Try and make a steering wheel cover and call it Porsche Commander and claim that it makes you drive your Porshe better, Porshe would sue your balls off. Nah, you'd have better luck with calling it Jeep Commander which would be more likely to raise a few hackles.
the whole reporting-on-M$'s-every-move thing is getting REALLY old now. Hmmmm, either Microsoft is getting sensitive or slashdot is getting some influential readership. Time will of course solve the problem. When Microsoft quits moving. Until then, I like the reasonable assurance that I can point a suit to http://slashdot.org at any time of his or her choosing to get a feel of what Microsoft is up to.
There seems to be a fair amount of attempts at damage control by astroturfers, including ones with moderation points. There's probably more than a few suits who use slashdot as a key resource in planning the what how and when in stuff regarding information technology. Once Microsoft is perceived as running scared, they go from doing no wrong to where everything they do is wrong. IBM claims they are "more than getting their money back" from the billion a year they are dumping into Linux. I assume IBM knows what it's talking about, but IBM has no direct payout from what they're doing with Linux. I'll buy RedHat Professional Server to setup a small server. You'll download all that (and more) for free. Strange world, but effective! (Part of what I'm paying for with the boxed set is your free downloads. That way, you run into the problems and get them fixed before I do.;-)
"Developers, Developers, Developers." Developing what? Windows Software? Seems like Microsoft is heading in the direction of owning ALL Windows Software. Yours?
Right. If they can screw it up with something as simple as preguessing tv viewing preferences (which I don't care about), imagine how badly they *will* screw it up for stuff that matters and that I do care about. That point alone makes the "story" worth a repeat.
Trusting the sun to come up is a little bit^H^H^H^H^H^H^H^H^H^HSIGNIFICANTLY different than trusting Microsoft to refrain from buggering up your machine on an automated update.
The magazine is paid by the advertisers, so naturally they are all about pushing the latest and greatest to people who have no idea what they want. Security is a complicated subject and counting vulnerabilities is taken to be an accomplishment. My own take on the recent fun&games is that Linux/Open Source (and especially *BSD) is much more secure. Open Source tends to upplay vulnerabilities instead of downplaying them. (How else do you get people to patch their systems?). The counts have to be taken in context. An airline crashes, it makes world headlines. An automobile crashes, it barely makes the local newspaper. OpenBSD's 1 remote exploit in however many years is actually a stronger statement than the previous no remote exploits. (Think about it;) The first OpenSSH exploits, IIRC, were against FreeBSD and OpenBSD. Why *BSD? That reads too much like "Finally an opening. Take advantage while you still can." Bluntly, if you miss one Microsoft Windows vulnerability, there are and will continue to be plenty more chances. Since it's Open Source, there are plenty of variants around. You can even make your own. Security by obscurity *can* work, but it does require obscurity. (Think about it;). That's an argument for compiling your own kernel. Change something, anything. Anything that depends on exact displacements will have a hard time coping.
Hmmm, interesting. Looks like you have the start of the design of Multics. Large address space. Files were just paged-out virtual memory. Very secure. Easier to secure stuff by virtual-address than by including an external IO space.
Document-centric, not application centric. Good point. Dunno if the design goal is stupid, but it doesn't scale even to using a DOS-level computer. The problem is that you have to trust everything and everything all the time. Maybe OK if you're not doing much, but big problems if you try to extend the scope. The viruses and worms are the nicest part of it.
"Scott Adams entrenches himself deeply in corporate culture and has commercialized every aspect of his creative existence, by making fun of the very environment in which he thrives." Nice bit of irony. More power to him. It would be a bit hard for him to make fun of the corporate culture if he were *not* deeply entrenched in it.
There is no such thing as implicit trust, and if you think there is, please send me a blank check. Trusting something does not imply trusting everything. A blank check. Hmmmm. Lot's of ways to fill that request. You didn't say whose blank check. Actually, you trust most things in your environment implicitly. You trust the ground in front of your feet to be solid and not a holographic projection. You trust your drink to be more potable than rat poison. You trust the sun to come up again tomorrow morning.
Security advisories from Cert for the first 10 months of 2002 show that open source and Linux software accounted for more than half of all advisories. With no analysis of the severity and impact of the vulnerabilities, and more important, any analysis of the difficulty of discovering the vulnerabilities. That's Research??? The count for Open Source and Linux vulnerabilities may be greater, but that is really the count of vulnerabilities *fixed*. This years crop doesn't seem to be able to do much or go very far. Next years crop will have an even harder time. Microsoft seems to have plenty of low-hanging fruit left.
IE doesn't run in root mode. IE runs as whoever you are logged in as. This depends on what APIs that do root-level stuff are exposed and useable by IE. Microsoft presumably knows. I sure don't, but it seems rather naive to assume that there aren't any such.
Well, last time I checked, there was a ftp client included in Windows Still is. XP Professional C:\WINDOWS\SYSTEM32\FTP.EXE Copyrig ht (c) 1983 The Regents of the University of California. All rights reserved.
except that in this case XP is not affected by the vulnerability so this isn't an issue. Rubbish. XP is not the only Microsoft product. XP is not immune to all possible vulnerabilities. XP has not totally and permanently disabled auto-update. XP being not affected by one of many vulnerabilities does not make auto-update a non-issue.
Good read. "Our software industry has so far been doing simple applications work. Working with free software gives our industry the opportunity of jumping to the next level of complexity. It would give domestic competence and control over the heart of our computers." Linux may be cheaper, but more important, it's better. It's a matter of copetence, control, and trust. Trust? Yep. Because the source is open, it's much less likely to have any "funny business", and if there is any, somebody competent is likely to stumble onto it and start making noises.
Plus, you can *pretend* to administer windows more easily: it's better to use for total fakers. "I resemble that remark." I am not a TOTAL faker. Microsoft is much easier to set up with something that kinda-sorta works. But beware if you try to make it do what *you* want it to do. If *you* want to be in control, Linux (or *BSD) is much, much easier.
Linux is free, yes. Linux is cheap, don't think so. IBM dumping a billion US dollars per year into Linux isn't cheap. Linux can be obtained cheaply, very cheaply, but since the break-even point of what is *worthwhile* doing is very different, the TCO of Linux may well be greater than that of Microsoft Windows. What *will* be done with Linux is not the same as what will be done with Microsoft Windows. ( IBM may well be right in that they "more than got their money back";)
Don't you think they deserve a good solid two months before posting the exploit? Do you mean giving the black-hats two months head start before Microsoft becomes aware of the problem?
if I have working code that roots my box, I can start looking for ways to prevent it from running. Probably not quite as easy as falling off a log, but there should be lots of ways of tripping up the exploit without doing yourself much damage. Full disclosure also increases the odds that the ultimate fix actually fixes the problem (with minimal collateral damage) instead of just being a band-aid that really fixes nothing.
Slashdot Mirror
Try and make a steering wheel cover and call it Porsche Commander and claim that it makes you drive your Porshe better, Porshe would sue your balls off.
Nah, you'd have better luck with calling it Jeep Commander which would be more likely to raise a few hackles.
the whole reporting-on-M$'s-every-move thing is getting REALLY old now.
Hmmmm, either Microsoft is getting sensitive or slashdot is getting some influential readership. Time will of course solve the problem. When Microsoft quits moving. Until then, I like the reasonable assurance that I can point a suit to http://slashdot.org at any time of his or her choosing to get a feel of what Microsoft is up to.
There seems to be a fair amount of attempts at damage control by astroturfers, including ones with moderation points. ;-)
There's probably more than a few suits who use slashdot as a key resource in planning the what how and when in stuff regarding information technology. Once Microsoft is perceived as running scared, they go from doing no wrong to where everything they do is wrong. IBM claims they are "more than getting their money back" from the billion a year they are dumping into Linux. I assume IBM knows what it's talking about, but IBM has no direct payout from what they're doing with Linux. I'll buy RedHat Professional Server to setup a small server. You'll download all that (and more) for free. Strange world, but effective! (Part of what I'm paying for with the boxed set is your free downloads. That way, you run into the problems and get them fixed before I do.
Not evil. Just dangerous.
One degree of separation?
"Developers, Developers, Developers."
Developing what? Windows Software?
Seems like Microsoft is heading in the direction of owning ALL Windows Software.
Yours?
Right. If they can screw it up with something as simple as preguessing tv viewing preferences (which I don't care about), imagine how badly they *will* screw it up for stuff that matters and that I do care about.
That point alone makes the "story" worth a repeat.
Trusting the sun to come up is a little bit^H^H^H^H^H^H^H^H^H^HSIGNIFICANTLY different than trusting Microsoft to refrain from buggering up your machine on an automated update.
Yes. The sun comes up.
swatantryam
Something like this?
William Ernest Henley. 1849-1903
7. Invictus
Out of the night that covers me,
Black as the Pit from pole to pole,
I thank whatever gods may be
For my unconquerable soul.
In the fell clutch of circumstance
I have not winced nor cried aloud.
Under the bludgeonings of chance
My head is bloody, but unbowed.
Beyond this place of wrath and tears
Looms but the Horror of the shade,
And yet the menace of the years
Finds, and shall find, me unafraid.
It matters not how strait the gate,
How charged with punishments the scroll,
I am the master of my fate:
I am the captain of my soul.
The magazine is paid by the advertisers, so naturally they are all about pushing the latest and greatest to people who have no idea what they want.
Security is a complicated subject and counting vulnerabilities is taken to be an accomplishment.
My own take on the recent fun&games is that Linux/Open Source (and especially *BSD) is much more secure. Open Source tends to upplay vulnerabilities instead of downplaying them. (How else do you get people to patch their systems?).
The counts have to be taken in context. An airline crashes, it makes world headlines. An automobile crashes, it barely makes the local newspaper. OpenBSD's 1 remote exploit in however many years is actually a stronger statement than the previous no remote exploits. (Think about it;)
The first OpenSSH exploits, IIRC, were against FreeBSD and OpenBSD. Why *BSD? That reads too much like "Finally an opening. Take advantage while you still can." Bluntly, if you miss one Microsoft Windows vulnerability, there are and will continue to be plenty more chances.
Since it's Open Source, there are plenty of variants around. You can even make your own. Security by obscurity *can* work, but it does require obscurity. (Think about it;). That's an argument for compiling your own kernel. Change something, anything. Anything that depends on exact displacements will have a hard time coping.
Hmmm, interesting.
Looks like you have the start of the design of Multics. Large address space. Files were just paged-out virtual memory. Very secure. Easier to secure stuff by virtual-address than by including an external IO space.
Read the FINE Manual ;)
Document-centric, not application centric.
Good point.
Dunno if the design goal is stupid, but it doesn't scale even to using a DOS-level computer. The problem is that you have to trust everything and everything all the time. Maybe OK if you're not doing much, but big problems if you try to extend the scope. The viruses and worms are the nicest part of it.
"Scott Adams entrenches himself deeply in corporate culture and has commercialized every aspect of his creative existence, by making fun of the very environment in which he thrives."
Nice bit of irony. More power to him.
It would be a bit hard for him to make fun of the corporate culture if he were *not* deeply entrenched in it.
There is no such thing as implicit trust, and if you think there is, please send me a blank check.
Trusting something does not imply trusting everything.
A blank check. Hmmmm. Lot's of ways to fill that request. You didn't say whose blank check.
Actually, you trust most things in your environment implicitly. You trust the ground in front of your feet to be solid and not a holographic projection. You trust your drink to be more potable than rat poison. You trust the sun to come up again tomorrow morning.
Security advisories from Cert for the first 10 months of 2002 show that open source and Linux software accounted for more than half of all advisories.
With no analysis of the severity and impact of the vulnerabilities, and more important, any analysis of the difficulty of discovering the vulnerabilities. That's Research???
The count for Open Source and Linux vulnerabilities may be greater, but that is really the count of vulnerabilities *fixed*. This years crop doesn't seem to be able to do much or go very far. Next years crop will have an even harder time. Microsoft seems to have plenty of low-hanging fruit left.
Asking people to decide whether or not they trust somebody based on, uh, well, whatever, that's asking for disaster.
I've got something for you. I won't tell you what it is, but you know me. Trust me.
Methinks the first thing I've got to know is *what* it is that I'm supposed to be trusting.
IE doesn't run in root mode. IE runs as whoever you are logged in as.
This depends on what APIs that do root-level stuff are exposed and useable by IE. Microsoft presumably knows. I sure don't, but it seems rather naive to assume that there aren't any such.
Well, last time I checked, there was a ftp client included in Windowsg ht (c) 1983 The Regents of the University of California.
Still is.
XP Professional
C:\WINDOWS\SYSTEM32\FTP.EXE
Copyri
All rights reserved.
Damned if they do, damned if they don't.
Ah, the grasshopper is catching on. Microsoft is damned.
except that in this case XP is not affected by the vulnerability so this isn't an issue.
Rubbish.
XP is not the only Microsoft product.
XP is not immune to all possible vulnerabilities.
XP has not totally and permanently disabled auto-update.
XP being not affected by one of many vulnerabilities does not make auto-update a non-issue.
Good read.
"Our software industry has so far been doing simple applications work. Working with free software gives our industry the opportunity of jumping to the next level of complexity. It would give domestic competence and control over the heart of our computers."
Linux may be cheaper, but more important, it's better. It's a matter of copetence, control, and trust. Trust? Yep. Because the source is open, it's much less likely to have any "funny business", and if there is any, somebody competent is likely to stumble onto it and start making noises.
Plus, you can *pretend* to administer windows more easily: it's better to use for total fakers.
"I resemble that remark." I am not a TOTAL faker.
Microsoft is much easier to set up with something that kinda-sorta works. But beware if you try to make it do what *you* want it to do. If *you* want to be in control, Linux (or *BSD) is much, much easier.
Linux is free, yes. ;)
Linux is cheap, don't think so.
IBM dumping a billion US dollars per year into Linux isn't cheap.
Linux can be obtained cheaply, very cheaply, but since the break-even point of what is *worthwhile* doing is very different, the TCO of Linux may well be greater than that of Microsoft Windows. What *will* be done with Linux is not the same as what will be done with Microsoft Windows.
( IBM may well be right in that they "more than got their money back"
Don't you think they deserve a good solid two months before posting the exploit?
Do you mean giving the black-hats two months head start before Microsoft becomes aware of the problem?
if I have working code that roots my box, I can start looking for ways to prevent it from running.
Probably not quite as easy as falling off a log, but there should be lots of ways of tripping up the exploit without doing yourself much damage.
Full disclosure also increases the odds that the ultimate fix actually fixes the problem (with minimal collateral damage) instead of just being a band-aid that really fixes nothing.