Am I the only one who notices this trend of being a couple of years late with good ideas?
This could have worked earlier, say 5 years ago. However, the nature of attacks is such that the whole hard shell, soft centre approach is compromised.
The primary issue is that defence mechanisms are moving up the stack. It started with being on an isolated bit of cable, then it because a routed network to the Internet - with 50 firewalls, that's the hard shell these guys are talking about.
But the problem sit INSIDE the fence, and this means defence must be decentralised. I liked Fred Cohens Deception Toolkit approach (DTK) because (combined with tarpitting) it would create a mass dragnet for anyone trying a scan. Personally I think everyone (and every*thing*) should treat their network conection as if it is live and raw on the Net (not firewalled) and protect accordingly. Only then will you get somewhere.
And it would leave the door open for the coming IPv6 deployment.
They're a hardware seller, and all their sales desktops run Vista.
Because all they use is a browser to a web back end (which clients also use) which Netcraft reports as running Windows 2003. Nothing else at all.
In those conditions (i.e. avoiding any OS functions), Vista appears to work.
Now here's an evil idea: if we all started to run Linux web servers reporting as Windows, MS could no longer claim the figures because they would be seriously polluted. Maybe switch Web ID every month or so, that way the figure bounces like a maniac..
Just musing, of course. I would never do this. No, I'm just starting an editor, nothing special, tadum tadum tum tum..
Well, you grab the nearest person that looks like (s)he might be spamming, apply the technique. If the spam stops, success. Otherwise you try to bury the story and find a new suspect
You know, a bit like modern copyright enforcement, anti terrorism or the RIAA. Easy.
This may also throw a different light on the Brazilian that was shot dead by police in the London Underground transport system without any visible provocation. Must have been a spammer, which may explain why they got away with it./sarcasm
I've had a Sony VAIO with Vista Business. I've patched everything I could find, but it was like computing with the handbreak firmly pulled up, even when I put it in fast graphics mode.
This is a dual core laptop, with 2GB of RAM. Like most modern computers, it would execute the kind of computing we used to send a man to the moon in idle time, yet I have to wait for *everything*, especially if it's graphics intensive (not to mention the "security" questions "you have moved the mouse, allow/deny?"). And I had to hunt for drivers.
In contrast, XP has it all sorted, it works and after the usual huge battle to undo MS' idea of usability it is also reasonably safe. I also installed Ubuntu on it, with all the eye candy enabled that I could find (i.e. Compiz Fusion et al). GNOME flies on this machine, KDE is a little bit slower but still faster than XP except with OpenOffice (because it doesn't cheat and pre-load:-).
In other words, it means anything-but-Vista is still a good approach for IT shops as far as I can see, not to mention that the rumoured 53+ services that read your data for no discernible reason (and 20+ that send such) may put you in violation of ata protection laws, privacy laws and cute things like HIPAA if you use it commercially.
Last but not least we have DRM. Let me say it again: this creates a sequential chain of single points of failure for any date so "protected", i.e. when the weakest link fails you've had it, and backups are fun too. It is no coincidence that Vista is MUCH better at protecting the rights of music & content vendors than it is at protecting your credit card details.
However, even control freak Apple has started to grasp that the whole copy protection gig will have the same end as it did at the beginning of PC computing in the 80s: too much hassle and not the right solution to keep your customers.
Then we have the usual rubbish on the usability front. It's again months of lost productivity when workers locate where the hell the MS UI designers have stuck facilities this time, ditto for support (MS Office 2007: ditto problem). That's another argument for both Apple and Linux (and OpenOffice): you learn once, and changes are small and incremental. There is NO productivity gain possible that will offset repeated loss of time where end users have to play "find the feature". With Apple and Linux this pain is only suffered once.
We've now started a Linux and Apple desktop project, so thanks MS for screwing up so royally. It's the first time even the office staff came off its Windows addiction and was willing to try something else.
Vista sucked. It sucks now, and I fully expect it to follow the trend it set itself and suck in the future too. Begone.
No, no, you've got it all wrong. Terrorism is if someone ELSE does it. This is called US democracy, it's different. You get more people to suffer at once, and because it makes money for some it's OK.
MS wouldn't be playing with singularity - they'd be playing with a black hole that would zap the only remaining cash cow. That's why they basically pulled all the stops for ISO - they know time is up.
The more I look at the risks they're taking, the more it smacks of panic. And I find that *very* interesting indeed, I wonder how long Wall Street will take to spot that. Forever, I think, MS knows very well just how easy it is to get a favourable analysts opinion, and none of them want to mention the water in the engine room because they make good money out of it.
But I bet you quite a few have already casually ambled over to the life boats. I think it's called 'diversifying a portfolio'. God help their shares when Wall Street wakes up: brand appreciation through the floor, no viable products, antitrust is really starting to bite (they can ignore it only for so long) and with this ISO farce they have opened themselves up for massive trouble. There's only so much you can sweep under the carpet before someone noticed the bulge.
IMHO it can't come soon enough. We need progress in IT, OLPC has shown that there's plenty of innovation waiting in the wings once MS stops it from happening.
Actually, I already have the mechanism for this, on a much wider scale. Time to have a chat with some people (because I don't have the time to build it but I can guide it). Suggest you keep an eye on Switzerland - give me a month or so (have to set this up as a Uni project).
[engaging evil part of my security brain, tab "counter social engineering"]
My dear boy, you have to watch more Monty Python. It was a joke (note the date).
I recommend a day's worth of Youtube surfing, search for names like Rowan Atkinson, Monty Python, Not the nine o'clock news, Spike Milligan, Peter Sellers, John Cleese, Stephen Fry and someone you may know from one of the better sequels, Hugh Laurie. Trust me, you'll enjoy it.
Now, if you'll excuse me, I have some end users to abuse.
Especially the comments about their offspring and what can be done with genetic manipulation were inspired. Just the bit of screwing hedgehogs was in bad taste (for the hedgehogs), so I'm glad he toned it down considerably.
Agree - easy solution too
on
ISO Approves OOXML
·
· Score: 4, Interesting
I think the best approach to this is to:
(a) Require MS to be true to their own standard (or immediately fall foul of anti-monopoly rules - hello EU) (b) Ensure every procurement decision in favour of MS because of this to REQUIRE to implement MSOOXML as well. No point using it for criteria otherwise.
That way I give it a month before reality hits. And less than that for the EU to collar the b*stards again, and this time it won't be a baby fine because that has proven not to have too much of an effect. A cute punishment would be making ODF compliance mandatory in the EU. Given that they haven't implemented a proper filter this may completely nuke the franchise. And without the Office franchise there isn't much left of MS because brute forcing people into an upgrade to something as bad as Vista hasn't exactly worked out too well. Couple that with sub prime problems and companies as well as end users may start to seek for more economic ways to spend their money.
I'm aware I'm kicking a few shins here by suggesting that leaving your laptop at work is a good idea, but hear (umm, read) me out.
One of the wonderful things most companies "forget" when they impose a laptop on you is insurance. In most countries, the moment the device leaves the office it is YOUR responsibility, and YOUR cost of replacement. Most companies don't even bother insuring the kit as it's generally cheaper just to buy a new one. Hell, I once discovered the company I worked for didn't even have inland health insurance covered, only abroad (that changed rather rapidly after I aired that discovery).
If you leave the laptop at work it remains a corporate responsibility - hardware as well as data.
Now, even though you plan to leave your laptop at work it would be very much recommended that you check out the insurance state of your laptop in case you need to travel with it. Is it insured against damage? Loss? Who pays any excess? What's your personal exposure? That sort of thing.
I noticed a while back when I was cleaning out Windows software. It's IMHO the biggest irritation of iTunes that you can't "just" download iTunes, it always comes with extra rubbish such as Quicktime (I already have it, thanks) and that imfamous Apple Update (the purpose of which has yet to be explained to me). And I tried Safari, I don't need it.
So the process is:
(a) do I really need the iTunes update? (b) if yes, download where possibly controlled, and control what it installs. And delete what it installs regardless of what I want.
Principally, Apple only ever asks permission to install iTunes. You could just say whatever else is installed is a breach of computer laws, it's a sort of tresspass because it happened without permission. I don't care about the reason, neither Gates or Jobs have business installing code on any machine of mine without my EXPLICIT permission.
Apple, I like some of your products. But there's a reason I stopped using a lot of Microsoft stuff - and I'm just as happy abandoning any Apple products as well.
Oh, and before you flame away because I had the nerve to say something negative about Apple: you're too late. I know. It doesn't change the facts.
I hope they don't put a dumb plug on it that Joe with no brain can jack into something else. We wouldn't want to toast that one remaining braincell now, would we..
The bit that REALLY pissed me off was some screensaver that would kick in because it was evident that it downloading new stuff as well. It took me a while to find that one.
Some stuff is OK, but maybe I got simply used to zap the rubbish from the moment I get the thing - Windows Vista, Symantec AntiVirus and trial versions of MS software go first (to be replaced by Windows XP, Kaspersky and OpenOffice on the Windows partition, and some Linux distro on the more used side, although I have found the latest Ubuntu not very happy on it). And Windows drivers can be a *bastard* to install because there's a specific sequence to it.
What I like about Sony is the quality of the screens, and the SZ models I use also travel quite well. Only a new battery is insanely expensive, but I found a better source for that:-).
As far as I can see it those two now have 2 options:
(1) Deduct their costs (and time!) from the profit and donate the rest to a worthy cause. That would be stylish, and alleviate a lot of problems (2) Hang on to the cash and thus start a cat fight amongst contributors for the loot. If I were Ballmer and Gates I'd love to see that happening, and I'd do anything -including but not limted to fake board postings- to keep that fire going because it'll keep the EU, Vista and OOXML problems nicely out of the headlines.
[just for the record] Before you say they're named in the suit, I know. But the record companies will try to weasel out of this one, and I think they stand a fair chance at managing that, unlike the RIAA. That class action suit is art, and the RIAA stands a lot less chance than SCO to drag this one out..
Sure, it'll be good to get this abuse of the legal system sorted, but will it address the key problem? Will it undo the damage already caused to people's lives, to the fair use doctrine?
The other question I have is how it will affect the RIAA members, the club the RIAA apparently acts on behalf of. It's not like they didn't know what was going on. If doesn't affect the members they'll be free to set up a new club doing basically the same.
But it's a step in the right direction, and there is hope more judges will eventually 'get it'.
Slashdot Mirror
Am I the only one who notices this trend of being a couple of years late with good ideas?
This could have worked earlier, say 5 years ago. However, the nature of attacks is such that the whole hard shell, soft centre approach is compromised.
The primary issue is that defence mechanisms are moving up the stack. It started with being on an isolated bit of cable, then it because a routed network to the Internet - with 50 firewalls, that's the hard shell these guys are talking about.
But the problem sit INSIDE the fence, and this means defence must be decentralised. I liked Fred Cohens Deception Toolkit approach (DTK) because (combined with tarpitting) it would create a mass dragnet for anyone trying a scan. Personally I think everyone (and every*thing*) should treat their network conection as if it is live and raw on the Net (not firewalled) and protect accordingly. Only then will you get somewhere.
And it would leave the door open for the coming IPv6 deployment.
They're a hardware seller, and all their sales desktops run Vista.
Because all they use is a browser to a web back end (which clients also use) which Netcraft reports as running Windows 2003. Nothing else at all.
In those conditions (i.e. avoiding any OS functions), Vista appears to work.
Now here's an evil idea: if we all started to run Linux web servers reporting as Windows, MS could no longer claim the figures because they would be seriously polluted. Maybe switch Web ID every month or so, that way the figure bounces like a maniac..
Just musing, of course. I would never do this. No, I'm just starting an editor, nothing special, tadum tadum tum tum..
Well, you grab the nearest person that looks like (s)he might be spamming, apply the technique. If the spam stops, success. Otherwise you try to bury the story and find a new suspect
/sarcasm
You know, a bit like modern copyright enforcement, anti terrorism or the RIAA. Easy.
This may also throw a different light on the Brazilian that was shot dead by police in the London Underground transport system without any visible provocation. Must have been a spammer, which may explain why they got away with it.
I've had a Sony VAIO with Vista Business. I've patched everything I could find, but it was like computing with the handbreak firmly pulled up, even when I put it in fast graphics mode.
:-).
This is a dual core laptop, with 2GB of RAM. Like most modern computers, it would execute the kind of computing we used to send a man to the moon in idle time, yet I have to wait for *everything*, especially if it's graphics intensive (not to mention the "security" questions "you have moved the mouse, allow/deny?"). And I had to hunt for drivers.
In contrast, XP has it all sorted, it works and after the usual huge battle to undo MS' idea of usability it is also reasonably safe. I also installed Ubuntu on it, with all the eye candy enabled that I could find (i.e. Compiz Fusion et al). GNOME flies on this machine, KDE is a little bit slower but still faster than XP except with OpenOffice (because it doesn't cheat and pre-load
In other words, it means anything-but-Vista is still a good approach for IT shops as far as I can see, not to mention that the rumoured 53+ services that read your data for no discernible reason (and 20+ that send such) may put you in violation of ata protection laws, privacy laws and cute things like HIPAA if you use it commercially.
Last but not least we have DRM. Let me say it again: this creates a sequential chain of single points of failure for any date so "protected", i.e. when the weakest link fails you've had it, and backups are fun too. It is no coincidence that Vista is MUCH better at protecting the rights of music & content vendors than it is at protecting your credit card details.
However, even control freak Apple has started to grasp that the whole copy protection gig will have the same end as it did at the beginning of PC computing in the 80s: too much hassle and not the right solution to keep your customers.
Then we have the usual rubbish on the usability front. It's again months of lost productivity when workers locate where the hell the MS UI designers have stuck facilities this time, ditto for support (MS Office 2007: ditto problem). That's another argument for both Apple and Linux (and OpenOffice): you learn once, and changes are small and incremental. There is NO productivity gain possible that will offset repeated loss of time where end users have to play "find the feature". With Apple and Linux this pain is only suffered once.
We've now started a Linux and Apple desktop project, so thanks MS for screwing up so royally. It's the first time even the office staff came off its Windows addiction and was willing to try something else.
Vista sucked. It sucks now, and I fully expect it to follow the trend it set itself and suck in the future too. Begone.
Yes, you missed something: the DoJ acting the way it did vs MS. I call that encouragement rather than punishment..
Some would label that as an act of terrorism.
No, no, you've got it all wrong. Terrorism is if someone ELSE does it. This is called US democracy, it's different. You get more people to suffer at once, and because it makes money for some it's OK.
MS wouldn't be playing with singularity - they'd be playing with a black hole that would zap the only remaining cash cow. That's why they basically pulled all the stops for ISO - they know time is up.
The more I look at the risks they're taking, the more it smacks of panic. And I find that *very* interesting indeed, I wonder how long Wall Street will take to spot that. Forever, I think, MS knows very well just how easy it is to get a favourable analysts opinion, and none of them want to mention the water in the engine room because they make good money out of it.
But I bet you quite a few have already casually ambled over to the life boats. I think it's called 'diversifying a portfolio'. God help their shares when Wall Street wakes up: brand appreciation through the floor, no viable products, antitrust is really starting to bite (they can ignore it only for so long) and with this ISO farce they have opened themselves up for massive trouble. There's only so much you can sweep under the carpet before someone noticed the bulge.
IMHO it can't come soon enough. We need progress in IT, OLPC has shown that there's plenty of innovation waiting in the wings once MS stops it from happening.
Actually, I already have the mechanism for this, on a much wider scale. Time to have a chat with some people (because I don't have the time to build it but I can guide it). Suggest you keep an eye on Switzerland - give me a month or so (have to set this up as a Uni project).
[engaging evil part of my security brain, tab "counter social engineering"]
My dear boy, you have to watch more Monty Python. It was a joke (note the date).
I recommend a day's worth of Youtube surfing, search for names like Rowan Atkinson, Monty Python, Not the nine o'clock news, Spike Milligan, Peter Sellers, John Cleese, Stephen Fry and someone you may know from one of the better sequels, Hugh Laurie. Trust me, you'll enjoy it.
Now, if you'll excuse me, I have some end users to abuse.
Especially the comments about their offspring and what can be done with genetic manipulation were inspired. Just the bit of screwing hedgehogs was in bad taste (for the hedgehogs), so I'm glad he toned it down considerably.
I think the best approach to this is to:
(a) Require MS to be true to their own standard (or immediately fall foul of anti-monopoly rules - hello EU)
(b) Ensure every procurement decision in favour of MS because of this to REQUIRE to implement MSOOXML as well. No point using it for criteria otherwise.
That way I give it a month before reality hits. And less than that for the EU to collar the b*stards again, and this time it won't be a baby fine because that has proven not to have too much of an effect. A cute punishment would be making ODF compliance mandatory in the EU. Given that they haven't implemented a proper filter this may completely nuke the franchise. And without the Office franchise there isn't much left of MS because brute forcing people into an upgrade to something as bad as Vista hasn't exactly worked out too well. Couple that with sub prime problems and companies as well as end users may start to seek for more economic ways to spend their money.
This story is FAR from over.
As someone who's never illegally flown a commercial airplane into a building on US soil
There's actually a legal way to do this?
Well, it can be argued that Paris Hilton is more open than Microsoft, and has been longer at it. Hence the better Google results.
:-).
(I'll go and hide now
If you're on their site, have a look around for a black sailing ship they do. Ab-so-lu-te-ly awesome.
Premature pressure loss can result in a whole room full of people in suspended animation.
.. :-)
"All I can remember was this overpowering stink"
I'm aware I'm kicking a few shins here by suggesting that leaving your laptop at work is a good idea, but hear (umm, read) me out.
:-).
One of the wonderful things most companies "forget" when they impose a laptop on you is insurance. In most countries, the moment the device leaves the office it is YOUR responsibility, and YOUR cost of replacement. Most companies don't even bother insuring the kit as it's generally cheaper just to buy a new one. Hell, I once discovered the company I worked for didn't even have inland health insurance covered, only abroad (that changed rather rapidly after I aired that discovery).
If you leave the laptop at work it remains a corporate responsibility - hardware as well as data.
Now, even though you plan to leave your laptop at work it would be very much recommended that you check out the insurance state of your laptop in case you need to travel with it. Is it insured against damage? Loss? Who pays any excess? What's your personal exposure? That sort of thing.
Good luck
So the process is:
(a) do I really need the iTunes update?
(b) if yes, download where possibly controlled, and control what it installs. And delete what it installs regardless of what I want.
Principally, Apple only ever asks permission to install iTunes. You could just say whatever else is installed is a breach of computer laws, it's a sort of tresspass because it happened without permission. I don't care about the reason, neither Gates or Jobs have business installing code on any machine of mine without my EXPLICIT permission.
Apple, I like some of your products. But there's a reason I stopped using a lot of Microsoft stuff - and I'm just as happy abandoning any Apple products as well.
Oh, and before you flame away because I had the nerve to say something negative about Apple: you're too late. I know. It doesn't change the facts.
I hope they don't put a dumb plug on it that Joe with no brain can jack into something else. We wouldn't want to toast that one remaining braincell now, would we..
:-).
(BOFHs would say yes, of course
The bit that REALLY pissed me off was some screensaver that would kick in because it was evident that it downloading new stuff as well. It took me a while to find that one.
:-).
Some stuff is OK, but maybe I got simply used to zap the rubbish from the moment I get the thing - Windows Vista, Symantec AntiVirus and trial versions of MS software go first (to be replaced by Windows XP, Kaspersky and OpenOffice on the Windows partition, and some Linux distro on the more used side, although I have found the latest Ubuntu not very happy on it). And Windows drivers can be a *bastard* to install because there's a specific sequence to it.
What I like about Sony is the quality of the screens, and the SZ models I use also travel quite well. Only a new battery is insanely expensive, but I found a better source for that
I can just see a server room being propelled into orbit because the backup airco didn't kick in :-)
Bit of a recursive profit, but hey. You get to blow $250k, then get killed and math applied (divisions, mainly).
Just get a guarantee for them to wait until you're dead before they start dividing you.
Yeah, I know. Something I ate disagreed with me (and no, you can't have my stomach).
As far as I can see it those two now have 2 options:
(1) Deduct their costs (and time!) from the profit and donate the rest to a worthy cause. That would be stylish, and alleviate a lot of problems
(2) Hang on to the cash and thus start a cat fight amongst contributors for the loot. If I were Ballmer and Gates I'd love to see that happening, and I'd do anything -including but not limted to fake board postings- to keep that fire going because it'll keep the EU, Vista and OOXML problems nicely out of the headlines.
It'll be interested to see what happens.
Sorry Ray, you gotta be complete in your answer :-)
[just for the record]
Before you say they're named in the suit, I know. But the record companies will try to weasel out of this one, and I think they stand a fair chance at managing that, unlike the RIAA. That class action suit is art, and the RIAA stands a lot less chance than SCO to drag this one out..
Sure, it'll be good to get this abuse of the legal system sorted, but will it address the key problem? Will it undo the damage already caused to people's lives, to the fair use doctrine?
The other question I have is how it will affect the RIAA members, the club the RIAA apparently acts on behalf of. It's not like they didn't know what was going on. If doesn't affect the members they'll be free to set up a new club doing basically the same.
But it's a step in the right direction, and there is hope more judges will eventually 'get it'.