Now if we can all just leave the planet for a while, while the people in charge can do the changeover...
Just wait a few months for the USA to invade Iran, causing both Iran and North Korea to launch nukes, followed by the USA's inevitible retaliation. All the EMP's will burn out the vast majority of the existing internet, paving the way for the quick adoption of all this new technology!
It actually uploads an entire bit-for-bit copy of your hard drive so that MS investigators can perform a forensic analysis on it and determine exactly what MS software you have installed illegally since not installing WGA is an implicit admission of guilt. You can expect to be arrested by the MS Police within a few days of declining to install WGA if you have any pirated MS software on your machine.
Sometimes I wonder if the support angle is a crutch. Any large organization should have enough people qualified enough to manage the systems without any help from Microsoft.
I heard an interview on NPR yesterday while driving home about a company having to upgrade some Exchange 2000 servers in preperation for the daylight savings time change. They had to remain on Exchange 2000 - they weren't about to try to upgrade to the latest version of Exchange. MS claimed the cost of creating a patch for Exchange 2000 was in the neighborhood of $40,000 but they were only charging this customer $4,000 for the patch. How does having a qualified in-house support staff negate the need to pay MS through the nose for software patches like this?
But the article fails to mention why the XP systems need replacement.
Simple. MS says they won't support XP after a given date. After that date the FAA (and everybody else) would have to upgrade to Vista to continue getting support from MS.
If the DOT/FAA goes with linux they'll likely go with a vendor like RedHat or Novell who will offer full support services without arbitrary drop-dead dates for support, much easier upgrade paths, etc.
I don't think training/timing is a big issue. Any time MS releases a major update like new versions of Vista & Office it requires a fair amount of retraining for non-technical people and even a lot of technical people. Since there's a retraining cost involved no matter what, then it's up to the company/organization to decide their best upgrade path, whether it's to the latest MS offerings or an entirely different platform.
Personally I find the big news to be the fact that more and more corporations, governments, and entire countries, are using Vista/Office2007 as justification to seriously consider non-MS products. Granted it's still a very small percentage of MS customers that have done this so far, but if the groundswell continues and a number of these groups are successful, then it could just be the start of a trend away from MS dominance.
Virtually all the versions of linux my company is using in production already contains the correct tzdata. (Centos 4.2 & later, RHEL 4 & later, etc.) The versions of Java we've also been using for close to a year are also properly updated. Sun has provided a program to test older versions of java and patch them if necessary. It's on their website for download.
We're not all that concerned about network devices like firewalls, switches, etc. The only time sensitive data they have are logs, and since we use a centralized syslog server that's already up-to-date it's not a major issue for us. Our switch/firewall vendors provide information on setting up custom timezone settings, which means its a fairly simple thing to change. No need to apply patches that could impact performance or behavior.
$ date --date="Mar 25 15:00:00 UTC 2006" $ date --date="Mar 25 15:00:00 UTC 2007"
If the output of both shows the same time (eg. 10:00 EST) then you've got a problem. If they show different times (eg. 10:00 EST and 11:00 EDT) then your system is ok.
Someone please explain to me why binaries aren't good enough for the first review, then later they are? Who says the new source code is "secure"?
I don't think it's a matter of one being better than the other. Certification of one thing doesn't mean related items are also certified. Just because the source code is now certified doesn't mean that all the libraries that can potentially be built by that source code are now automatically certified as well. (If B derives from A, and A is certified, it doesn't automatically mean that B is certified as well.)
The article did a fairly good job of explaining why they certified the source. Since there are so many options for including/exluding various components within OpenSSL it'd be difficult to build, maintain, and certify dozens of potential variations of the same version of the library. Not to mention how you keep users from getting confused by all those potential variations.
Having the source certified means that people/organizations that want to build from those sources can have a binary that meets those certification requirements as long as all the other components (any other libraries or other requirements needed to build it) are similarly certified. It also means that if an organization has some requirement for a rather uniquely configured version of OpenSSL that they can build it themselves from certified sources and be comfortable with using it. By also getting certification of various binaries they're ensuring that people who don't need/want to rely on building from source can also have a fully tested & certified solution. Chances are they won't build/certify every possible combination of OpenSSL. It's more likely that they'll build one version with all options (at least as far as legal restrictions go), one with the most common options, one with minimal options, etc. and get those few variations certified individually.
...with time & money on my hands then I'd set up a tracker for sharing all sorts of F/OSS ISO's via Bittorrent. Then I sue these idiots back to the stoneage for making such unfounded claims.
The latest and greatest(?) versions of the MS Office programs save natively in XML. This converter lets you convert to ODF, which lets you read the files into OpenOffice on any operating system, or any other application that supports ODF. It basically lets you get out from under the MS proprietary format and into an open standard.
You'd have to be a complete idiot for thinking there are such things as "suspicious packages" in this world.
Tell that to everybody who has been injured or killed by roadside bombs in Iraq over the past three years. Tell that to the victims of the IRA bombing campaigns in Ireland. Tell that to the victims of the Madrid train bombings. Tell that to all the victims of the two Intifadas (the Israeli-Palestinian conflicts). Tell that to my nephew in Israel who almost boarded a bus a few years ago that was blown up just before his stop. The fact that such tactics haven't started in the US yet is moot. I take that back - it has happened in the US. Ever hear of Theodore Kaczynski? True, he didn't randomly place packages around major cities, but he still used bombs to create terror. If his insanity hadn't directed his anger towards specific individuals he may very well have simply started placing bombs randomly around cities.
The real point was that we prioritize terrorist threats that don't exist above all else
Terrorist threats don't exist? Have you forgotten about 9/11? Have you forgotten about the anthrax letters that killed people later in 2001? Have you forgotten about the sniper attacks in the Washington DC area in 2002? Do you really expect terrorists to announce their intentions before they strike so that the authorities can prepare for it? Terrorism is a fact of life. Get used to it. You might also want to learn a little about how a lot of the rest of the world views the US. I'm sure there are plenty of extremists who would love to be able to blow themselves up in the middle of Manhattan during rush hour.
As far as New Orleans goes, I'm sorry but I don't see why anybody should be rebuilding down there. It's a city that's substantially below sea-level and relies on dams and levys to keep the ocean out. The city is sinking as the sediments it was built on slowly seap back into the Mississippi river. The protective barrier of the Mississippi delta is almost entirely eroded away. The ocean levels are expected to rise over the next 100 years thanks to global warming. The costs of trying to rebuild the city and protect it will be astronomical over the next few decades, and for what purpose? We can't even build dams and levys strong enough to withstand the strongest hurricanes, so chances are that the city will eventually be lost anyway. Hell, if global warming continues the way a lot of scientests expect then by 2100 major cities like Boston, New York, etc. may be substantially under water. And they're all currently above sea level. If people would face long-term reality then the only thing the federal government should do is help pay to move people out of harms way, out of New Orleans.
No, but there is a huge difference between local/state police responding to suspicious packages and dozens of federal agencies responding to a disaster the size of a hurricane. You'd have to be an absolute idiot to think the two are even remotely comparable.
Flame me all you want, but all you people thinking this was blown way out of proportion aren't thinking very realisticly. Yeah, so it turned out to be a high-tech marketing ploy. But one thing that any soldier who has fought in any conflict will tell you is that you NEVER touch something that catches your eye as potentially interesting until you can determine that it's not dangerous. These things could very well have been rigged with explosives or biologic/chemical agents. The flashing lights could have been intended to attract attention to them. Boobytrapped toys and items that soldiers might like as souvineers have been planted in wars dating back to at least WWII.
If I was a terrorist and wanted to maximize casualties in a major metropolitan city I just might pack a bunch of explosives into something like these advertising devices. Rig it to start flashing around rush hour and have a motion switch or timer to set off the explosives. Somebody walking by decides to take it home as a souvineer, or just to see what it does, and the explosives get detonated.
People seem to forget the lessons learned from 9/11, the train bombings in Spain, the subway bombings in London, etc. Just because there haven't been any similar mass-transit attacks in the US doesn't mean it'll never happen. All it takes is one or two intelligent and motivated terrorists to come up with something like this.
Thomas began his work for the FBI five months after his Issaquah arrest and after serving three months in jail.... Then, two months later Taylor was jailed in Colorado on new charges unrelated to the Issaquah bust. He served eleven months before being released in May 2004.
All the focus, and for good reasons, has been on software-based DVD players. They're easy for any hacker to play around with. However there are plenty of people out there who happen to be hardware hackers as well. I wonder how long (probably just a matter of time) before some hardware/firmware hacker disects a standalone HD player and is able to extract keys from that. Hardware hacking hasn't been as glamourous as software hacking in recent years, but a mere 20 years ago it was all about hardware hacking. Read a book like the Cuckoos Egg - a sysadmin physically tapped into communication lines and directed the output to line printers so that a hacker he'd been hunting wouldn't know he was being tracked. I'd be willing to bet that some hardware/firmware gurus with the right tools would be able to hack a standalone HD player if they had the desire to do it. And if they can pull that off it'd be a LOT harder for the AACS LA to plug that hole.
Since it will always exist someone will rip it and post the movie on bittorrent.
And that's the lynchpin to the whole DRM debacle. All it takes is one individual somewhere on the planet to manage to crack or circumvent the encryption on any given movie to make it available to everybody. It may take some time but it's likely to happen eventually.
Don't forget that if you drink the *AA koolaid and bend over properly for them then you've hooked up your DRM infested HD-DVD or Blu-Ray player to the internet not only so that they can track what you watch but so that the players can automagically download updated keys so that you'll never even see any non-functioning disks. That, and monkeys may fly out of their respective butts.
Or you're teaching skills are worth absolute *shit*
Did you bother to RTFA? The teaching skills aren't the problem. The training the people went through was basically reading the on-line docs that come with IE7 since that's all the training the vast majority of users will ever have access to. It's the poorly written on-line help that is the problem. The on-line docs apparently say something to the effect of "this is what a phishing site will look like", so that's what the users expect to see when they visit a phishing site. In reality it should have said something like "this is an example of what phishing sites might look like" and provided specific details of the things to look for to identify phishing sites.
If the docs tell a person to look for A then that's what they'll look for to the exclusion of all else. If the docs say that it could be A or a or @ or something else that looks similar to A or a or @ then they'll be inclined to pay much more attention (hopefully) to what they're seeing.
Slashdot Mirror
Now if we can all just leave the planet for a while, while the people in charge can do the changeover...
Just wait a few months for the USA to invade Iran, causing both Iran and North Korea to launch nukes, followed by the USA's inevitible retaliation. All the EMP's will burn out the vast majority of the existing internet, paving the way for the quick adoption of all this new technology!
Probably got modded as a troll by somebody who works at/for Microsoft.
It actually uploads an entire bit-for-bit copy of your hard drive so that MS investigators can perform a forensic analysis on it and determine exactly what MS software you have installed illegally since not installing WGA is an implicit admission of guilt. You can expect to be arrested by the MS Police within a few days of declining to install WGA if you have any pirated MS software on your machine.
Sometimes I wonder if the support angle is a crutch. Any large organization should have enough people qualified enough to manage the systems without any help from Microsoft.
I heard an interview on NPR yesterday while driving home about a company having to upgrade some Exchange 2000 servers in preperation for the daylight savings time change. They had to remain on Exchange 2000 - they weren't about to try to upgrade to the latest version of Exchange. MS claimed the cost of creating a patch for Exchange 2000 was in the neighborhood of $40,000 but they were only charging this customer $4,000 for the patch. How does having a qualified in-house support staff negate the need to pay MS through the nose for software patches like this?
But the article fails to mention why the XP systems need replacement.
Simple. MS says they won't support XP after a given date. After that date the FAA (and everybody else) would have to upgrade to Vista to continue getting support from MS.
If the DOT/FAA goes with linux they'll likely go with a vendor like RedHat or Novell who will offer full support services without arbitrary drop-dead dates for support, much easier upgrade paths, etc.
I don't think training/timing is a big issue. Any time MS releases a major update like new versions of Vista & Office it requires a fair amount of retraining for non-technical people and even a lot of technical people. Since there's a retraining cost involved no matter what, then it's up to the company/organization to decide their best upgrade path, whether it's to the latest MS offerings or an entirely different platform.
Personally I find the big news to be the fact that more and more corporations, governments, and entire countries, are using Vista/Office2007 as justification to seriously consider non-MS products. Granted it's still a very small percentage of MS customers that have done this so far, but if the groundswell continues and a number of these groups are successful, then it could just be the start of a trend away from MS dominance.
Virtually all the versions of linux my company is using in production already contains the correct tzdata. (Centos 4.2 & later, RHEL 4 & later, etc.) The versions of Java we've also been using for close to a year are also properly updated. Sun has provided a program to test older versions of java and patch them if necessary. It's on their website for download.
We're not all that concerned about network devices like firewalls, switches, etc. The only time sensitive data they have are logs, and since we use a centralized syslog server that's already up-to-date it's not a major issue for us. Our switch/firewall vendors provide information on setting up custom timezone settings, which means its a fairly simple thing to change. No need to apply patches that could impact performance or behavior.
$ date --date="Mar 25 15:00:00 UTC 2006"
$ date --date="Mar 25 15:00:00 UTC 2007"
If the output of both shows the same time (eg. 10:00 EST) then you've got a problem. If they show different times (eg. 10:00 EST and 11:00 EDT) then your system is ok.
Somehow I doubt you'll ever see any of the major US carriers make such an unsolicited refund.
Not...
Almost makes me wish I was a lawyer. Almost.
... a flood of new viruses/trojans all named setup.exe.
They'll be so busy duking it out with each other that consumers will end up winning. Ever hear of competition?
Someone please explain to me why binaries aren't good enough for the first review, then later they are? Who says the new source code is "secure"?
I don't think it's a matter of one being better than the other. Certification of one thing doesn't mean related items are also certified. Just because the source code is now certified doesn't mean that all the libraries that can potentially be built by that source code are now automatically certified as well. (If B derives from A, and A is certified, it doesn't automatically mean that B is certified as well.)
The article did a fairly good job of explaining why they certified the source. Since there are so many options for including/exluding various components within OpenSSL it'd be difficult to build, maintain, and certify dozens of potential variations of the same version of the library. Not to mention how you keep users from getting confused by all those potential variations.
Having the source certified means that people/organizations that want to build from those sources can have a binary that meets those certification requirements as long as all the other components (any other libraries or other requirements needed to build it) are similarly certified. It also means that if an organization has some requirement for a rather uniquely configured version of OpenSSL that they can build it themselves from certified sources and be comfortable with using it. By also getting certification of various binaries they're ensuring that people who don't need/want to rely on building from source can also have a fully tested & certified solution. Chances are they won't build/certify every possible combination of OpenSSL. It's more likely that they'll build one version with all options (at least as far as legal restrictions go), one with the most common options, one with minimal options, etc. and get those few variations certified individually.
...with time & money on my hands then I'd set up a tracker for sharing all sorts of F/OSS ISO's via Bittorrent. Then I sue these idiots back to the stoneage for making such unfounded claims.
I have a document
I convert it to XML
then what?
The latest and greatest(?) versions of the MS Office programs save natively in XML. This converter lets you convert to ODF, which lets you read the files into OpenOffice on any operating system, or any other application that supports ODF. It basically lets you get out from under the MS proprietary format and into an open standard.
You'd have to be a complete idiot for thinking there are such things as "suspicious packages" in this world.
Tell that to everybody who has been injured or killed by roadside bombs in Iraq over the past three years. Tell that to the victims of the IRA bombing campaigns in Ireland. Tell that to the victims of the Madrid train bombings. Tell that to all the victims of the two Intifadas (the Israeli-Palestinian conflicts). Tell that to my nephew in Israel who almost boarded a bus a few years ago that was blown up just before his stop. The fact that such tactics haven't started in the US yet is moot. I take that back - it has happened in the US. Ever hear of Theodore Kaczynski? True, he didn't randomly place packages around major cities, but he still used bombs to create terror. If his insanity hadn't directed his anger towards specific individuals he may very well have simply started placing bombs randomly around cities.
The real point was that we prioritize terrorist threats that don't exist above all else
Terrorist threats don't exist? Have you forgotten about 9/11? Have you forgotten about the anthrax letters that killed people later in 2001? Have you forgotten about the sniper attacks in the Washington DC area in 2002? Do you really expect terrorists to announce their intentions before they strike so that the authorities can prepare for it? Terrorism is a fact of life. Get used to it. You might also want to learn a little about how a lot of the rest of the world views the US. I'm sure there are plenty of extremists who would love to be able to blow themselves up in the middle of Manhattan during rush hour.
As far as New Orleans goes, I'm sorry but I don't see why anybody should be rebuilding down there. It's a city that's substantially below sea-level and relies on dams and levys to keep the ocean out. The city is sinking as the sediments it was built on slowly seap back into the Mississippi river. The protective barrier of the Mississippi delta is almost entirely eroded away. The ocean levels are expected to rise over the next 100 years thanks to global warming. The costs of trying to rebuild the city and protect it will be astronomical over the next few decades, and for what purpose? We can't even build dams and levys strong enough to withstand the strongest hurricanes, so chances are that the city will eventually be lost anyway. Hell, if global warming continues the way a lot of scientests expect then by 2100 major cities like Boston, New York, etc. may be substantially under water. And they're all currently above sea level. If people would face long-term reality then the only thing the federal government should do is help pay to move people out of harms way, out of New Orleans.
No, but there is a huge difference between local/state police responding to suspicious packages and dozens of federal agencies responding to a disaster the size of a hurricane. You'd have to be an absolute idiot to think the two are even remotely comparable.
Flame me all you want, but all you people thinking this was blown way out of proportion aren't thinking very realisticly. Yeah, so it turned out to be a high-tech marketing ploy. But one thing that any soldier who has fought in any conflict will tell you is that you NEVER touch something that catches your eye as potentially interesting until you can determine that it's not dangerous. These things could very well have been rigged with explosives or biologic/chemical agents. The flashing lights could have been intended to attract attention to them. Boobytrapped toys and items that soldiers might like as souvineers have been planted in wars dating back to at least WWII.
If I was a terrorist and wanted to maximize casualties in a major metropolitan city I just might pack a bunch of explosives into something like these advertising devices. Rig it to start flashing around rush hour and have a motion switch or timer to set off the explosives. Somebody walking by decides to take it home as a souvineer, or just to see what it does, and the explosives get detonated.
People seem to forget the lessons learned from 9/11, the train bombings in Spain, the subway bombings in London, etc. Just because there haven't been any similar mass-transit attacks in the US doesn't mean it'll never happen. All it takes is one or two intelligent and motivated terrorists to come up with something like this.
you didn't do a day in the slammer
...
Next time you might want to read the whole FA:
Thomas began his work for the FBI five months after his Issaquah arrest and after serving three months in jail.
Then, two months later Taylor was jailed in Colorado on new charges unrelated to the Issaquah bust. He served eleven months before being released in May 2004.
All the focus, and for good reasons, has been on software-based DVD players. They're easy for any hacker to play around with. However there are plenty of people out there who happen to be hardware hackers as well. I wonder how long (probably just a matter of time) before some hardware/firmware hacker disects a standalone HD player and is able to extract keys from that. Hardware hacking hasn't been as glamourous as software hacking in recent years, but a mere 20 years ago it was all about hardware hacking. Read a book like the Cuckoos Egg - a sysadmin physically tapped into communication lines and directed the output to line printers so that a hacker he'd been hunting wouldn't know he was being tracked. I'd be willing to bet that some hardware/firmware gurus with the right tools would be able to hack a standalone HD player if they had the desire to do it. And if they can pull that off it'd be a LOT harder for the AACS LA to plug that hole.
Since it will always exist someone will rip it and post the movie on bittorrent.
And that's the lynchpin to the whole DRM debacle. All it takes is one individual somewhere on the planet to manage to crack or circumvent the encryption on any given movie to make it available to everybody. It may take some time but it's likely to happen eventually.
Don't forget that if you drink the *AA koolaid and bend over properly for them then you've hooked up your DRM infested HD-DVD or Blu-Ray player to the internet not only so that they can track what you watch but so that the players can automagically download updated keys so that you'll never even see any non-functioning disks. That, and monkeys may fly out of their respective butts.
Did anybody really expect the AACS LA to say anything other than what they did? (Besides, maybe "we give up"?)
Or you're teaching skills are worth absolute *shit*
Did you bother to RTFA? The teaching skills aren't the problem. The training the people went through was basically reading the on-line docs that come with IE7 since that's all the training the vast majority of users will ever have access to. It's the poorly written on-line help that is the problem. The on-line docs apparently say something to the effect of "this is what a phishing site will look like", so that's what the users expect to see when they visit a phishing site. In reality it should have said something like "this is an example of what phishing sites might look like" and provided specific details of the things to look for to identify phishing sites.
If the docs tell a person to look for A then that's what they'll look for to the exclusion of all else. If the docs say that it could be A or a or @ or something else that looks similar to A or a or @ then they'll be inclined to pay much more attention (hopefully) to what they're seeing.
... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...