Sharepoint for a heavily subsidized judas goat project to get other.edu s to take a look - massive hidden costs even with deep discounts it killed other, worthier projects. Vendor lock-in. Your data is not yours. And it's a fucking web server.
Symantec Corp Virus Scanner works - at what? Detecting that it is doing nothing to protect the indefensible? To say a product like a virus scanner "works" you imply it provides significant defense. The virus writers have won. None of the vendors can keep up with the deluge. None of them even try to keep up with the new breed (only 5-10 years old by now) of web-based, client-side attacks. There are so many zero-days out that they are now a commodity around which a market has formed.
I don't care to eat you - XP sucks. Its license sucks. Its anti-user misfeatures suck. Vista is a nightmare in that regard. Eat yourself, fanboi. The amount of time I've lost to the suckware under the pretty windows gui could have gone to support something worthwhile with a morally defensible license.
If Windows and MS products are such hot shit, why does MS admit that they aren't fit for any purpose whatsoever? Oh, Linux has the same provision in its license? Gee, I'll go demand my money back. Got it.
from Corregidor to Bataan in WWII. I don't think the US and Allied prisoners enjoyed following it much.
Window 95 - the last Consumer OS before merging with NT.
Windows 95 OSR2, ditto.
Windows 98, ditto.
Windows 98 SE, ditto.
Windows ME, yeppers.
Thanks for the precision and accuracy! And for the extra dimensions in the test cases.
Sure, MS provides you a roadmap, but it's for a different city! Even they don't know where the fsck they are going. I was testing a BackOffice product back in the day. They gutted the feature set to get it out the door ahead of the immanent release of NT 5, and only beat it by 18 months.
Forced upgrades through strategic backward incompatibility, useless duplicate licenses because nobody can track the ones that come with OEM pcs. Oh yeah, give it to me.
They scrapped all the new development and retrenched to get something out the door, based on the win 2003 code base. I think this was discussed in the famous, "I'd buy a Mac" email from Jim Allchin.
I have a Win2k vm running on an Ubuntu VMware host.
There comes a point after successive rounds of intensifying hostility to the customer that this customer flips them the bird.
Has there been a significant step in the evolution of the MS EULA that has been in the customer's favor? I'm not aware of one. Having run out of scope to do harm with the license, now the violation is baked into the OS. No thanks.
(Interesting Freudian typo - I wrote "evilution" at first...)
I'm not exactly a anti-government nutcase, but I do recognize where a legislature + bureaucracy routinely fsck up. Hell, even smart people screw up security assessments.
I agree with Richard Bejtlich's assessment: FISMA is a jobs program for unskilled "security consultants" who can not themselves 'operationally defend' system or network assets. That is to say, it's a boon for paper pushing drones wasting the time of the geeks at the sharp end who can actually make a difference if let alone.
I think you are right - you can get an estimate of costs. But the chance of incurring those costs are not calculable. You simply have to guess. You can probably say one risk is higher than another, but you can't enumerate unpublished zero-days, nor assess which threats have them ready to use against you.
But you get smelly fingers. You can't calculate the probability of a breach because you can't enumerate the threats or the vulnerabilities. How many unpublished zero-days are there for the stuff in your environment? How many hours of unplanned outages will you have this year? Consequently you are just pulling a number out of your ass. I agree you can get some good numbers for the cost of a breach. Not the probability. So you are evaluating a cost times a guess.
There is no security ROI. It is loss-avoidance. It is insurance.
He messed up a lot of people's machines, and he did it for money. I don't have a lot of sympathy, beyond a certain awe at the degree to which he is fucked. His life is pretty much over.
His probation stipulations will probably include not using computers, which when coupled with a felony conviction means he's going to be pretty much fucked in the job market when he gets out. Unless he has a whole bunch of other talents, like, being a Master Chef or something. He is therefore saddled with an unpayable debt. Even if he does pay it off, that's the equivalent of one whole house he won't get to buy. And that has repercussions down the line - who's going to hook up with a jobless loser with insurmountable debt? Added on top of the usual computer geek dating handicap, that's crushing.
He didn't think about the consequences when he attacked 400,000 machines. He probably didn't know he was hitting DoD networks and a hospital. Well, I'm not sure that attacking 400,000 home users wouldn't have still qualified him for this massive pain. Doing evil to a lot of people just because you can and get paid for it merits this kind of response.
A cleanup like he forced is expensive.
Folks - if you are interested and curious about computer security, set up a lab and 0wn the boxen therein to heart's content. Don't fire lots of live ammo indescriminately in densely populated neighborhoods, you dig? You can probably get in on a Capture the Flag haxoring event at a con near you on a nicely isolated network set up for the game. Win a Defcon CTF and I'll have a lot of respect. Being just another botherder does not show any impressive skeelz.
As a former Alaskan resident, I feel more than enough standing to complain about this evil yahoo.
During hearings on oil industry price gouging, Sen. Cantwell wanted to put those testifying under oath. Stevens arrogantly refused. The oil execs promptly and obviously lied throughout the hearings. Stevens made it possible. They basically pissed on the face of the Congress, and by extension, on the American people, and Stevens held their dicks.
Stevens is a scumbag. During hearings on price gouging, Sen. Cantwell wanted to put them under oath Stevens shut her down. Then they lied. Stevens made it possible. They pissed all over Congress, and the U.S. public, and Stevens held their dicks.
Maybe it was different in other projects, but for SMS 2.0 they set the project back 4 months by scrapping the UI and deciding to go with the MMC. A justifiable decision (if the mmc weren't such a user-hostile piece of shit) a year earlier, maybe.
Then the furious push and feature prune to get out the door before NT 5.0. Which they managed by only a year and a half. Seriously: they couldn't get a ship date estimate any better than that?
I saw a lot of folks who were very impressed with themselves and missing some fundamental humanity, folks willing to sabotage the effort to screw a personal enemy, folks passionate about that which could not sustain passion. Stepford.
There were some brilliant folks, but they were vastly outnumbered by the folks who only thought they were brilliant.
The only thing impressive about the place, the only reason they can get anything done at all, is a culture where coders are still royalty. They short-circuited the Peter Principle. Rewards and status didn't follow org charts. So a productive programmer could get ahead without becoming a suit.
And come on - when will this shit be enterprise ready? Not in the dancing bear sense - whoa, that's actually running in an enterprise (with a lot of custom code and fabulously expensive consultants and shitty downtime)! But as a natural, logical choice as the best alternative.
There are VERY strong classes offered. You can take Ldap from the guy who wrote the book and Samba from the guy who wrote it (ok, one of many and not Andrew...)
The "Hallway" track is amazing. Soooo many deeply intelligent people who have solved the same problems you might face ONLY FOR A BILLION MACHINES.
It's one conference I'd go to if I had to pay my own way.
Abortions are way up under Bush. I think religious conservatives are much less concerned with babies than with punishing people for having sex. They crave the chance to condemn someone. Hence the cult-like support for an obvious phoney and incompetent whose policies have resulted in more abortions per year than under Clinton. Hence the opposition to family planning, even when that results in more abortions. Hence the opposition to sex ed, even when that results in more abortions. (And how about those chastity pledges! They INCREASE the rate of having sex among teenagers, and also make it much more likely that the resulting sex will be unsafe and spread STDs and lead to pregnancy! But we'll be ideologically pure!)
If something is inalienable, it's not because something/someone flagged it as such. In fact, you have it backwards - if something has been granted, it can be revoked. You just want to tie your particular superstition to my rights, which have no need of your theological support.
And whose the biggest threat to liberty right now? Theocrats in the U.S. and the arab world.
I don't have any stats for DDoS attacks, but the evidence suggests that recruitment of bots has not diminished. Tens of thousands of bots for a low skilled bot herder is common. Hundred K botherds exist.
One vector for bot recruitment is browser exploits. An astonishingly high proportion of websites host hostile pages - by design or through being compromised themselves.
Slashdot Mirror
Uh, yeah.
.edu s to take a look - massive hidden costs even with deep discounts it killed other, worthier projects. Vendor lock-in. Your data is not yours. And it's a fucking web server.
Sharepoint for a heavily subsidized judas goat project to get other
Symantec Corp Virus Scanner works - at what? Detecting that it is doing nothing to protect the indefensible? To say a product like a virus scanner "works" you imply it provides significant defense. The virus writers have won. None of the vendors can keep up with the deluge. None of them even try to keep up with the new breed (only 5-10 years old by now) of web-based, client-side attacks. There are so many zero-days out that they are now a commodity around which a market has formed.
I don't care to eat you - XP sucks. Its license sucks. Its anti-user misfeatures suck. Vista is a nightmare in that regard. Eat yourself, fanboi. The amount of time I've lost to the suckware under the pretty windows gui could have gone to support something worthwhile with a morally defensible license.
If Windows and MS products are such hot shit, why does MS admit that they aren't fit for any purpose whatsoever? Oh, Linux has the same provision in its license? Gee, I'll go demand my money back. Got it.
from Corregidor to Bataan in WWII. I don't think the US and Allied prisoners enjoyed following it much.
Window 95 - the last Consumer OS before merging with NT.
Windows 95 OSR2, ditto.
Windows 98, ditto.
Windows 98 SE, ditto.
Windows ME, yeppers.
Thanks for the precision and accuracy! And for the extra dimensions in the test cases.
Sure, MS provides you a roadmap, but it's for a different city! Even they don't know where the fsck they are going. I was testing a BackOffice product back in the day. They gutted the feature set to get it out the door ahead of the immanent release of NT 5, and only beat it by 18 months.
Forced upgrades through strategic backward incompatibility, useless duplicate licenses because nobody can track the ones that come with OEM pcs. Oh yeah, give it to me.
What a tool.
That bloated pointless "Where We are Taking You Today" piece of crap?
Thank you for reminding me why the occasionally unpolished bits of OO are so worth the trouble.
So this helps redress the balance.
What a great idea.
He didn't make the trains actually run on time, but he took credit for doing so.
Believe it or not, his beard was not actually too tough for American razors, either.
Arguing the contrary at the time would have led to a beating and a massive dose of castor oil. Some fascist thugs have a sense of humor.
They scrapped all the new development and retrenched to get something out the door, based on the win 2003 code base. I think this was discussed in the famous, "I'd buy a Mac" email from Jim Allchin.
s ystems/allchins_buy_a_mac_email_exposed.html
http://www.microsoft-watch.com/content/operating_
I have a Win2k vm running on an Ubuntu VMware host.
There comes a point after successive rounds of intensifying hostility to the customer that this customer flips them the bird.
Has there been a significant step in the evolution of the MS EULA that has been in the customer's favor? I'm not aware of one. Having run out of scope to do harm with the license, now the violation is baked into the OS. No thanks.
(Interesting Freudian typo - I wrote "evilution" at first...)
only to the injured party?
I've used and admired OpenBSD for *years*, and, by extension, its developers. But it really is clear that DeRaadt was wrong here.
The first response is analogous to "You OVERREACTED and committed a (minor) faux pas YOU FUCKING ASSHOLE !!! NEVER OVERREACT YOU INHUMAN "
Kinda odd to excuse that. Weirdly inconsistent.
I'm not exactly a anti-government nutcase, but I do recognize where a legislature + bureaucracy routinely fsck up. Hell, even smart people screw up security assessments.
f ights.html
I agree with Richard Bejtlich's assessment: FISMA is a jobs program for unskilled "security consultants" who can not themselves 'operationally defend' system or network assets. That is to say, it's a boon for paper pushing drones wasting the time of the geeks at the sharp end who can actually make a difference if let alone.
Bejtlich writes it up here: http://taosecurity.blogspot.com/2007/04/fisma-dog
The right assessment metrics assess 0wn4ge, not comprehensiveness of policy documentation.
I think you are right - you can get an estimate of costs. But the chance of incurring those costs are not calculable. You simply have to guess. You can probably say one risk is higher than another, but you can't enumerate unpublished zero-days, nor assess which threats have them ready to use against you.
ROI is a badly broken way to look at security.
But you get smelly fingers. You can't calculate the probability of a breach because you can't enumerate the threats or the vulnerabilities. How many unpublished zero-days are there for the stuff in your environment? How many hours of unplanned outages will you have this year? Consequently you are just pulling a number out of your ass. I agree you can get some good numbers for the cost of a breach. Not the probability. So you are evaluating a cost times a guess.
There is no security ROI. It is loss-avoidance. It is insurance.
Most of us haven't lost our virginity yet.
I have network cards that worked on Win2k that don't on win2k3. WTF?
I have games that won't play in Windows (Max Payne)
I have a wireless card that doesn't work in linux.
He messed up a lot of people's machines, and he did it for money. I don't have a lot of sympathy, beyond a certain awe at the degree to which he is fucked. His life is pretty much over.
His probation stipulations will probably include not using computers, which when coupled with a felony conviction means he's going to be pretty much fucked in the job market when he gets out. Unless he has a whole bunch of other talents, like, being a Master Chef or something. He is therefore saddled with an unpayable debt. Even if he does pay it off, that's the equivalent of one whole house he won't get to buy. And that has repercussions down the line - who's going to hook up with a jobless loser with insurmountable debt? Added on top of the usual computer geek dating handicap, that's crushing.
He didn't think about the consequences when he attacked 400,000 machines. He probably didn't know he was hitting DoD networks and a hospital. Well, I'm not sure that attacking 400,000 home users wouldn't have still qualified him for this massive pain. Doing evil to a lot of people just because you can and get paid for it merits this kind of response.
A cleanup like he forced is expensive.
Folks - if you are interested and curious about computer security, set up a lab and 0wn the boxen therein to heart's content. Don't fire lots of live ammo indescriminately in densely populated neighborhoods, you dig? You can probably get in on a Capture the Flag haxoring event at a con near you on a nicely isolated network set up for the game. Win a Defcon CTF and I'll have a lot of respect. Being just another botherder does not show any impressive skeelz.
That's going to wipe out the profit margin on sales of 20-30 ipods!
It's supported in the linux kernel. I don't know about the bsd's or OSX, and there's a commercial driver for Windows.
For a lot of movies, the naughty bits are all that's worth watching. I'm thinking late night made for cable stuff.
Nobody watches softcore erotic thrillers for the artistic vision.
As a former Alaskan resident, I feel more than enough standing to complain about this evil yahoo.
During hearings on oil industry price gouging, Sen. Cantwell wanted to put those testifying under oath. Stevens arrogantly refused. The oil execs promptly and obviously lied throughout the hearings. Stevens made it possible. They basically pissed on the face of the Congress, and by extension, on the American people, and Stevens held their dicks.
Stevens is a scumbag. During hearings on price gouging, Sen. Cantwell wanted to put them under oath Stevens shut her down. Then they lied. Stevens made it possible. They pissed all over Congress, and the U.S. public, and Stevens held their dicks.
Maybe it was different in other projects, but for SMS 2.0 they set the project back 4 months by scrapping the UI and deciding to go with the MMC. A justifiable decision (if the mmc weren't such a user-hostile piece of shit) a year earlier, maybe.
Then the furious push and feature prune to get out the door before NT 5.0. Which they managed by only a year and a half. Seriously: they couldn't get a ship date estimate any better than that?
I saw a lot of folks who were very impressed with themselves and missing some fundamental humanity, folks willing to sabotage the effort to screw a personal enemy, folks passionate about that which could not sustain passion. Stepford.
There were some brilliant folks, but they were vastly outnumbered by the folks who only thought they were brilliant.
The only thing impressive about the place, the only reason they can get anything done at all, is a culture where coders are still royalty. They short-circuited the Peter Principle. Rewards and status didn't follow org charts. So a productive programmer could get ahead without becoming a suit.
And come on - when will this shit be enterprise ready? Not in the dancing bear sense - whoa, that's actually running in an enterprise (with a lot of custom code and fabulously expensive consultants and shitty downtime)! But as a natural, logical choice as the best alternative.
There are VERY strong classes offered. You can take Ldap from the guy who wrote the book and Samba from the guy who wrote it (ok, one of many and not Andrew...)
The "Hallway" track is amazing. Soooo many deeply intelligent people who have solved the same problems you might face ONLY FOR A BILLION MACHINES.
It's one conference I'd go to if I had to pay my own way.
Abortions are way up under Bush. I think religious conservatives are much less concerned with babies than with punishing people for having sex. They crave the chance to condemn someone. Hence the cult-like support for an obvious phoney and incompetent whose policies have resulted in more abortions per year than under Clinton. Hence the opposition to family planning, even when that results in more abortions. Hence the opposition to sex ed, even when that results in more abortions. (And how about those chastity pledges! They INCREASE the rate of having sex among teenagers, and also make it much more likely that the resulting sex will be unsafe and spread STDs and lead to pregnancy! But we'll be ideologically pure!)
If something is inalienable, it's not because something/someone flagged it as such. In fact, you have it backwards - if something has been granted, it can be revoked. You just want to tie your particular superstition to my rights, which have no need of your theological support.
And whose the biggest threat to liberty right now? Theocrats in the U.S. and the arab world.
I don't have any stats for DDoS attacks, but the evidence suggests that recruitment of bots has not diminished. Tens of thousands of bots for a low skilled bot herder is common. Hundred K botherds exist.
One vector for bot recruitment is browser exploits. An astonishingly high proportion of websites host hostile pages - by design or through being compromised themselves.
Whenever I hear someone reaching for a revolver because they heard the word 'activist' I reach for my glock and start spraying.