You just proved the point: the only thing the iPhone has over the competition is slick looks, in actual useful features it is below par. And you buy it as if it is a huge advantage. Given the context (business use), this is a prime example of someone drinking the Marketing Kool-Aid.
Yes, and the New York Times, supposedly the pinnacle of American journalism, used the term world-wide. As parent said, lazy journalism. Which is what set me off.
Don't be so fucking stupid. Your UID suggests you can do better.
And again U.S.-centric media act as if the U.S. market is representative for the whole world.
Here's a hint: RIM is only a player in push-mail smartphones. Worldwide, the major smartphone platform is Symbian. Apple may as well not exist in the world-wide market. I have seen a colleagues iPhone, and it is a nice little machine, but it is currently geared more for multimedia use than as a business smartphone. It will take Apple at least one more generation to actually become a threat to Symbians dominance of the marketplace.
Of course, compared to the other bit players in the marketplace, if one company can pull off a landslide shift in marketshare, it will be Apple. It helps that they understand Marketing extremely well.
Re your point 2: The GIMP uses the default GTK file selector, and it will open an address bar as soon as you start typing. Depending on your Gnome preferences, it may already be active. I just tested this with the stock GIMP in Debian unstable, version 2.4.5.
Re your point 3: Since Alsa 0.9.x it has not been necessary to select a device node yourself.
Try stayin up to date before spewing outdated FUD, okay?
Dropping the link layer (and as far as TCP is concerned, a PPPoE connection is the link layer) does not result in RST packets. RST packets are sent on purpose by one end of a TCP connection to close an existing connection.
Dropping the connection without closing it results in a TCP connection hanging in TIME_WAIT, waiting to time out.
If there are spurious RST packets on a network, the provider will have to give a good explanation. Yours won't do, and if AT&T can't come up with a better one, they have only themselves to blame if people suspect them doing what Comcast was caught red-handed doing.
You know what? All those paperwork hoops CAs make you jump through are useless. The cert only verifies the identity of the server, none of that paperwork is reflected in the actual certificate itself. And your CA only has to take your word for it that all those papers belong to a legitimate business.
The paperwork is security theater, to justify the higher price. For the purpose of an SSL cert, to certify that a particular FQDN belongs to a particular server, domain-control checks are sufficient.
Nope. RapidSSL is a brandname of Geotrust (which in turn is a brandname of Equifax). Geotrust also offers QuickSSL Premium certs, which are signed with the standard Equifax Secure CA root certificate, which, to my knowledge, is distributed with all mobile devices currently on the market.
The pricing for QuickSSL Premium certs is not much different from the bigger vendors, but the service we've gotten so far from Geotrust is excellent, and their simple no-nonsense verification systems means we get to deploy certs within five minutes from submitting the CSR.
Full disclosure: I work for a Geotrust reseller. We picked them because we got fed up with our previous supplier.
Fine. Bring your own equipment. How are you going to disguise the fact that data is being moved from internal systems into what appears to be a black hole, instead of a workstation that has a user logged in with authorisation to said data?
If all your Ethernet cable or AP is going to do is set up a private network where you share personal data with friends, it's not a threat. The minute your setup generates anomalous traffic on the network, my management console will flag it (and I suspect khasim has a similar setup).
So, either you airgap your private network from the corporate network, in which case it is no threat, or you connect it to the corporate network, and you'll be caught.
What he is saying is basic IDS. As long as you don't control all IDSes on the network, nor the central management/reporting console, a decent IDS setup, especially with a good analysis system running on the management console, will catch anomalous traffic.
In fact, autonomously detecting anomalous traffic is what the current generation of IDSes is designed for. I am in partial charge of exactly such a system, and while not 100% foolproof, khasim is right that his control over the physical network media gives him a deciding advantage over you.
And a company need not be large to deploy such a system. Managed Security providers can do so for a decent price for all but the smallest SMEs.
The first one to mention 8088 hardware in this subthread is you. Do you think I'm fucking stupid, that you try to get away with so transparent a lie?
And regardless. If OS/9 could run on an anemic Tandy Color Computer, with full multi-user capabilities, the hardware Microsoft had at its disposal is no excuse for the lameness of MS-DOS.
For the purposes of a low-barrier-to-entry midrange system, it was overkill. This was exactly why K&R decided to drop all that Multics ballast for their game system, and replaced with a 'good enough' security system.
Microsoft, probably influenced by Cutler's VMS heritage, decided to overlook all that work done by the Unix world, and decided to implement a byzantine system of ACLs and objects, and then went and set it with lax defaults and trusted the entire world to act sanely, security-wise.
Whichever way you look at it, the theoretical advantages are outweighed by the real-world needs of the users and administrators of the system. Users will always pick the easier option, so the smart way to handle security is to give them simple tools to manage security, so that they see security as less of a burden. Unix got it right for its target audience, and despite its theoretical flaws in security design, the average Unix system is more secure in actual practice than the theoretically more secure Windows systems.
As for VMS and other 'Real' Operating Systems, there is a reason why they have been relegated to obscurity. Only in very few specialised situations is the additional burden of management outweighed by the benefits of more security.
Don't move the goalposts. Nobody said anything about running on 8088 only. Neither did anybody say anything about hardware memory protection nor paging.
The ability to seperate users and enforce decent privilege seperation existed before the IBM PC, and on hardware that was decidedly less powerful. Period. MS has no excuse except bad design and/or laziness for the weaknesses of Windows.
Unix does not, in fact, have robust security, especially not in user separation. A security failure in Unix in this area is catastrophic and irrecoverable, because a privilege elevation means you are root, in complete control of the machine.
What differs is that this is a known issue in the Unix community, and has been a known issue for a long time, and has been fixed by a general community reaction of running away as far as possible, as soon as possible, from root privileges. There is a paranoia in systems administration and development in the Unix world that just is not present in the Windows world.
Microsoft being Microsoft of course took the NIH way, by fitting a Rube Goldberg construct of objects with ACLs into their system, and then trusting everyone to use it properly. It doesn't help that the rise of Unix led to a bunch of malcontent fugitives from rival systems moving to Microsoft. Check the careers of the writers of the Unix Haters' Handbook for a giggle. For a real belly laugh, read what they said about Unix security back then, and compare it with what Microsoft implemented since then.
The original IBM PC came with 64K, expandable to 512K. For the CP/M (of which QDOS was a rip-off) machines of the time, 48K was considered minimum spec, and 64K was more or less mandatory.
So yes, the grandparent statement was bullshit. And it paints MS in a particularly bad light, because there were secure multi-user OSes out there that could run in those specs, like MP/M and OS/9. Heck, even CP/M 3.0 had the concept of seperate user areas on a single disk.
Down here in Europe, we took a good look at the English roundabouts, and decided they were a good idea. Unfortunately, we apparently didn't update our driver training to deal with them. Here in the Netherlands, it has become common practice for motorists to stop for every roundabout, even if it is empty. And worse, the dithering fools stay stopped even if the nearest traffic is more than a quarter turn away.
Imagine my shock when visiting England, and finding out that you are expected to merge as soon as possible, and that stopping with a quarter roundabout worth of free space gets you very dirty looks.
Of course, the fools in.nl on the roundabout tend to drive bumper-to-bumper, so a fluid merge at 30km/h and a constant flow of traffic is impossible most of the time, so we're apparently stuck with the worst of both worlds: people too timid to merge fluently, and people unwilling to let others merge.
What really cracks me up every time is that speeding up and slowing down is a very inefficient way to drive. The optimum way is to pick a speed, and stick to it as much as possible, and if you see a situation coming up where you might have to slow down, just let go of the accelerator. The more you even out the speed differences in your journey, the higher your average speed will be. This does require very good situational awareness and anticipation skills, though. On the other hand, forcing yourself to anticipate further and not rely on your brakes to get you out of emergencies is a skill that is actually trained by this driving pattern.
This also works in preventing traffic jams. Instead of running all out and then slamming your brakes as you hit the jam, just slowly bleed off speed, stop caring about other people merging in front of you and see how a lane of stopped traffic suddenly turns into a lane of flowing (if a bit slower than normal) traffic.
I ride a motorcycle, and filtering between lanes is legal here, and yet I almost never need to filter. And the road is clear behind and in front of me more often than not. And I'm not exactly a paragon when it comes to keeping to the speed limit.
I just wish people would stop complaining at the first innapropriate mod. Look, your comment is 20 minutes older than the parent, and a couple of hours later, it was already at 'Funny' which is appropriate.
Not specifically aimed at you, it is just something I observed the past few weeks. There may be inappopriate mods, but they usually balance out in the end.
As much as I hate speeders coming with lame justifications, there are stretches of road that do get unreasonable limits.
Example: in the Netherlands, the usual classification of speed limits in absence of signs is:
Built up areas: 50 km/h.
Highways, marked by a white car on a blue background: 100 km/h.
Motorways, marked by a styilised dual carriageway, white on blue: 120 km/h.
All other roads: 80 km/h.
Now, this last category used to contain what we called B-roads, which are basically the rural back roads. These got a blanket speed limit reduction to 60 km/h, signalled by an explicit speed limit sign. This is a ridiculous limit. Twisty roads lined with trees were never safe to travel at 80 anyhow, but the straight roads through pastureland with only one side road per 2 km, clearly visible (pastureland in flat polders, remember?!) now also have a 60 limit. This is flat out too low. 80 is easily bearable, and I daresay even speeding up to 120 km/h is not dangerous. Yet we're expected to trundle along on a flat straight stretch of road with 5 km visibility at a mere 60 km/h. I habitually break the limit there, and I don't care. Should I get caught, I'll pay, but I will protest publicly at the silly low limit.
On my daily commute there is a speed camera positioned under an overpass. It has not functioned for years, and all the regular commuters know this[1]. I judge the average speed on this bit of motorway to be about 120km/h, with a 100km/h speed limit. But at least thrice a week I see someone hit the brakes when approaching the overpass. And I used to share a car with someone who had downloaded such speed trap information, and damn if it didn't flag a speed trap at that precise point.
The local pejorative name for TomTom seems accurate (DomDom, aka 'DumbDumb').
Mart
[1] For our Dutch readers: the overpass on the A1 motorway going east, just past the Laren exit and just before the Eemnes junction. Google maps reference.
I am a bit confused by your reference to the NAT router in combination with 'same LAN'. If it is really beyond a router from the point of view of your LAN, it's no longer on the LAN. Unless it is sitting on the same LAN as your PC(s) and that router.
If the box is on a an actual shared segment of Ethernet, go into a computer store and buy a hub (a real hub, mind you, not a cheap switch). Now hang your sniffer box and the phone on the hub instead of the switch. Since Ethernet is a broadcast protocol, wireshark will capture all packets on the local segment, and since there is now no switch, but an actual shared bus thanks to the hub, you get all packets being sent and received by your phone.
I must object to your use of the word groupthink though. It is a laden term, specifically negatively laden. Mores or shared social values are more neutral, while describing the same phenomenon, that of multiple individualists acting in a coherent manner as a group. Groupthink, as used today, implies the individuals giving up their individual judgement in favour of the socially acceptable judgment, whereas it is quite possible that a group consensus can be formed on mutually supporting individual judgements, without requiring submission of the individual.
Slashdot Mirror
You just proved the point: the only thing the iPhone has over the competition is slick looks, in actual useful features it is below par. And you buy it as if it is a huge advantage. Given the context (business use), this is a prime example of someone drinking the Marketing Kool-Aid.
MartYes, and the New York Times, supposedly the pinnacle of American journalism, used the term world-wide. As parent said, lazy journalism. Which is what set me off.
Don't be so fucking stupid. Your UID suggests you can do better.
MartAnd again U.S.-centric media act as if the U.S. market is representative for the whole world.
Here's a hint: RIM is only a player in push-mail smartphones. Worldwide, the major smartphone platform is Symbian. Apple may as well not exist in the world-wide market. I have seen a colleagues iPhone, and it is a nice little machine, but it is currently geared more for multimedia use than as a business smartphone. It will take Apple at least one more generation to actually become a threat to Symbians dominance of the marketplace.
Of course, compared to the other bit players in the marketplace, if one company can pull off a landslide shift in marketshare, it will be Apple. It helps that they understand Marketing extremely well.
MartRe your point 2: The GIMP uses the default GTK file selector, and it will open an address bar as soon as you start typing. Depending on your Gnome preferences, it may already be active. I just tested this with the stock GIMP in Debian unstable, version 2.4.5.
Re your point 3: Since Alsa 0.9.x it has not been necessary to select a device node yourself.
Try stayin up to date before spewing outdated FUD, okay?
MartDropping the link layer (and as far as TCP is concerned, a PPPoE connection is the link layer) does not result in RST packets. RST packets are sent on purpose by one end of a TCP connection to close an existing connection.
Dropping the connection without closing it results in a TCP connection hanging in TIME_WAIT, waiting to time out.
If there are spurious RST packets on a network, the provider will have to give a good explanation. Yours won't do, and if AT&T can't come up with a better one, they have only themselves to blame if people suspect them doing what Comcast was caught red-handed doing.
MartAh. I was going by what they used as a root CA. I tend not to follow the business news that close. Thanks for the info.
MartYou know what? All those paperwork hoops CAs make you jump through are useless. The cert only verifies the identity of the server, none of that paperwork is reflected in the actual certificate itself. And your CA only has to take your word for it that all those papers belong to a legitimate business.
The paperwork is security theater, to justify the higher price. For the purpose of an SSL cert, to certify that a particular FQDN belongs to a particular server, domain-control checks are sufficient.
MartNope. RapidSSL is a brandname of Geotrust (which in turn is a brandname of Equifax). Geotrust also offers QuickSSL Premium certs, which are signed with the standard Equifax Secure CA root certificate, which, to my knowledge, is distributed with all mobile devices currently on the market.
The pricing for QuickSSL Premium certs is not much different from the bigger vendors, but the service we've gotten so far from Geotrust is excellent, and their simple no-nonsense verification systems means we get to deploy certs within five minutes from submitting the CSR.
Full disclosure: I work for a Geotrust reseller. We picked them because we got fed up with our previous supplier.
MartYes, but not without giving itself away. You really don't get it, do you?
MartFine. Bring your own equipment. How are you going to disguise the fact that data is being moved from internal systems into what appears to be a black hole, instead of a workstation that has a user logged in with authorisation to said data?
If all your Ethernet cable or AP is going to do is set up a private network where you share personal data with friends, it's not a threat. The minute your setup generates anomalous traffic on the network, my management console will flag it (and I suspect khasim has a similar setup).
So, either you airgap your private network from the corporate network, in which case it is no threat, or you connect it to the corporate network, and you'll be caught.
Like khasim said, it's not magic. It's science.
What he is saying is basic IDS. As long as you don't control all IDSes on the network, nor the central management/reporting console, a decent IDS setup, especially with a good analysis system running on the management console, will catch anomalous traffic.
In fact, autonomously detecting anomalous traffic is what the current generation of IDSes is designed for. I am in partial charge of exactly such a system, and while not 100% foolproof, khasim is right that his control over the physical network media gives him a deciding advantage over you.
And a company need not be large to deploy such a system. Managed Security providers can do so for a decent price for all but the smallest SMEs.
MartYou have quotes for your assertion? Otherwise, just STFU, OK?
MartThe first one to mention 8088 hardware in this subthread is you. Do you think I'm fucking stupid, that you try to get away with so transparent a lie?
And regardless. If OS/9 could run on an anemic Tandy Color Computer, with full multi-user capabilities, the hardware Microsoft had at its disposal is no excuse for the lameness of MS-DOS.
MartFor the purposes of a low-barrier-to-entry midrange system, it was overkill. This was exactly why K&R decided to drop all that Multics ballast for their game system, and replaced with a 'good enough' security system.
Microsoft, probably influenced by Cutler's VMS heritage, decided to overlook all that work done by the Unix world, and decided to implement a byzantine system of ACLs and objects, and then went and set it with lax defaults and trusted the entire world to act sanely, security-wise.
Whichever way you look at it, the theoretical advantages are outweighed by the real-world needs of the users and administrators of the system. Users will always pick the easier option, so the smart way to handle security is to give them simple tools to manage security, so that they see security as less of a burden. Unix got it right for its target audience, and despite its theoretical flaws in security design, the average Unix system is more secure in actual practice than the theoretically more secure Windows systems.
As for VMS and other 'Real' Operating Systems, there is a reason why they have been relegated to obscurity. Only in very few specialised situations is the additional burden of management outweighed by the benefits of more security.
MartDon't move the goalposts. Nobody said anything about running on 8088 only. Neither did anybody say anything about hardware memory protection nor paging.
The ability to seperate users and enforce decent privilege seperation existed before the IBM PC, and on hardware that was decidedly less powerful. Period. MS has no excuse except bad design and/or laziness for the weaknesses of Windows.
MartUnix does not, in fact, have robust security, especially not in user separation. A security failure in Unix in this area is catastrophic and irrecoverable, because a privilege elevation means you are root, in complete control of the machine.
What differs is that this is a known issue in the Unix community, and has been a known issue for a long time, and has been fixed by a general community reaction of running away as far as possible, as soon as possible, from root privileges. There is a paranoia in systems administration and development in the Unix world that just is not present in the Windows world.
Microsoft being Microsoft of course took the NIH way, by fitting a Rube Goldberg construct of objects with ACLs into their system, and then trusting everyone to use it properly. It doesn't help that the rise of Unix led to a bunch of malcontent fugitives from rival systems moving to Microsoft. Check the careers of the writers of the Unix Haters' Handbook for a giggle. For a real belly laugh, read what they said about Unix security back then, and compare it with what Microsoft implemented since then.
MartThe original IBM PC came with 64K, expandable to 512K. For the CP/M (of which QDOS was a rip-off) machines of the time, 48K was considered minimum spec, and 64K was more or less mandatory.
So yes, the grandparent statement was bullshit. And it paints MS in a particularly bad light, because there were secure multi-user OSes out there that could run in those specs, like MP/M and OS/9. Heck, even CP/M 3.0 had the concept of seperate user areas on a single disk.
MartAaargh! Yes, pet peeve number bazillion for me.
Down here in Europe, we took a good look at the English roundabouts, and decided they were a good idea. Unfortunately, we apparently didn't update our driver training to deal with them. Here in the Netherlands, it has become common practice for motorists to stop for every roundabout, even if it is empty. And worse, the dithering fools stay stopped even if the nearest traffic is more than a quarter turn away.
Imagine my shock when visiting England, and finding out that you are expected to merge as soon as possible, and that stopping with a quarter roundabout worth of free space gets you very dirty looks.
Of course, the fools in .nl on the roundabout tend to drive bumper-to-bumper, so a fluid merge at 30km/h and a constant flow of traffic is impossible most of the time, so we're apparently stuck with the worst of both worlds: people too timid to merge fluently, and people unwilling to let others merge.
MartWhat really cracks me up every time is that speeding up and slowing down is a very inefficient way to drive. The optimum way is to pick a speed, and stick to it as much as possible, and if you see a situation coming up where you might have to slow down, just let go of the accelerator. The more you even out the speed differences in your journey, the higher your average speed will be. This does require very good situational awareness and anticipation skills, though. On the other hand, forcing yourself to anticipate further and not rely on your brakes to get you out of emergencies is a skill that is actually trained by this driving pattern.
This also works in preventing traffic jams. Instead of running all out and then slamming your brakes as you hit the jam, just slowly bleed off speed, stop caring about other people merging in front of you and see how a lane of stopped traffic suddenly turns into a lane of flowing (if a bit slower than normal) traffic.
I ride a motorcycle, and filtering between lanes is legal here, and yet I almost never need to filter. And the road is clear behind and in front of me more often than not. And I'm not exactly a paragon when it comes to keeping to the speed limit.
MartI just wish people would stop complaining at the first innapropriate mod. Look, your comment is 20 minutes older than the parent, and a couple of hours later, it was already at 'Funny' which is appropriate.
Not specifically aimed at you, it is just something I observed the past few weeks. There may be inappopriate mods, but they usually balance out in the end.
MartAs much as I hate speeders coming with lame justifications, there are stretches of road that do get unreasonable limits.
Example: in the Netherlands, the usual classification of speed limits in absence of signs is:
Now, this last category used to contain what we called B-roads, which are basically the rural back roads. These got a blanket speed limit reduction to 60 km/h, signalled by an explicit speed limit sign. This is a ridiculous limit. Twisty roads lined with trees were never safe to travel at 80 anyhow, but the straight roads through pastureland with only one side road per 2 km, clearly visible (pastureland in flat polders, remember?!) now also have a 60 limit. This is flat out too low. 80 is easily bearable, and I daresay even speeding up to 120 km/h is not dangerous. Yet we're expected to trundle along on a flat straight stretch of road with 5 km visibility at a mere 60 km/h. I habitually break the limit there, and I don't care. Should I get caught, I'll pay, but I will protest publicly at the silly low limit.
MartI can spot those TomTom users from a mile away.
On my daily commute there is a speed camera positioned under an overpass. It has not functioned for years, and all the regular commuters know this[1]. I judge the average speed on this bit of motorway to be about 120km/h, with a 100km/h speed limit. But at least thrice a week I see someone hit the brakes when approaching the overpass. And I used to share a car with someone who had downloaded such speed trap information, and damn if it didn't flag a speed trap at that precise point.
The local pejorative name for TomTom seems accurate (DomDom, aka 'DumbDumb').
Mart
[1] For our Dutch readers: the overpass on the A1 motorway going east, just past the Laren exit and just before the Eemnes junction. Google maps reference.
No, people have claimed the BBC admitted to a bias. That is quite a difference.
MartI am a bit confused by your reference to the NAT router in combination with 'same LAN'. If it is really beyond a router from the point of view of your LAN, it's no longer on the LAN. Unless it is sitting on the same LAN as your PC(s) and that router.
If the box is on a an actual shared segment of Ethernet, go into a computer store and buy a hub (a real hub, mind you, not a cheap switch). Now hang your sniffer box and the phone on the hub instead of the switch. Since Ethernet is a broadcast protocol, wireshark will capture all packets on the local segment, and since there is now no switch, but an actual shared bus thanks to the hub, you get all packets being sent and received by your phone.
MartInteresting analysis.
I must object to your use of the word groupthink though. It is a laden term, specifically negatively laden. Mores or shared social values are more neutral, while describing the same phenomenon, that of multiple individualists acting in a coherent manner as a group. Groupthink, as used today, implies the individuals giving up their individual judgement in favour of the socially acceptable judgment, whereas it is quite possible that a group consensus can be formed on mutually supporting individual judgements, without requiring submission of the individual.
Mart