I totally agree. Compare Microsoft's reaction to security problems with what has happened in the *nix world with NFS and NIS.
NIS is the biggest, steamiest pile of insecurity ever conceived... and NFS is built right on top of it. But nobody every screams and yells on slashdot about how insecure it is... I guess because it was developed by people who didn't work for the "evil empire".
Forgive me if the original link has the answer to this (I tried to visit it, but must be overloaded).
But if you can attach a memory debugger to the lsass.exe file, then you've already got very high-level privileges on the box. I fail to see how this is relevant from a practical security perspective.
Anytime a user is entering their password into a form field, that information is going to be stored in memory somewhere.
The union is already filing a grievance about this. You should have seen their reaction when the first xerographic copier was rolled into a state office.
And what kind of metadata would be better than a rich, access control subsystem that is compatible with Federated Identity expressions, like XrML?
Getting the picture yet? WinFS is *NOT* DRM itself. It is a framework that can *easily* enable DRM technologies, or other technologies that use metadata.
XrML is a key technology that Microsoft is going to push for all access control permissions, whether they are local to the computer, the enterprise, or the federated world of partners, suppliers, and customers.
It sure sounds superior to the "vision" of user/group/world permissions in the Unix kernel. Oh, and how many group are supported for access control in Unix? 16 or 32? Do you think the average mid-size company uses more or less than 32 groups to define permissions for a user? (sorry, I couldn't resist... even though Linux users believe there is no such thing as "constructive" criticism)
OK, offtopic for sure. But this will never *EVER* get a headline post of Slashdot anyway.
Yes, but the Tax Code provides the wherewithall for thousands of social programs that are designed to turn the federal government into a money pump to renumerate democratic voters for democratic votes.
And since this helps soothe the well-paid, "I know more than you", urban digerati here on Slashdot... we won't be seeing this thread get modded very far.
This is Massachusetts. There will be no arguing in front of a judge. Instead, there will be greased palms at the State Attorney General's office, and a sudden, very public "investigation" of airline equipment safety of the Continental terminal.
Massport is one of the top post-politics homes for corrupt politicians, second only to the Massachusetts Turnpike Authority (the people who brought you the "Big Dig" -- a $15 billion dollar escapade to improve 1.5 miles of highway and reduce travel time across that 1.5 miles by an average of 15 seconds per vehicle).
Unions, corruption and hatred for minorities rule the day in Boston. Welcome to the home of the Democratic Party.
Well, other problems such as rampant shill bidding get hardly a blink from eBay. They don't even take action on shill bidding reports most of the time.
The FCC created the 800 MHz cellular and two-way radio bands by chopping off the top of the UHF TV band.
Yes, and then when some congressmen had their cell phone calls intercepted, they passed legislation to make it illegal to listen to those frequencies. The unintended consequence of this is that, in the United States, there are certain UHF TV channels that are technically unlawful to tune into.
How's that NIS treating you for security? Kernel "user/group/world" security should be enough for anybody.
You guys need to realize that you can't have credibility without objectivity. You would have a lot more success convincing people to switch to Linux if you didn't come across as zealots all the time.
You responded: "Neat, I hadn't ever looked at which articles I post to.". My response: What hogwash. We're not that stupid. Is that what you really think someone who isn't playing "monkey business" would have said? Then you say, "I doubt it matters since most of my comments are pure junk"... as the cartoon goes... you just self-deprecated yourself out of a job.
You responded: "Regarding the handle, I choose it a long time ago and then didn't use the account for years." My response: Interesting. Your account has posted at least 24 comments in the last 8 days. Unfortunately (or fortunately, for you) Slashdot doesn't let us go beyond the last 24 comments to validate your statement. How convenient.
FYI... making Slashdot a "slashdot.org" site instead of a "slashdot.com" site (which happened several years ago) is simply another example of this behavior.
Yes, I'm just waiting for the inevitable punchdown from the "true" moderators here. VA Software is a corporation just like any other. They have interests, they're just less forthright about them than other companies.
With all the rejected submissions, shouldn't this story be replaced by one which was not simply a plug for Skype? I mean, great, some guy who has a website that can handle --max-- 3 users concurrently, has decided to document his ability to take some off-brand phone and wire it up to Skype.
To some, especially the slashdot crowd, security means keeping the hackers off your network.
Corporate interests naturally want that, but they are also equating "security" with access control. Microsoft has a fairly robust access control methodology, supporting central group control, and distributed access control lists.
What does Linux have in this space? NIS? A Kernel that pukes when a user is a member of more than 16 or 32 groups? Can you have robust access control if you can only be a member of 16 or 32 groups?
Security is more than just keeping the hackers out.
Your post is so over-the-top, I had to read it again just to make sure you weren't being sarcastic. You weren't.
I hope you don't go outside very often. Have you considered the risks of crossing the street? Do you fully understand the probability of an airplane flying over your head right now dropping a piece of toilet ice that could kill you?
Any hole in a program is a big deal. Consultants come in and out of companies all the time, some running MySQL on Windows. If one of them is infected, your internal network is infected.
Slashdot Mirror
I totally agree. Compare Microsoft's reaction to security problems with what has happened in the *nix world with NFS and NIS.
NIS is the biggest, steamiest pile of insecurity ever conceived... and NFS is built right on top of it. But nobody every screams and yells on slashdot about how insecure it is... I guess because it was developed by people who didn't work for the "evil empire".
Forgive me if the original link has the answer to this (I tried to visit it, but must be overloaded).
But if you can attach a memory debugger to the lsass.exe file, then you've already got very high-level privileges on the box. I fail to see how this is relevant from a practical security perspective.
Anytime a user is entering their password into a form field, that information is going to be stored in memory somewhere.
The union is already filing a grievance about this. You should have seen their reaction when the first xerographic copier was rolled into a state office.
And what kind of metadata would be better than a rich, access control subsystem that is compatible with Federated Identity expressions, like XrML?
Getting the picture yet? WinFS is *NOT* DRM itself. It is a framework that can *easily* enable DRM technologies, or other technologies that use metadata.
XrML is a key technology that Microsoft is going to push for all access control permissions, whether they are local to the computer, the enterprise, or the federated world of partners, suppliers, and customers.
It sure sounds superior to the "vision" of user/group/world permissions in the Unix kernel. Oh, and how many group are supported for access control in Unix? 16 or 32? Do you think the average mid-size company uses more or less than 32 groups to define permissions for a user? (sorry, I couldn't resist... even though Linux users believe there is no such thing as "constructive" criticism)
OK, offtopic for sure. But this will never *EVER* get a headline post of Slashdot anyway.
Yes, but the Tax Code provides the wherewithall for thousands of social programs that are designed to turn the federal government into a money pump to renumerate democratic voters for democratic votes.
And since this helps soothe the well-paid, "I know more than you", urban digerati here on Slashdot... we won't be seeing this thread get modded very far.
This is Massachusetts. There will be no arguing in front of a judge. Instead, there will be greased palms at the State Attorney General's office, and a sudden, very public "investigation" of airline equipment safety of the Continental terminal.
Massport is one of the top post-politics homes for corrupt politicians, second only to the Massachusetts Turnpike Authority (the people who brought you the "Big Dig" -- a $15 billion dollar escapade to improve 1.5 miles of highway and reduce travel time across that 1.5 miles by an average of 15 seconds per vehicle).
Unions, corruption and hatred for minorities rule the day in Boston. Welcome to the home of the Democratic Party.
Well, other problems such as rampant shill bidding get hardly a blink from eBay. They don't even take action on shill bidding reports most of the time.
The FCC created the 800 MHz cellular and two-way radio bands by chopping off the top of the UHF TV band. Yes, and then when some congressmen had their cell phone calls intercepted, they passed legislation to make it illegal to listen to those frequencies. The unintended consequence of this is that, in the United States, there are certain UHF TV channels that are technically unlawful to tune into.
One word: Solaris.
How's that NIS treating you for security?
Kernel "user/group/world" security should be enough for anybody.
You guys need to realize that you can't have credibility without objectivity. You would have a lot more success convincing people to switch to Linux if you didn't come across as zealots all the time.
I like how you used facts, data and logic to determine that I was a "fucking dumbass". Oh wait, that was because I challenged you, huh?
Fortunately, for the rest of us, you aren't developing any nuclear weapons like Kim Jung Il. So you're just an impotent socialist.
You responded: "Neat, I hadn't ever looked at which articles I post to.".
My response: What hogwash. We're not that stupid. Is that what you really think someone who isn't playing "monkey business" would have said? Then you say, "I doubt it matters since most of my comments are pure junk"... as the cartoon goes... you just self-deprecated yourself out of a job.
You responded: "Regarding the handle, I choose it a long time ago and then didn't use the account for years."
My response: Interesting. Your account has posted at least 24 comments in the last 8 days. Unfortunately (or fortunately, for you) Slashdot doesn't let us go beyond the last 24 comments to validate your statement. How convenient.
As an aside, you should
Wrong. There was a time when going to "slashdot.com" would not redirect you to "slashdot.org".
The "slashdot.org" gives the site the feel of an innocent bystander. In fact, the site is a corporate site, run by corporate interests.
What story would you post if Microsoft suddenly changed their domain presence from "microsoft.com" to "microsoft.org" ???
FYI... making Slashdot a "slashdot.org" site instead of a "slashdot.com" site (which happened several years ago) is simply another example of this behavior.
Yes, I'm just waiting for the inevitable punchdown from the "true" moderators here. VA Software is a corporation just like any other. They have interests, they're just less forthright about them than other companies.
Nice ID, Stalin. You are the true believer in Socialism.
Interesting that you primarily post to articles from Hemos or Zonk.
So interesting that you chose to use the identity, "noidentity"... Is there something you're hiding perhaps?
Sounds like it's time for me to be rated -1. Whaddaya think, Stalin?
Now they've got their story straight.
I'm a "0, Flamebait".
Amazing.
I don't think I've ever seen a "+3, Troll" before. Clearly I've upset the Slashdot gods.
Perhaps Lenin, Stalin and Bush would be proud supporters of the website.
Dissodance is not permitted!
With all the rejected submissions, shouldn't this story be replaced by one which was not simply a plug for Skype? I mean, great, some guy who has a website that can handle --max-- 3 users concurrently, has decided to document his ability to take some off-brand phone and wire it up to Skype.
Great. So what.
From your desk, you can simply go to the root of your Active Directory, and apply the "Auto download and schedule the install" Group Policy object.
http://support.microsoft.com/kb/328010/EN-US/
If you only want some of your clients to apply updates, you can filter the policy appropriately.
To some, especially the slashdot crowd, security means keeping the hackers off your network.
Corporate interests naturally want that, but they are also equating "security" with access control. Microsoft has a fairly robust access control methodology, supporting central group control, and distributed access control lists.
What does Linux have in this space? NIS? A Kernel that pukes when a user is a member of more than 16 or 32 groups? Can you have robust access control if you can only be a member of 16 or 32 groups?
Security is more than just keeping the hackers out.
Your post is so over-the-top, I had to read it again just to make sure you weren't being sarcastic. You weren't.
I hope you don't go outside very often. Have you considered the risks of crossing the street? Do you fully understand the probability of an airplane flying over your head right now dropping a piece of toilet ice that could kill you?
Do you still beat your wife, kick puppy dogs, and eat newborn babies?
Please only answer "yes" or "no". No other commentary will be permitted in your response.
Any hole in a program is a big deal. Consultants come in and out of companies all the time, some running MySQL on Windows. If one of them is infected, your internal network is infected.
DNS would be a great start to a global, distributed identity service, similar to passport but allowing individual control of identity attributes.
I agree with everything you've said. The things that Slashdot really needs to consider.
It's a shame that you will be modded down into oblivion. Squelching dissent is another awful aspect of how Slashdot works here.