Sorry to drag on, but I just thought of another example. Would you consider not putting your hand into fire a learned behavior or common sense?
It's both. It's clearly a learned behavior, because we're not born knowing what fire is...but it's something that we take for granted that all adults know this. I can't think of anything that's considered "common sense" that's not actually a learned behavior. (Although your point on elevating certain specific knowledge to common sense was not lost on me).
What you call 'common sense,' is the result of a mindset shaped by instincts and education that began to be shaped in your childhood...Basically, by not reacting to it in a way that assumes that some people are smarter than labrador retrievers...
Let me make a couple of discliamers. First and foremost, I'm not an angry admin. I'm fully aware that I work for my users...and without them, I wouldn't have a job. I won't walk away from someone mumbling "stupid fucking PHB". My job is to ensure that they are able to the the job done using the equipment that I'm responsible for (at a company with relatively "low-tech" users). Secondly, my personal belief is that the vast majority of people are basically smart enough to do the Right Thing and be responsible for their own actions.
Without replying to each individual point in your message, I'll make a few general statements. I don't expect each employee in my company to just know what's alright and what is not on their first day. However, I do expect them to read and understand our policies -- and all memos that are sent out. They're in plain English, and if they don't understand what's in writing, common sense would dictate that they should find and contact the right person for clarification. Just the same, a car buyer needs to read the manual to their car to understand basic maintenance. Now, things are completely different for an end user at home, they don't have policies, procedures, and memos -- but there are other ways of learning -- and it's not anyone else's responsibility to ensure that they do their homework. If a user does not practice responsible computing, they need to share the blame in getting scammed/hacked/whatever. What speaks for this is that I haven't found or heard of a single occourance of this MyDoom worm in the 700-employee organization where I'm employed. Our users here generally read the documentation and understand the rules.
You're right, all of the behaviors I mention are (on some level or another) learned behaviors (like not crossing the street without looking). However, most are common rules which need to be taken for granted (when driving a car, for example) -- a driver needs to expect that the people on the sidewalk won't all jump out into the street -- that all oncoming cars in the left lane isn't going to swerve and crash into them at once. Reading documentation before using an expensive piece of equipment is a learned behavior. However, it's necessary to take a rule like this for granted. If I buy an expensive piece of machinery, and fail to follow proper operating procedures, thereby breaking the machine -- is it my fault or the manufacturer's? I believe it's my fault. This is what I mean by "common sense".
Finally, did I spell ludacris wrong or something? Let me try to clarify: What's absurd, is the notion that learning how to use a computer is the responsibility of someone other than the end user. Again, it's a little different in an office environment, where certain things need to be spelled out...just the same, in a consumer environment, the user is solely responsible for learning how to properly operate their equipment. Nobody else.
Did this clear things up at all, or does it sound just as techno-elitist as my original post?
But we're not disgussing negligence here, we're discussing the cost of the virus
You make a good point. Mine was sort of offtopic. Just the same -- it's my opinion that whatever cost figures are generated and blamed on a virus is due to negligance (and these numbers are usually used as "shock and awe" numbers by prosecutors, antivirus, lobbing, and other groups). In any case, I still stand by my statement that the nubmers are pointless anyway. They will never make it to any P&L sheet and auditors don't ever look at downtime due to viruses.
The argument I hear the most, without a doubt "Windows gets more viruii because it's more popular". I call bullshit!
The point you make about Apache is an interesting one. However, in the case of this worm, it really is regardless of the system. This is not a case of single-click attachment opening. This is a case of a user being fooled into opening a file. Any dominant desktop OS is vulnerable (since the issue here is one of an incompetant user-base -- it has nothing to do with the OS).
I do agree, however, that Microsoft's top priorities have not involved security -- and that's why we see SQL Server and IIS worms. Just the same, I promise that if Red Hat Linux had the market share that Microsoft Windows has, you'd still see the same amount of worms that depend on social engineering appearing. The weakest point of almost any computer security is the user...and it can be almost universally exploited.
But I pity the millions of people whos PCs are infested with dialers, trojans, browser-infecting gremlims. These are not technical 'viruses' because they don't propagate. But they are very serious time wasters
I'd love to see the same type of numbers released for malware that are released for virus/worm attacks. I work at a 700 employee company. When dealing with desktop support, I spend far more time dealing with removing malware from employees computers than dealing with virus/worm attacks. I hate to say it, but it's about time for malware that needs to be legislated. Preparing for an email worm attack is pretty trivial for an even semi-competent admin -- these worms can just go away. Spyware, on the other hand is a major problem that we do lose time and productivity on.
In reality, an entire office's email system and network can be brought to its knees by such a virus, simply by the amount of traffic it produces.
You are correct that a worm like this can bring a small corporate system to its knees. However, the only reason a run-of-the-mill worm like this would bring a system to it's knees is if an irresposnible sysadmin did not take the necessary precautions to prevent such an attack. The cost associated with "some douche bag writing a virus" should be accounted for by douche bag systems administration practices just as much as the douche bag who wrote the virus. We've seen these before, we will see them again. Not taking precautions is simply irresponsible. Those numbers are a farce, and will never find their way onto any P&L sheet.
So some one is a moron for clicking an attachment just as they are a moron for driving on a flat tire.
Thank you! I couldn't agree more. It's your responsibility to use common sense in this world. If you buy a $20,000 car, it's your responsibility to know what you need to do to maintain it. The same goes for your $2,500 computer. The logic that it's not the user's responsibility to learn this stuff is ludacris. Do you need a sign telling you to look both ways before crossing the street? Of course not! So how is taking responsibility for learning basic "safety" rules for working with a computer any different?
I work for a well-known mail filtering company, and I'm getting a front-row seat for the impact this is having.
I hate to make the assumption, but since you work in that industry, it would seem that you may be a little biased.
In any case, the numbers you provide are exactly how these costs are estimated. However, I think that they're a total farce, and I believe that was the point of the Slashdot feature. Just to hit the tip of the iceberg -- not every employee is paid hourly, and it's not really fair to calculate a salried worker's cost-per-hour. Benefits also have not accounted for an additional 100% of a worker's wages in any company I've ever sorked at or heard of. I'm not totally sure, but I've seen benefits range from 20%-40% of a total compensation package. Finally, you're assuming a worst-case-scenario. In this worst-case-scenario, the example company is totally unprepared, and their security model is weak. Whose fault is that really? The admins at this hypothetical worst-case-scenario company knew that it's an unsafe world, yet they ignored the threats. It's their responsibility, and companies should reecgonize this...maybe there should be some leniancy to account for certain "really creative" attacks that may not have been forseeable...but this isn't one of those circumstances. This is a typical worm attack.
Here's a real world example of what this worm costed the business I work for. We have 700 employees here. When I first saw reports of MyDoom.A the wild, I did a check to see if the ClamAV's signatures were updated with the latest. Then, I checked against my logs to ensure that I had loaded the latest signature. I compared these times to calculate my potential exposure. Next, I ran a scan on my mail server to see if anything made it through (nothing did, however, if it did, I would have contacted individual users (or hav ethem contacted) to ensure that they weren't dumb enough to launch the worm and dealt with the attack accordingly. Finally, I removed all bounce messages for any future instances of the worm. Total lost productivity of our employees? Zero. Sure, there are bounce messages from other servers falsely bouncing back to my employees -- but this is really a minor distraction. Total cost to our IT group? I spent one morning on it (maybe about 2.5-3.5 hours). Maybe I'm not the normal admin, working for a normal company, but I am by no means a super-genius guru. I'm using basic tools in a basic way (no funky scripting, no funky configuration, etc). Even if you include the cost of server-side antivirus software into the cost, ClamAV is free. (A smarter way to stop these attacks would have been to simply block executable attachments -- but some of our users have circumstances which prohibit this).
I agree that employees should not be fired for opening a worm (that was kind of an extreme idea, no?), but I do believe that users should be held responsible on some level -- as a company should be responsible for training them to not open executable attachments.
According to the official site (at 5:00 EST) there are still no ClamAV defs available for the.b variant of this worm (affectionately known as Worm.SCO.*).
Does anyone know where I can grab (and submit) a signature...or a copy of it (without waiting for it to trickle into a user's mailbox)?
What's wrong with sticking up for the underdog? People do it all the time, it's a common behavior. What really is there to actually hate about it? I find it a far stranger behavior when people blindly cheer on the big guy, no matter the situation.
There's absolutely nothing wrong with sticking up for the underdog. I don't remember saying that there was anything to hate about it (although objectivity is important) -- if I did, I probably spoke a little too strongly. However, without trying to attack anyone, I think that this type of non-objectivity does a couple of things: 1. It speaks about one's character. 2. It's an indicator of maturity. 3. It's difficult to bring credibility to a discussion (like this one) when all someone has are opinions with no basis of fact to back it up. It's important to know (and understand) what you're standing up for. Is it OK to stick up for an underdog if they're a mass murderer fighting for freedom (or life) against a big court system? I know that the example is pretty extreme, however it's necessary to demonstrate my point. Just because someone is standing up against odds, doesn't mean that they're right.
All I was trying to say was that it's necessary to examine the facts before determining that the big player is an asshole. I believe that your argument may solidify mine as "blind cheering", either way, is just counterproductive.
Whoops, I stopped reading there. If you want to make a point, it helps to be polite. If you wish to have a dialogue, common courtesy is paramount. However, if you had the balls to get in my face like that in person, I'd probably knock your teeth out.
Considering that the primary issue is that Microsoft's trademark might be diluted it stands to reason that no one in their right mind would confuse Canadian Teenager with Software Bully. Even in the realm of computer software one is clearly distinct from the other
You're absolutely right. It serves to reason that nobody but the world's biggest asshole would confuse the two. However, in court Microsoft would likely see a different side of things. When Gigantic Corporation USA tries the same shit and MSFT tries taking them to court, they would be able cite the MikeRoweSoft.com case. I think that MSFT lawyers would have a hard time telling the court "well, in that other case, you'd have to be an asshole to confuse the two".
All that being said, I forgot to mention that MSFT didn't go after Mike Rowe for trademark infringement...it puts a major hole into my argument. However, I think it's a pretty fair assumption that they may have just taken the path of least resistance on this one.
They would have saved themselves money and time buy just letting the kid keep his domain name and moving on with life. But with all "suits", they just couldn't let it go.
No, they couldn't just let it go. If they did not, they really do risk losing rights to their trademark. This would be a really Bad Thing for Microsoft because 1,000 other Microsofts will pop up. Does trademark apply to homophones? I don't know, but if I were Microsoft, I'd probably try to test it too.
They knew full well that Microsoft(TM) do not have a legal leg to stand on in trying to get Mike Rowe to stop using his own name. If Microsoft thought they were right, do you think they would have caved like this? That would just be inviting domain squatters to taunt them.
First of all, although it's bad publicity, they have a leg to stand on, especially once you realize that this is not only about Mike Rowe using his own name (which it isn't at all...that's been done before with the Uzi Nissan/Nissan.com case). Now I don't know a damn thing about Canadian law (and very little about trademark law anyway) -- but Microsoft has enough cash and lawyers to bankrupt this kid (and his family) -- which means that after they bankrupted Mike Rowe (and his family) they'd win a summary judgement when Mike Rowe failed to show up for court.
Secondly, Microsoft HAS to protect their trademark. This is not a simple case of a kid just using his name...I keep hearing this and I just think it's naive. Check out the Register article from the original slashdot post last week. In it, they paraphrase him as saying he wanted a cool site with a name that sounded like the software giant (my paraphrase). If this is true, Microsoft has a case -- it's NOT just someone's name, and if Mike Rowe actually said this, it proves intent. Now, as far as how trademark law applies to homophones (and this is the crux of the case) -- I don't know. AFAIK, it hasn't even been tested. However, if MSFT's trademark was dilted in any way, or it is even perceivable that their trademark is being tested, MSFT is responsible (to their shareholders) to fight tooth and nail to preserve that trademark. Otherwise, Microsoft's trademark doesn't mean squat under law. If I ran a business that had a trademark to protect, I'd consider doing the same thing.
Instead of looking bad and spending a shitload of money, they ended up looking like nice guys and spending next-to-nothing. Sounds to me like they did the right thing. A win/win situation. This is about the easiest settlement I've ever heard of. Do you think that every time someone settles, it's because they didn't have a leg to stand on? Do you have any idea how much it takes to go to court, especially when you know you will not benefit?
I guess what frustrates me about this (I ranted alot in earlier coverage of this topic) is that this shows where Slashdotters seem to have the hardest time being objective. If they see Microsoft, they immeadately think "those bastards". If a company tries to protect IP or trademark in any way, slashdotters will jump and yell "bastards". If a big company with deep pockets sues a little guy, slashdotters will jump and yell "bastards". If there's ever a dispute over a domain name and a large orginization is involved, Slashdotters are quick to yell "bastards". Sure, alot of these guys are bastards (I'm not Microsoft fan), but it's pretty imporatant to at least try and learn the facts before taking sides.
BTW -- if it's not immeadately clear from the post, IANAL.
too bad piracy statistics only state how many people downloaded it. not how many people actually watched it.
...and when they use those figures to demonstrate lost sales, they fail to calculate how many of those downloaders were actually lost customers. Just because it's worth stealing (click, click), doesn't mean that it's worth buying.
They make you take keys and a certificate of title when you purchase a car, too. This doesn't imply that you're a criminal, rather it proves that you're the owner and protects you against thefts.
An interesting point about the car, however, in the case of software, this does not applpy. Registration keys are decidely not for my protection. They are an inconvenience posed on the user in order to prevent theft of the developer/publisher's IP. It works the same way for newer Microsoft products (like Windows XP and Office XP) -- except that on top of having to type in a code to install the application, I have to electronically register the product. None of this actually protects me from theft.
As far as online gaming goes, however, you do make a good point. Just the same, I don't have to cryptographically register most email accounts -- nor do I have to do this with any other service (my bank doesn't even require it). Is there some reason why video game services need to be handled in a more secure (and more obtrusive) fashion than my bank account? A username/password combo would do just fine (and can be registered with a unique serial number). This way, I can install the application on multiple computers. All the service has to do is verify that only one occurance of the login is allowed to connect to the service. Doesn't this seem a little more fair and reasonable? (Especially in a service-oriented business where my account is linked directly to my credit card).
Um, maybe you'd like to wait for the government actually to do something bad before you start saying "I told you so"?
You mean, like legitimizing spam? What about all the knee-jerk draconian laws that have been enacted to stop script kiddies? Let's also not forget about the DMCA. Federal government regulating computers no workie. I told you so.
Or change your MAC address on your windows box with this utility.
IIRC, the MAC address of your cable/dsl bridge is static. This number is tied to your account, I believe that your IP address may also be tied to this in the logs.
...although I could be wrong, I'm not a network guy
Unfortunately, I don't know much about RealArcade excapt what I can infer from your post (and yah, I'm too lazy to research it before opening my big fat mouth)...but just the same, I'm so with you on keyless media. I'm pretty insulted that it is just assumed that I'm a criminal when I'm really just a paying customer. Furthermore, whether a company develops or licenses a anti-piracy technology -- the consumer ends up footing the bill (I don't care what people say about economics working that way -- I still feel like I'm footing the bill as a consumer).
However, if I can download an ISO image (or four) for $10 less than a retail copy -- sign me up. IMO, the desire to have a pretty box is just part of the desire to have something tangible to go with the IP you got. As far as I'm concerned, I'm only intersted in the intellectual property (unless I can get that cool cloth map you used to get in the early Ultima games). I've already got too much crap, taking up too much of my small space. Having a big box that I have to pay for is kind lame.
Unfortunately, I can't see getting my way. I can understand that my needs are pretty specific and in this case, apply to very few folks.
The thing these kids don't understand is that back in the day, kit was built to last. Old SPARCStation 5's are dead reliable, and if you want a DNS, mail, a web server, a CVS server, whatever, they're perfect for the task. And you can get a lot done with a box like a 10 or a 20, they'll happily support 20 users running terminals, editors, compilers, etc etc. Only thing that's slow is their frame buffers. Buy a modern PC and it's useless in 3 years, it was never made to last.
Those old Sparc5's (or any other cool, old boxes)were cool and all, and I don't mean to be argumentative, but let's be realistic. If you want to run a small to midsized DNS, mail, web, or CVS server, a Sparc5 can handle it very well. Furthermore, the hardware in those boxes is built to a higher standard than most commodity PC hardware....and there will always be significant numbers of geeks out there running small-time Linux servers on old hardware, from commodity PC hardware to old servers. Sure a modern PC is useless for PC-ish stuff within three years (ie running the latest bleeding-edge desktop OS, etc), however, for those same tasks, outdated hardware can be just as well suited to the task.
My point is that anyone who "gets it" (in this sense), will just get it -- those who don't never will. They use their computers for completely different reasons than you and have completely different requirements than you and I. Much of the obselescence of the desktop PC within three years comes from software abstraction keeping pace with faster hardware. Servers don't necessarily have the same fate. It's hard to make a comparison in that sense...especially for people like you who probably know their shit well enough to consider the aforementioned abstraction more of a hinderance than a help. In the mean time, enjoy the pace at which hardware gets faster and cheaper:)
Lay off it. Even Microsoft said that they over-reacted.
No, I won't lay off. If you like, you can drop it though. Fundamentally, Microsoft's statement doesn't change anything. I still think that trademark law should apply to homophones when the intent is to copy (IOW, dilute) a trademark. Microsoft realized that this was bad press -- so instead of paying a huge sum in legal fees, they can look good by paying Mike Rowe handsomely for his domain and silence. In the end, the only thing that will change is that Mike Rowe will get some bucks for his trouble. I've already speculated in this thread that this will be settled out of court. Better for Mike Rowe, better press for MSFT, cheaper for MSFT...and MSFT still gets their way.
Clearly, you didn't bother to look at his site, his history, or his domain name registration. If you had, you would know that his intention is a website design company.
Right -- I didn't read his site, it was slashdotted -- I still haven't read it. I stated this earlier (more than once). Do you have a link to the history which you're referring? In any case, whether or not he even started a website design company has been disputed in this thread. If it is the case, and if he capitalizes, I believe that Microsoft has even more of a case. Also, consider that web development is a similar industry to MS' industries. I totally understand that there's a pretty fat line between the two, but I do not think that most of the world makes this distinguishment. Regardless of the spelling, he can walk into any job interview and say "I'm a MikeRoweSoft consultant" or even state that he's an agent of the company. They may not be suing to prevent this, but it should not be overlooked.
...you offer no proof of this (not even a link to the Register article that you claim to be quoting).
It's become pretty common to expect that when Slashdotters reply to a/. article, that they read the articles referrenced (posters and editors are not impartial). It's hard to have a discussion when we're not talking about the same basic story. That was the Register article referrenced in the original post -- since it was already posted, I didn't feel that I had to relink to it. If you'd like, it's here.
The question remains: has something wrong been done? The essential question is this: Does a registered trademark apply to homophones? And, in this case, non-standard homophones.
You're right -- and I think that you've really hit on the crux of the issue, and I think it comes down to intent...and I believe that Mike Rowe was attempting to capitalize on Microsoft's name. When it comes to Canadian (he was a Canadian, right) law, I have absolutely no idea. However, Canadian legislature seems pretty large business/industry friendly (I'm pulling this out of the tariff on CD-R's). Anyway, IMO, if Mike Rowe really did use the name MikeRoweSoft because it sounded like MSFT (as the Register paraphrase suggested), it really helps to prove case of bad faith. If he sells any business, I think that the burden of proof is on him that he didn't capitalize on MSFT's name on bad faith. A reasonable court would look at intent here, not the fact that it's a homophone.
Gee, this hurts, especially coming from someone who refers to others as "a know-it-all prick".
I probably shouldn't propigate this flamey stuff any further, but I'll bite. First of all, this all came from the fact that you responded to a post without reading it (hell, you replied to a direct response without reading it) -- starting off wondering if I was posting flamebait (IOW, trolling). If you expect a response, expect a response to that (and nothing else). As far as the other posting, that guy was being a know-it-all prick, and I think that you're taking it out of context. Under normal circumstances I'd have let it roll off...but whatever -- we can't take back posts, can we? Finally, how is this self-righteous? How is it my fault that I'm being responded to without posters even attempting to understand what I'm saying (ie, at a minimum, reading the post they're replying to)? Is it self-righteous because I'm not afraid of calling people not willing to see past the fact that it's an unpopular issue regarding an unpopular company (or even take the time to read the facts before deciding that in this case, Microsoft are a bunch of bastards clearly in the wrong)? If that's the case, I reject it on principal.
Slashdot Mirror
Sorry to drag on, but I just thought of another example. Would you consider not putting your hand into fire a learned behavior or common sense?
It's both. It's clearly a learned behavior, because we're not born knowing what fire is...but it's something that we take for granted that all adults know this. I can't think of anything that's considered "common sense" that's not actually a learned behavior. (Although your point on elevating certain specific knowledge to common sense was not lost on me).
Let me make a couple of discliamers. First and foremost, I'm not an angry admin. I'm fully aware that I work for my users...and without them, I wouldn't have a job. I won't walk away from someone mumbling "stupid fucking PHB". My job is to ensure that they are able to the the job done using the equipment that I'm responsible for (at a company with relatively "low-tech" users). Secondly, my personal belief is that the vast majority of people are basically smart enough to do the Right Thing and be responsible for their own actions.
Without replying to each individual point in your message, I'll make a few general statements. I don't expect each employee in my company to just know what's alright and what is not on their first day. However, I do expect them to read and understand our policies -- and all memos that are sent out. They're in plain English, and if they don't understand what's in writing, common sense would dictate that they should find and contact the right person for clarification. Just the same, a car buyer needs to read the manual to their car to understand basic maintenance. Now, things are completely different for an end user at home, they don't have policies, procedures, and memos -- but there are other ways of learning -- and it's not anyone else's responsibility to ensure that they do their homework. If a user does not practice responsible computing, they need to share the blame in getting scammed/hacked/whatever. What speaks for this is that I haven't found or heard of a single occourance of this MyDoom worm in the 700-employee organization where I'm employed. Our users here generally read the documentation and understand the rules.
You're right, all of the behaviors I mention are (on some level or another) learned behaviors (like not crossing the street without looking). However, most are common rules which need to be taken for granted (when driving a car, for example) -- a driver needs to expect that the people on the sidewalk won't all jump out into the street -- that all oncoming cars in the left lane isn't going to swerve and crash into them at once. Reading documentation before using an expensive piece of equipment is a learned behavior. However, it's necessary to take a rule like this for granted. If I buy an expensive piece of machinery, and fail to follow proper operating procedures, thereby breaking the machine -- is it my fault or the manufacturer's? I believe it's my fault. This is what I mean by "common sense".
Finally, did I spell ludacris wrong or something? Let me try to clarify: What's absurd, is the notion that learning how to use a computer is the responsibility of someone other than the end user. Again, it's a little different in an office environment, where certain things need to be spelled out...just the same, in a consumer environment, the user is solely responsible for learning how to properly operate their equipment. Nobody else.
Did this clear things up at all, or does it sound just as techno-elitist as my original post?
You make a good point. Mine was sort of offtopic. Just the same -- it's my opinion that whatever cost figures are generated and blamed on a virus is due to negligance (and these numbers are usually used as "shock and awe" numbers by prosecutors, antivirus, lobbing, and other groups). In any case, I still stand by my statement that the nubmers are pointless anyway. They will never make it to any P&L sheet and auditors don't ever look at downtime due to viruses.
The point you make about Apache is an interesting one. However, in the case of this worm, it really is regardless of the system. This is not a case of single-click attachment opening. This is a case of a user being fooled into opening a file. Any dominant desktop OS is vulnerable (since the issue here is one of an incompetant user-base -- it has nothing to do with the OS).
I do agree, however, that Microsoft's top priorities have not involved security -- and that's why we see SQL Server and IIS worms. Just the same, I promise that if Red Hat Linux had the market share that Microsoft Windows has, you'd still see the same amount of worms that depend on social engineering appearing. The weakest point of almost any computer security is the user...and it can be almost universally exploited.
I'd love to see the same type of numbers released for malware that are released for virus/worm attacks. I work at a 700 employee company. When dealing with desktop support, I spend far more time dealing with removing malware from employees computers than dealing with virus/worm attacks. I hate to say it, but it's about time for malware that needs to be legislated. Preparing for an email worm attack is pretty trivial for an even semi-competent admin -- these worms can just go away. Spyware, on the other hand is a major problem that we do lose time and productivity on.
You are correct that a worm like this can bring a small corporate system to its knees. However, the only reason a run-of-the-mill worm like this would bring a system to it's knees is if an irresposnible sysadmin did not take the necessary precautions to prevent such an attack. The cost associated with "some douche bag writing a virus" should be accounted for by douche bag systems administration practices just as much as the douche bag who wrote the virus. We've seen these before, we will see them again. Not taking precautions is simply irresponsible. Those numbers are a farce, and will never find their way onto any P&L sheet.
Thank you! I couldn't agree more. It's your responsibility to use common sense in this world. If you buy a $20,000 car, it's your responsibility to know what you need to do to maintain it. The same goes for your $2,500 computer. The logic that it's not the user's responsibility to learn this stuff is ludacris. Do you need a sign telling you to look both ways before crossing the street? Of course not! So how is taking responsibility for learning basic "safety" rules for working with a computer any different?
I hate to make the assumption, but since you work in that industry, it would seem that you may be a little biased.
In any case, the numbers you provide are exactly how these costs are estimated. However, I think that they're a total farce, and I believe that was the point of the Slashdot feature. Just to hit the tip of the iceberg -- not every employee is paid hourly, and it's not really fair to calculate a salried worker's cost-per-hour. Benefits also have not accounted for an additional 100% of a worker's wages in any company I've ever sorked at or heard of. I'm not totally sure, but I've seen benefits range from 20%-40% of a total compensation package. Finally, you're assuming a worst-case-scenario. In this worst-case-scenario, the example company is totally unprepared, and their security model is weak. Whose fault is that really? The admins at this hypothetical worst-case-scenario company knew that it's an unsafe world, yet they ignored the threats. It's their responsibility, and companies should reecgonize this...maybe there should be some leniancy to account for certain "really creative" attacks that may not have been forseeable...but this isn't one of those circumstances. This is a typical worm attack.
Here's a real world example of what this worm costed the business I work for. We have 700 employees here. When I first saw reports of MyDoom.A the wild, I did a check to see if the ClamAV's signatures were updated with the latest. Then, I checked against my logs to ensure that I had loaded the latest signature. I compared these times to calculate my potential exposure. Next, I ran a scan on my mail server to see if anything made it through (nothing did, however, if it did, I would have contacted individual users (or hav ethem contacted) to ensure that they weren't dumb enough to launch the worm and dealt with the attack accordingly. Finally, I removed all bounce messages for any future instances of the worm. Total lost productivity of our employees? Zero. Sure, there are bounce messages from other servers falsely bouncing back to my employees -- but this is really a minor distraction. Total cost to our IT group? I spent one morning on it (maybe about 2.5-3.5 hours). Maybe I'm not the normal admin, working for a normal company, but I am by no means a super-genius guru. I'm using basic tools in a basic way (no funky scripting, no funky configuration, etc). Even if you include the cost of server-side antivirus software into the cost, ClamAV is free. (A smarter way to stop these attacks would have been to simply block executable attachments -- but some of our users have circumstances which prohibit this).
I agree that employees should not be fired for opening a worm (that was kind of an extreme idea, no?), but I do believe that users should be held responsible on some level -- as a company should be responsible for training them to not open executable attachments.
According to the official site (at 5:00 EST) there are still no ClamAV defs available for the .b variant of this worm (affectionately known as Worm.SCO.*).
Does anyone know where I can grab (and submit) a signature...or a copy of it (without waiting for it to trickle into a user's mailbox)?
There's absolutely nothing wrong with sticking up for the underdog. I don't remember saying that there was anything to hate about it (although objectivity is important) -- if I did, I probably spoke a little too strongly. However, without trying to attack anyone, I think that this type of non-objectivity does a couple of things: 1. It speaks about one's character. 2. It's an indicator of maturity. 3. It's difficult to bring credibility to a discussion (like this one) when all someone has are opinions with no basis of fact to back it up. It's important to know (and understand) what you're standing up for. Is it OK to stick up for an underdog if they're a mass murderer fighting for freedom (or life) against a big court system? I know that the example is pretty extreme, however it's necessary to demonstrate my point. Just because someone is standing up against odds, doesn't mean that they're right.
All I was trying to say was that it's necessary to examine the facts before determining that the big player is an asshole. I believe that your argument may solidify mine as "blind cheering", either way, is just counterproductive.
Whoops, I stopped reading there. If you want to make a point, it helps to be polite. If you wish to have a dialogue, common courtesy is paramount. However, if you had the balls to get in my face like that in person, I'd probably knock your teeth out.
Right -- I should have been more clear...my bad. Had Microsoft just let it go, (I believe that) it would have been citable.
You're absolutely right. It serves to reason that nobody but the world's biggest asshole would confuse the two. However, in court Microsoft would likely see a different side of things. When Gigantic Corporation USA tries the same shit and MSFT tries taking them to court, they would be able cite the MikeRoweSoft.com case. I think that MSFT lawyers would have a hard time telling the court "well, in that other case, you'd have to be an asshole to confuse the two".
All that being said, I forgot to mention that MSFT didn't go after Mike Rowe for trademark infringement...it puts a major hole into my argument. However, I think it's a pretty fair assumption that they may have just taken the path of least resistance on this one.
No, they couldn't just let it go. If they did not, they really do risk losing rights to their trademark. This would be a really Bad Thing for Microsoft because 1,000 other Microsofts will pop up. Does trademark apply to homophones? I don't know, but if I were Microsoft, I'd probably try to test it too.
First of all, although it's bad publicity, they have a leg to stand on, especially once you realize that this is not only about Mike Rowe using his own name (which it isn't at all...that's been done before with the Uzi Nissan/Nissan.com case). Now I don't know a damn thing about Canadian law (and very little about trademark law anyway) -- but Microsoft has enough cash and lawyers to bankrupt this kid (and his family) -- which means that after they bankrupted Mike Rowe (and his family) they'd win a summary judgement when Mike Rowe failed to show up for court.
Secondly, Microsoft HAS to protect their trademark. This is not a simple case of a kid just using his name...I keep hearing this and I just think it's naive. Check out the Register article from the original slashdot post last week. In it, they paraphrase him as saying he wanted a cool site with a name that sounded like the software giant (my paraphrase). If this is true, Microsoft has a case -- it's NOT just someone's name, and if Mike Rowe actually said this, it proves intent. Now, as far as how trademark law applies to homophones (and this is the crux of the case) -- I don't know. AFAIK, it hasn't even been tested. However, if MSFT's trademark was dilted in any way, or it is even perceivable that their trademark is being tested, MSFT is responsible (to their shareholders) to fight tooth and nail to preserve that trademark. Otherwise, Microsoft's trademark doesn't mean squat under law. If I ran a business that had a trademark to protect, I'd consider doing the same thing.
Instead of looking bad and spending a shitload of money, they ended up looking like nice guys and spending next-to-nothing. Sounds to me like they did the right thing. A win/win situation. This is about the easiest settlement I've ever heard of. Do you think that every time someone settles, it's because they didn't have a leg to stand on? Do you have any idea how much it takes to go to court, especially when you know you will not benefit?
I guess what frustrates me about this (I ranted alot in earlier coverage of this topic) is that this shows where Slashdotters seem to have the hardest time being objective. If they see Microsoft, they immeadately think "those bastards". If a company tries to protect IP or trademark in any way, slashdotters will jump and yell "bastards". If a big company with deep pockets sues a little guy, slashdotters will jump and yell "bastards". If there's ever a dispute over a domain name and a large orginization is involved, Slashdotters are quick to yell "bastards". Sure, alot of these guys are bastards (I'm not Microsoft fan), but it's pretty imporatant to at least try and learn the facts before taking sides.
BTW -- if it's not immeadately clear from the post, IANAL.
Well -- now that I know I can fill my bong up there, I might just consider participating in the first colony. ;0
An interesting point about the car, however, in the case of software, this does not applpy. Registration keys are decidely not for my protection. They are an inconvenience posed on the user in order to prevent theft of the developer/publisher's IP. It works the same way for newer Microsoft products (like Windows XP and Office XP) -- except that on top of having to type in a code to install the application, I have to electronically register the product. None of this actually protects me from theft.
As far as online gaming goes, however, you do make a good point. Just the same, I don't have to cryptographically register most email accounts -- nor do I have to do this with any other service (my bank doesn't even require it). Is there some reason why video game services need to be handled in a more secure (and more obtrusive) fashion than my bank account? A username/password combo would do just fine (and can be registered with a unique serial number). This way, I can install the application on multiple computers. All the service has to do is verify that only one occurance of the login is allowed to connect to the service. Doesn't this seem a little more fair and reasonable? (Especially in a service-oriented business where my account is linked directly to my credit card).
You mean, like legitimizing spam? What about all the knee-jerk draconian laws that have been enacted to stop script kiddies? Let's also not forget about the DMCA. Federal government regulating computers no workie. I told you so.
Whoops, I meant modem, not bridge...my bad -- nice catch.
BTW, FWIW, and completely offtopic, don't managed ports on a switch all have MAC addresses?
IIRC, the MAC address of your cable/dsl bridge is static. This number is tied to your account, I believe that your IP address may also be tied to this in the logs.
Unfortunately, I don't know much about RealArcade excapt what I can infer from your post (and yah, I'm too lazy to research it before opening my big fat mouth)...but just the same, I'm so with you on keyless media. I'm pretty insulted that it is just assumed that I'm a criminal when I'm really just a paying customer. Furthermore, whether a company develops or licenses a anti-piracy technology -- the consumer ends up footing the bill (I don't care what people say about economics working that way -- I still feel like I'm footing the bill as a consumer).
However, if I can download an ISO image (or four) for $10 less than a retail copy -- sign me up. IMO, the desire to have a pretty box is just part of the desire to have something tangible to go with the IP you got. As far as I'm concerned, I'm only intersted in the intellectual property (unless I can get that cool cloth map you used to get in the early Ultima games). I've already got too much crap, taking up too much of my small space. Having a big box that I have to pay for is kind lame.
Unfortunately, I can't see getting my way. I can understand that my needs are pretty specific and in this case, apply to very few folks.
Those old Sparc5's (or any other cool, old boxes)were cool and all, and I don't mean to be argumentative, but let's be realistic. If you want to run a small to midsized DNS, mail, web, or CVS server, a Sparc5 can handle it very well. Furthermore, the hardware in those boxes is built to a higher standard than most commodity PC hardware....and there will always be significant numbers of geeks out there running small-time Linux servers on old hardware, from commodity PC hardware to old servers. Sure a modern PC is useless for PC-ish stuff within three years (ie running the latest bleeding-edge desktop OS, etc), however, for those same tasks, outdated hardware can be just as well suited to the task.
My point is that anyone who "gets it" (in this sense), will just get it -- those who don't never will. They use their computers for completely different reasons than you and have completely different requirements than you and I. Much of the obselescence of the desktop PC within three years comes from software abstraction keeping pace with faster hardware. Servers don't necessarily have the same fate. It's hard to make a comparison in that sense...especially for people like you who probably know their shit well enough to consider the aforementioned abstraction more of a hinderance than a help. In the mean time, enjoy the pace at which hardware gets faster and cheaper :)
No, I won't lay off. If you like, you can drop it though. Fundamentally, Microsoft's statement doesn't change anything. I still think that trademark law should apply to homophones when the intent is to copy (IOW, dilute) a trademark. Microsoft realized that this was bad press -- so instead of paying a huge sum in legal fees, they can look good by paying Mike Rowe handsomely for his domain and silence. In the end, the only thing that will change is that Mike Rowe will get some bucks for his trouble. I've already speculated in this thread that this will be settled out of court. Better for Mike Rowe, better press for MSFT, cheaper for MSFT...and MSFT still gets their way.
Right -- I didn't read his site, it was slashdotted -- I still haven't read it. I stated this earlier (more than once). Do you have a link to the history which you're referring? In any case, whether or not he even started a website design company has been disputed in this thread. If it is the case, and if he capitalizes, I believe that Microsoft has even more of a case. Also, consider that web development is a similar industry to MS' industries. I totally understand that there's a pretty fat line between the two, but I do not think that most of the world makes this distinguishment. Regardless of the spelling, he can walk into any job interview and say "I'm a MikeRoweSoft consultant" or even state that he's an agent of the company. They may not be suing to prevent this, but it should not be overlooked.
It's become pretty common to expect that when Slashdotters reply to a /. article, that they read the articles referrenced (posters and editors are not impartial). It's hard to have a discussion when we're not talking about the same basic story. That was the Register article referrenced in the original post -- since it was already posted, I didn't feel that I had to relink to it. If you'd like, it's here.
You're right -- and I think that you've really hit on the crux of the issue, and I think it comes down to intent...and I believe that Mike Rowe was attempting to capitalize on Microsoft's name. When it comes to Canadian (he was a Canadian, right) law, I have absolutely no idea. However, Canadian legislature seems pretty large business/industry friendly (I'm pulling this out of the tariff on CD-R's). Anyway, IMO, if Mike Rowe really did use the name MikeRoweSoft because it sounded like MSFT (as the Register paraphrase suggested), it really helps to prove case of bad faith. If he sells any business, I think that the burden of proof is on him that he didn't capitalize on MSFT's name on bad faith. A reasonable court would look at intent here, not the fact that it's a homophone.
I probably shouldn't propigate this flamey stuff any further, but I'll bite. First of all, this all came from the fact that you responded to a post without reading it (hell, you replied to a direct response without reading it) -- starting off wondering if I was posting flamebait (IOW, trolling). If you expect a response, expect a response to that (and nothing else). As far as the other posting, that guy was being a know-it-all prick, and I think that you're taking it out of context. Under normal circumstances I'd have let it roll off...but whatever -- we can't take back posts, can we? Finally, how is this self-righteous? How is it my fault that I'm being responded to without posters even attempting to understand what I'm saying (ie, at a minimum, reading the post they're replying to)? Is it self-righteous because I'm not afraid of calling people not willing to see past the fact that it's an unpopular issue regarding an unpopular company (or even take the time to read the facts before deciding that in this case, Microsoft are a bunch of bastards clearly in the wrong)? If that's the case, I reject it on principal.