The news don't come only from agency reports. Most newspapers and TV channels have their own reporters doing hum, "investigative" journalism. More often than not, most of this "investigative" journalism follows the guidelines of whoever is writing the checks instead of a code of conduct.
What amuses me is people thinking that this is somewhat a "new media" problem. Go check newspapers from a century ago, and you'll see that the problem was far far worse back then, and that we have access not only to the news, but to several sources and routes to confirm its accuracy and truthfulness (as it happened in this case) - not that most people bother with fact-checking.
It seems Singularity has no actual relation with the Windows line of operating systems. There are several other OS projects written in managed code (Cosmos, Phantom, SharpOS), but yes, Longhorn was an attempt (a sad sad one) at building a OS with most system services written in managed code. I think most of the kernel itself was still C/C++, but many/all the system services were clearly rewritten in.NET. But, comparing it to XP or Vista is kind of unfair - Longhorn was resource-hungry at a time where most current desktops were crappy P4 with about 1GB of RAM, and when Vista came out, a regular desktop would have a dual-core CPU with 2GB of RAM. It's a bit like saying XP is bad because it was slow on your P3 450Mhz with 256Mb of memory...
Actually, C# is as proprietary as C - it isn't. Check http://msdn.microsoft.com/en-us/netframework/aa569283 for the ISO standard details regarding C#. Microsoft.NET implementation is proprietary, but there is an early open source release of the.NET CLI implementation codenamed "Rotor", for XP, FreeBSD and MacOS X. Additionally, the Mono project is an opensource clean-room implementation, but it may not be feature-complete.
Microsoft Research has an interesting project called Singularity - an operating system running (mostly) in managed code. Some initialization routines are done in Assembly/C/C++, but the kernel itself and respective drivers are written entirely in managed code. Check http://en.wikipedia.org/wiki/Singularity_(operating_system).
The solidity and reliability of COBOL code comes from decades of correcting bugs and lack of features of most applications that are still in use today. And yes, I've worked professionally as a COBOL programmer.
Actually, preformatting wouldn't necessarily erase malware from the boot sector, that would only be true if the bootsector were to be rewritten with clean data. And no OS is secure, security is not a trait, is a process. Of course some OS'es are more resilient than others, but that doesn't mean they are "secure".
Yes I know he didn't. I was just mentioning how silly is the idea that a "secure OS" (whatever that means) or preformatting could prevent a this kind of things from happening.
And what technical marvelous is that "secure OS" you mention?
You know, he could have just plugged the drive and tried to boot from it. A boot virus could easily wipe out every available drive before prompting a "system not found" error. You could even hide it on a brand-new formatted drive, since the bootsector is the first sector and usually the first cylinder (currently usually sectors 0-63) is reserved. How will your "secure OS" protect you against that?
Where I live (and in many places in Europe) using the data plan for VoIP is actually a violation of the operator's contract. I guess in other places it is the same, but people really don't bother reading the fine print.
I'm no glass expert, but google for "exploding table glass" or "table glass explode", and you'll get a lot of results of people describing/complaining about the issue. The wallmounts are nice, but you can't stick them in front of a window, so it may not work for everybody.
The philosophy of "everything is a file" is a naive one. It worked well in the 70's, where you either had text files or binary files (and a folder is a special binary file), and most storage units didn't have more than 10 000 files. Today, you have multiple different kind of containers with multiple types of information. As an example, think of a video file. Should the metadata properties also be accessed as a file? Should the sound and video be accessed as different files/streams? And how about when both streams are interleaved? And the keyframe index, should it be accessed as a file also? Should JPEG extensions (such as thumbnailing) be scanned and exposed as a file? And how about metadata referring to non-available applications, such as Photoshop Exif entries? And even if everything was a file, how would that help you to find that 300x700 portrait you have of your mom, taken somewhere last year?
We are moving away from container-based storage units to metadata-based storage, precisely because the notion that everything is a file is quite limited. And these limitations aren't even new - symbolic links are in some ways a hack that breaks that base approach - you can refer to the same object from multiple different container, which - by itelf, is a rudimentary relation mechanism. I won't even mention ACLs - you access a file, but the system actually opens (at least) 2 files in many implementations, because the "file" notion doesn't comprehend accountability or complex ownership.
The big players (Apple and Microsoft) have been moving away from file-based storage for years, and on to metadata-based stored approach. And no, afaik this isn't something you can easily slap over an existing filesystem.
Also, the same concept you praise is contrary to the integration you preach - each vendor should implement the funcionality they need over the archaic "file" concept, as there is no "one size fits all" when it becomes to content decoding, and for the base libraries to actually be useful, they would have to be generic (think of the file api right now). We have huge bloated frameworks because different people has different needs, and processing power is cheap - cheaper than development time. That's what having a programmable device is all about - being able to write your own bloat how you think it should be implemented, instead of eating the other person's bloat.
I've uploaded some examples for you see what to expect to http://qbrosr.imgur.com/all/
Those photos are some years old, were taken with a EOS350D with a 24-70mm F/2.8. Most pictures were taken with F/3.5, 1/40 and ISO1600. None of them uses flash.
And still you are trusting the operator (gmail, yahoo, whatever) to have a secure system, and expecting their geographically replicated datacenters are connected with heavily encripted links or away from external entities. And even then, the email can be downloaded using an insecure network, where it can be intercepted during download. Are you using those free accounts?
At least in my country, most banks don't allow any kind of internet access (only email). Usually the branch manager and submanager have internet privileges, but under heavily monitored links. That said, I've seen one bank that allowed internet-connected MSN messenger. They were heavily breached, and now their internet policies are on par with their competitors.
Well, I won't argue that, in many cases, finance in general is retarded. Your mileage may vary from corporation to corporation, but it should be noted the system isn't as insecure as one might think:
- Debit cards use a two-token authentication scheme - the card itself and the pin. Yes, you probably can easily clone the card, and use XKCD's wrench to extract the pin, but that's the client's problem, not the bank. You have no way of allowing a client to access their money in a 100% secure environment (think of extorsion, kidnapping, etc).
- Some online banking systems require only part of the password to operate. While I consider this to be a dumb dumb concept, it does allow a client to use their access on a less secure system by not exposing the whole password/login credentials. Matrix cards are usually required for moving money around, and while a 10^2 or 10^3 combination is not very strong, it works a bit like a poor man's OTP, and to guess it on 3 attemps (plus the login and partial password) is quite a lucky strike.
One of the online systems I use is a poster of dumbness - they have separate username and password forms, and not only they deny you access right away if the username is wrong (if its right, they PRINT ON THE SCREEN the last login timestamp, before they validate the password), and instead of asking for the password, they ask for specific characters from it (in this case, 3 chars). This is the same bank where I could lock someone else's online account just by figuring out names and try them to see if they worked (3 wrong password guesses, the online account was locked and you'd have to go to the bank). I've reported this problems several times without any feedback from them (as expected), but I don't worry too much.
This particular obsession with sending partial codes over insecure channels as a way to confirm identity is quite familiar for me, as it reminds me of some codification methods that were standard procedure in the military. Probably many of the security consultants these companies hire have a military background, and the same "straight from the seventies" security concepts. I remember seeing a "top of the line" encryption equipment that actually used RSA 128bit encryption, at a time where 256-bit was already considered insecure.
From the client-side, many email clients try first SSL configuration and only use cleartext connection as a fallback, including mobile clients such as iPhone. That could explain why non-techie users are using encryption. On the server-side (SMTP), I guess TLS today is pretty much standard.
You should also consider that your not-so-secret info you exchange locally via email can be stored on the server, so if you have an intrusion, that information may be accessed from third parties. I actually also don't use any form of mail encryption (I assume it is always an insecure channel), and if needed, I prefer to send the payload in a AES encrypted file (such as RAR) with a strong password. Even if it is intercepted, decoding the information will require an extra amount of effort.
I actually started programming in assembly when I was 10, because I needed a quick "operating system" for a microcontroller board I was developing. The board itself never saw the light of day, but the simplicity of the assembly language coupled with the direct concept of digital electronics made me interested in learning more about programming, and eventually I gave up electronics almost completely. Many of the things I've learned during that time are usable today, even if I'm not in the field. In retrospect, I probably wasn't a regular kid, but hey, we can't have it all, can we?
It seems that the parent forgot that there's an actually transmitting unit (and all the power required), and that fixed-frequency radios are actually dirt-cheap since the '20s. I baffled that we have tri/quad-frequency phones today, without being an expert. But you got mod down because you're an ass. I'm an ass too (but not speciallized on cellphone design, so no cynism there), and if I could I would mod you up. Not because you're an ass, but because the parent is so full of wrong it hurts, and you're actually right.
Heheh I totally agree with you, I've taken a look on those old word and excel spec files microsoft putted out somewhile ago. I doubt they have a parser for any given format _today_. I actually was expecting a binary version of Microsoft RTF, but it seems they had some batshit crazy ideas bewteen formats I (a MS works and Word 2.0 user) can't actually understand why.
Slashdot Mirror
The news don't come only from agency reports. Most newspapers and TV channels have their own reporters doing hum, "investigative" journalism. More often than not, most of this "investigative" journalism follows the guidelines of whoever is writing the checks instead of a code of conduct.
What amuses me is people thinking that this is somewhat a "new media" problem. Go check newspapers from a century ago, and you'll see that the problem was far far worse back then, and that we have access not only to the news, but to several sources and routes to confirm its accuracy and truthfulness (as it happened in this case) - not that most people bother with fact-checking.
It seems Singularity has no actual relation with the Windows line of operating systems. There are several other OS projects written in managed code (Cosmos, Phantom, SharpOS), but yes, Longhorn was an attempt (a sad sad one) at building a OS with most system services written in managed code. I think most of the kernel itself was still C/C++, but many/all the system services were clearly rewritten in .NET. But, comparing it to XP or Vista is kind of unfair - Longhorn was resource-hungry at a time where most current desktops were crappy P4 with about 1GB of RAM, and when Vista came out, a regular desktop would have a dual-core CPU with 2GB of RAM. It's a bit like saying XP is bad because it was slow on your P3 450Mhz with 256Mb of memory...
So, you have no other choice of C compilers for Windows?
Actually, C# is as proprietary as C - it isn't. Check http://msdn.microsoft.com/en-us/netframework/aa569283 for the ISO standard details regarding C#. .NET implementation is proprietary, but there is an early open source release of the .NET CLI implementation codenamed "Rotor", for XP, FreeBSD and MacOS X. Additionally, the Mono project is an opensource clean-room implementation, but it may not be feature-complete.
Microsoft
Microsoft Research has an interesting project called Singularity - an operating system running (mostly) in managed code. Some initialization routines are done in Assembly/C/C++, but the kernel itself and respective drivers are written entirely in managed code. Check http://en.wikipedia.org/wiki/Singularity_(operating_system).
The solidity and reliability of COBOL code comes from decades of correcting bugs and lack of features of most applications that are still in use today. And yes, I've worked professionally as a COBOL programmer.
Actually, preformatting wouldn't necessarily erase malware from the boot sector, that would only be true if the bootsector were to be rewritten with clean data. And no OS is secure, security is not a trait, is a process. Of course some OS'es are more resilient than others, but that doesn't mean they are "secure".
Yes I know he didn't. I was just mentioning how silly is the idea that a "secure OS" (whatever that means) or preformatting could prevent a this kind of things from happening.
And what technical marvelous is that "secure OS" you mention?
You know, he could have just plugged the drive and tried to boot from it. A boot virus could easily wipe out every available drive before prompting a "system not found" error. You could even hide it on a brand-new formatted drive, since the bootsector is the first sector and usually the first cylinder (currently usually sectors 0-63) is reserved. How will your "secure OS" protect you against that?
Where I live (and in many places in Europe) using the data plan for VoIP is actually a violation of the operator's contract. I guess in other places it is the same, but people really don't bother reading the fine print.
I'm no glass expert, but google for "exploding table glass" or "table glass explode", and you'll get a lot of results of people describing/complaining about the issue. The wallmounts are nice, but you can't stick them in front of a window, so it may not work for everybody.
The philosophy of "everything is a file" is a naive one. It worked well in the 70's, where you either had text files or binary files (and a folder is a special binary file), and most storage units didn't have more than 10 000 files. Today, you have multiple different kind of containers with multiple types of information. As an example, think of a video file. Should the metadata properties also be accessed as a file? Should the sound and video be accessed as different files/streams? And how about when both streams are interleaved? And the keyframe index, should it be accessed as a file also? Should JPEG extensions (such as thumbnailing) be scanned and exposed as a file? And how about metadata referring to non-available applications, such as Photoshop Exif entries? And even if everything was a file, how would that help you to find that 300x700 portrait you have of your mom, taken somewhere last year?
We are moving away from container-based storage units to metadata-based storage, precisely because the notion that everything is a file is quite limited. And these limitations aren't even new - symbolic links are in some ways a hack that breaks that base approach - you can refer to the same object from multiple different container, which - by itelf, is a rudimentary relation mechanism. I won't even mention ACLs - you access a file, but the system actually opens (at least) 2 files in many implementations, because the "file" notion doesn't comprehend accountability or complex ownership.
The big players (Apple and Microsoft) have been moving away from file-based storage for years, and on to metadata-based stored approach. And no, afaik this isn't something you can easily slap over an existing filesystem.
Also, the same concept you praise is contrary to the integration you preach - each vendor should implement the funcionality they need over the archaic "file" concept, as there is no "one size fits all" when it becomes to content decoding, and for the base libraries to actually be useful, they would have to be generic (think of the file api right now).
We have huge bloated frameworks because different people has different needs, and processing power is cheap - cheaper than development time. That's what having a programmable device is all about - being able to write your own bloat how you think it should be implemented, instead of eating the other person's bloat.
I've uploaded some examples for you see what to expect to http://qbrosr.imgur.com/all/
Those photos are some years old, were taken with a EOS350D with a 24-70mm F/2.8. Most pictures were taken with F/3.5, 1/40 and ISO1600. None of them uses flash.
And still you are trusting the operator (gmail, yahoo, whatever) to have a secure system, and expecting their geographically replicated datacenters are connected with heavily encripted links or away from external entities. And even then, the email can be downloaded using an insecure network, where it can be intercepted during download. Are you using those free accounts?
At least in my country, most banks don't allow any kind of internet access (only email). Usually the branch manager and submanager have internet privileges, but under heavily monitored links. That said, I've seen one bank that allowed internet-connected MSN messenger. They were heavily breached, and now their internet policies are on par with their competitors.
Well, I won't argue that, in many cases, finance in general is retarded. Your mileage may vary from corporation to corporation, but it should be noted the system isn't as insecure as one might think:
- Debit cards use a two-token authentication scheme - the card itself and the pin. Yes, you probably can easily clone the card, and use XKCD's wrench to extract the pin, but that's the client's problem, not the bank. You have no way of allowing a client to access their money in a 100% secure environment (think of extorsion, kidnapping, etc).
- Some online banking systems require only part of the password to operate. While I consider this to be a dumb dumb concept, it does allow a client to use their access on a less secure system by not exposing the whole password/login credentials. Matrix cards are usually required for moving money around, and while a 10^2 or 10^3 combination is not very strong, it works a bit like a poor man's OTP, and to guess it on 3 attemps (plus the login and partial password) is quite a lucky strike.
One of the online systems I use is a poster of dumbness - they have separate username and password forms, and not only they deny you access right away if the username is wrong (if its right, they PRINT ON THE SCREEN the last login timestamp, before they validate the password), and instead of asking for the password, they ask for specific characters from it (in this case, 3 chars). This is the same bank where I could lock someone else's online account just by figuring out names and try them to see if they worked (3 wrong password guesses, the online account was locked and you'd have to go to the bank). I've reported this problems several times without any feedback from them (as expected), but I don't worry too much.
This particular obsession with sending partial codes over insecure channels as a way to confirm identity is quite familiar for me, as it reminds me of some codification methods that were standard procedure in the military. Probably many of the security consultants these companies hire have a military background, and the same "straight from the seventies" security concepts. I remember seeing a "top of the line" encryption equipment that actually used RSA 128bit encryption, at a time where 256-bit was already considered insecure.
From the client-side, many email clients try first SSL configuration and only use cleartext connection as a fallback, including mobile clients such as iPhone. That could explain why non-techie users are using encryption. On the server-side (SMTP), I guess TLS today is pretty much standard.
You should also consider that your not-so-secret info you exchange locally via email can be stored on the server, so if you have an intrusion, that information may be accessed from third parties. I actually also don't use any form of mail encryption (I assume it is always an insecure channel), and if needed, I prefer to send the payload in a AES encrypted file (such as RAR) with a strong password. Even if it is intercepted, decoding the information will require an extra amount of effort.
So are playstations and whatnot. For the price of a modern console and a couple of games, I'm shure you can buy a nifty robot kit.
I actually started programming in assembly when I was 10, because I needed a quick "operating system" for a microcontroller board I was developing. The board itself never saw the light of day, but the simplicity of the assembly language coupled with the direct concept of digital electronics made me interested in learning more about programming, and eventually I gave up electronics almost completely. Many of the things I've learned during that time are usable today, even if I'm not in the field. In retrospect, I probably wasn't a regular kid, but hey, we can't have it all, can we?
I just made me feel real dumb :P Yeah, I could have runned it as a separate profile.
It seems that the parent forgot that there's an actually transmitting unit (and all the power required), and that fixed-frequency radios are actually dirt-cheap since the '20s. I baffled that we have tri/quad-frequency phones today, without being an expert. But you got mod down because you're an ass. I'm an ass too (but not speciallized on cellphone design, so no cynism there), and if I could I would mod you up. Not because you're an ass, but because the parent is so full of wrong it hurts, and you're actually right.
Is this a Simpson's prank?
sudo mod you up :) sorry I'm out of mod points
You must be young in politics. And according to the old joke ,the americans had proof of WMDs, because they kept the receipt.
Heheh I totally agree with you, I've taken a look on those old word and excel spec files microsoft putted out somewhile ago. I doubt they have a parser for any given format _today_. I actually was expecting a binary version of Microsoft RTF, but it seems they had some batshit crazy ideas bewteen formats I (a MS works and Word 2.0 user) can't actually understand why.
Shhh don't ruin your hollywood plots.