Hmm. While it was confirmed some hackers did get access to the Microsoft network. I don't believe it was ever confirmed that they downloaded any important source code.
I believe this is called playing telephone, where the story distorts itself the further from the source it gets...
First you go and take the Windows 2000 security training course at the SANS conferences. There you will learn about turning off unnecessary services, hardening the installation of the software and the OS. You'll learn about ipsec and filtering out illegitimate traffic at the network layer of the box. You'll learn about auditing your box to watch for problems, etc.
Then you will realize you won't have an IIS server on your SQL Server box anyway, because it's unnecessary. So you won't be at risk to Code Red or Nimda or any similar IIS Worm. Even if you did have IIS, you'd lock down the install by removing the various ISAPI filters and such that were exploited, so even without the patches you would never have been vulnerable.
Then your going to go out and subscribe to the advisories from microsoft.com/security, sans.org, securityfocus, ntbugtraq, etc... so you won't have to worry about waiting a few months you will know about them the day they hit the streets.
I think the training will help, in conjunction with a better understanding of exactly what you are doing you can be pretty confident about your installation. If you want to lock it down, you can... and I'd say it's advisable to do so.
I was going to say. Once you have the ActiveX control you can connect to any box running Terminal Services. There's absolutely no need to run IIS on the box you are trying to manage.
While it's common to do, it's a terrible mistake to try to claim the quality of current product is directly related to the quality of past product, especially when you are talking 10-20 years ago.
Now if you had a 2001 Impala and were having problems with it, I'd be concerned. But an '83? Times have changed so much since then. If you look at all auto makers, they've all improved tremendously since '83... some much more than others.
Same is true with your Microsoft dig. Trying to claim that the quality of Windows XP is subpar because of your experience with DOS 2.0 is pretty pointless, silly and a waste of all of our times.
"The problem with these (few) suits is that they seem to think that whatever they grew up on is the ONLY way to go."
But you suffer from the problem that just because it comes from Microsoft doesn't mean it isn't a good way to go.
Over the years I've used a variety of solutions. Mainframe based, Unix based... Groupwise, Lotus Notes, etc. Of all those various solutions, I've found Outlook to be the absolute best in terms of handling email and scheduling functions. Now granted, this wasn't always the case, the latest versions of Exchange and Outlook have improved on those functions tremendously.
And I agree with the suits... I absolutely cannot imagine having to use a solution that was not as versatile and easy to manage. I get the impression that you are one of these IT people who don't really want to understand user land issues, but rather shove a solution down the user's throat. That's unfortunate because it gives us all a bad name.
Although it's that very attitude that inspired the PC era, so perhaps it's good for long term innovation of the industry.
Or once every two years I can go buy the latest OS upgrade from Microsoft for $99.
Once you throw in the purchase of a RedHat or SuSE distribution once a year on top of that transgaming subscription... the Microsoft solution is looking pretty damn cheap by comparison.
I'll be the first to admit that the Linux gift culture cannot be sustained long term due to the growing complexities of the software world. but I don't know that this new idea is a viable solution compared to the regular commercial software market. I'd say go back to the drawing board and work on the idea...
"They also expect to see a calendar in their e-mail software....although they can't explain why it belongs there."
Can you explain why it doesn't?
The ability to schedule conference rooms and make appointments with other employees at my company is an absolute critical function. Being able to do so from the same interface that one uses for other forms of communication is highly desirable.
Is your solution capable of doing this? You don't even mention what you use to support scheduling.
"There is little open source software for windows, because authors of open source software do not want to support microsoft. "
What?
Go check out sourceforge.net and you'll see a ton of Win32 stuff. That's not even the tip of the iceberg of what's available out there for Windows as open source. Many people have websites with their projects, many companies have websites with their stuff... Microsoft especially releases a *LOT* of open source code. Just start looking around for recent.Net examples and pet projects.
Open Source isn't about Microsoft, or Linux, or Unix. It's about developers sharing ideas with one another.
To make a claim that Open Source = Anti Microsoft you have to be seriously deluded.
"The Gartner report discourage using IIS on maintained systems. It is not about default installations."
No it doesn't. Read the report again and notice the point where it says 'Enterprises infected by both Code Red and Nimda.'
Given that patches for these were available for quite a long time, in the case of Nimda around 18 months... They obviously were not talking about maintained systems.
You don't have to spend all of your time doing anything to IIS. You monitor a handful of email lists, and apply patches as they come out once a month or so. Takes maybe a few hours of time a month.
But, if you read the Gartner report what they specifically say is that enterprises which were impacted by both Code Red and Nimda should look at alternatives.
The rational behind this being that if that was the case, then you obviously don't have the procedures in place to keep up to date on your servers.
The Gartner report was a kneejerk reaction which wasn't really helpful... like most Gartner recommendations.
If there is no market for JVM on desktops, then there is also no market for WWW browsers, instant messaging clients, and multimedia players... since these are all also given away for free.
But I notice your last sentence is inconsistent with your first one.
There is a factor you might be forgetting. On privacy most people care if someone they know is reading their private info. But they don't care quite so much that someone they don't know might be reading it.
That's why they are unhappy when you look over their shoulder
"You conveniently glance over the fact that Internet Explorer is a Microsoft Product, whereas the JVM is a Microsoft implementation of a competitor's product that would ultimately aid the competitor. "
The W3C standards for HTML and such are formulated solely by Microsoft? W3C is owned by Microsoft? What?
The JVM is, an implementation of the Sun Java standards. It is just as much Microsoft's product as is the browser.
Before calling someone's logic flawed, maybe you ought to stop and think for a few seconds.
Oh I see... Because in your opinion Microsoft is evil, so you get to decide what they can and cannot do based on arbitrary fuzzy criteria that you can't really build a consistent ruleset for.
Hint: Microsofts exclusion of the JVM was obviously done for technical reasons. i.e. they are deprecating that code because it is no longer actively maintained. It's an optional download now, but with the next release of Windows I can guarantee you there won't be a download at all.
That decision to not maintain the code was not made by Microsoft, but rather Sun. So you are really claiming that Sun is attempting to maintain Microsoft's monopoly. Which really doesn't make any sense at all.
Sounds to me like this issue is much more complicated than good versus evil. Maybe you should stop letting your emotions rule you and engage your brain.
Why do you think everyone is working on the same team?
Why do you not see that perhaps part of the components your application might call could be reusable enterprise components developed and maintained by someone else... or third party components you have purchased?
You don't understand what.Net does for you because you are still operating in a monolithic world. Once you get out of your University environment and starting working for a business, then maybe you'll understand who Microsoft is targetting.
Re:Initial reactions
on
J#
·
· Score: 4, Insightful
If Microsoft includes a Java Virtual Machine within Windows, it kills the potential competition in the market there for JVMs.
Obviously if Microsoft includes a JVM, then no users will go out and bother to download the JVM from Sun, IBM or Acme Computing. You already state that there is quite a bit of competition in the Java market, so obviously with Microsoft including this old outdated JVM it stifles the ability for that market to move forward.
I'm sorry, but the original poster was correct. Your argument is horribly inconsistent and flawed. If it is evil for Microsoft to include Internet Explorer, it is equally as evil to include a JVM.
You really can't have it both ways. If you get to say what goes in Microsoft's products, then I feel it is my moral duty to say what goes into Linux distributions.
And I hereby declare that bundling lilo into RedHat is evil because it kills competition in the boot manager market. RedHat's purpose is obviously to damage the market that System Commander operates within, without providing them adequate compensation.
Back in '92 when I first started working with Linux it was kind of cool. You could do things on your home computer that before were not very possible, or very expensive.
It was just kind of cool, and fun.
Then sometime in '97, shortly after the OS/2 regime was destroyed, Linux took on this holy jihad. Now it was a battle, it wasn't just good enough to create something kind of fun and geeky, the goal was to destroy all the infidels from Microsoft.
It was at that point that Linux became no fun to use, and it was no longer fun to be around the Linux geeks.
Hmm. While it was confirmed some hackers did get access to the Microsoft network. I don't believe it was ever confirmed that they downloaded any important source code.
I believe this is called playing telephone, where the story distorts itself the further from the source it gets...
First you go and take the Windows 2000 security training course at the SANS conferences. There you will learn about turning off unnecessary services, hardening the installation of the software and the OS. You'll learn about ipsec and filtering out illegitimate traffic at the network layer of the box. You'll learn about auditing your box to watch for problems, etc.
Then you will realize you won't have an IIS server on your SQL Server box anyway, because it's unnecessary. So you won't be at risk to Code Red or Nimda or any similar IIS Worm. Even if you did have IIS, you'd lock down the install by removing the various ISAPI filters and such that were exploited, so even without the patches you would never have been vulnerable.
Then your going to go out and subscribe to the advisories from microsoft.com/security, sans.org, securityfocus, ntbugtraq, etc... so you won't have to worry about waiting a few months you will know about them the day they hit the streets.
I think the training will help, in conjunction with a better understanding of exactly what you are doing you can be pretty confident about your installation. If you want to lock it down, you can... and I'd say it's advisable to do so.
I was going to say. Once you have the ActiveX control you can connect to any box running Terminal Services. There's absolutely no need to run IIS on the box you are trying to manage.
"I'm a university student at the moment"
I think you just proved his point for him, rather than disputed it.
www.microsoft.com/security is too hard to find?
"It's common knowledge that people don't know how to use 95% of the features of their word processors. "
Actually that's a common myth rather than common knowledge.
Although I welcome you to prove otherwise by listing even part of the features in word processors that are never used by anyone.
While it's common to do, it's a terrible mistake to try to claim the quality of current product is directly related to the quality of past product, especially when you are talking 10-20 years ago.
Now if you had a 2001 Impala and were having problems with it, I'd be concerned. But an '83? Times have changed so much since then. If you look at all auto makers, they've all improved tremendously since '83... some much more than others.
Same is true with your Microsoft dig. Trying to claim that the quality of Windows XP is subpar because of your experience with DOS 2.0 is pretty pointless, silly and a waste of all of our times.
"The problem with these (few) suits is that they seem to think that whatever they grew up on is the ONLY way to go."
But you suffer from the problem that just because it comes from Microsoft doesn't mean it isn't a good way to go.
Over the years I've used a variety of solutions. Mainframe based, Unix based... Groupwise, Lotus Notes, etc. Of all those various solutions, I've found Outlook to be the absolute best in terms of handling email and scheduling functions. Now granted, this wasn't always the case, the latest versions of Exchange and Outlook have improved on those functions tremendously.
And I agree with the suits... I absolutely cannot imagine having to use a solution that was not as versatile and easy to manage. I get the impression that you are one of these IT people who don't really want to understand user land issues, but rather shove a solution down the user's throat. That's unfortunate because it gives us all a bad name.
Although it's that very attitude that inspired the PC era, so perhaps it's good for long term innovation of the industry.
$60/year for a subscription to Transgaming...
Or once every two years I can go buy the latest OS upgrade from Microsoft for $99.
Once you throw in the purchase of a RedHat or SuSE distribution once a year on top of that transgaming subscription... the Microsoft solution is looking pretty damn cheap by comparison.
I'll be the first to admit that the Linux gift culture cannot be sustained long term due to the growing complexities of the software world. but I don't know that this new idea is a viable solution compared to the regular commercial software market. I'd say go back to the drawing board and work on the idea...
"They also expect to see a calendar in their e-mail software....although they can't explain why it belongs there."
Can you explain why it doesn't?
The ability to schedule conference rooms and make appointments with other employees at my company is an absolute critical function. Being able to do so from the same interface that one uses for other forms of communication is highly desirable.
Is your solution capable of doing this? You don't even mention what you use to support scheduling.
"There is little open source software for windows, because authors of open source software do not want to support microsoft. "
.Net examples and pet projects.
What?
Go check out sourceforge.net and you'll see a ton of Win32 stuff. That's not even the tip of the iceberg of what's available out there for Windows as open source. Many people have websites with their projects, many companies have websites with their stuff... Microsoft especially releases a *LOT* of open source code. Just start looking around for recent
Open Source isn't about Microsoft, or Linux, or Unix. It's about developers sharing ideas with one another.
To make a claim that Open Source = Anti Microsoft you have to be seriously deluded.
"The Gartner report discourage using IIS on maintained systems. It is not about default installations."
No it doesn't. Read the report again and notice the point where it says 'Enterprises infected by both Code Red and Nimda.'
Given that patches for these were available for quite a long time, in the case of Nimda around 18 months... They obviously were not talking about maintained systems.
Well that's not correct either.
You don't have to spend all of your time doing anything to IIS. You monitor a handful of email lists, and apply patches as they come out once a month or so. Takes maybe a few hours of time a month.
But, if you read the Gartner report what they specifically say is that enterprises which were impacted by both Code Red and Nimda should look at alternatives.
The rational behind this being that if that was the case, then you obviously don't have the procedures in place to keep up to date on your servers.
The Gartner report was a kneejerk reaction which wasn't really helpful... like most Gartner recommendations.
No, that's a different issue.
You readily provide your salary and financial info to banks, but how often would you give up that information to friends and family?
It's because people you know will do very different things with the information than people you don't know.
"Java is not a goal, it's a tool."
It's interesting how you make this statement and then go on to explain that Java is a goal:
"If people develop or use a lot of Java software, they don't need to run a certain OS. Making them potential SUN customers."
You might wish to make your argument consistent next time.
Wow, you can use HTML tags in your /. posts!
If there is no market for JVM on desktops, then there is also no market for WWW browsers, instant messaging clients, and multimedia players... since these are all also given away for free.
But I notice your last sentence is inconsistent with your first one.
"You seem to be a little confused about a few points sheldon."
After reading your response, I'd say it's pretty clear that I'm not the one who is confused.
There is a factor you might be forgetting. On privacy most people care if someone they know is reading their private info. But they don't care quite so much that someone they don't know might be reading it.
That's why they are unhappy when you look over their shoulder
"You conveniently glance over the fact that Internet Explorer is a Microsoft Product, whereas the JVM is a Microsoft implementation of a competitor's product that would ultimately aid the competitor. "
The W3C standards for HTML and such are formulated solely by Microsoft? W3C is owned by Microsoft? What?
The JVM is, an implementation of the Sun Java standards. It is just as much Microsoft's product as is the browser.
Before calling someone's logic flawed, maybe you ought to stop and think for a few seconds.
Oh I see... Because in your opinion Microsoft is evil, so you get to decide what they can and cannot do based on arbitrary fuzzy criteria that you can't really build a consistent ruleset for.
Hint: Microsofts exclusion of the JVM was obviously done for technical reasons. i.e. they are deprecating that code because it is no longer actively maintained. It's an optional download now, but with the next release of Windows I can guarantee you there won't be a download at all.
That decision to not maintain the code was not made by Microsoft, but rather Sun. So you are really claiming that Sun is attempting to maintain Microsoft's monopoly. Which really doesn't make any sense at all.
Sounds to me like this issue is much more complicated than good versus evil. Maybe you should stop letting your emotions rule you and engage your brain.
Why do you think everyone is working on the same team?
.Net does for you because you are still operating in a monolithic world. Once you get out of your University environment and starting working for a business, then maybe you'll understand who Microsoft is targetting.
Why do you not see that perhaps part of the components your application might call could be reusable enterprise components developed and maintained by someone else... or third party components you have purchased?
You don't understand what
If Microsoft includes a Java Virtual Machine within Windows, it kills the potential competition in the market there for JVMs.
Obviously if Microsoft includes a JVM, then no users will go out and bother to download the JVM from Sun, IBM or Acme Computing. You already state that there is quite a bit of competition in the Java market, so obviously with Microsoft including this old outdated JVM it stifles the ability for that market to move forward.
I'm sorry, but the original poster was correct. Your argument is horribly inconsistent and flawed. If it is evil for Microsoft to include Internet Explorer, it is equally as evil to include a JVM.
You really can't have it both ways. If you get to say what goes in Microsoft's products, then I feel it is my moral duty to say what goes into Linux distributions.
And I hereby declare that bundling lilo into RedHat is evil because it kills competition in the boot manager market. RedHat's purpose is obviously to damage the market that System Commander operates within, without providing them adequate compensation.
Back in '92 when I first started working with Linux it was kind of cool. You could do things on your home computer that before were not very possible, or very expensive.
It was just kind of cool, and fun.
Then sometime in '97, shortly after the OS/2 regime was destroyed, Linux took on this holy jihad. Now it was a battle, it wasn't just good enough to create something kind of fun and geeky, the goal was to destroy all the infidels from Microsoft.
It was at that point that Linux became no fun to use, and it was no longer fun to be around the Linux geeks.
Linus has the right attitude. There is no enemy.
Read the article, analyze what few details are provided. Now explain to everybody why you think the buggy software was written by Microsoft.
Hint: It's talking about a client/server database app.
I thought this myth had already been thorougly debunked. I guess it just won't die.
No it doesn't.
Until the SCOTUS has actually heard a case and issued an opinion, you cannot assume to know what they are thinking.
This refusal to hear a case means absolutely nothing at this time.