Put your wireless net outside the firewall and require users to run a VPN client. (There are very simple clients - even a manager can be trained to do it.)
Treat wireless users as though they were coming in from over the internet and you will have very few, if any problems.
If you're familiar with firewalling, you're familiar with the traffic known as UNTRUST. Wireless is UNTRUST. Treating it any other way is just foolish.
If I were that Internal Auditor, (which I sort of am, at my company,) I'd probably just get NetStumbler and try to connect in the office, in the lobby, from the street outside, across the street with a directional antenna. (All of which I did at my company.) Even transparent proxies can keep logs. If you learn to read them, you'll catch a lot of stuff.
I just hate to see tools that try to make up for deficiencies in basic security procedures without correcting them. Having a wireless network is no different than having an ethernet port on your front porch - sure, it can be a convenience, but you have to be aware of the security implications.
Wait a sec - You know you're running an unsecured wireless network and you want tools to find the 'rogue' people using it? You're going to *buy* this tool?
Why don't you just secure the network?
Even WEP, with all its faults, will keep out casual stumblers. Use a VPN if you need real security.
When I see a wireless network with no WEP and a DHCP server, I see a 'welcome Mat'. I assume it's OK for me to check my mail or browse the web a bit.
In fact, I no longer have to do anything to set up my laptop - Os X Jaguar sets up the connection for me.
There's an old saying that good fences make good neighbors - I think that applies to wireless networks as well...
Cheers, Jim
(PS - Go ahead, be a dork - mod me overrated instead of replying. I no longer care.)
Forward X Window apps through the beauty of ssh. When people talk about the Internet routing around censorship as damage, this is what they mean. Mail me at anything at mmdc dot net if you truly need an unrestricted connection over ssh. I'll set you up (if you can use mozilla over X)...
My mom was an English teacher and she told me once how to get over the Its & It's thing. If you can substitute 'his' in the context and it still sounds sort of ok, use "its".
As someone who's 'website' evolved into an interactive weblog, I happily await the day when the term 'blog' falls into the same pit of disused linguistics as 'cyber', 'breaker, breaker, good buddy' and 'where's the beef'. As for 'Wiki', the very word gives me the heebie-jeebies and makes me wonder if I should give up computers completely.
(As for your sig, I'd say the only reason to use Netscape 7.x instead of Mozilla is if you're still hanging onto those shares of NSCP, just in case...)
Some things about MySQL are inconvenient, like lack of multi-table updates or sub-selects. But, every time I've ever done a database app, it's always been three tiered, so I just work around these limitations in the middle tier.
That's a good way to go about it - I would guess that it will help if you go to change databases at some point - you get wider compatability.
Same thing for people who basically recreate triggers and stored procs as PHP functions - they can re-use them with most any database, even if the new database supports those features.
Maybe in a few years there will be a shift away from including a lot of features in the db engine and towards small size and speed. I'm not holding my breath though...
...for the applications that don't require those things. (Why drive a truck when a bicycle would do?) Oracle is great, don't get me wrong, but I have seen applications spec'd with Oracle maany times when the developers weren't using those things at all. Very often, this is being done with your tax money too. Too many people think that a kickass databse is somehow going to make their crappy schema into a good one. Of course, the whole key is to start with a good design and know the limits of your tools. If you do that, both MySql and Oracle can happily co-exist. Cheers, Jim
They are two different products with two different uses. MySql came along and took away the appeal of using text files as data stores for web applications and such - it gave perl scripters a simple, easy-to-understand database that works pretty darn well.
MySQL is a great product, but only for the things it does well. If you try to make it do things that it can't, of course you're gonna get burned. If you actually *like* databases, you'll probably like PostGres better anyway - don't bother with MySql.
MySql has found its niche. Linux, Apache, Perl/PHP and MySQL are powering thousands of websites right now. I have a few myself and they work well - There is absolutely no need for me to change the database - it just works.
I wouldn't want American Express to start using it today though - they actually *need* the features that Oracle offers.
Not all databases need the kind of bomb-proofing that you can do with Oracle - some applications just need to be able to pull data quickly from simple tables.
The thing that I don't understand though, is why MySql has so much more popular appeal than PostGres - It seemed that one day, everybody just seemed to be using it. Why was that?
First off, apps do not make the OS! If that was true, I'd still be using Windows. I think the beauty of this sort of thing is that it helps people cross over (pun intended.) to linux. Not just end users, mind you, but also the companies that write software. If I was Quicken, I'd be talking to these people to help make sure that Quicken runs great on Linux. For them, it means not scrapping 10 years of development just to gain a 1% share of desktops.
If the CrossOver team can tell them 'Hey, try to avoid these system calls and this DLL and it will work way better,' They just might listen. (It's a lot better than telling them that they need to invest in a KDE development team, a Gnome/GTK development team and of course, a command-line client...) Maybe the managers and the marketing types wouldn't listen, but I bet at least a few of the developers would and code appropriately.
Of couse, I have no idea of the real issues between Windows apps and Crossover - I'm talking through my hat as usual - but I think the general gist of it is not far off.
Those of us over 30 certainly know her stuff, the old stuff anyway, but I wonder how well-known she was to younger people before this. She's got downloads of her stuff on the site, without any DRM nonsense attached. Bravo. She's been on Daypop's blogging top 40 for weeks - by sheer cluefulness, she's probably expanded her audience considerably. She's honest and open and candid. She speaks as one who's seen every aspect of the business since starting as a 15 year old with a controvercial song, way back when. I would guess that I won't be the only one paying a lot more attention to what she says.
Yeah, sure, the people in your company are going to suddenly going to buy you lunch because you got their printer working or reset their password. Sure. Maybe you'll get some half-dead flowers from the cheap florist on the corner or some inane computer-related doo-dad from Office Depot. ("Look! a mouse cover that looks like, get this: a MOUSE!") Good God, I want a sysadmin day where users just LEAVE ME THE HELL ALONE. It's bad enough that I eat my pathetic convenience store sandwich at my desk while trying to watch a downloaded divx of futurama, but some moron, seeing me with my headphones on and half a sandwich in my hand has got to come over and ask for me to print a document or fix her excel macros or update the company web page. ("Nobody's hit the Investor Relations page in a week, I *think* your updates can wait twenty goddamn minutes...")
But yet, if you send them away, you'll pay later...
The best thing to do is to take quiet revenge. Turn off the proxy server. Randomly delete mails with attached spreadsheets. Write perl scripts to rewrite outgoing mails (s/the/teh/g) and on incoming mails as well (s/Regards,/I find you strangely attractive,/g) Send a company-wide notice that the router that handles internet browsing will be down from 2:00 to 4:00 pm for an "LRF Support Module" upgrade. (LRF = Little Rubber Feet.) Then take those two hours to download ISO after ISO of whatever the hell you like. Subscribe everyone in the company to bugtraq - for security's sake... Find new and creative uses for/dev/null When you are asked to push back your vacation a few days, wait until after and let it slip to your boss know that you were supposed to be the Best Man at your brother's wedding, but instead spent that Saturday restoring the backup domain controller. Nope, you ain't gonna get a day - even if you did, you wouldn't enjoy it. Make your own fun...
The way every talks about TCPA/Palladium, you'd think it was the biblical mark of the beast.
No, it's the Business Plan of the beast.
* End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever
* End the trojan horse/worm problem
No. Sorry. I don't want Microsoft scanning or reading my mail. I trust them less than I do the virus writers.
Most of the problems with Windows arise from programs that Microsoft *trusts*.
Why not give me a Windows mail client that *cannot* run embedded code of *any* kind? I can live without JavaScript in my email. I don't need IFrames in my messages. I can save attachments to disk before opening them - so can Joe Sixpack. Do that much and you probably don't need Palladium.
These are important features that Joe sixpack the home user really wants. Nobody likes getting a virus and losing all the information on their Hard Drive.
Joe Sixpack really doesn't matter to Microsoft. Business and Government users do. The thing that stops many business from switching to a real operating system is not the availability of commercial software, it's the dozens of little in-house-developed apps that companies use. Very often these apps have been written by long-gone consultants who left neither the source code nor a forwarding address. So what does the company that uses these apps do? Can they arbitrarily sign the apps and let them run on Palladium-capable machines? If so, can anyone sign any bit of code and make it run? Sort of defeats the purpose, so I guess they won't be doing that...
By jaundicing themselves against the IEEE's implementation of this important standard, the Linux movement is just putting itself behind the curve in computer security.
You're missing a small point about Linux: If you have Linux, you also get the source code. If you make a change to the source and recompile it, it's no longer signed. Patching and recompiling is a necessity that they are not accounting for in this plan. This attitude is dangerous and irresponsible on their part - Go read that story on the spread of Code Red from yesterday - Within hours of the attack, people were writing fixes and workarounds. What if none of these fixes ran, because they weren't properly signed by the original author? Also consider the following: IIS at the time could have been signed and still been just as vulnerable. Code Red used 'Out of the Box' virgin copies of the programs as written by Microsoft and still wreaked havoc on the net. Palladium would have done little if anything to stop this.
Two points: 1.) Microsoft is offering a false sense of security. 2.) Microsoft is offering a false sense of security.
If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?
Do you *really* believe that Linux gets so few viruses now merely because of its smaller user base? One big difference between Linux and Windows is the permission scheme - you can only do what you are allowed to do in Linux. You can't read/write/execute files where you don't have rights. Linux programs run as users - if you don't trust the program, run it under a user with few rights. It's not perfect, but better than what Microsoft is offering.
Now go to a Windows Machine (95/98/ME - others too?). Boot it. When the login screen pops up, hit escape. Hit 'start', 'run' and type 'regedit'. Change whatever you like. That is not good. Microsoft decided that a lack of security was what the user wanted, then later decided to fix this with a bunch of cobbed-on hokey 'enhancements' that do not correct the original problems. Maybe XP and 2000 fix this somewhat, but I wouldn't know - we have 4 XP laptops at my office that I spend LITERALLY an hour a day maintaining for the users. (Wireless networking problems.) No matter how good the OS is, if it doesn't do basic things for my users, it's less than useless - it's counterproductive.
Microsoft is again waving around their heavy hand and people are frightened that they are going to screw things up even more - I know that I am...
Cheers, Jim in Tokyo (Go ahead, mod me 'overrated' - I no longer care...)
Who do you think mom or grandma or little brother/sister is going to believe, Microsoft ads or you? If they have any experience with MS product over the past ten years then they're not going to be inclined to believe anything in a MS ad -- their personal experience tells them MS marketing is geared toward getting the money out of their pocket and MS product is not very good.
I agreee with your spirit and admire your goals, but I have to disagree a bit on that point. Microsoft knows that when the software fails, the user tends to take the blame. When programmers fail, they tend to take the blame. Bad software tends to make people feel stupid - among the programmers reading this, who *hasn't* had the feeling that they are behind the curve because they haven't learned Java yet and aren't quite clear as to what dot-net exactly is or why one should care what it is? Microsoft knows this and has known it for a long time. (Read "Dynamics of Software Development. By Jim McCarthy. Microsoft Press, 1995. ISBN 1556158238.") McCarthy makes numerous references to this dynamic and how it plays upon one's psyche.
By empowering developers and holding their hands through the baby steps (setting up a basic app in VC++ using wizards) MS let developers feel a bit less stupid. Probably that alone secured the future of VC++ for what, the next ten years?
I do a bit of help desk at my job. I get people calling me and telling me that they 'broke' the network or that they 'screwed up' MS Word. They say it with the same shame that they would feel if they got their elbow stuck while putting on their sweater. They take the blame. They feel stupud. They muck around and make things worse before calling me.
Yet I have one user who I've set up with a linux account. She's not technical by nature, yet she's competent. She answers customer email that comes in from the web site, so she tends to get 80% of the viral attachments that come to the whole company. Rather than fight the viruses for this one account, I have her log in to a server using Putty/SSH and start a VNC session and use sylpheed to check that account. Once she got the hang of that, she really likes it - I call her 'hacker chick' since she's the only other one who uses Linux in the company. She likes it. It doesn't crash, it doesn't screw up, it doesn't make her feel stupid. She doesn't have to worry, since I told her that there is no way she can screw up the server with hwr level of permissions.
If the company mandates a Windows-only environment, (impending possibility...) I am sure she would miss it - not because it's free in any sense, but because Linux empowered her and made her more productive. (Didn't make her feel stupid.)
That has got to be the focus - letting people *do stuff*, not issuing LARTs and RTFMs and the usual elitist things that *nix gurus tend to do. If you want to get Linux into the hands of the people, build Linux systems that work. Build systems that work better.
Educate people on a 'want to know' basis only. Now that may sound counter-productive, but if you are like most advocates, you will drown people in philosophy and jargon. Avoid that at all costs if you want to be a true advocate - nothing will turn people off quicker. (If they want to know more, they will ask you or fire up Google, or join a LUG...) I have a couple of friends who are both Windows programmers. Nice guys, but they really didn't care about Linux. They share an apartment and a DSL connection and had gotten quite sick of using Winproxy, so they finally caved in and grabbed an old box to let me set up an IPCop firewall. Actually, one of them did it while I talked him through it on the phone. It works beautifully. They love it. They installed it themselves. They are both now considering dual-boot setups on their machines, since this little router distro setup worked so well. ("What else can you do with this Linux stuff?") Linux has made the transition in their minds from something that is "complicated" to something that "just works".
I just got done writing a proposal for another friend's office to set up a small network - basically a apache/samba/webmin/backup server and another ipcop router. It's a very simple, reasonable setup that will require very little maintenance, yet give them the functionality of $10,000 worth of MS software and state-of-the-art hardware for $400 in used hardware and a couple of ISO downloads. All they will see is how easy it is to use. After a year, I doubt they would be able to find the/etc directory with both hands and a flashlight, yet I believe it will do everything they need it to do and also make them feel pretty smart about their decision. For me right now, *that's* advocacy.
As you said: "I coulda/shoulda/woulda been a preacher but that whole God thing really got it the way." Good point. We should probably take a look at their methods - maybe rent a big tent and travel around the south having all night Linux revivals...
Cheers, Jim in Tokyo
(Go ahead, mod me 'overrated' - I no longer care...)
There was a recent study by a German scientist Dr. Helmut Pottman proving that leaving your PDA in direct sunlight for just 10 minutes a day could erase your PDA's EPROM-chips in just a few weeks. The PDA could start acting erratically in a few days, but they usually lasted for at least two weeks. One way to protect the pda is to put a thin sheet of plastic over it. Helmut discovered this after accidentally placing a sandwich wrapper on top of his PDA.
You could also keep it under your tinfoil hat - that should protect it.
"Thin sheet of plastic" protects it? More so than the thick sheet of plastic that the case is composed of?
"Dr. Helmut Pottman?" Surely he's published his "recent study" on the web somewhere? Show me the link - German's ok, I can read that...
C'mon... You can troll better than this! (Though you might want to send your post to ZDNet - they might fall for it...)
Long ago, I tried hosting the images for a site on Geocities or Tripod or somewhere and the HTML page on my laptop and Ricochet modem. Worked OK, but I noticed one side effect that would seem to be relevant - these sites were re-compressing the images. If you take a jpeg and encode some data steganographically and later the compression is changed, wouldn't that effectively remove the steganographic information? (Correct me if I'm wrong.)
Now, if I was trying to communicate with terrorists this way, pretty much the only safe way would be to put the 'birthday pics' up on a very popular free site - no way I'd post them anywhere that had my name connected to it.
I don't know if the compression thing is common, but couldn't something like that be put pretty transparently into "The Great Firewall"?
Slashdot Mirror
Put your wireless net outside the firewall and require users to run a VPN client. (There are very simple clients - even a manager can be trained to do it.)
Treat wireless users as though they were coming in from over the internet and you will have very few, if any problems.
If you're familiar with firewalling, you're familiar with the traffic known as UNTRUST. Wireless is UNTRUST. Treating it any other way is just foolish.
Cheers,
Jim
If I were that Internal Auditor, (which I sort of am, at my company,) I'd probably just get NetStumbler and try to connect in the office, in the lobby, from the street outside, across the street with a directional antenna. (All of which I did at my company.)
Even transparent proxies can keep logs. If you learn to read them, you'll catch a lot of stuff.
I just hate to see tools that try to make up for deficiencies in basic security procedures without correcting them. Having a wireless network is no different than having an ethernet port on your front porch - sure, it can be a convenience, but you have to be aware of the security implications.
Cheers,
Jim
Wait a sec -
You know you're running an unsecured wireless network and you want tools to find the 'rogue' people using it?
You're going to *buy* this tool?
Why don't you just secure the network?
Even WEP, with all its faults, will keep out casual stumblers. Use a VPN if you need real security.
When I see a wireless network with no WEP and a DHCP server, I see a 'welcome Mat'. I assume it's OK for me to check my mail or browse the web a bit.
In fact, I no longer have to do anything to set up my laptop - Os X Jaguar sets up the connection for me.
There's an old saying that good fences make good neighbors - I think that applies to wireless networks as well...
Cheers,
Jim
(PS - Go ahead, be a dork - mod me overrated instead of replying. I no longer care.)
Goatse.cx [harvard.edu] is A-OK by Chinese authorities, but google isn't???
Goatse's at harvard?
I figued that guy was from Yale...
ssh -X unrestricted.host
is the way to go.
Forward X Window apps through the beauty of ssh. When people talk about the Internet routing around censorship as damage, this is what they mean.
Mail me at anything at mmdc dot net if you truly need an unrestricted connection over ssh.
I'll set you up (if you can use mozilla over X)...
Cheers,
Jim in Tokyo
My mom was an English teacher and she told me once how to get over the Its & It's thing.
;-)
If you can substitute 'his' in the context and it still sounds sort of ok, use "its".
Your welcome.
As someone who's 'website' evolved into an interactive weblog, I happily await the day when the term 'blog' falls into the same pit of disused linguistics as 'cyber', 'breaker, breaker, good buddy' and 'where's the beef'.
As for 'Wiki', the very word gives me the heebie-jeebies and makes me wonder if I should give up computers completely.
(As for your sig, I'd say the only reason to use Netscape 7.x instead of Mozilla is if you're still hanging onto those shares of NSCP, just in case...)
Cheers,
Jim
More men golf.
Think about it.
Actually they're 12-Step programs...
Picture a dozen people on folding chairs in a church basement. A guy stands up.
Guy: "Hi, I'm Larry. I'm a dot net user..."
Group: "Hi Larry!"
Sorry -that just popped into my head when I saw that it was a DNUG - I figured it was for people who wanted to stop using it.
Forgive me, it's late here...
Cheers,
Jim
Some things about MySQL are inconvenient, like lack of multi-table updates or sub-selects. But, every time I've ever done a database app, it's always been three tiered, so I just work around these limitations in the middle tier.
That's a good way to go about it - I would guess that it will help if you go to change databases at some point - you get wider compatability.
Same thing for people who basically recreate triggers and stored procs as PHP functions - they can re-use them with most any database, even if the new database supports those features.
Maybe in a few years there will be a shift away from including a lot of features in the db engine and towards small size and speed. I'm not holding my breath though...
Cheers,
Jim
We're both using it as a database. Right now, in fact...
Everyone reading Slashdot is. A half-million users and I don't see it failing.
As I said before, why use a truck when a bicycle will do the job?
...for the applications that don't require those things.
(Why drive a truck when a bicycle would do?)
Oracle is great, don't get me wrong, but I have seen applications spec'd with Oracle maany times when the developers weren't using those things at all. Very often, this is being done with your tax money too.
Too many people think that a kickass databse is somehow going to make their crappy schema into a good one.
Of course, the whole key is to start with a good design and know the limits of your tools. If you do that, both MySql and Oracle can happily co-exist.
Cheers,
Jim
They are two different products with two different uses.
MySql came along and took away the appeal of using text files as data stores for web applications and such - it gave perl scripters a simple, easy-to-understand database that works pretty darn well.
MySQL is a great product, but only for the things it does well. If you try to make it do things that it can't, of course you're gonna get burned.
If you actually *like* databases, you'll probably like PostGres better anyway - don't bother with MySql.
MySql has found its niche. Linux, Apache, Perl/PHP and MySQL are powering thousands of websites right now. I have a few myself and they work well - There is absolutely no need for me to change the database - it just works.
I wouldn't want American Express to start using it today though - they actually *need* the features that Oracle offers.
Not all databases need the kind of bomb-proofing that you can do with Oracle - some applications just need to be able to pull data quickly from simple tables.
The thing that I don't understand though, is why MySql has so much more popular appeal than PostGres - It seemed that one day, everybody just seemed to be using it. Why was that?
Cheers,
Jim
Dumb name in light of the current state of the world.
They should change it to: 'Terror Chalking'...
First off, apps do not make the OS! If that was true, I'd still be using Windows.
I think the beauty of this sort of thing is that it helps people cross over (pun intended.) to linux.
Not just end users, mind you, but also the companies that write software. If I was Quicken, I'd be talking to these people to help make sure that Quicken runs great on Linux. For them, it means not scrapping 10 years of development just to gain a 1% share of desktops.
If the CrossOver team can tell them 'Hey, try to avoid these system calls and this DLL and it will work way better,' They just might listen. (It's a lot better than telling them that they need to invest in a KDE development team, a Gnome/GTK development team and of course, a command-line client...) Maybe the managers and the marketing types wouldn't listen, but I bet at least a few of the developers would and code appropriately.
Of couse, I have no idea of the real issues between Windows apps and Crossover - I'm talking through my hat as usual - but I think the general gist of it is not far off.
Cheers,
Jim in Tokyo
Those of us over 30 certainly know her stuff, the old stuff anyway, but I wonder how well-known she was to younger people before this.
She's got downloads of her stuff on the site, without any DRM nonsense attached. Bravo.
She's been on Daypop's blogging top 40 for weeks - by sheer cluefulness, she's probably expanded her audience considerably. She's honest and open and candid. She speaks as one who's seen every aspect of the business since starting as a 15 year old with a controvercial song, way back when.
I would guess that I won't be the only one paying a lot more attention to what she says.
Any chance we can get her to run for Senator?
Cheers,
Jim in Tokyo
He doesn't get it either - I feel vindicated...
Cheers,
Jim in Tokyo
Yeah, sure, the people in your company are going to suddenly going to buy you lunch because you got their printer working or reset their password. Sure.
/dev/null
Maybe you'll get some half-dead flowers from the cheap florist on the corner or some inane computer-related doo-dad from Office Depot. ("Look! a mouse cover that looks like, get this: a MOUSE!")
Good God, I want a sysadmin day where users just LEAVE ME THE HELL ALONE. It's bad enough that I eat my pathetic convenience store sandwich at my desk while trying to watch a downloaded divx of futurama, but some moron, seeing me with my headphones on and half a sandwich in my hand has got to come over and ask for me to print a document or fix her excel macros or update the company web page. ("Nobody's hit the Investor Relations page in a week, I *think* your updates can wait twenty goddamn minutes...")
But yet, if you send them away, you'll pay later...
The best thing to do is to take quiet revenge. Turn off the proxy server. Randomly delete mails with attached spreadsheets. Write perl scripts to rewrite outgoing mails (s/the/teh/g) and on incoming mails as well (s/Regards,/I find you strangely attractive,/g)
Send a company-wide notice that the router that handles internet browsing will be down from 2:00 to 4:00 pm for an "LRF Support Module" upgrade. (LRF = Little Rubber Feet.) Then take those two hours to download ISO after ISO of whatever the hell you like.
Subscribe everyone in the company to bugtraq - for security's sake...
Find new and creative uses for
When you are asked to push back your vacation a few days, wait until after and let it slip to your boss know that you were supposed to be the Best Man at your brother's wedding, but instead spent that Saturday restoring the backup domain controller.
Nope, you ain't gonna get a day - even if you did, you wouldn't enjoy it. Make your own fun...
Cheers,
Jim in Tokyo
"What will it say in the newspaper about you when you die? In effect, write your own obituary:"
All-time best answer:
"Gunman shoots nine, then self."
My friens Marc *swears* he said this in an interview.
Cheers,
Jim in Tokyo
The way every talks about TCPA/Palladium, you'd think it was the biblical mark of the beast.
No, it's the Business Plan of the beast.
* End the untrusted binary problem. Viruses will be blacklisted by a remote server - no more email viruses, ever
* End the trojan horse/worm problem
No. Sorry. I don't want Microsoft scanning or reading my mail. I trust them less than I do the virus writers.
Most of the problems with Windows arise from programs that Microsoft *trusts*.
Why not give me a Windows mail client that *cannot* run embedded code of *any* kind?
I can live without JavaScript in my email.
I don't need IFrames in my messages.
I can save attachments to disk before opening them - so can Joe Sixpack. Do that much and you probably don't need Palladium.
These are important features that Joe sixpack the home user really wants. Nobody likes getting a virus and losing all the information on their Hard Drive.
Joe Sixpack really doesn't matter to Microsoft. Business and Government users do. The thing that stops many business from switching to a real operating system is not the availability of commercial software, it's the dozens of little in-house-developed apps that companies use.
Very often these apps have been written by long-gone consultants who left neither the source code nor a forwarding address. So what does the company that uses these apps do? Can they arbitrarily sign the apps and let them run on Palladium-capable machines? If so, can anyone sign any bit of code and make it run? Sort of defeats the purpose, so I guess they won't be doing that...
By jaundicing themselves against the IEEE's implementation of this important standard, the Linux movement is just putting itself behind the curve in computer security.
You're missing a small point about Linux: If you have Linux, you also get the source code. If you make a change to the source and recompile it, it's no longer signed. Patching and recompiling is a necessity that they are not accounting for in this plan.
This attitude is dangerous and irresponsible on their part - Go read that story on the spread of Code Red from yesterday - Within hours of the attack, people were writing fixes and workarounds. What if none of these fixes ran, because they weren't properly signed by the original author?
Also consider the following: IIS at the time could have been signed and still been just as vulnerable. Code Red used 'Out of the Box' virgin copies of the programs as written by Microsoft and still wreaked havoc on the net. Palladium would have done little if anything to stop this.
Two points:
1.) Microsoft is offering a false sense of security.
2.) Microsoft is offering a false sense of security.
If Palladium succeeds, and Linux doesn't follow, then Linux machines will be the only computers that can get viruses. How ironic would that be?
Do you *really* believe that Linux gets so few viruses now merely because of its smaller user base? One big difference between Linux and Windows is the permission scheme - you can only do what you are allowed to do in Linux. You can't read/write/execute files where you don't have rights. Linux programs run as users - if you don't trust the program, run it under a user with few rights. It's not perfect, but better than what Microsoft is offering.
Now go to a Windows Machine (95/98/ME - others too?). Boot it. When the login screen pops up, hit escape. Hit 'start', 'run' and type 'regedit'. Change whatever you like. That is not good. Microsoft decided that a lack of security was what the user wanted, then later decided to fix this with a bunch of cobbed-on hokey 'enhancements' that do not correct the original problems. Maybe XP and 2000 fix this somewhat, but I wouldn't know - we have 4 XP laptops at my office that I spend LITERALLY an hour a day maintaining for the users. (Wireless networking problems.) No matter how good the OS is, if it doesn't do basic things for my users, it's less than useless - it's counterproductive.
Microsoft is again waving around their heavy hand and people are frightened that they are going to screw things up even more - I know that I am...
Cheers,
Jim in Tokyo
(Go ahead, mod me 'overrated' - I no longer care...)
Who do you think mom or grandma or little brother/sister is going to believe, Microsoft ads or you? If they have any experience with MS product over the past ten years then they're not going to be inclined to believe anything in a MS ad -- their personal experience tells them MS marketing is geared toward getting the money out of their pocket and MS product is not very good.
/etc directory with both hands and a flashlight, yet I believe it will do everything they need it to do and also make them feel pretty smart about their decision.
I agreee with your spirit and admire your goals, but I have to disagree a bit on that point. Microsoft knows that when the software fails, the user tends to take the blame. When programmers fail, they tend to take the blame. Bad software tends to make people feel stupid - among the programmers reading this, who *hasn't* had the feeling that they are behind the curve because they haven't learned Java yet and aren't quite clear as to what dot-net exactly is or why one should care what it is?
Microsoft knows this and has known it for a long time. (Read "Dynamics of Software Development. By Jim McCarthy. Microsoft Press, 1995. ISBN 1556158238.") McCarthy makes numerous references to this dynamic and how it plays upon one's psyche.
By empowering developers and holding their hands through the baby steps (setting up a basic app in VC++ using wizards) MS let developers feel a bit less stupid. Probably that alone secured the future of VC++ for what, the next ten years?
I do a bit of help desk at my job. I get people calling me and telling me that they 'broke' the network or that they 'screwed up' MS Word. They say it with the same shame that they would feel if they got their elbow stuck while putting on their sweater. They take the blame. They feel stupud. They muck around and make things worse before calling me.
Yet I have one user who I've set up with a linux account. She's not technical by nature, yet she's competent. She answers customer email that comes in from the web site, so she tends to get 80% of the viral attachments that come to the whole company. Rather than fight the viruses for this one account, I have her log in to a server using Putty/SSH and start a VNC session and use sylpheed to check that account. Once she got the hang of that, she really likes it - I call her 'hacker chick' since she's the only other one who uses Linux in the company. She likes it. It doesn't crash, it doesn't screw up, it doesn't make her feel stupid. She doesn't have to worry, since I told her that there is no way she can screw up the server with hwr level of permissions.
If the company mandates a Windows-only environment, (impending possibility...) I am sure she would miss it - not because it's free in any sense, but because Linux empowered her and made her more productive. (Didn't make her feel stupid.)
That has got to be the focus - letting people *do stuff*, not issuing LARTs and RTFMs and the usual elitist things that *nix gurus tend to do. If you want to get Linux into the hands of the people, build Linux systems that work. Build systems that work better.
Educate people on a 'want to know' basis only. Now that may sound counter-productive, but if you are like most advocates, you will drown people in philosophy and jargon. Avoid that at all costs if you want to be a true advocate - nothing will turn people off quicker. (If they want to know more, they will ask you or fire up Google, or join a LUG...)
I have a couple of friends who are both Windows programmers. Nice guys, but they really didn't care about Linux. They share an apartment and a DSL connection and had gotten quite sick of using Winproxy, so they finally caved in and grabbed an old box to let me set up an IPCop firewall. Actually, one of them did it while I talked him through it on the phone. It works beautifully. They love it. They installed it themselves. They are both now considering dual-boot setups on their machines, since this little router distro setup worked so well. ("What else can you do with this Linux stuff?")
Linux has made the transition in their minds from something that is "complicated" to something that "just works".
I just got done writing a proposal for another friend's office to set up a small network - basically a apache/samba/webmin/backup server and another ipcop router. It's a very simple, reasonable setup that will require very little maintenance, yet give them the functionality of $10,000 worth of MS software and state-of-the-art hardware for $400 in used hardware and a couple of ISO downloads.
All they will see is how easy it is to use. After a year, I doubt they would be able to find the
For me right now, *that's* advocacy.
As you said: "I coulda/shoulda/woulda been a preacher but that whole God thing really got it the way."
Good point. We should probably take a look at their methods - maybe rent a big tent and travel around the south having all night Linux revivals...
Cheers,
Jim in Tokyo
(Go ahead, mod me 'overrated' - I no longer care...)
There was a recent study by a German scientist Dr. Helmut Pottman proving that leaving your PDA in direct sunlight for just 10 minutes a day could erase your PDA's EPROM-chips in just a few weeks. The PDA could start acting erratically in a few days, but they usually lasted for at least two weeks. One way to protect the pda is to put a thin sheet of plastic over it. Helmut discovered this after accidentally placing a sandwich wrapper on top of his PDA.
You could also keep it under your tinfoil hat - that should protect it.
"Thin sheet of plastic" protects it? More so than the thick sheet of plastic that the case is composed of?
"Dr. Helmut Pottman?" Surely he's published his "recent study" on the web somewhere? Show me the link - German's ok, I can read that...
C'mon... You can troll better than this! (Though you might want to send your post to ZDNet - they might fall for it...)
Long ago, I tried hosting the images for a site on Geocities or Tripod or somewhere and the HTML page on my laptop and Ricochet modem. Worked OK, but I noticed one side effect that would seem to be relevant - these sites were re-compressing the images.
If you take a jpeg and encode some data steganographically and later the compression is changed, wouldn't that effectively remove the steganographic information? (Correct me if I'm wrong.)
Now, if I was trying to communicate with terrorists this way, pretty much the only safe way would be to put the 'birthday pics' up on a very popular free site - no way I'd post them anywhere that had my name connected to it.
I don't know if the compression thing is common, but couldn't something like that be put pretty transparently into "The Great Firewall"?
Cheers,
Jim in Tokyo
But I think this falls under the category of "heightened awareness".
Cheers,
Jim in Tokyo