Still pretty easy to tell that the system is rigged for benchmarks. Boot XP. Load Internet Explorer. Crash Internet Explorer. Reload Internet Explorer.
The second takes much longer.
There are switches that tell you some of what's going on, but the net effect is that of a root kit preloaded by Microsoft.
This is the evolution of technology. Get used to it.
To oversimplify, there are a couple of paths that evolution can take. No paranoids, or the paranoids keep quiet: The evildoers will find a way to take advantage. The paranoids make a nuisance of themselves: The evildoers back off and wait for a better chance.
Personally I'm all for letting the paranoids have their say. Otherwise, history will prove them to have been optimists.
Wal-Mart is not the problem. Crates for inventory checks and routing is not the problem. Individual items on the shelves for inventory checks is not the problem. The problem is that if information is available that allows surreptitious fishing expeditions into who is doing what with what and this information is compiled into dossiers on lots of private individuals, we get something that police state dream about. If the information is available, somebody will take advantage of it. After they start tracking it is too late. It has to be stopped/thwarted very early and done so that it can't be misused. Shouldn't isn't strong enough.
The subconscious can solve a problem in your sleep. The subconscious can pretend you solved a problem in your sleep. Which is completely at the whim of your subconscious. The subconscious has no requirement to be rational or reasonable. In fact you want the stuff that is irrational and unreasonable to be in the subconscious rather than the conscious.
Maybe dreaming is sort of like being drunk, in that you perceive yourself as much smarter than you really are. Right, except more of it and a lot faster pace.
The only thing your subconcious has going for it is that it doesn't have to process the terrabytes of data that the outside world hurls at your concious every second.
That sounds almost exactly backwards. The subconscious processes enormous amounts of data, but in its own time and on its own terms. Occasionally it will dump a bit of stuff into the conscious. The subconscious isn't exactly smarter. It's more that the subconscious can try out all sorts of connections without concern for consequences. As for not being distracted, that's the job of the conscious, not the subconscious.
Methinks it's unnecessary and maybe counterproductive to take him/her out of the system. Keep him in that school system, drug him and send him to counseling until he fits into all the neat little rows and columns of the standarized test, standardized people state of mind that is the highest the mediocre thought processes of those that dream such up can muster That is the problem. And not just for a few geeks. Genius lives by its own standards. But. Genius must live within the society at large and just as it's inappropriate for society to dictate genius's norms, it is inappropriate for genius to dictate society's norms.
You touched on a point that I hadn't really thought about before. It seems that one aspect of genius is the ability (drive?) to try to do things the hard way and see what happens. Methinks it's essential for society at large that a few people do this. Those few pretty well need to be self-selected.
that there is no safe mechanism to _open_ a file without the risk of _running_ it.
So basically it exploits user stupidity. Thanks for putting it so eloquently:)
If you mean user stupidity in using a system that deprives the user of essential information as to whether or not to click on something "interesting", then yes. The malware would make much less progress if the dialog used "Run Virus" instead of "Open".
I completely agree with you, except maybe about how clueful the guy is. This feels too much like a setup for some kind of con job. A "Pearl Harbor" is possible, not from the "bad guys", but from our purported protectors.
If you're out in the boonies and the only phone line is a party line with nosey neighbors, you make adjustments and life goes on. My own take is that internet security is probably better now than a few years back. There have been bugs found and fixed, and more bugs yet to be found, but the overall security has been substantially tightened and more importantly, some people have learned what to look for and how to respond. The key parameter is not how many are found, but how hard they had to look. As for a wake-up call, script kiddies and even the bad guys have to be only a minor nuisance in the scheme of things. The real threats come from unforseen consequences of things going bump in the night in overly elaborate and fragile systems. Adding some hokey "security" system on top of a mess will only lead to a false sense of security.
Whatever software your idiot boss needs to run dictates the platform the company and businesses in general, will use. There are simply no exceptions to this rule.
Methinks that is why IBM moving to a Linux based desktop is significant. IBM as a Linux customer has enough intelligence and clout to discover and ensure the existence of whatever business needs in a "Linux based desktop".
To understand the significance of Lotus 1-2-3, take a medium poor and messy and large spreadsheet and try to accomplish the same thing in your language of choice. Now try to keep up with your idiot boss as (s)he mutates and messes up said spreadsheet.
Face it webmasters...Google is not your friend. Websurfers are your friend and Google is their friend. Please web surfers and Google will reward you.
Therein lies the value of Google. If, when, to the extent that (insert your favorite weasel words here) the technology can be applied to a corporate intranet, there should be some extreme value attainable. Google's bias and integrity are essential for this.
Serious question: What's to stop this type of exploit from affecting Linux or OSX?
The race is not always to the swift nor the battle to the strong. But that's the way to bet. (or some such)
With Linux (and I'd assume with OSX), the computer is supposed to do what you tell it to do. Consequently, there is a tendency for the computer to actually be informative about what you need to know.
With Microsoft Windows, you are supposed to do what the computer tells you to do. There is a tendency to hide information that you need to know.
It's not one thing, it's lots of little subtle things that overall make Microsoft Windows so susceptible. Try telling people not to click on everything when the entire Windows experience is telling them to click on everything.
Linux certainly isn't immune. Despite its lower market penetration, it's a more useful platform to exploit, so other things equal, you would expect to see a disproportionately larger ratio of Linux exploits.
Linux (and probably moreso the BSD's) can be somewhat secured. (Note, secured means that I can run exploits against unpatched vulnerable software with impunity;) root. That's the guy who has to be able to fix anything. tony. That's me and my stuff. browser or email. Why would I want to let some browser or email program do anything it wants to any of my stuff? I should be able to do whatever I please with my browser or email and it should be totally incapable of retaliating.
So why is this worth an entire headline? Shouldn't we at least wait until it's actually doing anything
Slashdot tends to report anything new and significant. Slashdot ignores most all of the same-old same-old Microsoft malware. It's Microsoft that waits until it's actually doing anything (unless the target is Microsoft's update servers;)
There is a genuine bias and propaganda going on against Microsoft Right. I use Microsoft software. I am biased against it.
Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted Correct. For Open Source at any rate. For Microsoft, it's only the new stuff that gets reported.
Hmmmm, methinks the rich developed countries (or cities, etc) have caught on that the early adopters will be establishing the de facto standards. OSS may start because of cost considerations and can be had cheap for most reasonable definitions of cheap, but throwing both Sun and IBM into the brew doesn't sound like cheap. I think this will give them what they want and need, at a price that is affordable (picking the right point (their definition) on the value-cost curve).
It is our culture and we make the laws. Exactly. With OSS, nobody can take that away from them. It doesn't mean anybody will do it for them, but with artificially lowered barriers to entry, the odds of something being workable are much better, regardless of circumstance.
There is a bit of irony in Microsoft being the (attempt at) a cheap solution.
"Religion is the last refuge of the scoundrel" or some such. Voltaire?
It is to a scoundrel's advantage if he can co-opt religion in his cause. This works best if all potentially confilicting view and opinions are supressed.
a couple techs working on an OSS project together is the trigger pin to a happier and more harmonious middle east, which I disagree with. Correct, but it is aiming that direction. It's a step, a very small step, in the right direction. Together with many, many other such, maybe we stand a chance. It's more like a partial step of breaking out of five-9s failure to four-9s failure.
It's one of many. And yes, a very few do make a difference.
Extreme cold war. You don't know any Russians. You don't know anyone who knows any Russians. You don't know anyone who knows anyone who knows any Russians. You've barely heard of vodka. Tchaiskovsky is ok because he comes from Czarist Russia.
A little interaction between a few people makes for a lot of change in the degree of seperation. American Rock Music in Moscow and Russian ballet in the USA or Western Europe do a lot to bridge the gaps. It doesn't solve the problems, but it does make them a lot less unsolvable.
Right. That's where two bugs get together and you notice something. Remove either of the bugs and nobody will notice anything. Remove both of the bugs and maybe you get a bit closer to having something debugged.
(IE: Apache won't die in a random fashion) One of us severely misunderstands Apache. My understanding is that it is quite possible to run Apache in production with some very broken modules. "Try it again. Maybe your browser has some problems.";-)
and very hard for software to fail like you mention unless it's fairly complex I think it's extremely hard to have anything both interactive and deterministic.
Why do you trust IBM's Linux Technology Center to evaluate Linux?
Because it is to IBM's advantage to find any weakness AND FIX IT before their customers run into the same problems. Any "insider knowledge" would be used to make the tests harder rather than easier. If it were "IBM Linux" rather that "SuSE Linux" that was being tested you'd have at least a chance of making a point.
Slashdot Mirror
insulates himself from dissenting thought
Dangerous. Very dangerous.
Still pretty easy to tell that the system is rigged for benchmarks.
Boot XP.
Load Internet Explorer.
Crash Internet Explorer.
Reload Internet Explorer.
The second takes much longer.
There are switches that tell you some of what's going on, but the net effect is that of a root kit preloaded by Microsoft.
Where were the early warning trolls?
They were labeled "SCO".
Figure that whatever SCO touches will be dead without further notice.
This is the evolution of technology. Get used to it.
To oversimplify, there are a couple of paths that evolution can take.
No paranoids, or the paranoids keep quiet: The evildoers will find a way to take advantage.
The paranoids make a nuisance of themselves: The evildoers back off and wait for a better chance.
Personally I'm all for letting the paranoids have their say. Otherwise, history will prove them to have been optimists.
Wal-Mart is not the problem.
Crates for inventory checks and routing is not the problem.
Individual items on the shelves for inventory checks is not the problem.
The problem is that if information is available that allows surreptitious fishing expeditions into who is doing what with what and this information is compiled into dossiers on lots of private individuals, we get something that police state dream about. If the information is available, somebody will take advantage of it. After they start tracking it is too late. It has to be stopped/thwarted very early and done so that it can't be misused. Shouldn't isn't strong enough.
The subconscious can solve a problem in your sleep.
The subconscious can pretend you solved a problem in your sleep.
Which is completely at the whim of your subconscious.
The subconscious has no requirement to be rational or reasonable. In fact you want the stuff that is irrational and unreasonable to be in the subconscious rather than the conscious.
Maybe dreaming is sort of like being drunk, in that you perceive yourself as much smarter than you really are.
Right, except more of it and a lot faster pace.
The only thing your subconcious has going for it is that it doesn't have to process the terrabytes of data that the outside world hurls at your concious every second.
That sounds almost exactly backwards.
The subconscious processes enormous amounts of data, but in its own time and on its own terms. Occasionally it will dump a bit of stuff into the conscious. The subconscious isn't exactly smarter. It's more that the subconscious can try out all sorts of connections without concern for consequences. As for not being distracted, that's the job of the conscious, not the subconscious.
Point made.
Perhaps I've been fortunate in that I've had more than a few good teachers (and the whatever to ignore the bad ones;)
I feel like computers are always trying to make me do stuff now.
Man versus Computer. The computers are winning.
Round 2. If Man doesn't take control, the viruses and worms will take control.
Methinks it's unnecessary and maybe counterproductive to take him/her out of the system.
Keep him in that school system, drug him and send him to counseling until he fits into all the neat little rows and columns of the standarized test, standardized people state of mind that is the highest the mediocre thought processes of those that dream such up can muster
That is the problem. And not just for a few geeks.
Genius lives by its own standards. But. Genius must live within the society at large and just as it's inappropriate for society to dictate genius's norms, it is inappropriate for genius to dictate society's norms.
You touched on a point that I hadn't really thought about before. It seems that one aspect of genius is the ability (drive?) to try to do things the hard way and see what happens. Methinks it's essential for society at large that a few people do this. Those few pretty well need to be self-selected.
that there is no safe mechanism to _open_ a file without the risk of _running_ it.
:)
So basically it exploits user stupidity. Thanks for putting it so eloquently
If you mean user stupidity in using a system that deprives the user of essential information as to whether or not to click on something "interesting", then yes. The malware would make much less progress if the dialog used "Run Virus" instead of "Open".
I completely agree with you, except maybe about how clueful the guy is.
This feels too much like a setup for some kind of con job. A "Pearl Harbor" is possible, not from the "bad guys", but from our purported protectors.
If you're out in the boonies and the only phone line is a party line with nosey neighbors, you make adjustments and life goes on. My own take is that internet security is probably better now than a few years back. There have been bugs found and fixed, and more bugs yet to be found, but the overall security has been substantially tightened and more importantly, some people have learned what to look for and how to respond. The key parameter is not how many are found, but how hard they had to look. As for a wake-up call, script kiddies and even the bad guys have to be only a minor nuisance in the scheme of things. The real threats come from unforseen consequences of things going bump in the night in overly elaborate and fragile systems. Adding some hokey "security" system on top of a mess will only lead to a false sense of security.
That's smooth enough that you may get some gullible enough to follow it!
The Unix Honor Virus would work if you could make it convincing.
regedit is Microsoft's replacement for emacs.
four?
Whatever software your idiot boss needs to run dictates the platform the company and businesses in general, will use. There are simply no exceptions to this rule.
Methinks that is why IBM moving to a Linux based desktop is significant. IBM as a Linux customer has enough intelligence and clout to discover and ensure the existence of whatever business needs in a "Linux based desktop".
To understand the significance of Lotus 1-2-3, take a medium poor and messy and large spreadsheet and try to accomplish the same thing in your language of choice. Now try to keep up with your idiot boss as (s)he mutates and messes up said spreadsheet.
Face it webmasters...Google is not your friend. Websurfers are your friend and Google is their friend. Please web surfers and Google will reward you.
Therein lies the value of Google.
If, when, to the extent that (insert your favorite weasel words here) the technology can be applied to a corporate intranet, there should be some extreme value attainable. Google's bias and integrity are essential for this.
Serious question: What's to stop this type of exploit from affecting Linux or OSX?
;)
The race is not always to the swift nor the battle to the strong. But that's the way to bet. (or some such)
With Linux (and I'd assume with OSX), the computer is supposed to do what you tell it to do. Consequently, there is a tendency for the computer to actually be informative about what you need to know.
With Microsoft Windows, you are supposed to do what the computer tells you to do. There is a tendency to hide information that you need to know.
It's not one thing, it's lots of little subtle things that overall make Microsoft Windows so susceptible. Try telling people not to click on everything when the entire Windows experience is telling them to click on everything.
Linux certainly isn't immune. Despite its lower market penetration, it's a more useful platform to exploit, so other things equal, you would expect to see a disproportionately larger ratio of Linux exploits.
Linux (and probably moreso the BSD's) can be somewhat secured.
(Note, secured means that I can run exploits against unpatched vulnerable software with impunity
root. That's the guy who has to be able to fix anything.
tony. That's me and my stuff.
browser or email. Why would I want to let some browser or email program do anything it wants to any of my stuff? I should be able to do whatever I please with my browser or email and it should be totally incapable of retaliating.
Both of them.
So why is this worth an entire headline? Shouldn't we at least wait until it's actually doing anything
Slashdot tends to report anything new and significant. Slashdot ignores most all of the same-old same-old Microsoft malware. It's Microsoft that waits until it's actually doing anything (unless the target is Microsoft's update servers;)
There is a genuine bias and propaganda going on against Microsoft
Right. I use Microsoft software. I am biased against it.
Any inkling of a worm, no matter how minor and ineffective, gets breathlessly reported the minute it's submitted
Correct. For Open Source at any rate. For Microsoft, it's only the new stuff that gets reported.
Hmmmm, methinks the rich developed countries (or cities, etc) have caught on that the early adopters will be establishing the de facto standards. OSS may start because of cost considerations and can be had cheap for most reasonable definitions of cheap, but throwing both Sun and IBM into the brew doesn't sound like cheap. I think this will give them what they want and need, at a price that is affordable (picking the right point (their definition) on the value-cost curve).
It is our culture and we make the laws.
Exactly. With OSS, nobody can take that away from them. It doesn't mean anybody will do it for them, but with artificially lowered barriers to entry, the odds of something being workable are much better, regardless of circumstance.
There is a bit of irony in Microsoft being the (attempt at) a cheap solution.
"Religion is the last refuge of the scoundrel" or some such. Voltaire?
It is to a scoundrel's advantage if he can co-opt religion in his cause. This works best if all potentially confilicting view and opinions are supressed.
a couple techs working on an OSS project together is the trigger pin to a happier and more harmonious middle east, which I disagree with.
Correct, but it is aiming that direction. It's a step, a very small step, in the right direction. Together with many, many other such, maybe we stand a chance. It's more like a partial step of breaking out of five-9s failure to four-9s failure.
It's one of many. And yes, a very few do make a difference.
Extreme cold war.
You don't know any Russians.
You don't know anyone who knows any Russians.
You don't know anyone who knows anyone who knows any Russians.
You've barely heard of vodka.
Tchaiskovsky is ok because he comes from Czarist Russia.
A little interaction between a few people makes for a lot of change in the degree of seperation. American Rock Music in Moscow and Russian ballet in the USA or Western Europe do a lot to bridge the gaps. It doesn't solve the problems, but it does make them a lot less unsolvable.
You can always go and find broken corner cases
;-)
Right. That's where two bugs get together and you notice something.
Remove either of the bugs and nobody will notice anything.
Remove both of the bugs and maybe you get a bit closer to having something debugged.
(IE: Apache won't die in a random fashion)
One of us severely misunderstands Apache. My understanding is that it is quite possible to run Apache in production with some very broken modules.
"Try it again. Maybe your browser has some problems."
and very hard for software to fail like you mention unless it's fairly complex
I think it's extremely hard to have anything both interactive and deterministic.
Why do you trust IBM's Linux Technology Center to evaluate Linux?
Because it is to IBM's advantage to find any weakness AND FIX IT before their customers run into the same problems. Any "insider knowledge" would be used to make the tests harder rather than easier. If it were "IBM Linux" rather that "SuSE Linux" that was being tested you'd have at least a chance of making a point.
Seeing some of the commentary here, the only safe thing is to spell it out as bits or bytes instead of trusting anyones B or b notation.
I wouldn't trust the M prefix too much. If you see MBPD it probably still means THOUSANDS of barrels per day.
Communication rate is measured in bits per second. Excludes overheads.
Data transfer is measured in bytes per second. Includes overheads.