Yes, Bruce Schneier called out F-Secure to be praised for it's open criticism of Sony-BMG's rootkit.
However, as I read the article, it seems to me that he was calling all security companies to task for their lack of action in removing Sony's malware.
In that same article.
"... A dangerous and damaging rootkit gets introduced into the wild, and half a million computers get infected before anyone does anything. Who are the security companies really working for?... "
And thus the point I was making about Bruce Schneier already tackling this issue. F-Secure knew about this particular rootkit. They decided to work with Sony to hopefully get a well engineer patch out. That is commendable, but while they were talking with Sony it appears they left many people vulnerable to having this malware make it onto their system.
It's a rock and hard place for F-Secure, but not stoping the install seems to be in conflict with protecting it's customers.
> That's just sad. I especially think the biotech > companies have a duty to pick sides here.
You started covering this in your post, but really it's not just Biotech companies. Every technology company has a interest to pick this up.
Charles Darwin exemplifies the human desire explore and understand the workings of the world around us. These are the kinds of exhibits that might spark some kid into thinking science is damn cool.
Bill Gates complained that there aren't enough students focusing on computer science [and related fields] in college. If all technology companies aren't intersted in fostering this kind of thinking, they should close shop now.
> on-line poker could compete with webcams, but how many people would go through that extent?
How would that solve anything? This just requires a *slightly* more sophisticated 'bot looping through a handful of video clips. I'm sure you can google Gigs of [appropriate] video footage for nothing.
And who didn't see this comming? Just about every MMOG has been plagued by botting, what genius thought Poker would be different?
> So how will they make this fit with the Classic > Trek episode Balance of Terror,...
The answer is: "It won't fit."
We're talking about Berman and Braga, who appear to believe that:
a) classic episodes are best ignored, b) continuity is an annoyance, c) suspension of disbelief is the responsibility of the viewer, not the creative staff.
I'd like to know why...
on
Real Problems
·
· Score: 1
> RealPlayer is forcing Minnesota Public Radio > to look towards Windows Media Player as an > alternative.
My local NPR affiliate, KUOW, does offer it's shows in MP3 format. That means using Linux, MacOS, or Windows, I can listen to their shows using XMMS, iTunes, or CoolPlayer (respectively).
So who/what hell is forcing MPR to look at ANOTHER proprietary solution? Why aren't they being "forced" to look torwards a system agnostic solution?
Wal-mart selling another distro of linux on "their" PC's. That's kinda nifty, but it does make one ask the question: Could this mean they'll get a clue and make their music store compatible with the computing systems they sell?
(Perhaps maybe around the time when we see Mac OS X run natively on a Microtel PC).
At $99, the temptation to buy an XBox becomes pretty strong, but I still couldn't bring myself to spend the dough.
Nintendo, by dropping their price to $99, filled the second-cosole niche early on [and quite nicely]. Besides, I already have a Windows PC dedicated to gaming. Even at $100, I just can't get that worked up about another gaming platform.
The BSA should be required to compensate any organization the resources it takes to comply with their demands. Wether or not the target organization is or isn't in compliance.
If they suddenly had to start paying the time for IT organization spend counting licenses, or in this case investigating an allegation, they'd be way more careful about picking their targets. They couldn't afford to roll through entire cities telling companies to "audit or die."
Why not go about creating a massive amount of GUID's for bogus hardware/software?
It wouldn't be too difficult to create a utility that made it appear as if your system has 274 "ProComp" brand DVD drives, 75 "kmfms" brand hard disks, etc. (and then deleted the information after you were done updating).
> Passing IRP's (IO request packets) between > drivers creates a much more well-defined > interface
Passing around IRPs is no better interface than what some other (well known) OS'es have, and if you've done it, then you know the flaming hoops you have to jump through when you get backed into a corner have to roll your own.
But I agree, the NT kernel is well designed, and at times, Microsoft has executed very well on that design.
SMS text messaging was great for notifying my friends about the birth of my kid -- actually it was the ideal tool.
Basically a bunch of friends, while quite anxious for news, were nice enough to not decend upon us in the hospitial.
When mom and baby were getting some well deserved sleep, it was nice to be able to send a message saying "It's a girl-1:43AM-10.2lb-23in," in silence. I didn't have to leave the room in order to make a bunch of seperate phone calls, nor did I have worry about waking anyone up.
"The document in question seems to suggest that the basis for evaluating products has been long-term customer value, and that's something we agree with. I think our marketing is geared toward that issue, toward long-term customer value."
And now that they have their marketing all fixed up to be a long-term customer value, they're ready to address the long term value of their products -- please stand by for Bill Gates to announce Microsoft's "Value Computing" initiative.
Microsoft (surprisingly) nor IBM seemed terribly negative on OSS databases, including MySQL.
What I came away with was that they think databases like MySQL don't have some key features that are important to enterprises like supporting a massive number of concurrent users or a price tag with a non-zero integer followed by lots of zeros (US$).
Which sorta implies MySQL, Postgres, etc. are great for the other 99.9% of database applications.
Mark Ishikawa said: "We have 100 percent coverage of peer-to-peer file sharing," Ishikawa claims. "If you are illegally sharing copyrighted materials, we know who you are."
Uh-uh. Absolute marketing speak. I'll put BayTSP's 100% coverage in the same category as ZeroSync, and Cryptico.
While I suspect BayTSP might have an effective spider, 100 percent coverage is impossible (DUH!). They don't know if the file sharing is illegal or not. Please, if you represent an organization that thinks the DMCA is a good idea, sink lots of capital into BayTSP.
They don't have a handle on who Jane DeeAchSeePea DialUp is. If they did, they could make far more money by direct marketing than they could being a DMCA tattletale.
They don't know if the web server that just happend to have a gaggle of Ogg files on it is just being used by one bloke who wants to listen his music via the internet at work (instead of slogging CD's around), or is being used to distribute to a wider audience. If they did, then they would be capturing packets which as Mr. Ishikawa stated is wiretapping.
They don't know of the file sharing service they detected is intentional or not - the sharer might not even know that t0rn is installed on their system and they've become a popular source of Britney Spears and N'Sync mp3's. That is, unless they themselves took advantage of a backdoor, which would probably be highly unethical if not illegal.
> encouraging proprietary companies that make > software for Windows to provide a full-featured > equivalent for Linux.
Lessee, I work on software that make Windows act more like Unix.
I'm guessing no matter how good the code or what level of cheapness Linux users exist at, I'm not going to get a boat load of Linux customers willing to pay me for a bash shell, X Server, or nfs client.
Factual fallacies or not, this article does an excellent job of showing [another method] of how the U.S. is slitting it's own throat in the global relations arena.
Forwarding this article onto your state representative with a quick note explaining that laws like the DMCA do little to protect the consumer and plenty to create animosity among technically sophisticated nations would hopefully be at least a little interesting to them.
Slashdot Mirror
However, as I read the article, it seems to me that he was calling all security companies to task for their lack of action in removing Sony's malware.
In that same article.
And thus the point I was making about Bruce Schneier already tackling this issue. F-Secure knew about this particular rootkit. They decided to work with Sony to hopefully get a well engineer patch out. That is commendable, but while they were talking with Sony it appears they left many people vulnerable to having this malware make it onto their system.
It's a rock and hard place for F-Secure, but not stoping the install seems to be in conflict with protecting it's customers.
This has already been said by Bruce Schneier, but...
F-Secure warned Sony about the dangers on October 4th, yet still failed to protect any of it's users in a timely manner.
> That's just sad. I especially think the biotech
> companies have a duty to pick sides here.
You started covering this in your post, but really it's not just Biotech companies. Every technology company has a interest to pick this up.
Charles Darwin exemplifies the human desire explore and understand the workings of the world around us. These are the kinds of exhibits that might spark some kid into thinking science is damn cool.
Bill Gates complained that there aren't enough students focusing on computer science [and related fields] in college. If all technology companies aren't intersted in fostering this kind of thinking, they should close shop now.
> on-line poker could compete with webcams, but how many people would go through that extent?
How would that solve anything? This just requires a *slightly* more sophisticated 'bot looping through a handful of video clips.
I'm sure you can google Gigs of [appropriate] video footage for nothing.
And who didn't see this comming? Just about every MMOG has been plagued by botting, what genius thought Poker would be different?
> So how will they make this fit with the Classic
> Trek episode Balance of Terror,...
The answer is: "It won't fit."
We're talking about Berman and Braga, who appear to believe that:
a) classic episodes are best ignored,
b) continuity is an annoyance,
c) suspension of disbelief is the responsibility of the viewer, not the creative staff.
> RealPlayer is forcing Minnesota Public Radio
> to look towards Windows Media Player as an
> alternative.
My local NPR affiliate, KUOW, does offer it's shows in MP3 format. That means using Linux, MacOS, or Windows, I can listen to their shows using XMMS, iTunes, or CoolPlayer (respectively).
So who/what hell is forcing MPR to look at ANOTHER proprietary solution? Why aren't they being "forced" to look torwards a system agnostic solution?
> though admittedly they are really expensive.
How so?
I bough my 128MB usb drive for $50.
A box of 10 1.44MB floppies runs right around $10 at the local staples/best buy/walmart/.
128MB / 1.44MB = 88.888.. So right around 80 floppies, or $80 worth of floppy boxen.
The USB drive comes out cheaper.
Wal-mart selling another distro of linux on "their" PC's. That's kinda nifty, but it does make one ask the question:
Could this mean they'll get a clue and make their music store compatible with the computing systems they sell?
(Perhaps maybe around the time when we see Mac OS X run natively on a Microtel PC).
At $99, the temptation to buy an XBox becomes pretty strong, but I still couldn't bring myself to spend the dough.
Nintendo, by dropping their price to $99, filled the second-cosole niche early on [and quite nicely]. Besides, I already have a Windows PC dedicated to gaming. Even at $100, I just can't get that worked up about another gaming platform.
I'll take my $100 and buy a couple games.
It would be a PR bonus if Apple is using it's own XServe dogfood to handle the iTunes traffic (and Apple made some noise about it).
> Software is slowly and painfully learning the
> lesson that manufacturing learned a long time
> ago: "Build where you sell".
Oh, you mean like Mackie Designs.?
Does MS really think that people are too stupid to remember what happened less than 2 months ago?
They don't just think it... They count on it.
For example, just pulled from the Microsoft outlook home page:
If you have Outlook version 2002, you already have industry-leading technologies helping to protect your data.
Evidently, Security Bulletin MS03-003 is some of that industry-leading technology.
The BSA should be required to compensate any organization the resources it takes to comply with their demands. Wether or not the target organization is or isn't in compliance.
If they suddenly had to start paying the time for IT organization spend counting licenses, or in this case investigating an allegation, they'd be way more careful about picking their targets. They couldn't afford to roll through entire cities telling companies to "audit or die."
Hmmmm. Actually this could be interesting.
Why not go about creating a massive amount of GUID's for bogus hardware/software?
It wouldn't be too difficult to create a utility that made it appear as if your system has 274 "ProComp" brand DVD drives, 75 "kmfms" brand hard disks, etc. (and then deleted the information after you were done updating).
> Passing IRP's (IO request packets) between
> drivers creates a much more well-defined
> interface
Passing around IRPs is no better interface than what some other (well known) OS'es have, and if you've done it, then you know the flaming hoops you have to jump through when you get backed into a corner have to roll your own.
But I agree, the NT kernel is well designed, and at times, Microsoft has executed very well on that design.
Can I just submit the bug "Doesn't play nicely with bnetd" without having to sign up for the beta.
> The first Microsoft government customer to buy
> access to the Windows source code is Russia...
Wait a minute. I thought way back when Microsoft's internal network was thoroughly compromised, they traced some part of the hack back to a Russian address.
Why on earth would they bother with Microsoft?
Maybe someone took the 1-800-RU Legit too literally?
SMS text messaging was great for notifying my friends about the birth of my kid -- actually it was the ideal tool.
Basically a bunch of friends, while quite anxious for news, were nice enough to not decend upon us in the hospitial.
When mom and baby were getting some well deserved sleep, it was nice to be able to send a message saying "It's a girl-1:43AM-10.2lb-23in," in silence. I didn't have to leave the room in order to make a bunch of seperate phone calls, nor did I have worry about waking anyone up.
From the Yahoo! story:
Internet users can forward spam for FTC investigation to uce@ftc.gov
How many spambots will harvest that address?
How excellent a way is that for spammers to hang themselves?
"The document in question seems to suggest that the basis for evaluating products has been long-term customer value, and that's something we agree with. I think our marketing is geared toward that issue, toward long-term customer value."
And now that they have their marketing all fixed up to be a long-term customer value, they're ready to address the long term value of their products -- please stand by for Bill Gates to announce Microsoft's "Value Computing" initiative.
Kind of a bummer name they picked. The top three things things I do not want my Power Supply to do:
- Flame
- Smoke
- Sparkle
Microsoft (surprisingly) nor IBM seemed terribly negative on OSS databases, including MySQL.
What I came away with was that they think databases like MySQL don't have some key features that are important to enterprises like supporting a massive number of concurrent users or a price tag with a non-zero integer followed by lots of zeros (US$).
Which sorta implies MySQL, Postgres, etc. are great for the other 99.9% of database applications.
Mark Ishikawa said:
"We have 100 percent coverage of peer-to-peer file sharing," Ishikawa claims. "If you are illegally sharing copyrighted materials, we know who you are."
Uh-uh. Absolute marketing speak. I'll put BayTSP's 100% coverage in the same category as ZeroSync, and Cryptico.
While I suspect BayTSP might have an effective spider, 100 percent coverage is impossible (DUH!). They don't know if the file sharing is illegal or not. Please, if you represent an organization that thinks the DMCA is a good idea, sink lots of capital into BayTSP.
They don't have a handle on who Jane DeeAchSeePea DialUp is. If they did, they could make far more money by direct marketing than they could being a DMCA tattletale.
They don't know if the web server that just happend to have a gaggle of Ogg files on it is just being used by one bloke who wants to listen his music via the internet at work (instead of slogging CD's around), or is being used to distribute to a wider audience. If they did, then they would be capturing packets which as Mr. Ishikawa stated is wiretapping.
They don't know of the file sharing service they detected is intentional or not - the sharer might not even know that t0rn is installed on their system and they've become a popular source of Britney Spears and N'Sync mp3's. That is, unless they themselves took advantage of a backdoor, which would probably be highly unethical if not illegal.
> encouraging proprietary companies that make
> software for Windows to provide a full-featured
> equivalent for Linux.
Lessee, I work on software that make Windows act more like Unix.
I'm guessing no matter how good the code or what level of cheapness Linux users exist at, I'm not going to get a boat load of Linux customers willing to pay me for a bash shell, X Server, or nfs client.
Factual fallacies or not, this article does an excellent job of showing [another method] of how the U.S. is slitting it's own throat in the global relations arena.
Forwarding this article onto your state representative with a quick note explaining that laws like the DMCA do little to protect the consumer and plenty to create animosity among technically sophisticated nations would hopefully be at least a little interesting to them.