In terms of the general populace, Microsoft is the one that shipped a GUI to most people.
Ah, so you're arguing that he wasn't *wrong*, he was trying to slip in a *red herring*. By the time Windows was usable, a GUI wasn't "the future", it was "the past".
if you grant me the other seven dwarves are planets: eris, makemake, haumea, sedna, orcus, 2001OR10, quaoar, and the other 100 or so such objects of pluto size likely to be found in the coming decades in the oort cloud
Sure, why wouldn't I be willing to call them planets? Toss in Ceres and Pallas as well.
The solar system only has four planets worth distinguishing, Jupiter, Saturn, Uranus, and Neptune. The rest of the objects in the solar system are too small to retain significant hydrogen and can be dismissed.
With all due respect to software developers I've found that writing software is easy because you tell the computer and it just does. Granted, it'll crash or hang if you instruct it wrong and has no intelligence of its own, but it's nothing like all the ways people circumvent your intentions and exploit your incentives.
I suppose for the very small subset of commercial software where there's no user interface or the users are either (1) yourself or (2) people who think just like you do, that's true. A good part of writing software is trying to think of all the ways people are going to, through malice or foolishness, circumvent your intentions and shoot themselves in the foot... or worse, exploit your interfaces and compromise your customers security.
VPNs are somewhat easier for compromised systems to exploit, since the new endpoint shows up as a new interface... they don't have to go through the modest trouble of exploiting the SSH connection by compromising the executable, they can just run their attacks on internal systems directly through the VPN... the surface area for attack is larger.
On the other hand, if they HAVE compromised the SSH executable, having it wrapped in a VPN isn't going to add much (if any) additional safety.
So all in all, unless you're a true bastard and the VPN is terminated in a DMZ that only has the SSH servers visible (and if so, bravo to you), VPN (with or without SSH) is probably a net loss in security.
Yes, I did say "Microsoft Research has been doing interesting stuff in the past decade or so, but that's more a sign of *increasing* innovation at Microsoft, if anything." TFA was complaining that Microsoft had *become* mired down in infighting. Implying it had been better in some golden age I can't quite remember.
And most of what Microsoft Research does never gets from the "car show" to the "showroom floor".
And it's pretty hard to argue against the fact that Microsoft was the one who shipped a GUI to the most people
You misspelled "Apple, Atari, and Commodore" there. Windows wasn't really usable before the '90s... the Mac, Amiga, and ST had seven good years "delivering the future" before Windows 3.1 shipped. And while the Mac cost more than the PC it was Commodore and Atari who were the lowest bidders back then.
In plain terms, the isolated Tablet was little more than a crippled laptop, and the isolated Pocket PC was almost completely useless.
I disagree. I got my first handheld (it ran PalmOS, as it happened) in January 2000, and it was far from useless. The Pocket PC was far more powerful, and although it suffered from a number of flaws that made it less useful to ME than a Palm it was certainly far from useless.
I must admit that the Pocket PC team didn't seem to really appreciated what they had. I had hoped that the PPCWB meeting late in 2000 might have helped wake them up, and it did to some point. For example, when we arrived, us Palm users immediately beamed our cards to each other (I still have all my cards from that meeting), but it was too inconvenient to do that with teh Pocket PC. PPC 2002 improved that a lot. PPC 2002 also got better character recognition, and other improvements. But it didn't get others... it was still clearly subordinate to the desktop, not a partner. We really got the feeling that the product was being deliberately stunted.
As an aside, when we met the PPC developers several of us asked if we could exchange cards. Only one had their handheld with him, and he hadn't entered his own contact information into it.
I tried switching to the Jornada I got from that meeting. It was a much better book reader than my Palm, but it just wasn't reliable enough for me, so I bought a Sony Clie to replace it and go back to the Palm OS.
Ironically, Palm grabbed all our names and set up a mailing list for us to talk to Palm. They called it "Palm Influencers". So far as I can tell, two years of us talking to Palm led to no indications that we had any influence on them at all. Microsoft proved much better at listening.
Microsoft's strength and weakness has always been that it has allowed any Windows application to run on almost any Windows device with little modification (if any). Windows CE was marketed as "lightweight Windows" but it did not run Windows applications, it ran poor replacements for Windows applications (Pocket Word, Pocket Excel) that were not good enough to replace their PC analogues, but because they were branded as such seemed far inferior.
And yet that is precisely what Apple has provided on the iPhone and will provide on the iPad... a restricted environment with a subset of the functionality of the desktop. And if Microsoft was willing to really put the effort behind going the same route, they could have pulled it off too.
Pocket Word was good enough to replace Word for most users. Pocket Excel was good enough to replace Excel for most users. Microsoft COULD have said that, if they were willing to allow internal competition. But they wouldn't, because they weren't. They didn't WANT the PPC and HPC becoming laptop replacements. They didn't WANT to be in a position of saying you didn't need all the features of Excel (or that you didn't need to upgrade to Office 2000-and-next).
As a good friend of mine recently reminded me, DEC torpedoed themselves because they didn't want to have their own products competing with the VAX. Microsoft is not putting themselves in quite as extreme a position, but what's hurting them is what killed DEC... not internal competition, but the efforts to suppress it.
Any Microsoft Tablet will get asked the question "Will it run Office (well)" where Apple is asked "Will it play music, movies and run Facebook."
If Microsoft was willing to say "you don't need all of office", they could pull it off. But not when they're using the fact that Linux doesn't run Office so effectively in their own astroturf campaigns.
Tablet PC might have become a great product, over the long term, but when it was released NT was far too heavy-weight a product to base it on. Unfortunately the Tablet PC had management's ear, and the more practical (for the time) Pocket PC and Handheld PC lines based on their existing mobile operating system got largely squashed and forced into a secondary role. They could have had something more like the iPad, based on Windows CE, for a more affordable price... with applications targeted for the handheld environment. Instead they got the overpriced Tablet PC.
Why didn't management just let both products proceed as best they could? Because they were trying to PREVENT internal competition.
But the much more important question is why Microsoft, America's most famous and prosperous technology company, no longer brings us the future, whether it's tablet computers like the iPad, e-books like Amazon's Kindle, smartphones like the BlackBerry and iPhone, search engines like Google, digital music systems like iPod and iTunes or popular Web services like Facebook and Twitter.
"no longer"?
When was Microsoft any different?
OK, they had a good compiler and toolchain in the '70s, but actual innovation has never been their forte. Microsoft Research has been doing interesting stuff in the past decade or so, but that's more a sign of *increasing* innovation at Microsoft, if anything.
We got mad for Lucas changing it because it reduced the impact of Han Solo's character growth from a "grey hat"... amoral mercenary and smuggler... to a "white hat" hero of the rebellion.
I have no idea who got mad with Lucas for Han shooting first. It was a clear establishing shot of Han Solo as a badass.
No, it's a simple version of cache that doesn't actually do proper caching. All it does is preloading, and only over part of the device. Most of the volume of the hard disk will have no performance boost at all. You'd almost certainly be better off just having two devices, and using junction points on Windows or soft links on UNIX to move the frequently accessed files to the smaller disk.
I'm not talking about *customers* managing keys at all.
As for Bank of America changing their SSL key to a different CA... well...
Companies do change CAs, on occasion. It's not common, but it does happen. I can't recall it ever making the news. MAYBE if it's Bank of America, but not if it's Lesser Schenectady Credit Union. But LSCU is already too big of a host key change to have a good enough chance of going undetected.
Firstly, SSH requires out-of-band key exchanges. You know, like over a USB stick or something.
For client authentication, yes. For server authentication (which is what the server's SSL key is used for), no. I'm talking about the SSH host key, not your personal key.
No matter how many bits you use, your certificate shouldn't go more than a few years without being renewed, or you put the key at risk of attack.
And you can post that ahead of time, and some people will get a little paranoid about it because they didn't get the message. It's not as *invisible* as SSL server certificates. People are occasionally bothered by it. As a healthy paranoid, I don't see that as a downside.
Thirdly, there would be no mechanism for revoking a certificate once compromised.
Just create a new host key. Again, people will go o_O when it changes on them, and make a fuss, and you'll maybe get a little noise in the blogs over it, but a little noise is not a problem.
If you know that the victim has not visited a given site before you can MITM them undetectably, but the attack doesn't scale. On the other hand the centralized key distribution hierarchy is vulnerable to widespread undetected MITM attacks if the hierarchy is compromised, where the SSH model would produce a large number of suspicious reports in that scenario... leading to the unmasking of the perpetrator.
I suspect that in practice simply following the SSH model would be pretty much as secure and a lot safer from this kind of attack.
That's the model where all keys are effectively "self signed", and you don't check whether the key is signed by a trusted authority... instead you check whether the key has changed, and raise an alert if so.
Using BOTH techniques... alerting people if the key changes whether it's self-signed or centrally signed... seems to be the best solution. That way if CNNIC wants to MITM you they have to be damn sure you haven't already got the real key in hand.
Slashdot Mirror
In terms of the general populace, Microsoft is the one that shipped a GUI to most people.
Ah, so you're arguing that he wasn't *wrong*, he was trying to slip in a *red herring*. By the time Windows was usable, a GUI wasn't "the future", it was "the past".
PS: Damn kids, get off my lawn!
eBook: $10.00
# times you can loan: 0
# years you can own: probably 10
Resale value: $0.00
Paperback: $7.00
# times you can loan: personal best, oh, about 10
# years you can own: personal best, 34
Resale value: personal best, $27.00
Yeh, I can see how eBooks are undercutting paperbacks.
Hardcovers? Who buys hardcovers?
You're right... Because Earth is WAY to small to hold any of that hydrogen stuff...
Jupiter: 89% Hydrogen
Saturn: 96% Hydrogen
Uranus: 83% Hydrogen
Neptune: 80% Hydrogen
Earth: 0.0021% Hydrogen
Yeh, pretty much.
Hmmm. He's certainly not Habilis (handy).
if you grant me the other seven dwarves are planets: eris, makemake, haumea, sedna, orcus, 2001OR10, quaoar, and the other 100 or so such objects of pluto size likely to be found in the coming decades in the oort cloud
Sure, why wouldn't I be willing to call them planets? Toss in Ceres and Pallas as well.
If Pluto's a dog, then what's the deal with Goofy?
The solar system only has four planets worth distinguishing, Jupiter, Saturn, Uranus, and Neptune. The rest of the objects in the solar system are too small to retain significant hydrogen and can be dismissed.
With all due respect to software developers I've found that writing software is easy because you tell the computer and it just does. Granted, it'll crash or hang if you instruct it wrong and has no intelligence of its own, but it's nothing like all the ways people circumvent your intentions and exploit your incentives.
I suppose for the very small subset of commercial software where there's no user interface or the users are either (1) yourself or (2) people who think just like you do, that's true. A good part of writing software is trying to think of all the ways people are going to, through malice or foolishness, circumvent your intentions and shoot themselves in the foot... or worse, exploit your interfaces and compromise your customers security.
VPNs are somewhat easier for compromised systems to exploit, since the new endpoint shows up as a new interface... they don't have to go through the modest trouble of exploiting the SSH connection by compromising the executable, they can just run their attacks on internal systems directly through the VPN... the surface area for attack is larger.
On the other hand, if they HAVE compromised the SSH executable, having it wrapped in a VPN isn't going to add much (if any) additional safety.
So all in all, unless you're a true bastard and the VPN is terminated in a DMZ that only has the SSH servers visible (and if so, bravo to you), VPN (with or without SSH) is probably a net loss in security.
Yes, I did say "Microsoft Research has been doing interesting stuff in the past decade or so, but that's more a sign of *increasing* innovation at Microsoft, if anything." TFA was complaining that Microsoft had *become* mired down in infighting. Implying it had been better in some golden age I can't quite remember.
And most of what Microsoft Research does never gets from the "car show" to the "showroom floor".
And it's pretty hard to argue against the fact that Microsoft was the one who shipped a GUI to the most people
You misspelled "Apple, Atari, and Commodore" there. Windows wasn't really usable before the '90s... the Mac, Amiga, and ST had seven good years "delivering the future" before Windows 3.1 shipped. And while the Mac cost more than the PC it was Commodore and Atari who were the lowest bidders back then.
M80, C80 and L80 were the gold standard on CP/M!
In plain terms, the isolated Tablet was little more than a crippled laptop, and the isolated Pocket PC was almost completely useless.
I disagree. I got my first handheld (it ran PalmOS, as it happened) in January 2000, and it was far from useless. The Pocket PC was far more powerful, and although it suffered from a number of flaws that made it less useful to ME than a Palm it was certainly far from useless.
I must admit that the Pocket PC team didn't seem to really appreciated what they had. I had hoped that the PPCWB meeting late in 2000 might have helped wake them up, and it did to some point. For example, when we arrived, us Palm users immediately beamed our cards to each other (I still have all my cards from that meeting), but it was too inconvenient to do that with teh Pocket PC. PPC 2002 improved that a lot. PPC 2002 also got better character recognition, and other improvements. But it didn't get others... it was still clearly subordinate to the desktop, not a partner. We really got the feeling that the product was being deliberately stunted.
As an aside, when we met the PPC developers several of us asked if we could exchange cards. Only one had their handheld with him, and he hadn't entered his own contact information into it.
I tried switching to the Jornada I got from that meeting. It was a much better book reader than my Palm, but it just wasn't reliable enough for me, so I bought a Sony Clie to replace it and go back to the Palm OS.
Ironically, Palm grabbed all our names and set up a mailing list for us to talk to Palm. They called it "Palm Influencers". So far as I can tell, two years of us talking to Palm led to no indications that we had any influence on them at all. Microsoft proved much better at listening.
Microsoft's strength and weakness has always been that it has allowed any Windows application to run on almost any Windows device with little modification (if any). Windows CE was marketed as "lightweight Windows" but it did not run Windows applications, it ran poor replacements for Windows applications (Pocket Word, Pocket Excel) that were not good enough to replace their PC analogues, but because they were branded as such seemed far inferior.
And yet that is precisely what Apple has provided on the iPhone and will provide on the iPad... a restricted environment with a subset of the functionality of the desktop. And if Microsoft was willing to really put the effort behind going the same route, they could have pulled it off too.
Pocket Word was good enough to replace Word for most users. Pocket Excel was good enough to replace Excel for most users. Microsoft COULD have said that, if they were willing to allow internal competition. But they wouldn't, because they weren't. They didn't WANT the PPC and HPC becoming laptop replacements. They didn't WANT to be in a position of saying you didn't need all the features of Excel (or that you didn't need to upgrade to Office 2000-and-next).
As a good friend of mine recently reminded me, DEC torpedoed themselves because they didn't want to have their own products competing with the VAX. Microsoft is not putting themselves in quite as extreme a position, but what's hurting them is what killed DEC... not internal competition, but the efforts to suppress it.
Any Microsoft Tablet will get asked the question "Will it run Office (well)" where Apple is asked "Will it play music, movies and run Facebook."
If Microsoft was willing to say "you don't need all of office", they could pull it off. But not when they're using the fact that Linux doesn't run Office so effectively in their own astroturf campaigns.
Tablet PC might have become a great product, over the long term, but when it was released NT was far too heavy-weight a product to base it on. Unfortunately the Tablet PC had management's ear, and the more practical (for the time) Pocket PC and Handheld PC lines based on their existing mobile operating system got largely squashed and forced into a secondary role. They could have had something more like the iPad, based on Windows CE, for a more affordable price... with applications targeted for the handheld environment. Instead they got the overpriced Tablet PC.
Why didn't management just let both products proceed as best they could? Because they were trying to PREVENT internal competition.
"no longer"?
When was Microsoft any different?
OK, they had a good compiler and toolchain in the '70s, but actual innovation has never been their forte. Microsoft Research has been doing interesting stuff in the past decade or so, but that's more a sign of *increasing* innovation at Microsoft, if anything.
We got mad for Lucas changing it because it reduced the impact of Han Solo's character growth from a "grey hat"... amoral mercenary and smuggler... to a "white hat" hero of the rebellion.
I have no idea who got mad with Lucas for Han shooting first. It was a clear establishing shot of Han Solo as a badass.
Or you could save your money and make the SSD your system drive and the rotating media your archive.
I'd wait for version 2 or 3, the one that actually uses the SSD as a block level cache with your choice of replacement policies.
No, it's a simple version of cache that doesn't actually do proper caching. All it does is preloading, and only over part of the device. Most of the volume of the hard disk will have no performance boost at all. You'd almost certainly be better off just having two devices, and using junction points on Windows or soft links on UNIX to move the frequently accessed files to the smaller disk.
Grandma managing keys was never on the table, so I still have no idea what you're getting at.
I'm not talking about *customers* managing keys at all.
As for Bank of America changing their SSL key to a different CA... well...
Companies do change CAs, on occasion. It's not common, but it does happen. I can't recall it ever making the news. MAYBE if it's Bank of America, but not if it's Lesser Schenectady Credit Union. But LSCU is already too big of a host key change to have a good enough chance of going undetected.
I would notice of my connection to Bank of America says "Signed by China Telecom."
Really? Without looking, can you tell me who your connection to the Bank of America is supposed to be signed by? Do you actually check every time?
Firstly, SSH requires out-of-band key exchanges. You know, like over a USB stick or something.
For client authentication, yes. For server authentication (which is what the server's SSL key is used for), no. I'm talking about the SSH host key, not your personal key.
No matter how many bits you use, your certificate shouldn't go more than a few years without being renewed, or you put the key at risk of attack.
And you can post that ahead of time, and some people will get a little paranoid about it because they didn't get the message. It's not as *invisible* as SSL server certificates. People are occasionally bothered by it. As a healthy paranoid, I don't see that as a downside.
Thirdly, there would be no mechanism for revoking a certificate once compromised.
Just create a new host key. Again, people will go o_O when it changes on them, and make a fuss, and you'll maybe get a little noise in the blogs over it, but a little noise is not a problem.
There are different failure modes.
If you know that the victim has not visited a given site before you can MITM them undetectably, but the attack doesn't scale. On the other hand the centralized key distribution hierarchy is vulnerable to widespread undetected MITM attacks if the hierarchy is compromised, where the SSH model would produce a large number of suspicious reports in that scenario... leading to the unmasking of the perpetrator.
I suspect that in practice simply following the SSH model would be pretty much as secure and a lot safer from this kind of attack.
That's the model where all keys are effectively "self signed", and you don't check whether the key is signed by a trusted authority... instead you check whether the key has changed, and raise an alert if so.
Using BOTH techniques... alerting people if the key changes whether it's self-signed or centrally signed... seems to be the best solution. That way if CNNIC wants to MITM you they have to be damn sure you haven't already got the real key in hand.