What I want is for Microsoft Windows to become such an inconsistent disorganized mess that the competition rises to fill the void. Caldera now officially supports Linux distributions other than its own. The battle will be pretty much over when Red Hat is supporting OpenBSD desktops.
The programmer who thought up Windows File Protection should be drawn and quartered. Just *try* to remove Windows Scripting Host from Microsoft Windows Me. New Motto: Keeping Windows safe for viruses.:-(
We can include telnet slashdot.org 80 in that list of browsers, but do you want to support that? Didn't think so. Why not? It's the easiest browser to support. The user is already doing most of the work for you. When that has problems, everything else has problems, and the telnet user has a better view of exactly what is going on than anyone else.
Dunno if it would still work on XP, but you can boot NT from floppy. Needs to be formatted under NT. Needs BOOT.INI NTDETECT.COM and NTLDR. Seems like it was SOP on early NT systems when NTFS would clobber the above files. Probably more like a cancer than a virus. Viruses are small, tight,and well organized.
What you get is one whopping big Monte Carlo simulation. I suspect that the distributions of answers will be more informative than the answers themselves. The nonlinearities should make a very real difference between the average of the simulations and the simulation of the averages, probably different enough that scientifically bad fudge factors are required to bring things to match reality. Correlations can do some nasty things to you. Correlate which way the steering wheel is pointed with whether you are too far left or right in your lane. All it takes is a feedback system with something aproximating intelligence and your very good model can get things backwards.
I'm glad they're running a lot of different models. It will be interesting to see how divergent the predictions for the next 50 years are from the best fits to the past 50 years. It will also be interesting to see how badly the best fits for the next 50 years fit the past 50 years. (There's gotta be a better way to phrase that) There's also the long term effects that we have no good means to capture, like what turns off and on the various ocean currents.
I don't discount malice, but you can explain a lot of stupidity by analogy to a snake-oil salesman that starts believing in his product. There are enough levels so that everyone is trying to look good to his boss, who is trying to look good to his boss, on up the line. Any way to look better, to get a little bit more speed, particularly at the expense of somebody else, becomes a "good thing". Portability is always "someone else's problem", or can be pushed back in the priorities. Part of the problem is measuring how fast it is. You have a horse race and the winner wins by a neck. That's fine if what the race captures is your sole purpose in life. Almost certainly it isn't. There are always other things that need to be done. Measure those and pick your winner as the one that causes the least disruption. Example. My company is now using Linux for servers because of the default desktop screensavers, nice looking and cpu hogs. Telnet in from another box (would be ssh now), and the system is responsive! Hit the mouse and the screensaver is gone in a split-second. No long agonizing wait for an openGL screensaver to back itself out.
But for example, if Ford had access to the complete GM automobile line specs, we could start to see some real change. Oh, but they do. If not from GM itself, then Chilton has a nice comprehensive series. If you think the prices for genuine GM parts is exhorbitant, your local auto parts store most likely has something that will fit and is much more reasonable, almost certainly NOT made by Ford.
Unsigned data type. Personally, I like machine code and bit fiddling, but all an unsigned data type buys you is the ability to store one more bits worth of signed data. This is at the expense of very nasty logical problems combining unsigned values with signed values and storing the results as signed or unsigned values. The opportunities for subtle michief are enormous. Unsigned data can be very useful, but it tends to be VERY machine dependent. At the extreme, porting between VAX and IBM can require algorithm redesign and restructure just to get overflow detected properly.
One exploit, one place wouldn't do it. If the updates are digitally signed, the hacker needs an RSA private key that the software thinks it should trust. Doesn't have to be Microsoft's. If you have a worm that propagates and manages to stay under the radar screens,... It's easy to take pot shots, agreed. What "circumstances" am I ignorant of?
You're right about the sandbox, and it's not easy. Basically, I should be able to run unpatched, buggy, exploitable code with impunity. It doesn't make everything work properly, but it severly curtails the damage possible. I should be able to run the latest Microsft wormage on an unpatched and misconfigured Outlook. It might kill itself, but it should be impossible for it to do anything more than annoy anything else.
So basically you are saying that any secure solution to Microsoft software "is completely unworkable and shows a strong disconnect with reality." You're probably right.
doesn't make good sense to me Hehe. (It's not for the benefit of the victims) Being required to turn on a broad-spectrum vulnerability (to everything unknown, one of which will eventually be pretty bad) in order to fix another vulnerability (to something relatively harmless)
It's INNOVATION. Making the Internet Explorer gizmos (ie virus/worm writers paradise) an integral part of the Operating System. Backup early. Backup often. Get your important stuff out of reach of whatever WILL be run without your knowledge or consent.
Good advice, but I'm real lazy. 1) Apply all security patches from Microsoft. Or none. Kill all the *script.exe *script.dll thingees. Run AV software or not. But it's the ones WITH the AV software that get the viruses. The ones without tend to be more careful. 2) Don't open anything that's strange or unexpected, work related or not. 3) All computers show all extensions on files. Insane (Microsoft default) not to. 4) Only open files that you expected with.xls or.doc extensions only. I'd be inclined to accept only zips. The body or the subject should be informative and timely enough that the message is not easily forged. 5) Otherwise terminate with extreme prejudice. The're common enough now so don't even bother asking.
With all of these in place, when a virus is sent to one of our employees it does not propogate. That's the point! It's just a pyramid/chain-letter scheme. No reason to play the game. If people know what's going on, it works just as well as the Unix Honor Virus.
why would a dealer, with no guarantee of continued custom, give away a free sample of a very expensive substance? guarantee. Doesn't need a guarantee, just a reasonable probability. very expensive substance. Retail is expensive, not wholesale.
I don't see anywhere in your quote where the gentlemen acknowledges why they need to keep it off the airwaves nor do I see anything that implies that he thinks the discussion implies guilt or wrongdoing. Not relevant. The question is whether it could be construed as implying guilt or wrongdoing. Microsoft will find itself increasingly in the situation of having to prove itself innocent.
Personally I'm just tired of buzz word bingo and buzz phrase bingo where the media and people take statements without qualification and read deeper more meaningful intent into them. It will get worse;)
sophistry - 1 : subtly deceptive reasoning or argumentation It's even more fun when the conclusions are accurate. What did Microsoft do wrong today;)
I use both land-line (dial-up) and satellite, not quite at the same time. If I'm in a hurry, I go to the next room and use a computer routed through the land-line, otherwise I stay put and go through the satellite. If you can live without the feedback of an immediate echo, the satellite is pretty useable. You quickly learn that Cut&Paste (and PuTTY) is your friend. During "normal" hours it can be a royal pain sometimes with minute+ response times. The "always on" can be uncommunicative for hours at a time. Things are generally very useable from 1AM to 7AM with a second or 2 response. At the moment (5:40 CDT), the satellite is behaving itself, about second or 2 response, 3.3 Kbyte/sec download ftp transfer (from a 13Kbyte/sec capped DSL), usually 4 to 5 Kbyte/sec upload (during better times), I think I've seen some 80+ Kbyte/sec downloads, wee hours of course.
heat->light->electricity conversion? You've got entropy working against you. What they're doing is reducing the effects of entropy by something like blocking undesirable radiation from occurring.
You played the odds. This time the article was *very* worth reading. Mostly you're ahead to read and react to the comments and ignore the article.
Only one quibble, which doesn't weaken his argument. "The guarantees... in no way differ from those normal with free software." He's completely correct in that both are "AS-IS". They differ drastically in the recourse options open to the victims. There is a difference. Assume some "insolvable problem" comes up. With closed source you're SOL if the vendor won't or can't or isn't. With open source you can find and fix it. Probably send in the patches which the vendor might decide belong in the next release.
concerned with closed-source programs being potential security problems Among other things, but that should grab the most headlines. Even worse than being broken is being unrepairable. Closed source is fundamentally unrepairable by the victims.
Senior NT Network Administrator. Read that as Senior Administrator, probably promoted from within, NOT based on NT Networking skills. Pretty doubtful that she would have an MCSE. Microsoft networking is designed to hide all these gory bits of what is actually going on. Doing a whois is almost automatic on *nix, AFAIKT impossible on NT.
Slashdot Mirror
What I want is for Microsoft Windows to become such an inconsistent disorganized mess that the competition rises to fill the void.
Caldera now officially supports Linux distributions other than its own.
The battle will be pretty much over when Red Hat is supporting OpenBSD desktops.
The programmer who thought up Windows File Protection should be drawn and quartered. :-(
Just *try* to remove Windows Scripting Host from Microsoft Windows Me.
New Motto: Keeping Windows safe for viruses.
We can include telnet slashdot.org 80 in that list of browsers, but do you want to support that? Didn't think so.
Why not? It's the easiest browser to support. The user is already doing most of the work for you. When that has problems, everything else has problems, and the telnet user has a better view of exactly what is going on than anyone else.
Dunno if it would still work on XP, but you can boot NT from floppy.
Needs to be formatted under NT.
Needs BOOT.INI NTDETECT.COM and NTLDR.
Seems like it was SOP on early NT systems when NTFS would clobber the above files.
Probably more like a cancer than a virus. Viruses are small, tight,and well organized.
What you get is one whopping big Monte Carlo simulation.
I suspect that the distributions of answers will be more informative than the answers themselves.
The nonlinearities should make a very real difference between the average of the simulations and the simulation of the averages, probably different enough that scientifically bad fudge factors are required to bring things to match reality.
Correlations can do some nasty things to you. Correlate which way the steering wheel is pointed with whether you are too far left or right in your lane. All it takes is a feedback system with something aproximating intelligence and your very good model can get things backwards.
I'm glad they're running a lot of different models.
It will be interesting to see how divergent the predictions for the next 50 years are from the best fits to the past 50 years.
It will also be interesting to see how badly the best fits for the next 50 years fit the past 50 years. (There's gotta be a better way to phrase that)
There's also the long term effects that we have no good means to capture, like what turns off and on the various ocean currents.
I don't discount malice, but you can explain a lot of stupidity by analogy to a snake-oil salesman that starts believing in his product.
There are enough levels so that everyone is trying to look good to his boss, who is trying to look good to his boss, on up the line. Any way to look better, to get a little bit more speed, particularly at the expense of somebody else, becomes a "good thing". Portability is always "someone else's problem", or can be pushed back in the priorities.
Part of the problem is measuring how fast it is. You have a horse race and the winner wins by a neck. That's fine if what the race captures is your sole purpose in life. Almost certainly it isn't. There are always other things that need to be done. Measure those and pick your winner as the one that causes the least disruption. Example. My company is now using Linux for servers because of the default desktop screensavers, nice looking and cpu hogs. Telnet in from another box (would be ssh now), and the system is responsive! Hit the mouse and the screensaver is gone in a split-second. No long agonizing wait for an openGL screensaver to back itself out.
But for example, if Ford had access to the complete GM automobile line specs, we could start to see some real change.
Oh, but they do. If not from GM itself, then Chilton has a nice comprehensive series. If you think the prices for genuine GM parts is exhorbitant, your local auto parts store most likely has something that will fit and is much more reasonable, almost certainly NOT made by Ford.
Unsigned data type.
Personally, I like machine code and bit fiddling, but all an unsigned data type buys you is the ability to store one more bits worth of signed data. This is at the expense of very nasty logical problems combining unsigned values with signed values and storing the results as signed or unsigned values. The opportunities for subtle michief are enormous.
Unsigned data can be very useful, but it tends to be VERY machine dependent. At the extreme, porting between VAX and IBM can require algorithm redesign and restructure just to get overflow detected properly.
One exploit, one place wouldn't do it. ...
If the updates are digitally signed, the hacker needs an RSA private key that the software thinks it should trust. Doesn't have to be Microsoft's. If you have a worm that propagates and manages to stay under the radar screens,
It's easy to take pot shots, agreed. What "circumstances" am I ignorant of?
You're right about the sandbox, and it's not easy.
Basically, I should be able to run unpatched, buggy, exploitable code with impunity. It doesn't make everything work properly, but it severly curtails the damage possible. I should be able to run the latest Microsft wormage on an unpatched and misconfigured Outlook. It might kill itself, but it should be impossible for it to do anything more than annoy anything else.
So basically you are saying that any secure solution to Microsoft software "is completely unworkable and shows a strong disconnect with reality."
You're probably right.
doesn't make good sense to me
Hehe. (It's not for the benefit of the victims)
Being required to turn on a broad-spectrum vulnerability (to everything unknown, one of which will eventually be pretty bad)
in order to fix another vulnerability (to something relatively harmless)
It's INNOVATION. Making the Internet Explorer gizmos (ie virus/worm writers paradise) an integral part of the Operating System.
Backup early. Backup often. Get your important stuff out of reach of whatever WILL be run without your knowledge or consent.
Good advice, but I'm real lazy. .xls or .doc extensions only. I'd be inclined to accept only zips. The body or the subject should be informative and timely enough that the message is not easily forged.
1) Apply all security patches from Microsoft.
Or none. Kill all the *script.exe *script.dll thingees.
Run AV software or not. But it's the ones WITH the AV software that get the viruses. The ones without tend to be more careful.
2) Don't open anything that's strange or unexpected, work related or not.
3) All computers show all extensions on files. Insane (Microsoft default) not to.
4) Only open files that you expected with
5) Otherwise terminate with extreme prejudice. The're common enough now so don't even bother asking.
With all of these in place, when a virus is sent to one of our employees it does not propogate.
That's the point! It's just a pyramid/chain-letter scheme. No reason to play the game. If people know what's going on, it works just as well as the Unix Honor Virus.
why would a dealer, with no guarantee of continued custom, give away a free sample of a very expensive substance?
guarantee. Doesn't need a guarantee, just a reasonable probability.
very expensive substance. Retail is expensive, not wholesale.
"... but essentially MSFT itself describes an OS as software which manages the resources of your computer.
The question then is: what part of an OS does IE manage? "
The user, silly. The user. Can't have unmanaged users now, can we?
(* ducks and runs for cover *)
I don't see anywhere in your quote where the gentlemen acknowledges why they need to keep it off the airwaves nor do I see anything that implies that he thinks the discussion implies guilt or wrongdoing.
;)
;)
Not relevant. The question is whether it could be construed as implying guilt or wrongdoing. Microsoft will find itself increasingly in the situation of having to prove itself innocent.
Personally I'm just tired of buzz word bingo and buzz phrase bingo where the media and people take statements without qualification and read deeper more meaningful intent into them.
It will get worse
sophistry - 1 : subtly deceptive reasoning or argumentation
It's even more fun when the conclusions are accurate.
What did Microsoft do wrong today
full *AND ACCURATE* API documentation detailing all APIs that non-OS tasks can call.
Bought any bridges lately?
It's worth a repost (and a reread) just in case anyone missed it the first time around. It's still news.
I use both land-line (dial-up) and satellite, not quite at the same time. If I'm in a hurry, I go to the next room and use a computer routed through the land-line, otherwise I stay put and go through the satellite. If you can live without the feedback of an immediate echo, the satellite is pretty useable. You quickly learn that Cut&Paste (and PuTTY) is your friend.
During "normal" hours it can be a royal pain sometimes with minute+ response times. The "always on" can be uncommunicative for hours at a time. Things are generally very useable from 1AM to 7AM with a second or 2 response.
At the moment (5:40 CDT), the satellite is behaving itself, about second or 2 response, 3.3 Kbyte/sec download ftp transfer (from a 13Kbyte/sec capped DSL), usually 4 to 5 Kbyte/sec upload (during better times), I think I've seen some 80+ Kbyte/sec downloads, wee hours of course.
heat->light->electricity conversion?
You've got entropy working against you.
What they're doing is reducing the effects of entropy by something like blocking undesirable radiation from occurring.
You played the odds. This time the article was *very* worth reading. Mostly you're ahead to read and react to the comments and ignore the article.
... in no way differ from those normal with free software."
Only one quibble, which doesn't weaken his argument.
"The guarantees
He's completely correct in that both are "AS-IS". They differ drastically in the recourse options open to the victims.
There is a difference. Assume some "insolvable problem" comes up.
With closed source you're SOL if the vendor won't or can't or isn't.
With open source you can find and fix it. Probably send in the patches which the vendor might decide belong in the next release.
concerned with closed-source programs being potential security problems
Among other things, but that should grab the most headlines.
Even worse than being broken is being unrepairable. Closed source is fundamentally unrepairable by the victims.
Senior NT Network Administrator.
Read that as Senior Administrator, probably promoted from within, NOT based on NT Networking skills. Pretty doubtful that she would have an MCSE.
Microsoft networking is designed to hide all these gory bits of what is actually going on. Doing a whois is almost automatic on *nix, AFAIKT impossible on NT.
I have to agree with you about usage.
The irony is that correct usage leads to incorrect usage.