Once upon a time it could force that it is not done.
Whilst not as fine grained as you are talking about you can completly disable USB drives, at least on Windows 2000, XP and Windows 2003 by tweaking file system permissions or the registry. Microsoft even detail it in a knowledge base article and it can be enforced by a domain policy if you're running AD.
By acquiring JBoss, Red Hat expects to accelerate the shift to service-oriented architectures (SOA), by enabling the next generation of web-enabled applications running on a low-cost, open source platform.
Ack, buzz word overload. By SOA let's assume the writer really means SOAP services. Microsoft's offering for these is ASP.Net and the WSE extensions, ASP simply isn't that good at generating or consuming SOAP. And once you open up your applications to everyone by using a SOAP service then all lock in is gone, and this works both ways. No longer do corporates have to stick to Java or ASP.Net, they can mix and match. You'd hope that this would enable people to concentrate on the best way to do things, but no, it'll just end up in a language pissing match again, thus ensuring the lovely ideals behind SOA go out the window.
I'm not allowing X because I don't know what it does does not necessarily equate to X is bad
Banning an unknown service from a network is the more sensible default decision for a corporate network to take. Firewalls should block everything by default, corporate desktops should stop installations of anything not checked and cleared. Why should skype be any different?
Re:Sender Policy Framework...??
on
Why Phishing Works
·
· Score: 2, Interesting
This would eliminate alot of question whether or not a site is legit or not.
If people published it. I've been getting chase.com phishing mails. I check SPF at the mail server, but chase has ~all, so it's a soft fail if someone sends from another server, next to useless. Same for hsbc.com, paypal.com et al.
So if the banks won't publish decent SPF records when SPF is 2+ years old now, what hope do you have of them adopting something new?
While I don't mind taking a swipe at M$ft from time to time
Even better, follow the link. It turns out that ALL the main browser people, MS, Mozilla, Opera and KDE got together and agreeded on colours and padlock information and layout for the address bars. It won't just be MS colouring the bar in IE7, everyone will, and in a common, standard way.
So if every browser is going to do it, in the same way, then how come only MS is being dismissed here?
If you really were serious about looking at the MS offering, it's at Windows Live Ideas. You should note it's web mail only, if you want to pull it down to a local machine you'll need to pay, and be using Outlook because it's not POP/SMTP. Also the interface only shines in IE right now, as they're using the new, in beta, ajax enabled interface.
There's something rather strange about people clammering for responsibility, but who remain anonymous not taking responsibility for their own opinions....
All the programs would probably use the same GAL.
They do. Live Messenger hooks into the Exchange / AD GAL and uses it as the basis for the address book. Whats more, it plugs into the Exchange diary, so when a meeting arrives your Messenger goes "in a meeting" automatically. It can also plug into some PBXs, so pick up the handset and lo "Phone" status is set.
You can even hook it into public IM gateways, so your users, at your corporate domain can talk to hotmail, aol and YIM users (although I've not seen this in action)
We've got some new additions and enhancements to IE, and here we have a flaw that can give an attacker complete control over the user's computer!
Actually you don't. There's a flaw that can crash the browser, but the reporter of this offers no proof that it will result in code execution or the ability to take over a user's computer. Very few buffer overruns result in code execution, and without proof, it's just another crash.
Looking at how the reported went public before the vendor has a chance to respond it looks, to me, like someone attention whoring.
You know as a child I made up invisible things to blame and was told that was a bad thing to do. Only now I find out I was really a budding scientist...
Mono is becoming increasing important due to Windows Vista, which has WinFX (the next.Net Framework) as its core API.
WinFx is not the next.net framework, it is the next generation API set.
It's an encompassing term, covering Presentation Foundation (how you display things on screen), Communications Foundation (secure program to program stuff), WinFS (the meta data "file system"), Workflow and Infocard (authenication and authorisation), all of which exposed as a managed code API.
It is also not limited to Vista, most of it will be back ported to XP and 2003. Look upon it as a Win32 replacement for.net. Now imagine implementing that from clean room code. Stop crying at the back.
So whilst the summary may be concise, it is not, I am afraid, accurate.
Wouldn't the world actually be a BETTER place if all the users revolted, and the site shut down altogether?
What, and risk having their target audience spread out over the net? At least myspace is a single area that contains their poetry about failed fumblings in the back site of mom's car, their discussions of exactly which black t-shirt are they supposed to wear with what foundation and their row upon row of identical self portraits each proclaiming they look goth because it's unique and original.
No, we should hail Murdoch as a brave netizen for keeping them all in one (mosh) pool.
Except FireFox 1.0 also opens the files automatically, by default, in the vunerable application.
In 1.5 the behaviour changed, and for some reason.WMF was associated in FireFox with Windows Media Player. So 1.5 is secure against this flaw, by lucky accident.
They even describe the SDKs as "verything you need to write, build, test, and deploy.NET". Sure, Visual Studio is a nice editor, but you don't need Visual Studio to write.net code. If you do want that crutch well you have, from Microsoft, the Express Editions, cost free for the next year, as well as 3rd party open source solutions like SharpDevelop.
So, according to your logic Windows wishes to gain more developers.
That's certainly true, but having read a lot about scrum et al you tend to find that most, if not all of the examples used to justify the selling of a new methodology don't have a lot of detail.
Take a look at one of the Agile Poster Children and his proof that it works.
Quote: "Because of the newness of agile methods there simply hasn't been sufficient time to prove that they work in a wide variety of situations."
Thats a wonderful way to dismiss anyone saying bad things, and it's rubbish, because the burden of proof for any claim is independent of its age.
Quote: "the question "where is the proof" is typically asked by organizations that fit the late majority or even laggard profiles... Because agile techniques clearly aren't at that stage in their lifecycle yet I believe that this question simply isn't a fair one at this time."
So the act of asking for proof these things work means you're not ready? Ad hominem alert.
Quote: "Are they really interested in finding an effective process or are [they] merely looking for a reason to disparage an approach that they aren't comfortable with? Are they realistic enough to recognize that no software process is perfect, that there is no silver bullet to be found? Are they really interested in proof that something works, or simply an assurance of perceived safety?"
Ad hominem again.
Then you look at the project that started Agile, the Chrysler Comprehensive Compensation (C3) project. It was lauded as the first agile program and a success, however by February 2000 with the system was failing when paying 76,000 of the company's 86,000 employees. It was cancelled. Apparently this failure is now the new success.
Every methodology has rapid followers who will hear not evil said of it, but when looking at these things you have to remember "He's NOT the Messiah... he's just a very naughty boy."
So Scrum was used on SQL Server? The SQL Server product that's very late and has had to have features disabled. Or was it used on Visual Studio 2005 perhaps? The one where they've already announced a service pack before the official launch date because people are so unhappy?
These are scrum successes? I'd hate to see the failures.
True. But the processor count is rounded UP. So if you want to license a single dual core machine, it's 1.5 licenses, rounded up you must purchases 2 CPU licenses.
The "new" Napster are very upfront that they're a subscription service. Frankly I don't have a problem with it either, they have an interesting selection of music on there and my tastes switch from month to month anyway. You can pay extra to purchase a track permanently if you like it. Truth in advertising? It's already there.
As for being a re-seller of Microsoft DRM products, what utter crap. The Microsoft DRM product for audio and video is an SDK. Funny, I don't see a "Download Napster SDK" link on their site. Maybe your knee was jerking too much to actually go look for youself?
That depends on the band, and their status. Certainly for debut and second and even third albums the bands won't get a lot, because they're still paying back the loans the music company gave them for promotion, recording et al. However if the bands have written their own material, kept the copyright on their songs and so on, then, as time goes on, and their intial loan goes down their albums will make them more money.
Indeed, and I've done the same for streaming media systems. A bunch of cheap 1U servers, with content on at least 3 boxes, and an intelligent redirection layer which would send the user to the least loaded server with the content on, nearest to them.
But you wouldn't want to do that with a database server. It's horses for courses.
How long before someone is selling the rights to name a rock on ebay? NASA could probably raise the money for a mars mission within a year if they did that!
You're assuming that the CLR security setup is like ActiveX; it's not.
The CLR proves zonal security, which can be set at the enterprise, machine and user levels. By default you get Full Trust, Skip Verification, Execution, Nothing, Local Intranet, Internet and Everything. Don't like those zones? You can create your own and provide the conditions for an executable or loaded assembly to be placed in them. For example I have c:\sandbox\internet in the Internet zone. Any CLR exec I drop in there runs under that zone, despite being on the local hard drive, which by default has Full Trust.
Better still you have CAS, which allows you to specify what permissions you need. The permissions are granular and you can create your own should you need to. If the zone your code is starting in does not have the permissions you request the CLR will not run it. You can also request optional permissions, so if you optionally request to save to local hard drives, and you don't get it, you can remove that menu option/functionality.
So there is a CLR sandbox, there has always been a CLR sandbox. It's not ActiveX.
OK I'll admit I was over-exaggerating for effect (hey, this is slashdot)
What I was trying to get across is that sense of entitlement some degree holders have, heck that sense of entitlement a lot of people, degree or not seem to have especially when it comes to outsourcing (but it seems more common with degree holders). No-one "owes you a job". A lot of new graduates especially seem to think they'll drop into a higher paid job than someone without a degree simply because they have a piece of paper.
Truth be told, without exaggeration, when I've recruited degrees are not used as a filtering mechanism ever, lack of one won't mean your CV doesn't end up in front of me, having one doesn't mean it will.
Slashdot Mirror
Whilst not as fine grained as you are talking about you can completly disable USB drives, at least on Windows 2000, XP and Windows 2003 by tweaking file system permissions or the registry. Microsoft even detail it in a knowledge base article and it can be enforced by a domain policy if you're running AD.
Ack, buzz word overload. By SOA let's assume the writer really means SOAP services. Microsoft's offering for these is ASP.Net and the WSE extensions, ASP simply isn't that good at generating or consuming SOAP. And once you open up your applications to everyone by using a SOAP service then all lock in is gone, and this works both ways. No longer do corporates have to stick to Java or ASP.Net, they can mix and match. You'd hope that this would enable people to concentrate on the best way to do things, but no, it'll just end up in a language pissing match again, thus ensuring the lovely ideals behind SOA go out the window.
I'm not allowing X because I don't know what it does does not necessarily equate to X is bad
Banning an unknown service from a network is the more sensible default decision for a corporate network to take. Firewalls should block everything by default, corporate desktops should stop installations of anything not checked and cleared. Why should skype be any different?
If people published it. I've been getting chase.com phishing mails. I check SPF at the mail server, but chase has ~all, so it's a soft fail if someone sends from another server, next to useless. Same for hsbc.com, paypal.com et al.
So if the banks won't publish decent SPF records when SPF is 2+ years old now, what hope do you have of them adopting something new?
Even better, follow the link. It turns out that ALL the main browser people, MS, Mozilla, Opera and KDE got together and agreeded on colours and padlock information and layout for the address bars. It won't just be MS colouring the bar in IE7, everyone will, and in a common, standard way.
So if every browser is going to do it, in the same way, then how come only MS is being dismissed here?
If you really were serious about looking at the MS offering, it's at Windows Live Ideas. You should note it's web mail only, if you want to pull it down to a local machine you'll need to pay, and be using Outlook because it's not POP/SMTP. Also the interface only shines in IE right now, as they're using the new, in beta, ajax enabled interface.
There's something rather strange about people clammering for responsibility, but who remain anonymous not taking responsibility for their own opinions ....
Sure, you can argue that they aren't as "rich" as Word, PDF et al, but they're standard and they're open.
What a stunning piece of FUD.
All the programs would probably use the same GAL.
They do. Live Messenger hooks into the Exchange / AD GAL and uses it as the basis for the address book. Whats more, it plugs into the Exchange diary, so when a meeting arrives your Messenger goes "in a meeting" automatically. It can also plug into some PBXs, so pick up the handset and lo "Phone" status is set.
You can even hook it into public IM gateways, so your users, at your corporate domain can talk to hotmail, aol and YIM users (although I've not seen this in action)
Actually you don't. There's a flaw that can crash the browser, but the reporter of this offers no proof that it will result in code execution or the ability to take over a user's computer. Very few buffer overruns result in code execution, and without proof, it's just another crash.
Looking at how the reported went public before the vendor has a chance to respond it looks, to me, like someone attention whoring.
You know as a child I made up invisible things to blame and was told that was a bad thing to do. Only now I find out I was really a budding scientist...
WinFx is not the next .net framework, it is the next generation API set.
It's an encompassing term, covering Presentation Foundation (how you display things on screen), Communications Foundation (secure program to program stuff), WinFS (the meta data "file system"), Workflow and Infocard (authenication and authorisation), all of which exposed as a managed code API.
It is also not limited to Vista, most of it will be back ported to XP and 2003. Look upon it as a Win32 replacement for .net. Now imagine implementing that from clean room code. Stop crying at the back.
So whilst the summary may be concise, it is not, I am afraid, accurate.
What, and risk having their target audience spread out over the net? At least myspace is a single area that contains their poetry about failed fumblings in the back site of mom's car, their discussions of exactly which black t-shirt are they supposed to wear with what foundation and their row upon row of identical self portraits each proclaiming they look goth because it's unique and original.
No, we should hail Murdoch as a brave netizen for keeping them all in one (mosh) pool.
Almost as much of a mystery as why this a black box sitting next to a 360 is considered "news".
In 1.5 the behaviour changed, and for some reason .WMF was associated in FireFox with Windows Media Player. So 1.5 is secure against this flaw, by lucky accident.
Strange, from where I'm sitting they give the platform away for free, and always have done;
They even describe the SDKs as "verything you need to write, build, test, and deploy .NET". Sure, Visual Studio is a nice editor, but you don't need Visual Studio to write .net code. If you do want that crutch well you have, from Microsoft, the Express Editions, cost free for the next year, as well as 3rd party open source solutions like SharpDevelop.
So, according to your logic Windows wishes to gain more developers.
Take a look at one of the Agile Poster Children and his proof that it works.
Quote: "Because of the newness of agile methods there simply hasn't been sufficient time to prove that they work in a wide variety of situations."
Thats a wonderful way to dismiss anyone saying bad things, and it's rubbish, because the burden of proof for any claim is independent of its age.
Quote: "the question "where is the proof" is typically asked by organizations that fit the late majority or even laggard profiles ... Because agile techniques clearly aren't at that stage in their lifecycle yet I believe that this question simply isn't a fair one at this time."
So the act of asking for proof these things work means you're not ready? Ad hominem alert.
Quote: "Are they really interested in finding an effective process or are [they] merely looking for a reason to disparage an approach that they aren't comfortable with? Are they realistic enough to recognize that no software process is perfect, that there is no silver bullet to be found? Are they really interested in proof that something works, or simply an assurance of perceived safety?"
Ad hominem again.
Then you look at the project that started Agile, the Chrysler Comprehensive Compensation (C3) project. It was lauded as the first agile program and a success, however by February 2000 with the system was failing when paying 76,000 of the company's 86,000 employees. It was cancelled. Apparently this failure is now the new success.
Every methodology has rapid followers who will hear not evil said of it, but when looking at these things you have to remember "He's NOT the Messiah ... he's just a very naughty boy."
These are scrum successes? I'd hate to see the failures.
True. But the processor count is rounded UP. So if you want to license a single dual core machine, it's 1.5 licenses, rounded up you must purchases 2 CPU licenses.
The "new" Napster are very upfront that they're a subscription service. Frankly I don't have a problem with it either, they have an interesting selection of music on there and my tastes switch from month to month anyway. You can pay extra to purchase a track permanently if you like it. Truth in advertising? It's already there.
As for being a re-seller of Microsoft DRM products, what utter crap. The Microsoft DRM product for audio and video is an SDK. Funny, I don't see a "Download Napster SDK" link on their site. Maybe your knee was jerking too much to actually go look for youself?
That depends on the band, and their status. Certainly for debut and second and even third albums the bands won't get a lot, because they're still paying back the loans the music company gave them for promotion, recording et al. However if the bands have written their own material, kept the copyright on their songs and so on, then, as time goes on, and their intial loan goes down their albums will make them more money.
But you wouldn't want to do that with a database server. It's horses for courses.
How long before someone is selling the rights to name a rock on ebay? NASA could probably raise the money for a mars mission within a year if they did that!
The CLR proves zonal security, which can be set at the enterprise, machine and user levels. By default you get Full Trust, Skip Verification, Execution, Nothing, Local Intranet, Internet and Everything. Don't like those zones? You can create your own and provide the conditions for an executable or loaded assembly to be placed in them. For example I have c:\sandbox\internet in the Internet zone. Any CLR exec I drop in there runs under that zone, despite being on the local hard drive, which by default has Full Trust.
Better still you have CAS, which allows you to specify what permissions you need. The permissions are granular and you can create your own should you need to. If the zone your code is starting in does not have the permissions you request the CLR will not run it. You can also request optional permissions, so if you optionally request to save to local hard drives, and you don't get it, you can remove that menu option/functionality.
So there is a CLR sandbox, there has always been a CLR sandbox. It's not ActiveX.
What I was trying to get across is that sense of entitlement some degree holders have, heck that sense of entitlement a lot of people, degree or not seem to have especially when it comes to outsourcing (but it seems more common with degree holders). No-one "owes you a job". A lot of new graduates especially seem to think they'll drop into a higher paid job than someone without a degree simply because they have a piece of paper.
Truth be told, without exaggeration, when I've recruited degrees are not used as a filtering mechanism ever, lack of one won't mean your CV doesn't end up in front of me, having one doesn't mean it will.