First, arrogance preceeds a fall, and that is as true of system security as anything else. So Linux users/admins should not become complancent/arrogant
IE and Outlook are not the OS, no matter how much MS winges about IE being intergrated into the OS:)
Still, I have to disagree with you a bit here. Internet Explorer is very deeply embedded into the core OS. And other technologies are quite deep as well (ever try fully removing Windows Media Player from a W2K Server build and keeping it removed across service packs? Not a trivial task - but what the heck is WMP doing in a server build to begin with?).
This intertwing of core functions with much less secure access and presentation functions does IMHO make Microsoft products less secure by design. There is also the issue of Bill Gates deliberately creating a corporate culture where everything has to be reinvented from scratch. Well, sometimes the work done by other people was good work, or done for a resaon. People inside Microsoft seem to miss that thought a lot.
I wonder if this would fall under the jurisdiction of the Consumer Products Safety Commission, such that they could order a recall? Or the FCC, which can order recalls of defective communication equipment?
After receiving no response for days, I called Netgear's headquarters, leaving messages with two executives explaining the seriousness of the situation. I also emailed members of Netgear's executive team by guessing their email addresses, based upon their email naming convention. I included a "Return-Receipt-To" header, and their Mail-eXchanger notified me that all were delivered successfully. Here's a portion of that message:
Guys, there is this thing call the "US Postal Service", which has a wonderful product called "Registered Mail" with an optional "Return Receipt Requested" feature. When you have a serious problem of this nature, physically mail a paper letter to the senior executive of the organization, with a cc to the address where the organization accepts legal correspondence (determinable from State records) and also cc "Chief Legal Counsel at...". That will get to the right place faster than guessing random e-mail addresses.
Since the early days of netnews (now Usenet) is has been fairly clear that everything you post is being saved, and anything you post if fair game to be responded to, analyzed, and/or held against you at a later date. If this disturbs you, don't post in public forums.
And if Microsoft weren't doing this, wouldn't there be articles appearing with titles such as "Microsoft ignores valuable customer feedback available free on Internet"? I am no big fan of Redmond, but I think they are almost forced to do something like this to avoid being blindsided.
I am not as down on Z-D publications as some others in the infotech industry - I have always managed to get good use from Z-D pubs by keeping their approach, history, and biases firmly in mind as I read them.
Still, the IT trade rags need controversy almost as much as the New York tabloids. No churn, no controversy, no "excitement" = no real need for the IT rags to exist. So if they find something controversial that can be spun out over many weeks or months they will do so.
Nothing really new is going to come out of the SCO situation until either (i) discovery is well underway, and one side or the other realizes they have to settle (ii) the case actually goes to the courtroom.
Both of those process will take 6-12 months. So as of this week the trade rags are just chewing the fat.
ow do you industrious Slashdot readers go about fixing a mess like this (on a tight budget, no less) without getting a mains-induced glimpse at the great beyond?"
There is a reason why good industrial electricans charge a lot for their services: they work with dangerous stuff, and they know what they are doing. Get an estimate from a good one. If the powers-that-be refuse to approve the project, resign. That day.
It does occur to you that the Dean campaign might not be the ultimate source of that spam? That someone with a few thousand to burn and knowledge of the direct mail industry fired up a dirty tricks campaign to make it look as if the Deaners were responsible? Reference John McCain and the South Carolina "push polls".
Got any examples at all for us? Other than vertical-market ones?
Visual Manufacturing, Fourth Shift, Made2Manage, Macola, SYSPRO, Vista/Vantage, Great Plains... There are hundreds of midrange back-office systems on the market. These are the meat-and-potatoes of corporate computing. They were mostly developed using late 80s / early 90s client/server models and toolsets. 98.73% of them were built to MS-DOS or Windows 3.1 APIs. Many have since been upgraded to Win32. But virtually none of them run on the Macintosh.
And that's just the ERP systems. There is warehouse management, transportation management, statistical process control, etc. For good or for ill, in the 1990s the developers of these packages chose Windows as their target platform. If they support a second platform, it is AS/400, not Macintosh. I am sorry, but that is the reality of life in corporate computing.
And yes, I am aware of the hundreds of tricks which can be used to get these packages to run on a Macintosh. Two small problems: the amount of fussing needed to do that throws away the perceived lower TCO of the Mac. And the vendor will not support such an install. Ever spend a week re-testing a bug report because the vendor won't accept a report on a non-supported platform? More $$$ out the window.
The Mac had its chance in the early 1990s, and it didn't make it. It is a marginal platform. I personally am sorry about that, but I am also aware of reality.
How is this a storage device? It's supposed to increase its resistance when a large, sudden change in current takes place.
Damm, you are right. I was thinking of the superconducting storage ring technology that EPRI was working on about 10 years ago and thinking it had been commercialized. Wrong application.
Interesting technology, but it would seem to have the potential to make things worse due to the high instantaneous current that such a storage device could inject into the grid. Once the system starts oscillating (for whatever reason) it is the protective devices add to the oscillation as each attempts to protect their part of the grid.
It seems to me we need more synchronous condensers to absorb fluctuations, not more protective devices.
Actually power companies didn't fire many engineers, the advent of deregulation made many of them quite rich and many took early retirement, especially during the tech boom. However if you are refering to those who aren't actually degreed or have their PE I guess you're right
Given that I sat in a division where 700 engineers were fired, many of them only a few months away from qualifing for lifetime health benefits, I would have to disagree with you there. And I have never heard of a "rich" electric utility engineer. One with a lot of accumulated vacation time, yes. But monetarily wealthy? Not in my experience.
A temporary failure of a complex system like the American power grid every few decades doesn't sound like a "I don't care" attitude to me. Sounds like imperfect systems built by imperfect humans. The engineers will study this incident and improve the system.
Agreed. However, due to a combination of deregulation, downsizing, and the decreased desirability of careers in heavy electrical engineering (compared to microelectronics), there may very well not be a "they" around to study and fix the problems. Electric utilities today are a lot shallower in technical and managerial depth than they were in 1980, much less 1965. And it is not clear to me that unregulated competition provides any incentive to undertake long-term and complex investigation/management of interconnection issues.
I don't see how this has to do with deregulation. It has more to do with poor design of the power infrastructure. From what I have heard...
Have to disagree a bit. There is a long history of very smart and very dedicated engineers who worked from 1885 to 1980 or so to build a reliable, economical electricity delivery system. These people were very much aware of the problems you discuss, and they spent a lot of time, effort, and in some cases lives to design and build systems that would mitigate them. Not to say that anyone or any system is perfect - the 1965 East Coast blackout was a real shock to power engineers worldwide. But the same people got back to work soul-searching, reanalyzing, and fixing.
Starting in the 1980s however things began to change. With deregulation electric utilities could no longer "afford" dedicated groups of specialized engineers - or so they said (for some reason they could still afford helicopters for the CEO and BoD). So they "downsized" (fired) many if not all of these dedicated people, and did not replace them. Their functions could of course be "outsourced", but as anyone who has managed contract engineering knows you have to have knowledge in-house equivalent to the outsourcer in order to manage that process well.
And in any case, once utilities were no longer peers but competitors, it became necessary to start keeping secrets. So a lot of the information which is needed for system security calculations is no longer freely available.
Well, I could go on. And I should also mention the decreasing desirability of careers in heavy electrical engineering as compared to, say, semiconductors. And a lot of this is debatable. But in any case I think you have to look a little deeper than saying "they screwed up".
We are on the midwest grid tho, from the CNN diagrams. Criminy, it reached as far as western South Dakota? Makes sense, I suppose.... our grid here probably blipped when it helped take on the midwest load that the Niagra collapse dumped.
Yes and no. While most of North America east of the Rockies is interconnected, the distance that power and disturbences can travel is limited by various factors. Primary among those factors is the voltage of the transmission lines. While there was some experimenting with 765 kV in the 1970s, most utilities stuck with 345 kV (except in Ohio where the former AEP went for 765 kV in a big way). So while one should never say "never", and it is theoretically possible for a disturbance to propagate from New York to South Dakota, it isn't a high-probability event.
or there could be a group of engineers standing around some piece of broken equipment wondering how to fix it.
Or it could be some guy standing there saying "Oh Shit!", while his buddy says "I told you not to push that button!"
I have seen both of those situations - although luckily never with anything that could have caused a control area blackout. Power engineers are very smart and build very good systems, but every once in a while things don't work as expected...
Until I hear the gov of Canada say this is not a terrorist attack, or an act of sabatoge and until we actually see exactly what happened in plain English
Somewhere at home I have a copy of the definitive report on the 1967 New York blackout. It was published in 1973. So keep holding your breath until you get that official explanation!
Seriously, major failures of interconnected electric distribution systems are usually very complex events and it takes a long time to track down the root causes.
Gates said that 5 percent of Windows machines crash, on average, twice daily. Put another way, this means that 10 percent of Windows machines crash every day, or any given machine will crash about three times a month.
I noticed that, and it bugged me as well (ha ha).
However, although I agree that that two statistics would have different distributions, wouldn't the simple total of crashes be the same? E.g.
John Dvorak developed some interesting stats on XP crashes based on information given in a speech by Bill Gates. He works out that there are 25 millions blue screen crashes of XP per day. Interesting read. Also raises the question of exactly what happens to all those "crash reports".
Over the last few years Richard Stallman has grown increasingly [precise | pedantic | annoying] in his insistance that all software that falls under his umbrella must be "free", and in exorcising packages and projects that he considered insufficiently free from the canon.
Up to this point, MHO was that while Mr. Stallman had a lot of good ideas, he was being a bit too fanatical in implementation, which I think was a fairly common opinion.
I must say that events of this week are causing me to reconsider that opinion. SCO's direct assult on the GPL seems to justify both Mr. Stallman's position on free vs. non-free software and also his fanaticism in keeping free software "pure".
I can't remember if Johnson or Kennedy was president when the IBM anti-trust suit was filed, but I believe it was settled by Nixon appointees early in the Carter administration. "ran out of money" is of course facetious, but "ran out of energy and political willpower" isn't too far from it.
Considering the fact that IBM popularized the practice of litigating a company till they run out of money to fight... it shouldn't take long for this one to end.
Actually, IBM litigated until the United States Government ran out of money, which should really give SCO pause!
sPh
This has been coming for a while
on
In-Flight Reboot?
·
· Score: 4, Insightful
First, this issue has been covered extensively by Aviation Week & Space Technology, if you have a library that keeps the back issues (web subscription very expensive).
Second, I have seen this coming for about 10 years now. In the 70s and 80s I worked with digital control systems. Not avionics, but similar. In those days the systems were expected to work right, every time, for years at a time. 2 years between system restarts was considered "acceptable". If a system did fail, the manufacturer was expected to get its collective butt out to the site, figure out why, and issue a (solid!) fix pronto.
In the last 5 years, I have repeatedly been on brand-new airplanes at the gate when the pilot comes on and says "we are having a little problem with the system - don't be alarmed if the lights go off" followed by what is clearly a "reboot" of the airplane! When the fsk did it become acceptable to fix problems in avionics by rebooting the airplane?
And if the system designers really think the Microsoft Rebooting Disease is an acceptable way to handle system faults, how long before one of those faults occurs in the air?
I guess I am just old and crusty, expecting life-critical systems to work to spec 100.0% of the time.
Slashdot Mirror
This intertwing of core functions with much less secure access and presentation functions does IMHO make Microsoft products less secure by design. There is also the issue of Bill Gates deliberately creating a corporate culture where everything has to be reinvented from scratch. Well, sometimes the work done by other people was good work, or done for a resaon. People inside Microsoft seem to miss that thought a lot.
sPh
sPh
sPh
And if Microsoft weren't doing this, wouldn't there be articles appearing with titles such as "Microsoft ignores valuable customer feedback available free on Internet"? I am no big fan of Redmond, but I think they are almost forced to do something like this to avoid being blindsided.
sPh
Still, the IT trade rags need controversy almost as much as the New York tabloids. No churn, no controversy, no "excitement" = no real need for the IT rags to exist. So if they find something controversial that can be spun out over many weeks or months they will do so.
Nothing really new is going to come out of the SCO situation until either (i) discovery is well underway, and one side or the other realizes they have to settle (ii) the case actually goes to the courtroom.
Both of those process will take 6-12 months. So as of this week the trade rags are just chewing the fat.
sPh
sPh
Just a thought.
sPh
And that's just the ERP systems. There is warehouse management, transportation management, statistical process control, etc. For good or for ill, in the 1990s the developers of these packages chose Windows as their target platform. If they support a second platform, it is AS/400, not Macintosh. I am sorry, but that is the reality of life in corporate computing.
And yes, I am aware of the hundreds of tricks which can be used to get these packages to run on a Macintosh. Two small problems: the amount of fussing needed to do that throws away the perceived lower TCO of the Mac. And the vendor will not support such an install. Ever spend a week re-testing a bug report because the vendor won't accept a report on a non-supported platform? More $$$ out the window.
The Mac had its chance in the early 1990s, and it didn't make it. It is a marginal platform. I personally am sorry about that, but I am also aware of reality.
sPh
sPh
It seems to me we need more synchronous condensers to absorb fluctuations, not more protective devices.
sPh
sPh
sPh
sPh
Starting in the 1980s however things began to change. With deregulation electric utilities could no longer "afford" dedicated groups of specialized engineers - or so they said (for some reason they could still afford helicopters for the CEO and BoD). So they "downsized" (fired) many if not all of these dedicated people, and did not replace them. Their functions could of course be "outsourced", but as anyone who has managed contract engineering knows you have to have knowledge in-house equivalent to the outsourcer in order to manage that process well.
And in any case, once utilities were no longer peers but competitors, it became necessary to start keeping secrets. So a lot of the information which is needed for system security calculations is no longer freely available.
Well, I could go on. And I should also mention the decreasing desirability of careers in heavy electrical engineering as compared to, say, semiconductors. And a lot of this is debatable. But in any case I think you have to look a little deeper than saying "they screwed up".
sPh
sPh
sPh
sPh
Seriously, major failures of interconnected electric distribution systems are usually very complex events and it takes a long time to track down the root causes.
sPh
However, although I agree that that two statistics would have different distributions, wouldn't the simple total of crashes be the same? E.g.
Or am I missing something?sPh
sPh
Up to this point, MHO was that while Mr. Stallman had a lot of good ideas, he was being a bit too fanatical in implementation, which I think was a fairly common opinion.
I must say that events of this week are causing me to reconsider that opinion. SCO's direct assult on the GPL seems to justify both Mr. Stallman's position on free vs. non-free software and also his fanaticism in keeping free software "pure".
sPh
Anyway, that was a good riposte!
sPh
sPh
sPh
Second, I have seen this coming for about 10 years now. In the 70s and 80s I worked with digital control systems. Not avionics, but similar. In those days the systems were expected to work right, every time, for years at a time. 2 years between system restarts was considered "acceptable". If a system did fail, the manufacturer was expected to get its collective butt out to the site, figure out why, and issue a (solid!) fix pronto.
In the last 5 years, I have repeatedly been on brand-new airplanes at the gate when the pilot comes on and says "we are having a little problem with the system - don't be alarmed if the lights go off" followed by what is clearly a "reboot" of the airplane! When the fsk did it become acceptable to fix problems in avionics by rebooting the airplane?
And if the system designers really think the Microsoft Rebooting Disease is an acceptable way to handle system faults, how long before one of those faults occurs in the air?
I guess I am just old and crusty, expecting life-critical systems to work to spec 100.0% of the time.
sPh