Certainly they can refuse to allow them to have a pavilion. For the same reason Microsoft can have a conference and not invite Apple to have a booth. It undermines the integrity of the conference. People are there to talk about Linux and its happenings, not Microsoft and its crappenings.
Considering MS had a pavilion at LinuxWorld, they probably pick the ads. But even if they don't, they let Microsoft have a pavilion at LinuxWorld...that is retarded in its own right.
Oh, and many of the other exhibitors were selling crap that was windows-centric or windows-only. At LINUXWORLD. How credible is that? If I want Linux news, I'm not going to go someone that has a vested interest in the failure of Linux.
Sure it starts small, an ad here, an ad there. Then an editorial here, there. Then flagrantly subversive linux-bashing.
...but unfortunately they tend to only read headlines. if the headline is a bunch of microsoft FUD, then it makes your job just that much more aggravating.
I try to avoid conversations like this: PointyHairedBoss: "Why are we using this Unix crap!?" Me: "Because, you stupid wanker, it has been up for 745 days without crashing and without any problems. And big woop if I cost a little more if your systems are stable and secure!? Now get outta my server room!"
Well, I went to the LinuxWorld conference in New York this year, and needless to say, it is the last year I will be attending. Microsoft had a large pavilion there...if I recall it wasn't there the last time I went (two years prior). Sell-outs. The exhibits weren't even useful. More than half were selling the same damned thing, JBODs, disk-arrays, etc. Lame.
considering some people get only 15-20 for murder, or much less for rape, seven years seems reasonable for identity theft. i mean, we can't reasonably put identity theft in even remotely the same category as murder and rape. of course, if we had harsher penalties for murder, rape and other crimes of that brutal nature, then perhaps the identity theft sentence could also be harsher.
really though, 7 years is a long freakin time to spend in jail for forging some email headers, which many can consider identity theft. i personally forge email headers daily. didnt you know that i was "superman" AND "the man with the worlds longest schlong"?
because of US law prohibiting the export of encryption over 48-bit (48-bit, right?), how good will MS encryption be in SQL server? Anyone know any specs?
If its only 48-bit encryption with a crappy algorithm...well we've seen how easy WEP and WPA are to crack, for example.
Perhaps they are going to put out an international version with no encryption or inferior encryption?
im just crossing my fingers and hoping they dont dumb down the encryption for overseas export...then again, stupid people and security vulnerabilities keep me in business...microsoft rocks! no wait. sorry. freebsd it is.
That is certainly a valid point. It would be nice if they could license something from RSA...
Come to think about it, how are they going to get around the law prohibiting the export of encryption out of the states? I suppose they'll need to ship a copy without encryption to overseas customers. In which case, international corporations may have compatibility issues...
Notice something about that statement? That's when MS decided to scrap their old Sybase-based code and create their own from the ground up (more or less). Sybase wasn't that insecure by default as far as I can remember...
Really though, in MS's defense, 2003 Server is pretty secure AND functional, by default. I hope their future products can follow suit.
because many dba's do not have a brain. imho a server should be initially setup and be completely dysfunctional and force you to make it work. that way you really know wtf you are doing when you install an app. in larger sites, esp. those that have site licenses for things like sql server and oracle, some developers will just install it because they think its what they need to do their job. not actual dbas, mind you.
so long as the option still exists to use third party security products, i think its a good move. other databases have it, why shouldnt they?
and i seriously doubt microsoft would be able to figure out how to make it so that no third party encryption works with their database, nor would they want to, as their primary agenda right now is clearly security.
saying encryption is not security is just foolish. any reasonable security administrator realizes that there are different aspects of security -- and encryption is one of them.
security is about defense, in depth, of your data. simply putting out "bug-free" software will help, but it is not the be all and end all of security. there are other layers that your software relies upon that can be compromised.
strong encryption is a good way to *help* secure your data. sure, it is essentially security through obscurity, but even that has a bad rep.
realize this: if someone wants your data, they CAN get it. you might as well make them jump through some hurdles to get to it. hopefully by the time they crack your encryption the data would be useless anyhow.
also, security through obscurity does help ward off casual hackers. i know i certainly dont want to wait 4 weeks for john the ripper to crack some passwords. id just move on to easier targets.
Maybe you missed the "Mystery Science Theatre 3000" part? Where people make up their own dialog for crappy movies...like the TV show Mystery Science Theatre 3000...
Also, there is bound to be a fan site created that would allow users to upload their rendered images and somebody would manage to piece it together into a halfway coherent movie. Then some nerd would mystery science theatre 3000 it and it would become an internet phenomenon. Hmmm, maybe that's not a bad thing...
$400 for a video card isn't all that great. And who says you need a billion fps when a million will be just fine? You don't need bleeding edge technology to woop someones ass in counterstrike or starcraft...these games are several years old and having a radeon 9600 pro vs a radeon 9800 pro isnt gonna matter.
I don't want to start a whole Mac vs. Windows flame war -- I use Fedora for my work desktop, RedHat Enterprise for my work servers, and Debian for my personal servers. I have Windows XP for games. I learned to program on a Mac way back in the day and have used it ever since -- along with Windows and Unix/Linux.
Regardless, Mac OS X does not have 0 ports open by default. If it did, DHCP would not work, for example -- and that wouldn't be friendly. Software updates would not work -- and that would clearly suck. It does NOT have a firewall turned on by default.
Windows does not have a firewall on by default either.
Anyhow, I am not missing the bigger picture, but you clearly are. What I am simply stating is that, out of the box, anything available will get owned if it is put on a network with malicious activity. Unless of course operating systems start shipping with network adapters disabled by default...
Regardless, yes, Windows has certain ports open by default, right out of the box. And Mac OS X also has limited functionality in a corporate environment, right out of the box. Sure, you can check email, browse the web, word process, etc., but there is a lot more to being on a corporate network. The tools simply aren't there yet. Not that they won't have them, because I have hope that they will, but they aren't there now.
I have to admin a heterogeneous network. Easiest security upgrade path? HAH! What about the Mac 10.1 users? You simply need to upgrade the OS to get your security fixes. Gee, that's really easy, especially if you've had people invest time and money into these systems...i.e. some software simply won't work with the latest versions of Mac OS.
And I don't blame the vendor, considering how frequently Mac changes things. Why bother supporting something that isn't going to help you out a little? At least windows tries to provide backwards compatibility, rather than the elitist Mac attitude of "that way sucks, let's do it this way! And if people don't want to join us, then they won't get support" Out with the old, in with the new -- too early.
Apple doesn't need to drastically rewrite their hardware driver layer with every point upgrade, rendering all printers, scanners, digital cameras, a lot of software completely useless...
I just had to "retire" some very high-end printers prematurely because Xerox is no longer supporting updates for those printers on Mac OS X. Yes, it is technically the hardware vendor's fault, but it is implicitly Apple's fault also, for changing so much and rendering the old drivers and software useless. From 10.0 to 10.1 to 10.2 to 10.3 so much has changed.
Regardless, windoze sucks too. And Linux isn't anywhere near ready for the desktop. So until then, I'll have to learn to deal with all three.
But regardless, I wasn't missing the big picture. If you think Mac is secure by default and that you can just plop it right down on a network without having to apply patches before-hand -- you're plain wrong.
I'm fine with Fedora 1 right now, except for one glaring error. With this whole Bluecurve thing that sort of integrated gnome and kde oddly and in a really screwed up way, adding and deleting items from your gnome menu (like the start menu), is near impossible. Same problem with RH 9.
Also, PowerQuest (the makers of partition magic) also have their own Ghost-like tool, Drive Image. They were recently purchased by Symantec and I believe their product is $70 as opposed to $80. I'd just assume go with Ghost though.
Well, it is a bit harder, but you could literally dd to another drive as backup (or split it across multiple CDs). That is free.
Also, just a quick search on google and freshmeat.net reveals some interesting projects, such as g4u, diskdupe, Ghost for Linux, and Paragon. I haven't tried any of those tools, though. I just stick with Ghost or dd.
You put it succintly -- I love it when people prove my point when rebutting me.
A normal user wouldn't know the command apt-get, unless they were taught how to use it.
Nor would they know what bind is.
Nor would they know how to update their apt sources to install 3rd party programs that were not included with their most recently downloaded debian CD (woody!!!).
Even people that are familiar with Linux/Unix, but not Debian may have a slight learning curve getting used to apt-get, as opposed to something like rpm or setld. And don't get me started on emerge.
I know what happens with a default XP box when you stick it on the Internet. That's why we obviously need more a more secure by default attitude for MS.
But at least Windows administrators are getting in the habit of patching their system. How many linux administrators upgrade their sendmail almost every point release because of security vulnerabilities? How many linux administrators upgrade or patch their kernel to the latest and greatest within two days of a security fix? I know a lot of admins -- and most of them DON'T patch that quickly. And tools to do so usually just plain suck.
Sure, Linux is *more* secure by default, but if you were to install a default RH 9 installation it could very easily get owned shortly after you put it on the net also. Even Linux needs security updates and patches.
Simply because there are less rampant worms and viruses in the wild for Linux (and Mac), doesn't need we should take a lackadaisical response to network security and then go bury our heads in the sand.
As Linux and Mac increase in market share viruses and trojans and backdoors and vulnerabilities and worms will be more and more present. It is naive to think otherwise. Security model, security shmodel -- it'll still get owned without proper administration -- right out of the frickin' box.
IANAL, but there is historical and legal precedence if the government were to go after Microsoft and other software companies for not educating its users about the harms that could come to them by using their products.
When has the government sued a large corporation on behalf of the public good? Erm, lots of times. Not nearly enough though.
The tobacca settlements are a decent example:P Of course killing people directly via lung cancer and killing them indirectly via a long series of crushing defeats until you just wish [Flanders] Gates was dead, is a different story. Couldn't help the Simpsons quote. Sorry. Still, I'm sure the stress level caused by computer crap causes health problems. Come on uncle Sam, do something!
Naturally, most people need limited functionality. Regardless, extra functionality is there because it is extremely difficult to determine what users need. Some users use ActiveX daily. Some never do. Some users use a JRE daily. Some never do. Some users use Outlook, some users use web mail.
As unfortunate as it may be, the desktop mess is necessary. Besides, the average consumer wants more bang for his/her buck. The more programs they get, the better the deal they think they are getting. "Ooooh I get Norton System works and registry cleaner to screw up my system whenever I please!"
What we need is an installation of Windows that blocks everything but port 80. That's right! EVERYTHING. No client-side mail. Only webmail. Furthermore, we need a trimmed down browser. One that doesn't allow users to "save to disk" or download any binary files. While we're at it, let's completely get rid of cookies, javascript, java, activeX, flash, etc. and make users use Lynx.
OK, seeing as how that's never going to happen, we simply need better "secure-by-default" settings with a relatively intuitive GUI on tweaking those settings.
We need to educate users. I'm sick of hearing that users are dumb. We all know they're dumb. But if they're too dumb to figure out how to tweak settings using a GUI that asks them a couple "Yes/No" questions, then they couldn't possibly be contributing much to society and shouldn't be on the Internet. Social Darwinism in the Internet Age!!!
We have intuitive GUI's out there. We have secure by default installations out there. Now we just need to combine the two.
Erm, well a Linksys BEFSR41 isn't a firewall, but a NAT. Though they serve similar purposes, it's worth noting that they are, in fact, different. And I guess I'll put it at 1.5. Why? Well, because it's my erroneous scale, dammit. But also because its easier to poke holes through NATs than Symantec's firewall, but still better than MS's crappy ICF.
I did, however, get a sneak preview of the next ICF coming out in Windows XP SP 2 (yet to be released), when I went to a Microsoft Security Summit. What a piece of crap that was. With all the resources they have you'd think they'd be able to license something from a third party -- or acquire a small company, like the guys that made Tiny/Kerio personal firewall, or something.
ICF is a piece of crap, even the new-fangled one coming out.
Slashdot Mirror
If you haven't had any problems with XFree86 for the past 10 years, then you haven't *really* used it :P
Certainly they can refuse to allow them to have a pavilion. For the same reason Microsoft can have a conference and not invite Apple to have a booth. It undermines the integrity of the conference. People are there to talk about Linux and its happenings, not Microsoft and its crappenings.
Considering MS had a pavilion at LinuxWorld, they probably pick the ads. But even if they don't, they let Microsoft have a pavilion at LinuxWorld...that is retarded in its own right.
Oh, and many of the other exhibitors were selling crap that was windows-centric or windows-only. At LINUXWORLD. How credible is that? If I want Linux news, I'm not going to go someone that has a vested interest in the failure of Linux.
Sure it starts small, an ad here, an ad there. Then an editorial here, there. Then flagrantly subversive linux-bashing.
...but unfortunately they tend to only read headlines. if the headline is a bunch of microsoft FUD, then it makes your job just that much more aggravating.
I try to avoid conversations like this:
PointyHairedBoss: "Why are we using this Unix crap!?"
Me: "Because, you stupid wanker, it has been up for 745 days without crashing and without any problems. And big woop if I cost a little more if your systems are stable and secure!? Now get outta my server room!"
Well, I went to the LinuxWorld conference in New York this year, and needless to say, it is the last year I will be attending. Microsoft had a large pavilion there...if I recall it wasn't there the last time I went (two years prior). Sell-outs. The exhibits weren't even useful. More than half were selling the same damned thing, JBODs, disk-arrays, etc. Lame.
considering some people get only 15-20 for murder, or much less for rape, seven years seems reasonable for identity theft. i mean, we can't reasonably put identity theft in even remotely the same category as murder and rape. of course, if we had harsher penalties for murder, rape and other crimes of that brutal nature, then perhaps the identity theft sentence could also be harsher.
really though, 7 years is a long freakin time to spend in jail for forging some email headers, which many can consider identity theft. i personally forge email headers daily. didnt you know that i was "superman" AND "the man with the worlds longest schlong"?
because of US law prohibiting the export of encryption over 48-bit (48-bit, right?), how good will MS encryption be in SQL server? Anyone know any specs?
If its only 48-bit encryption with a crappy algorithm...well we've seen how easy WEP and WPA are to crack, for example.
Perhaps they are going to put out an international version with no encryption or inferior encryption?
im just crossing my fingers and hoping they dont dumb down the encryption for overseas export...then again, stupid people and security vulnerabilities keep me in business...microsoft rocks! no wait. sorry. freebsd it is.
That is certainly a valid point. It would be nice if they could license something from RSA...
Come to think about it, how are they going to get around the law prohibiting the export of encryption out of the states? I suppose they'll need to ship a copy without encryption to overseas customers. In which case, international corporations may have compatibility issues...
Notice something about that statement? That's when MS decided to scrap their old Sybase-based code and create their own from the ground up (more or less). Sybase wasn't that insecure by default as far as I can remember...
Really though, in MS's defense, 2003 Server is pretty secure AND functional, by default. I hope their future products can follow suit.
BTW, hi Pedro. How's BioInfo workin out? =)
because many dba's do not have a brain. imho a server should be initially setup and be completely dysfunctional and force you to make it work. that way you really know wtf you are doing when you install an app. in larger sites, esp. those that have site licenses for things like sql server and oracle, some developers will just install it because they think its what they need to do their job. not actual dbas, mind you.
so long as the option still exists to use third party security products, i think its a good move. other databases have it, why shouldnt they?
and i seriously doubt microsoft would be able to figure out how to make it so that no third party encryption works with their database, nor would they want to, as their primary agenda right now is clearly security.
saying encryption is not security is just foolish. any reasonable security administrator realizes that there are different aspects of security -- and encryption is one of them.
security is about defense, in depth, of your data. simply putting out "bug-free" software will help, but it is not the be all and end all of security. there are other layers that your software relies upon that can be compromised.
strong encryption is a good way to *help* secure your data. sure, it is essentially security through obscurity, but even that has a bad rep.
realize this: if someone wants your data, they CAN get it. you might as well make them jump through some hurdles to get to it. hopefully by the time they crack your encryption the data would be useless anyhow.
also, security through obscurity does help ward off casual hackers. i know i certainly dont want to wait 4 weeks for john the ripper to crack some passwords. id just move on to easier targets.
maybe they'll store the salts in a file hashed with ntlm v1 or something :P
Maybe you missed the "Mystery Science Theatre 3000" part? Where people make up their own dialog for crappy movies...like the TV show Mystery Science Theatre 3000...
Also, there is bound to be a fan site created that would allow users to upload their rendered images and somebody would manage to piece it together into a halfway coherent movie. Then some nerd would mystery science theatre 3000 it and it would become an internet phenomenon. Hmmm, maybe that's not a bad thing...
$400 for a video card isn't all that great. And who says you need a billion fps when a million will be just fine? You don't need bleeding edge technology to woop someones ass in counterstrike or starcraft...these games are several years old and having a radeon 9600 pro vs a radeon 9800 pro isnt gonna matter.
I don't want to start a whole Mac vs. Windows flame war -- I use Fedora for my work desktop, RedHat Enterprise for my work servers, and Debian for my personal servers. I have Windows XP for games. I learned to program on a Mac way back in the day and have used it ever since -- along with Windows and Unix/Linux.
Regardless, Mac OS X does not have 0 ports open by default. If it did, DHCP would not work, for example -- and that wouldn't be friendly. Software updates would not work -- and that would clearly suck. It does NOT have a firewall turned on by default.
Windows does not have a firewall on by default either.
Anyhow, I am not missing the bigger picture, but you clearly are. What I am simply stating is that, out of the box, anything available will get owned if it is put on a network with malicious activity. Unless of course operating systems start shipping with network adapters disabled by default...
Regardless, yes, Windows has certain ports open by default, right out of the box. And Mac OS X also has limited functionality in a corporate environment, right out of the box. Sure, you can check email, browse the web, word process, etc., but there is a lot more to being on a corporate network. The tools simply aren't there yet. Not that they won't have them, because I have hope that they will, but they aren't there now.
I have to admin a heterogeneous network. Easiest security upgrade path? HAH! What about the Mac 10.1 users? You simply need to upgrade the OS to get your security fixes. Gee, that's really easy, especially if you've had people invest time and money into these systems...i.e. some software simply won't work with the latest versions of Mac OS.
And I don't blame the vendor, considering how frequently Mac changes things. Why bother supporting something that isn't going to help you out a little? At least windows tries to provide backwards compatibility, rather than the elitist Mac attitude of "that way sucks, let's do it this way! And if people don't want to join us, then they won't get support" Out with the old, in with the new -- too early.
Apple doesn't need to drastically rewrite their hardware driver layer with every point upgrade, rendering all printers, scanners, digital cameras, a lot of software completely useless...
I just had to "retire" some very high-end printers prematurely because Xerox is no longer supporting updates for those printers on Mac OS X. Yes, it is technically the hardware vendor's fault, but it is implicitly Apple's fault also, for changing so much and rendering the old drivers and software useless. From 10.0 to 10.1 to 10.2 to 10.3 so much has changed.
Regardless, windoze sucks too. And Linux isn't anywhere near ready for the desktop. So until then, I'll have to learn to deal with all three.
But regardless, I wasn't missing the big picture. If you think Mac is secure by default and that you can just plop it right down on a network without having to apply patches before-hand -- you're plain wrong.
If I had mod points left and didn't already post in this forum, I'd mod this funny +5!@ heh.
I'm fine with Fedora 1 right now, except for one glaring error. With this whole Bluecurve thing that sort of integrated gnome and kde oddly and in a really screwed up way, adding and deleting items from your gnome menu (like the start menu), is near impossible. Same problem with RH 9.
Anyone know if this is fixed in Fedora 2?
Also, PowerQuest (the makers of partition magic) also have their own Ghost-like tool, Drive Image. They were recently purchased by Symantec and I believe their product is $70 as opposed to $80. I'd just assume go with Ghost though.
Well, it is a bit harder, but you could literally dd to another drive as backup (or split it across multiple CDs). That is free.
Also, just a quick search on google and freshmeat.net reveals some interesting projects, such as g4u, diskdupe, Ghost for Linux, and Paragon. I haven't tried any of those tools, though. I just stick with Ghost or dd.
You put it succintly -- I love it when people prove my point when rebutting me.
A normal user wouldn't know the command apt-get, unless they were taught how to use it.
Nor would they know what bind is.
Nor would they know how to update their apt sources to install 3rd party programs that were not included with their most recently downloaded debian CD (woody!!!).
Even people that are familiar with Linux/Unix, but not Debian may have a slight learning curve getting used to apt-get, as opposed to something like rpm or setld. And don't get me started on emerge.
I know what happens with a default XP box when you stick it on the Internet. That's why we obviously need more a more secure by default attitude for MS.
But at least Windows administrators are getting in the habit of patching their system. How many linux administrators upgrade their sendmail almost every point release because of security vulnerabilities? How many linux administrators upgrade or patch their kernel to the latest and greatest within two days of a security fix? I know a lot of admins -- and most of them DON'T patch that quickly. And tools to do so usually just plain suck.
Sure, Linux is *more* secure by default, but if you were to install a default RH 9 installation it could very easily get owned shortly after you put it on the net also. Even Linux needs security updates and patches.
Simply because there are less rampant worms and viruses in the wild for Linux (and Mac), doesn't need we should take a lackadaisical response to network security and then go bury our heads in the sand.
As Linux and Mac increase in market share viruses and trojans and backdoors and vulnerabilities and worms will be more and more present. It is naive to think otherwise. Security model, security shmodel -- it'll still get owned without proper administration -- right out of the frickin' box.
IANAL, but there is historical and legal precedence if the government were to go after Microsoft and other software companies for not educating its users about the harms that could come to them by using their products.
:P Of course killing people directly via lung cancer and killing them indirectly via a long series of crushing defeats until you just wish [Flanders] Gates was dead, is a different story. Couldn't help the Simpsons quote. Sorry. Still, I'm sure the stress level caused by computer crap causes health problems. Come on uncle Sam, do something!
When has the government sued a large corporation on behalf of the public good? Erm, lots of times. Not nearly enough though.
The tobacca settlements are a decent example
Naturally, most people need limited functionality. Regardless, extra functionality is there because it is extremely difficult to determine what users need. Some users use ActiveX daily. Some never do. Some users use a JRE daily. Some never do. Some users use Outlook, some users use web mail.
As unfortunate as it may be, the desktop mess is necessary. Besides, the average consumer wants more bang for his/her buck. The more programs they get, the better the deal they think they are getting. "Ooooh I get Norton System works and registry cleaner to screw up my system whenever I please!"
What we need is an installation of Windows that blocks everything but port 80. That's right! EVERYTHING. No client-side mail. Only webmail. Furthermore, we need a trimmed down browser. One that doesn't allow users to "save to disk" or download any binary files. While we're at it, let's completely get rid of cookies, javascript, java, activeX, flash, etc. and make users use Lynx.
OK, seeing as how that's never going to happen, we simply need better "secure-by-default" settings with a relatively intuitive GUI on tweaking those settings.
We need to educate users. I'm sick of hearing that users are dumb. We all know they're dumb. But if they're too dumb to figure out how to tweak settings using a GUI that asks them a couple "Yes/No" questions, then they couldn't possibly be contributing much to society and shouldn't be on the Internet. Social Darwinism in the Internet Age!!!
We have intuitive GUI's out there. We have secure by default installations out there. Now we just need to combine the two.
Erm, well a Linksys BEFSR41 isn't a firewall, but a NAT. Though they serve similar purposes, it's worth noting that they are, in fact, different. And I guess I'll put it at 1.5. Why? Well, because it's my erroneous scale, dammit. But also because its easier to poke holes through NATs than Symantec's firewall, but still better than MS's crappy ICF.
I did, however, get a sneak preview of the next ICF coming out in Windows XP SP 2 (yet to be released), when I went to a Microsoft Security Summit. What a piece of crap that was. With all the resources they have you'd think they'd be able to license something from a third party -- or acquire a small company, like the guys that made Tiny/Kerio personal firewall, or something.
ICF is a piece of crap, even the new-fangled one coming out.