This is actually a good argument for package updates rather than security patches. With a package update several other bugs could have been fixed so it should be at least harder to find out what bugs were exploitable.
Also has the advantage of the first security update moving everything to the latest version instead of needing 30 patches to get there.
Don't blame the pipe-wrench for making a poor hammer. Blame the craftsman too lazy to find a hammer.
A more accurate analogy would be "don't blame the hammer because your shelf is uneven since you didn't bother to use a level.
Splintand friends will show up NULL pointer bugs very quickly even when using it's most liberal setting.
Of course the average C programmer hasn't progressed beyond not fixing compile warnings so they haven't gotten to the splint part yet. Sometimes I wish "-WERROR" was GCC's default.
Not even close to true. In fact Smaller ISPs pay for the bandwidth used at two points:
They pay for the link based on size between their PPPOE authentication servers and Bell's ADSL equipment. If this link fills up it's not Bell that suffers it's the ISP. (I've seen it happen)
They again for outgoing bandwidth with whatever carrier they go with.
There is no performance reason for Bell to throttle the PPPOE connections going to other ISPs. If the other ISP mismanages it's network then either they pay extra or the customers get mad and leave.
Also the option to lease the lines is a terrible idea. Under the current regulatory structure Bell has to rent out space in it's main buildings but not in it's "remote co". If you can't get a good DSL signal from Bell they route your lines through a remote CO so your connected to DSL equipment closer to your house.
A company I used to work for tried to setup their own equipment and connect customers and what we found was that at certain distances Bell's standard ADSL was outrunning our ADSL 2+ (24mbps) equipment. Now that Bell is also going 2+ there is no speed advantage at any distance.
That's a pity. Vista's security model was one of the best things they had going. Sure it hurt but at some point the apps would have been forced to conform.
Vista's mistake was the built in DRM and whatever else they did to slow the thing to a crawl even with the visual effects disabled.
Had vista simply been XP with UAC and a prettier interface I would be going out of my way right now to get as many of my friends and clients to switch as quickly as possible. Unfortunately Vista's driver and performance problems has made that impossible.
- moving the implementation of the graphics API into the ring-0 kernel [big mistake!]
Actually this wasn't their mistake so much as allowing third parties to write video drivers. They should have defined a hardware API much like USB did and then be the only company writing drivers for their own OS.
Most of the pain of windows is attributable to two things:
Third parties doing a less than impressive job of writing drivers and then not updating them in a timely fashion forcing Microsoft to maintain backward compatibility driver APIs.
Apps that just weren't designed for a secure environment.
USB was a good step forward on the driver problem but I wish they would extend this to other hardware like printers scanners and Video cards. The problem with fixing this is that it puts every OS on an equal footing as far as driver support goes.
The second problem is much more painful but very necessary but the pain should end at some point. The problem is that fixing this provides a window of opportunity for competitors to grab market share during the changeover.
I suspect that most of the problems Microsoft has with vista have less to do with a lack of in house design talent than it does with being afraid that fixing the problems will let the competition get a leg up on them.
1) Is solved by disabling anything except the C drive as a boot device and setting a BIOS and a grub password. The case may need to be physically secured as well depending on how enthusiastic the students are at wanting to subvert the security.
2) Many apps don't run well or at all on a properly secured Windows. Ubuntu's Unix like base means apps are designed to expect a rights restricted environment so it's much less painful.
#2 Is actually Vista's largest problem. Vista is trying to force good application software design that runs against years of experience in the Windows world and it's going to take a long time for app makers to adjust to the new reality.
Debian, manually installed kernel and manually installed NVIDIA drivers. Works until I reboot in which case X won't start anymore and I need to rerun the installer to get it working again. Que the same thing on next reboot. It seems independent of whether I change kernel options or not.
Because no one asked for their IP. All anyone wants is details on the API. They can keep their drivers.
Nvida has also not open sourced "as much as possible" They got dragged kicking and screaming every step of the way. They didn't assist with open sourced drivers for their on board chipset devices until the open source folks reverse engineered the NVidia's drivers and did a better job than NVidia did.
Intel can do it. ATI has promised to do it and now so does VIA. Why is NVidia different?
I'm about 4 months from my next video card purchase and I will be taking a hard look at who has the best Linux support. A 10 FPS difference is not worth drivers that seem to need reinstalling every reboot (thanks NVIDIA).
The point that Adobe as a company is slow adapting to new platforms and architectures. For a company of this size, it's pretty shameful...
I'm going to go out on a limb and assume your not a programmer. Code takes time to port to new interfaces. That's time that can be spent on other things. It gets even worse when some of the code is hand optimized or worse yet is a GUI app. Photoshop is a very large and very complicated GUI code base and therefore will take a long time to port.
That's life.. it's not Adobe's fault or Apple's. It's just a fact of the industry they life in.
If you were willing to fork out for that turntable then don't bother with a USB Soundcard at all. Get a mixer with Firewire support.
Mackie seems to have some nice ones with Linux support.
It's their training. People are trained that crashes are a fact of life so they accept them as a cost of using a computer.
Once they learn otherwise they stop accepting crashes.
All is not lost in this set. Both proposed laws present a definite improvement over the current system so they should be passed. Once that's done we can all start moving on to the harder problems.
It's a step in the right direction rather than a complete fix.
You can thank some of the "power users" I've cleaned up after for some of the more restrictive IT policies. Most of my customers go from trusting all of their users to trusting none of them and demanding I lock down all machines. Why? Because (and it's usually the younger crowd) go nuts installing all of their own crap.
They call me demanding to know why the internet is so slow and I find Limewire running on three PCs and now theres no b/w left for anything else.
Why is the PC throwing up so many ad windows? Could it be that button bar they thought was cool was actually spyware?
The best was the office that called me complaining "outlook is broken" Only for me to discover a 1 GIG game install file in the outgoing mail folder that was causing the whole thing to freeze while it processed the file.
And then worse yet... if I ask them if they did anything lately they outright LIE to me until I spend the time needed to find out and show them exactly what they told me they didn't do. At least the older crowd is likely to be more honest and a lot less likely to intentionally install something.
the police are people, too. if you are kind, pleasent, honest, and up front with them, they tend to not be dicks.
I completely agree with you. I just find that being human some topics make people go completely off the wall. I agree that every child porn creator should be nailed harshly but I find that the search for them tends to be in the witch hunt category.
I think I will check my wifi activity more often. but because most of my neighbours are really freaken old, i don't think i have to worry about that.
I was actually shocked when I discovered that.. there were no houses around just an industrial park. I think it was actually a war driver since every other office in range used the same shared connection. The main lesson I learned was that remote locations don't guarantee security
As for the rest.. I suppose you could put in a transparent proxy that restricts outgoing mail and an ICMP filter. Be careful to allow ICMP messages dealing with fragmentation so that things till work correctly. (Blocking all ICMP is an unfortunately common mistake)
It means kicking your NAT functions off of the wireless gateway but then I find that speeds things up anyways
really, how much harm can they do to your computer by using your wifi?
Your argument reminds me of a 3com sales guy who told me encryption isn't important for home connections since no one wants to break into your computer anyways. The problem is that it's not your computer they want; it's your internet connection.
They could start spamming and get your account disabled. There was also the time I got called in to find out why the office internet was so slow only to discover that one of the neighbouring offices that shared our internet connection had an open wifi and someone was using it to launch a DoS attack.
Then theres the guy they caught driving the wrong way down a one way street with his pants down in Ontario Canada. Turns out he was using someone's wifi connection to browse child porn. Imagine having that traced to your ip. Given the current guilty until proven innocent attitude when it comes to crimes against children your likely to lose your house and job before they even bother (if they bother) to find out you were innocent in the first place.
The underlying problem was not that the terrorists on 9/11 used a weapon that no one thought of (box cutters) it's that they exploited a weakness in the security procedures everyone was trained with.
Up until that point the common practise was just to give the hijackers whatever they want so no one would get hurt. Worst thing that happened was that people on the plane got hurt but that was the risk anyways. Al Queda took advantage of that since no one had ever before used a plane to attack something else.
Box cutters weren't the problem as demonstrated by what happened on the last flight when they found out what had happened to the other planes they overpowered the terrorists (a bit too late). Had the security procedures been different they would never have gotten control of any of the planes in the first place.
Blaming the screeners meant several things:
They could blame the guys at the bottom instead of admitting that the higher ups had been the problem
They could get boatloads of money into their budgets for new toys
The problem now is that the screeners are in extreme CYA mode since they don't want to get crapped on again even though the underlying procedural problem was quietly fixed.
Time to re-arm and focus on the enterprise - you stand a shot there. But even there - it needs work. Stability, for one. A Red Hat box that is out of date the day we deploy it does nobody any good. A real patch management strategy would be nice.
Server side Linux is very stable.. the constant moving target is the desktop so there is little advantage to running cutting edge anything. Patch management issues? Havn't had any of those since 2001 but then I've been running Debian rather than Redhat so it may be worse for you than for me.
Binary compatibility for another. I can pick up an HP-UX PA-RISC 9 binary, drop it on an HP-UX 11.31 Itanium system and it _just runs_. Same holds true for Sun -- drop a SunOS 4 binary on a SunOS 5.10 (yes, that's Solaris 10) system, and it _just runs_.
This depends entirely on what libraries are used. The more conservative the libraries the more portable it will be and that's on every OS. Firefox and adobe both depend on this for their Firefox and flash installs. They provide one binary that can be installed anywhere. It's also useful to point out that if I enable a.out support (and have the correct package installed) I can take a Linux binary from 1993 and run it without problems. The whole "Linux doesn't care about backwards compatibility" thing is a myth. Linus is actually VERY picky about binary compatibility for applications. The only things he has no problems breaking are modules but system utilities can also have a shorter (but still somewhat backward compatible) API
Once Linux can do that - without recompiling, without having to resolve mutually exclusive dependencies - you just might give enterprise Unix a run for the money. Oh, and you'll have to scale up to 128+ processors too. Again - HPUX and Solaris both do that fine.
What do you know? Linux supports 128 CPU systems given the right (non x86) hardware. IBM has spent a lot of money making sure Linux scales.
Slashdot Mirror
This is actually a good argument for package updates rather than security patches. With a package update several other bugs could have been fixed so it should be at least harder to find out what bugs were exploitable.
Also has the advantage of the first security update moving everything to the latest version instead of needing 30 patches to get there.
Don't blame the pipe-wrench for making a poor hammer. Blame the craftsman too lazy to find a hammer.
A more accurate analogy would be "don't blame the hammer because your shelf is uneven since you didn't bother to use a level.
Splintand friends will show up NULL pointer bugs very quickly even when using it's most liberal setting.
Of course the average C programmer hasn't progressed beyond not fixing compile warnings so they haven't gotten to the splint part yet. Sometimes I wish "-WERROR" was GCC's default.
If that's true I'm going to be a tad pissed. I payed extra when I wired my apartment so I could be future proof with cat6 instead of the usual cat5e.
This isn't really a debate about network neutrality. This debate is about Bell throttling traffic on OTHER People's networks.
Bell has no legitimate business interest in how third parties run their network since said third parties have to pay for any resources used.
This is about Bell wanting to raise prices for it's own customers but needing to make sure theres no competition for them to jump to first.
Not even close to true. In fact Smaller ISPs pay for the bandwidth used at two points:
They pay for the link based on size between their PPPOE authentication servers and Bell's ADSL equipment. If this link fills up it's not Bell that suffers it's the ISP. (I've seen it happen)
They again for outgoing bandwidth with whatever carrier they go with.
There is no performance reason for Bell to throttle the PPPOE connections going to other ISPs. If the other ISP mismanages it's network then either they pay extra or the customers get mad and leave.
Also the option to lease the lines is a terrible idea. Under the current regulatory structure Bell has to rent out space in it's main buildings but not in it's "remote co". If you can't get a good DSL signal from Bell they route your lines through a remote CO so your connected to DSL equipment closer to your house.
A company I used to work for tried to setup their own equipment and connect customers and what we found was that at certain distances Bell's standard ADSL was outrunning our ADSL 2+ (24mbps) equipment. Now that Bell is also going 2+ there is no speed advantage at any distance.
Bullshit... I've been trying to straighten out a library/dependency versioning problem in CentOS for a week caused by a package updater.
He said apt-get and that's not normally used on CentOS. RPM is it's own special form of evil.
I've used RHEL, CentOS, Debian and Ubuntu depending on my clients demands and I can tell you I would never willingly use and RPM based distro.
You know, compared to all the time spent running apt-get to check for software updates,
Strange that's done automatically for me
running netstat to check for ports that shouldn't be open to the world but for some reason are
,This was fixed two years ago AFIK
deleting and reinstalling 50 libraries to fix a dependency hell broken by the aforementioned apt-get update,
This only happens in debian unstable. Complaining about it is like complaining about bugs in a Beta windows release
and trying to defragment reiserfs only to realize you can't, so going back to ext3, which isn't much better (or worse) than NTFS.
Reiserfs doesn't defrag because it's designed not to need to defrag.. same goes for XFS and the other more modern filesystems
I'm amazed this is the list you came up with when questioning other people's intellectual honesty
That was the exact issue. Fixed now and thanks for the pointer.
That's a pity. Vista's security model was one of the best things they had going. Sure it hurt but at some point the apps would have been forced to conform.
Vista's mistake was the built in DRM and whatever else they did to slow the thing to a crawl even with the visual effects disabled.
Had vista simply been XP with UAC and a prettier interface I would be going out of my way right now to get as many of my friends and clients to switch as quickly as possible. Unfortunately Vista's driver and performance problems has made that impossible.
Actually this wasn't their mistake so much as allowing third parties to write video drivers. They should have defined a hardware API much like USB did and then be the only company writing drivers for their own OS.
Most of the pain of windows is attributable to two things:
USB was a good step forward on the driver problem but I wish they would extend this to other hardware like printers scanners and Video cards. The problem with fixing this is that it puts every OS on an equal footing as far as driver support goes.
The second problem is much more painful but very necessary but the pain should end at some point. The problem is that fixing this provides a window of opportunity for competitors to grab market share during the changeover.
I suspect that most of the problems Microsoft has with vista have less to do with a lack of in house design talent than it does with being afraid that fixing the problems will let the competition get a leg up on them.
1) Is solved by disabling anything except the C drive as a boot device and setting a BIOS and a grub password. The case may need to be physically secured as well depending on how enthusiastic the students are at wanting to subvert the security.
2) Many apps don't run well or at all on a properly secured Windows. Ubuntu's Unix like base means apps are designed to expect a rights restricted environment so it's much less painful.
#2 Is actually Vista's largest problem. Vista is trying to force good application software design that runs against years of experience in the Windows world and it's going to take a long time for app makers to adjust to the new reality.
Bleeding edge.. close to it. I need KVM working as well as several modules that have only recently started working right.
Debian, manually installed kernel and manually installed NVIDIA drivers. Works until I reboot in which case X won't start anymore and I need to rerun the installer to get it working again. Que the same thing on next reboot. It seems independent of whether I change kernel options or not.
That would be ColbaNET. The downside (since I no longer work for them) Is that bell only gives access to the CO but not remote CO.
This gives a very narrow range of access and at some distances Bell's standard adsl is faster than Adsl2.
So even with your own equipment you can't free from Bell's resold ADSL service.
Because no one asked for their IP. All anyone wants is details on the API. They can keep their drivers.
Nvida has also not open sourced "as much as possible" They got dragged kicking and screaming every step of the way. They didn't assist with open sourced drivers for their on board chipset devices until the open source folks reverse engineered the NVidia's drivers and did a better job than NVidia did.
Intel can do it. ATI has promised to do it and now so does VIA. Why is NVidia different?
I'm about 4 months from my next video card purchase and I will be taking a hard look at who has the best Linux support. A 10 FPS difference is not worth drivers that seem to need reinstalling every reboot (thanks NVIDIA).
The point that Adobe as a company is slow adapting to new platforms and architectures. For a company of this size, it's pretty shameful...
I'm going to go out on a limb and assume your not a programmer. Code takes time to port to new interfaces. That's time that can be spent on other things. It gets even worse when some of the code is hand optimized or worse yet is a GUI app. Photoshop is a very large and very complicated GUI code base and therefore will take a long time to port.
That's life.. it's not Adobe's fault or Apple's. It's just a fact of the industry they life in.
If you were willing to fork out for that turntable then don't bother with a USB Soundcard at all. Get a mixer with Firewire support. Mackie seems to have some nice ones with Linux support.
Your best bet is not to do your LP conversions using your sound card. You can get Turntables with USB ports that will most likely do a better job.
It's their training. People are trained that crashes are a fact of life so they accept them as a cost of using a computer. Once they learn otherwise they stop accepting crashes.
All is not lost in this set. Both proposed laws present a definite improvement over the current system so they should be passed. Once that's done we can all start moving on to the harder problems.
It's a step in the right direction rather than a complete fix.
You can thank some of the "power users" I've cleaned up after for some of the more restrictive IT policies. Most of my customers go from trusting all of their users to trusting none of them and demanding I lock down all machines. Why? Because (and it's usually the younger crowd) go nuts installing all of their own crap.
They call me demanding to know why the internet is so slow and I find Limewire running on three PCs and now theres no b/w left for anything else.
Why is the PC throwing up so many ad windows? Could it be that button bar they thought was cool was actually spyware?
The best was the office that called me complaining "outlook is broken" Only for me to discover a 1 GIG game install file in the outgoing mail folder that was causing the whole thing to freeze while it processed the file.
And then worse yet... if I ask them if they did anything lately they outright LIE to me until I spend the time needed to find out and show them exactly what they told me they didn't do. At least the older crowd is likely to be more honest and a lot less likely to intentionally install something.
the police are people, too. if you are kind, pleasent, honest, and up front with them, they tend to not be dicks.
I completely agree with you. I just find that being human some topics make people go completely off the wall. I agree that every child porn creator should be nailed harshly but I find that the search for them tends to be in the witch hunt category.
I think I will check my wifi activity more often. but because most of my neighbours are really freaken old, i don't think i have to worry about that.
I was actually shocked when I discovered that.. there were no houses around just an industrial park. I think it was actually a war driver since every other office in range used the same shared connection. The main lesson I learned was that remote locations don't guarantee security
As for the rest.. I suppose you could put in a transparent proxy that restricts outgoing mail and an ICMP filter. Be careful to allow ICMP messages dealing with fragmentation so that things till work correctly. (Blocking all ICMP is an unfortunately common mistake)
It means kicking your NAT functions off of the wireless gateway but then I find that speeds things up anyways
really, how much harm can they do to your computer by using your wifi?
Your argument reminds me of a 3com sales guy who told me encryption isn't important for home connections since no one wants to break into your computer anyways. The problem is that it's not your computer they want; it's your internet connection.
They could start spamming and get your account disabled. There was also the time I got called in to find out why the office internet was so slow only to discover that one of the neighbouring offices that shared our internet connection had an open wifi and someone was using it to launch a DoS attack.
Then theres the guy they caught driving the wrong way down a one way street with his pants down in Ontario Canada. Turns out he was using someone's wifi connection to browse child porn. Imagine having that traced to your ip. Given the current guilty until proven innocent attitude when it comes to crimes against children your likely to lose your house and job before they even bother (if they bother) to find out you were innocent in the first place.
This is complete crap.
The underlying problem was not that the terrorists on 9/11 used a weapon that no one thought of (box cutters) it's that they exploited a weakness in the security procedures everyone was trained with.
Up until that point the common practise was just to give the hijackers whatever they want so no one would get hurt. Worst thing that happened was that people on the plane got hurt but that was the risk anyways. Al Queda took advantage of that since no one had ever before used a plane to attack something else.
Box cutters weren't the problem as demonstrated by what happened on the last flight when they found out what had happened to the other planes they overpowered the terrorists (a bit too late). Had the security procedures been different they would never have gotten control of any of the planes in the first place.
Blaming the screeners meant several things:
The problem now is that the screeners are in extreme CYA mode since they don't want to get crapped on again even though the underlying procedural problem was quietly fixed.
Time to re-arm and focus on the enterprise - you stand a shot there. But even there - it needs work. Stability, for one. A Red Hat box that is out of date the day we deploy it does nobody any good. A real patch management strategy would be nice.
Server side Linux is very stable.. the constant moving target is the desktop so there is little advantage to running cutting edge anything. Patch management issues? Havn't had any of those since 2001 but then I've been running Debian rather than Redhat so it may be worse for you than for me.
Binary compatibility for another. I can pick up an HP-UX PA-RISC 9 binary, drop it on an HP-UX 11.31 Itanium system and it _just runs_. Same holds true for Sun -- drop a SunOS 4 binary on a SunOS 5.10 (yes, that's Solaris 10) system, and it _just runs_.
This depends entirely on what libraries are used. The more conservative the libraries the more portable it will be and that's on every OS. Firefox and adobe both depend on this for their Firefox and flash installs. They provide one binary that can be installed anywhere. It's also useful to point out that if I enable a.out support (and have the correct package installed) I can take a Linux binary from 1993 and run it without problems. The whole "Linux doesn't care about backwards compatibility" thing is a myth. Linus is actually VERY picky about binary compatibility for applications. The only things he has no problems breaking are modules but system utilities can also have a shorter (but still somewhat backward compatible) API
Once Linux can do that - without recompiling, without having to resolve mutually exclusive dependencies - you just might give enterprise Unix a run for the money. Oh, and you'll have to scale up to 128+ processors too. Again - HPUX and Solaris both do that fine.
What do you know? Linux supports 128 CPU systems given the right (non x86) hardware. IBM has spent a lot of money making sure Linux scales.