So, they shouldn't report on tech news just because it's reported somewhere else? I'm sure I'm not the only person here who doesn't read WSJ, and this very much does apply to what I do in tech.
Thank you for that elaboration, you put that far more succinctly than I could have (mostly because, while I know they're huge, I didn't really care to actually look up their financial info, but seeing it spelled out is rather...stunning).
While it's good to say ignore everything that doesn't live up to standards, it's not always possible. I had, for instance, set Foxit as our company's default PDF reader, due to it being 1) much faster than Adobe Reader, and 2) not automatically susceptible to the same vulnerabilities as Adobe Reader (which were multitude, and well known and exploited in the wild). When HR set us up with ADP, however, this was forcibly changed: anyone trying to look at their electronic pay statements just got a big red X.
ADP stated this was because they actively block everything other than Adobe Reader's browser plugin (no option to download it). Their reason? Security.
Try to change their mind. It will be like pissing into the wind.
I left Windows due to the impending atrocity that was Vista combined with the road to nowhere that XP was heading on; Microsoft's excessively bad behavior toward the competition and with regards to open standards that seemed to only get worse; to escape vendor lock-in and the inevitable DRM before it got worse; for the security benefits of a UNIX or UNIX-like OS and for more power and control over my machine; as well as to escape having to plop a few hundred dollars down for an OS upgrade (especially when they consist of such duds as Windows ME, Vista and Windows 8). I don't regret it.
Vista was terrible, but in a sense, it was necessary terrible. They broke the way things worked to fix the problems plaguing windows since forever (note: I'm not defending Vista, it was a pile of crap; it did introduce some great technology, though, which is great in its successor).
As for their stance towards open standards, I never thought I'd see the day, but for a change, they are actually getting better with them. Much better.
And with 8, I actually think it is a really good OS. They just needed to either leave out or give an option to bypass the Metro start screen and use the classic Start Menu. Otherwise, it is an incredible upgrade to 7. If only they had that ability to natively get past Metro, I might have actually introduced it to my network. Until they do that, though, I'm not incurring additional training costs for a crappy tablet interface, just for the (admittedly really nice) enhancements in the rest of the OS.
Mind you, I'm not trying to troll you; I'm happy for you that you've managed to escape them. I often wish I had been able to, but I really don't have a choice in the matter (my career pretty much depends on them right now). Just trying to point out that it's not all crap over on this side.
Just turn off the plugin, download PDFs and open them automatically with the reader. That'll even run smoother for both applications, and you get all the reader features instead of a subset.
Except that some sites only display PDFs through the plugin (which I think is silly, but when it's your payroll site, you don't have a choice in the matter). This also ignores the fact that Flash and Silverlight only run as plugins (yes, I know there are ways to download them and run them locally, but frankly, most people (myself included) really don't want to bother with that, as it is a pain in the ass).
This I have to disagree with. Vista's UAC was a really good security design, but only until you put it in front of a user. It was far too noisy, and on things that it never should have needed verification for (user-initiated launching of core, MS signed services; and not being able to pass approval on to other programs). This was fixed in 7.
If I had to install and use Vista again, I would turn off UAC. I've left it on in 7. I use the same programs in both, and I can't stand how noisy it is in Vista.
UAC was a really good idea that was executed badly in its first iteration, which is a common theme with Microsoft. They fixed its issues.
Not to sound snarky, but people actually still use the scroll bars? Seriously, I've not used a scroll bar in years, except on the rare case when I have to use a mouse without a scroll wheel (or a badly designed interface that won't work with the scroll wheel).
The problem with this is failure rate. A five year old PC is more likely to fail, and the cost to repair would be more than it's worth. That alone is worth replacing the machine, before the system fails causing a loss of productivity
The full statement should really be "Redundancy costs money and lack of redundancy costs a lot more money". There is an old saying; you can pay me a little now or a lot later. By definition a critical system is one where the company will lose a lot of money if it goes down and it eventually will. The short sighted decision to not have redundancy is usually a bad one.
This is very true; however, most businesses don't see past the "Redundancy costs money" part, and get caught up in the short-term price rather than looking to the long term one.
Also, saying all of that wasn't quite as pithy as I was shooting for, so...
Showing my ignorance... What about virtualization. I've not done any tinkering with this but can one not run XP or even DOS in a virtual machine hosted by a 64 bit OS?
This can absolutely be done; since any consumer grade 64 bit processor will run a 32 bit OS just fine, the virtualization software doesn't even need to emulate a 32 bit processor, so it is very easy to do. VirtualBox does everything you should want or need at an end-user lever for small scale virtualization like that...I use it all the time and highly recommend it. Plus, it's free.
What will you do when MS ends its support on Windows XP?
Based on past experience, probably complain that Microsoft is trying to force upgrades down people's throats. It's so unethical how they choose not to support every piece of software they wrote until the end of time, you know.
If they included those features in home edition, who would want to buy the more expensive professional edition? It's called price discrimination: The business technique of making sure every customer pays as close as possible to what they are willing to pay, even if customers are willing to pay different amounts.
The features that are included in Pro are much more complex than simply saying "it has AD...". Those parts are maintained by an entire separate team, which costs more money. Since they have to pay devs to maintain both Windows itself and the AD components for Pro, but just the Windows parts for Home, it makes since to change extra. They also have to meet higher standards for reliability, and with integrating into the network at a much larger and complex scale in Pro, otherwise business would not buy. I don't think it is price discrimination to charge your customers only for the parts they use, but charge for all the parts they use.
Dammit...why did you have to put me in a position to defend MS?
Because right now, getting iTunes preview is a HUGE PITA (I think it's itunes.apple.com/something/app-name).
So, can't they just set it up now to be something like "pages.itunes.com"? They would have to do all the same things they would have to with their own TLD, minus the work and cost of setting up a new TLD.
Added benefit: they already own itunes.com, and this way wouldn't cause any added confusion (other than the assumption that you have to have www at the beginning...but that is a simple thing to redirect).
So "a lot of" people are stupid. What are the doing pen testing for anyway? They are too stupid to understand what this is for. A security flaw like this, while it needs fixing, is a non issue if you are using the tool properly. This is not a secure linux distro. Its just a bunch of tools. Installing it serves no purpose, other than some teenage c00l factor cause you are a 1337 haxor. Which you are not, if you are using out of the box pen testing tools.
Or, you have an old, beat up laptop that you use just for pentesting, because it's useless for anything else. Or, you installed it on your good laptop as a VM, so you can more easily save some of the information you uncovered. Just because it isn't something you should do as your permanent, regular install (which I did see a number of dolts in a security class I took do) doesn't mean there aren't perfectly legitimate reasons to install it.
That said, I can't think of any good scenario where this bug would be a concern to people using BackTrack correctly.
Don't you know? Americans cannot be terrorists. Only people who hate America can be terrorists, and they also plot their attacks from outside the country.
Personally, I've always found I like Opera's Dragonfly a lot better that Firefox's Firebug. It seems to be smoother and has better functionality to me.
In Opera, I have to get to something like 60-80 tabs, along with all of my email accounts and RSS feeds, before I get to that point, and it still performs fine.
I just need to get better about closing more tabs...
That's very nice and condescending of you; however, it still doesn't address my point, that Citrix is able to do this over a WAN, so why should there be issues with performance over a LAN?
2. Modern laptops. As in, portable devices with ridiculous amount of resources in them.
I'm not sure I get your point on this one. Can you elaborate on why that is an important point?
How, do you think, VM runs on anything other than high-end VMWare "solutions", and how come, an image is a file on a filesystem? Either, everything runs under the host OS, or with "primary" OS providing management and services from one of VMs while user's image is running from another.
Or, the VM does neither, and simply boots directly to the VM image, which is what I believe was being discussed. There is also no requirement that the VM be hosted on Windows at all. If that OS is never booted, then how does its security issues factor in at all?
Right, from "fucking insecure" to "insecure".
If this were 2004 and we were discussing XP, then I would agree with you whole-heartedly. The fact is that Microsoft has done a lot to change that, and their security model is no longer the joke it once was. I'm still not a fan, and I loathe defending them, but security simply isn't the hot issue it once was with them. Give it a rest already, and move on to one of their other failings. Their licensing model still sucks, for instance...
Slashdot Mirror
So, they shouldn't report on tech news just because it's reported somewhere else? I'm sure I'm not the only person here who doesn't read WSJ, and this very much does apply to what I do in tech.
As my sig says...
Thank you for that elaboration, you put that far more succinctly than I could have (mostly because, while I know they're huge, I didn't really care to actually look up their financial info, but seeing it spelled out is rather...stunning).
While it's good to say ignore everything that doesn't live up to standards, it's not always possible. I had, for instance, set Foxit as our company's default PDF reader, due to it being 1) much faster than Adobe Reader, and 2) not automatically susceptible to the same vulnerabilities as Adobe Reader (which were multitude, and well known and exploited in the wild). When HR set us up with ADP, however, this was forcibly changed: anyone trying to look at their electronic pay statements just got a big red X.
ADP stated this was because they actively block everything other than Adobe Reader's browser plugin (no option to download it). Their reason? Security.
Try to change their mind. It will be like pissing into the wind.
While i agree with you, unfortunately, that is not the world we live in.
ADP.
I left Windows due to the impending atrocity that was Vista combined with the road to nowhere that XP was heading on; Microsoft's excessively bad behavior toward the competition and with regards to open standards that seemed to only get worse; to escape vendor lock-in and the inevitable DRM before it got worse; for the security benefits of a UNIX or UNIX-like OS and for more power and control over my machine; as well as to escape having to plop a few hundred dollars down for an OS upgrade (especially when they consist of such duds as Windows ME, Vista and Windows 8). I don't regret it.
Vista was terrible, but in a sense, it was necessary terrible. They broke the way things worked to fix the problems plaguing windows since forever (note: I'm not defending Vista, it was a pile of crap; it did introduce some great technology, though, which is great in its successor).
As for their stance towards open standards, I never thought I'd see the day, but for a change, they are actually getting better with them. Much better.
And with 8, I actually think it is a really good OS. They just needed to either leave out or give an option to bypass the Metro start screen and use the classic Start Menu. Otherwise, it is an incredible upgrade to 7. If only they had that ability to natively get past Metro, I might have actually introduced it to my network. Until they do that, though, I'm not incurring additional training costs for a crappy tablet interface, just for the (admittedly really nice) enhancements in the rest of the OS.
Mind you, I'm not trying to troll you; I'm happy for you that you've managed to escape them. I often wish I had been able to, but I really don't have a choice in the matter (my career pretty much depends on them right now). Just trying to point out that it's not all crap over on this side.
Just turn off the plugin, download PDFs and open them automatically with the reader. That'll even run smoother for both applications, and you get all the reader features instead of a subset.
Except that some sites only display PDFs through the plugin (which I think is silly, but when it's your payroll site, you don't have a choice in the matter). This also ignores the fact that Flash and Silverlight only run as plugins (yes, I know there are ways to download them and run them locally, but frankly, most people (myself included) really don't want to bother with that, as it is a pain in the ass).
This I have to disagree with. Vista's UAC was a really good security design, but only until you put it in front of a user. It was far too noisy, and on things that it never should have needed verification for (user-initiated launching of core, MS signed services; and not being able to pass approval on to other programs). This was fixed in 7.
If I had to install and use Vista again, I would turn off UAC. I've left it on in 7. I use the same programs in both, and I can't stand how noisy it is in Vista.
UAC was a really good idea that was executed badly in its first iteration, which is a common theme with Microsoft. They fixed its issues.
Not to sound snarky, but people actually still use the scroll bars? Seriously, I've not used a scroll bar in years, except on the rare case when I have to use a mouse without a scroll wheel (or a badly designed interface that won't work with the scroll wheel).
The problem with this is failure rate. A five year old PC is more likely to fail, and the cost to repair would be more than it's worth. That alone is worth replacing the machine, before the system fails causing a loss of productivity
The full statement should really be "Redundancy costs money and lack of redundancy costs a lot more money". There is an old saying; you can pay me a little now or a lot later. By definition a critical system is one where the company will lose a lot of money if it goes down and it eventually will. The short sighted decision to not have redundancy is usually a bad one.
This is very true; however, most businesses don't see past the "Redundancy costs money" part, and get caught up in the short-term price rather than looking to the long term one.
Also, saying all of that wasn't quite as pithy as I was shooting for, so...
My first question would be what is a non-redundant fiber interface doing at such a critical link? To me that is poor system design.
The answer? "Redundancy costs money."
Showing my ignorance... What about virtualization. I've not done any tinkering with this but can one not run XP or even DOS in a virtual machine hosted by a 64 bit OS?
This can absolutely be done; since any consumer grade 64 bit processor will run a 32 bit OS just fine, the virtualization software doesn't even need to emulate a 32 bit processor, so it is very easy to do. VirtualBox does everything you should want or need at an end-user lever for small scale virtualization like that...I use it all the time and highly recommend it. Plus, it's free.
What will you do when MS ends its support on Windows XP?
Based on past experience, probably complain that Microsoft is trying to force upgrades down people's throats. It's so unethical how they choose not to support every piece of software they wrote until the end of time, you know.
If they included those features in home edition, who would want to buy the more expensive professional edition? It's called price discrimination: The business technique of making sure every customer pays as close as possible to what they are willing to pay, even if customers are willing to pay different amounts.
The features that are included in Pro are much more complex than simply saying "it has AD...". Those parts are maintained by an entire separate team, which costs more money. Since they have to pay devs to maintain both Windows itself and the AD components for Pro, but just the Windows parts for Home, it makes since to change extra. They also have to meet higher standards for reliability, and with integrating into the network at a much larger and complex scale in Pro, otherwise business would not buy. I don't think it is price discrimination to charge your customers only for the parts they use, but charge for all the parts they use.
Dammit...why did you have to put me in a position to defend MS?
Because right now, getting iTunes preview is a HUGE PITA (I think it's itunes.apple.com/something/app-name).
So, can't they just set it up now to be something like "pages.itunes.com"? They would have to do all the same things they would have to with their own TLD, minus the work and cost of setting up a new TLD.
Added benefit: they already own itunes.com, and this way wouldn't cause any added confusion (other than the assumption that you have to have www at the beginning...but that is a simple thing to redirect).
So "a lot of" people are stupid. What are the doing pen testing for anyway? They are too stupid to understand what this is for. A security flaw like this, while it needs fixing, is a non issue if you are using the tool properly. This is not a secure linux distro. Its just a bunch of tools. Installing it serves no purpose, other than some teenage c00l factor cause you are a 1337 haxor. Which you are not, if you are using out of the box pen testing tools.
Or, you have an old, beat up laptop that you use just for pentesting, because it's useless for anything else. Or, you installed it on your good laptop as a VM, so you can more easily save some of the information you uncovered. Just because it isn't something you should do as your permanent, regular install (which I did see a number of dolts in a security class I took do) doesn't mean there aren't perfectly legitimate reasons to install it.
That said, I can't think of any good scenario where this bug would be a concern to people using BackTrack correctly.
Don't you know? Americans cannot be terrorists. Only people who hate America can be terrorists, and they also plot their attacks from outside the country.
When I read that, I heard it in W.'s voice.
Who needs explosives? Just wander onto an airplane with a beaker filled with mercury.
They would only let you on with 3 oz. or less.
Personally, I've always found I like Opera's Dragonfly a lot better that Firefox's Firebug. It seems to be smoother and has better functionality to me.
Firebug did always strike me as a bit...piggish.
In Opera, I have to get to something like 60-80 tabs, along with all of my email accounts and RSS feeds, before I get to that point, and it still performs fine.
I just need to get better about closing more tabs...
Brown water from tap is probably from rust, I would think. Feel free to correct me if I'm wrong, though.
There are redshirts, and then there are yellowshirts...
I think the problem here is the brownshirts.
Wait...couldn't they just put these end-to-end, and have the data going around in circles around the network until needed?
1. Citrix. Sane people don't use Citrix products.
That's very nice and condescending of you; however, it still doesn't address my point, that Citrix is able to do this over a WAN, so why should there be issues with performance over a LAN?
2. Modern laptops. As in, portable devices with ridiculous amount of resources in them.
I'm not sure I get your point on this one. Can you elaborate on why that is an important point?
How, do you think, VM runs on anything other than high-end VMWare "solutions", and how come, an image is a file on a filesystem? Either, everything runs under the host OS, or with "primary" OS providing management and services from one of VMs while user's image is running from another.
Or, the VM does neither, and simply boots directly to the VM image, which is what I believe was being discussed. There is also no requirement that the VM be hosted on Windows at all. If that OS is never booted, then how does its security issues factor in at all?
Right, from "fucking insecure" to "insecure".
If this were 2004 and we were discussing XP, then I would agree with you whole-heartedly. The fact is that Microsoft has done a lot to change that, and their security model is no longer the joke it once was. I'm still not a fan, and I loathe defending them, but security simply isn't the hot issue it once was with them. Give it a rest already, and move on to one of their other failings. Their licensing model still sucks, for instance...