 card. Unfortunately, I think Promise will get both paranoid about potental losses and pissed off at the people pirating their BIOSes. I expect them to redesign their cards, making them a bit tougher to get properly implemented under Linux (which is what I care about, ultimately).
As I understand it, region encoding was created in large part to prevent DVDs sold in one region from being purchased in another region where they are not available because the movie is still in theatres.
So... if it becomes illegal, do you think it'll be more likely that movie releases will actually occur at the same time in, say, the U.S. and the U.K.? Given the amount of risk this would add onto playing horrible movies (disappointing several nations simultaneously) this might actually encourage the production of one or two decent ones!
Just a thought. I guess I'm getting a bit cynical about having to choose between the 'marketing hype' movie and the 'generation-x' movie every time.
Don't get me wrong... I don't mind the idea of having an easy-to-use window manager (though I like Enlightenment) but isn't all of this competition over developing The Right Window Manager just going to create more confusion in interface design for Xwindows applications?
This is one of those cases where I wish the designers could all just sit down together, talk about the current situation, and come up with a reasonable compromise. I like the ability to pick what I work with, but IMHO the competition in designing window managers is going to make it harder for Xwindows application designers to make their programs function robustly and consistently across different environments. Perhaps Xwindows itself could use some reworking for ease-of-use...?
Slashdot Mirror
---
The poll asked the question "Has Microsoft's marketing strategies harmed consumers?" and right now reads 31% Yes, 69% No. Are that many people really thinking that the Microsoft way is the best way? Or have they simply forgotten about the trail of failed businesses with true innovations that Microsoft left in its wake after promising lucrative deals and partnerships and instead stealing their ideas? Perhaps they missed the latest news on Slashdot about how Microsoft is going to cut back on piracy and increase their profits by making us pay twice for their software?
I think Minesweeper was a pretty cool innovation. I'm not so hot on the blue screens, security holes, or the I-own-your-soul EULAs though.
---
People seem to think that we need some radical new paradigm in the way we're doing things in order to indicate progress; Microsoft is all too eager to jump in with a spiffy new standard and a handful of TLAs to placate this crowd and keep us all on the frequent-upgrade track. This is not good innovation (and while I'm talking about Microsoft, this isn't either). Sometimes different and more complex doesn't beat tried-and-true. Can't innovation be combining yesterday's solutions with today's needs to make a new product? Why are people so willing to attach the label of innovation on things that are new but not better?
I work in a Microsoft NT / IBM AS/400 / Linux environment. The AS/400 feels archaic, but does what we need it to. Linux feels archaic, but does what we need it to. Microsoft NT looks good.
---
This is a bit trite, but I'm gonna reply to my own post in case there are others out there reading this that have Outlook users to support. I ran across this page when I was (somewhat cynically) looking for Microsoft's response to this virus. From the page:
Updates to Outlook 97, Outlook 98 and Outlook 2000 are available that make it more difficult to inadvertently launch attachments. The updates provide a more explicit warning dialogue, and prevent attached executables from being launched directly from e-mails; instead, they must be saved to disk and launched as a separate step. The update also is included as part of Office 2000 SR1.
This patch looks like it'll help prevent easy attachment abuse in e-mail, though I wouldn't be surprised to see a variant that gives the end user a set of revised instructions about how to see their valentine. There is only so much Microsoft can do, though... I bet people are still falling for the 'This is (ISP) security. Your account may have been stolen. Please reply via e-mail with your password and credit card number to validate your account. Your cooperation is appreciated.' letters. Hopefully, the amount of attention that this virus has drawn will encourage better user education at the workplace and ISP level.
---
I think your points are valid. Despite my dislike for most things Microsoft, this situation is really the same as someone running any other executable attachment. The virus relied more on social engineering than any operating system weakness to replicate.
I took the opportunity to analyze and comment the entire virus to get a better idea of what this thing was doing to our clients. I tried to think of some things that could be changed in the Windows model to make it tougher for this type of virus to succeed, and came up with the following:
1. The operating system should minimize the kinds of things that can be done behind the user's back. One of my biggest pet peeves is the fact that Windows has several different locations for programs to be triggered at startup (including registry entries like .../Run, .../RunOnce, .../RunServices, and .../RunServicesOnce). We've got a Startup folder already; why doesn't Windows force programs to use that?
2. Users tend to be kept in the dark about important features in the Windows OS. I put IE5 on my computer at home without paying attention to the Windows Scripting Host aspect; don't you think that if another executable format is being added to my system I'd like to know about it? This is a feature I neither want nor need (and, actually, so is IE5...)
3. Crucial system features and files can be casually modified without tripping any alerts. A user on a Windows 9x system is always the equivalent of root. On Linux, you can sandbox the effects of a hostile application somewhat by running it as an unprivileged user.
4. Documents should be documents, not programs. Macros and scripts are nice, but should they really be a part of e-mail? Was plaintext e-mail such a bad thing really? :) When people get a .DOC, aren't they expecting a standard document? Really, I think much of the problem is integration where we don't need it and/or least expect it. Should a HTML page be able to access your hard drive?
The biggest part of the problem is that some users click blindly on attachments that they receive. Many use attachments as part of their job daily and still believe that attachments are only part of the document, not a separate file or executable. Education is the best answer to this, but if Microsoft worked to add better prevention and damage control to their OS we'd all be happier.
---
I can come up with three ways...
1. Many companies chose to/had to shut down their e-mail, or were overloaded to the point where e-mail shut itself down. I'm not sure how much of an effect the virus had on disk space, but it certainly had an effect on bandwidth, server CPU usage, productivity, and security (Loveletter also mailed passwords from Windows out to someone's e-mail account -- I wasn't able to analyze this part because I couldn't get my hands on the .EXE that did it.) All of the computers it hit have to be cleaned with a virus scanner (or manually by someone who examined the virus), probably by a computer tech. I'm guessing many passwords will have to be changed also, not to mention the warnings that had to be circulated around. We weren't affected that strongly, but we did have to drop what we were doing for the day to help out clients.
2. If you're a web page designer, the .jpg and .jpeg thing could hurt. If you are big on the Windows Host Scripting thing the .vbs part would hurt. Then again, if you do either you should already know enough to be careful of attachments...
3. Employees everywhere are going to have to dig deep into their pockets and pay Lars now. This might be the break Metallica needs to get out of those cardboard boxes on the side of the road and back into the penthouse.
---
Regardless of how you feel about the open source movement, doesn't this recent fiasco indicate that (veteran) computer users have a fear about trusting programs that aren't open to peer review? Just because this 'backdoor' was probably a misunderstanding doesn't mean that there aren't security problems with the current model of releasing only binaries.
What do you think the temptation is for someone at Microsoft, knowing the vast number of computers Windows is going to be preinstalled on, to intentionally add a flaw to a range check or otherwise backdoor the code in a less-than-obvious way? This can happen with open source too, of course, but with a greater risk of detection -- with closed source, we've got no choice but to accept that our vendors have our best interests at heart. And if that doesn't send chills up your spine...
What do all of these reactions (and this IRC strike) have in common? They got people who had no connection to creating the problem and no way of resolving it to resent the people in control of the situation. This unfocused 'strike' isn't going to discourage the problems; rather, it'll drive people away from one of the net's few remaining useful non-commercial resources. What are you running an IRC server for if you're going to be this spiteful to users who have never caused a problem? I mean, I appreciate the fact that these servers are available for free public use (though I quit using them three years ago) but if all it takes is a script kiddie to get you to yank your servers off the net for a day it might be time to leave the scene to someone with a bit more mettle.
Am I overreacting?
Don't get me wrong; I'd feel bad if Amazon went under, got bought out by a corporation like AOL or Wal-Mart, or got swallowed by the earth in a massive earthquake. But I still think that patenting something as generic as one-click shopping is like patenting the concept of a circle -- this just isn't a process complex enough that others couldn't easily arrive at it independently. The fact that this was allowed to slide through the patenting process worries me even more. Sure, Amazon -might- have bought themselves some protection from a mega corporation taking their 'idea' and running them out of business, but they did it at the expense of every other online storefront.
What do you think... is this beneficial or detrimental to the average consumer in the long run?
Both arguments in this thread make sense.
I understand the irritation many people feel at seeing this sort of scenario. You look at two products that are almost physically identical and figure that the company is screwing the people that need the extra functionality because, obviously, the difference in price isn't caused by any additional difficulty in the physical fabrication of the RAID controller. If all we have to do is a bit of soldering and a BIOS flash, how hard could it be for the company, right?
It might be the case that the real difference between the two cards is the development of the software for the BIOS. An additional possibility is that Promise is giving the folks purchasing the ATA-66 a deal and recouping the losses (or lesser profits) on their RAID controllers. I believe that the reason the cards are so similar wasn't an accident, but the result of some clever engineering on Promise's part to keep the price of fabrication down. The profits are necessary to keep the employees happy, increase growth, and encourage future development of new technology.
I don't think that this story is going to cause Promise any substantial losses, as I think companies going with IDE RAID (all five of them) would rather buy a professionally fabricated card for their production environment instead of having one soldered together by the company hacker. The majority of people who are going to exploit this are the folks who think it's pretty cool that this is all it takes to get IDE RAID out of a $20 card. Unfortunately, I think Promise will get both paranoid about potental losses and pissed off at the people pirating their BIOSes. I expect them to redesign their cards, making them a bit tougher to get properly implemented under Linux (which is what I care about, ultimately).
As I understand it, region encoding was created in large part to prevent DVDs sold in one region from being purchased in another region where they are not available because the movie is still in theatres.
So... if it becomes illegal, do you think it'll be more likely that movie releases will actually occur at the same time in, say, the U.S. and the U.K.? Given the amount of risk this would add onto playing horrible movies (disappointing several nations simultaneously) this might actually encourage the production of one or two decent ones!
Just a thought. I guess I'm getting a bit cynical about having to choose between the 'marketing hype' movie and the 'generation-x' movie every time.
Don't get me wrong... I don't mind the idea of having an easy-to-use window manager (though I like Enlightenment) but isn't all of this competition over developing The Right Window Manager just going to create more confusion in interface design for Xwindows applications?
This is one of those cases where I wish the designers could all just sit down together, talk about the current situation, and come up with a reasonable compromise. I like the ability to pick what I work with, but IMHO the competition in designing window managers is going to make it harder for Xwindows application designers to make their programs function robustly and consistently across different environments. Perhaps Xwindows itself could use some reworking for ease-of-use...?