Slashdot Mirror


User: drsmithy

drsmithy's activity in the archive.

Stories
0
Comments
12,153
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,153

  1. Re:It's unfair on Browser Comparison - Firefox 2 b1, IE7 b3, Opera 9 · · Score: 1
    Standards bodies are there to try to encourge innovation. At least they think of new ideas.

    You seem to have that arse-about-face. I really don't see how bodies whose sole purpose is to get everyone doing the same thing can possibly be "encouraging innovation".

  2. Re:How is this news? on What Game Developers Think about DirectX 10 · · Score: 1
    What platform do you think the directX team uses? Its not Vista. Its too unstable right now for real production use. They use WindowsXP and backporting directX10 beta's to Vista and then claiming they can't do it to save PR.

    That's a mighty big assumption given how famous Microsoft is for "eating their own dog food".

  3. Re:What will be the market of DirectX 10 ? on What Game Developers Think about DirectX 10 · · Score: 1

    Theres much bigger support for OpenGL 2.0 on pretty much all hardware and platforms.

    OpenGL != DirectX.

    I never saw why people use DirectX when all it does is limit your application to MS platforms and is dictated by MS.

    Indeed. Limiting themselves to 99% of the market. Whatever could they be thinking !

  4. Re:How is this news? on What Game Developers Think about DirectX 10 · · Score: 0, Troll
    The point is, if they can create a version that works in XP for ATI then they can create a version that works in XP for everyone else, too. Which just brings us back to the conclusion that DirectX 10 is yet another damned Microsoft forced upgrade.

    I predict that one day the word "forced" is going to be used on Slashdot correctly, and that the massive shockwave caused will shut down the entire internet for a whole day...

  5. Re:Office 2000 is remarkably unstable. on Microsoft Acquires Winternals and Sysinternals · · Score: 1
    The last version I've used is Office 2000. It is remarkably unstable, even after all the service packs are applied.

    Sometimes, after several hours of editing, Microsoft Office stops being able to read the file you've been saving. When that happens, open the file in Open Office, save it as a .DOC file, and you will be able to open it again in Microsoft Office.

    Well, I can't say I've ever suffered either of those problems, even with documents into the hundreds of pages.

    I have, however, had numerous problems with OpenOffice. Stability is ok, but performance is atrocious, compatibility is so-so and many aspects of the UI need work. It's getting better, and probably provides sufficient raw functionality for a large proportion of users, even though it probably doesn't do so in the most productive or easy to use manner.

    Lotus Smartsuite was a contender. I liked Ventura Publisher. WordPerfect had some advantages. I liked PageMaker. They made far less money because of the widespread piracy of Microsoft Office.

    You are defeating your own arguments. Have you yet stopped to consider *why* people were busily pirating office instead of any of the alternatives ? The standard "because they're a monopoly" dodge doesn't apply when you're talking about that timeframe.

    No-one denies there were products that were superior to Office (or its components). The point is that Microsoft expended a great deal of effort talking to peopel to find out *why* those products were considered superior by their users and then improved Office to match (or exceed). That's why everyone uses Office today. The amount of work the Word product group put into making it a very attractive alternative to WordPerfect users, for example, is legendary.

    Microsoft Office is a *textbook example* of a superior product winning out (as are many Microsoft products that dominate their market segments, but Office is definitely one of the standouts).

    Eventually the quirky, closed Office file format became the business standard.

    Don't forget most of those "contenders" had similarly closed file formats.

    They are not "supposed" abuses. They are abuses. It doesn't matter how commonplace they are. They are abuses.

    Well, that depends entirely on your perspective. It isn't the first time I've disagreed with the legal establishment and I sincerely doubt it will be the last. I call them "supposed" because I don't consider (most of) them to be "abusive", in the context of competitive business. Certainly the most commonly used example on Slashdot - Internet Explorer - is laughable as a measure of "abuse".

    You can call things you don't like happening "abuses" if you want to, but singling out Microsoft when every other company does the same thing, is blatant hypocrisy. Blatant hypocrisy that just happens to be lucky enough to be supported by legislation, is still blatant hypocrisy.

  6. Re:That could've been a good feature! on Microsoft Retracts Private Folder Option · · Score: 1
    Since this is the purpose of this thread, how about the lack of automatic updates for 3rd-party products? (macromedia flash and drivers being considered non-3rd-party as standard inclusions of the Windows OS)

    This can be done with Active Directory and GPOs.

    First, with this statement being in regards to "workstations", which with the near impossibility of running with principle of least security under Windows, I would say that this is far from trivial.

    In a managed environment, it's not difficult.

    Personally, I've been running as a regular user in Windows since NT4, back in 1996. My mother has been doing it since 2000 (initially with Windows 2000, more recently with OS X).

    If it was so simple, there wouldn't be as many blogs, webpages, and discussions centered around accomplishing this.

    Making pancakes is pretty simple. Would you like to venture a guess as to how many webpages there are out there talking about making pancakes ?

    Or perhaps your ignorance as to how it should be configured? The truth is that a good Linux/Unix admin has a significantly better understanding of general computer science, networking protocols, POSIX standards, etc. If your Unix/Linux guys are coming in and doing things, they're probably doing it right. Unfortunately, a lot of 3rd-party Windows applications don't like a secure system.

    The truth is, the average "Linux/Unix" admin has a reasonable idea about how to run "Linux/Unix" _servers_ and little else. The good ones are usually capable of also managing an interactive multiuser system for unix-familiar users (athough the number of people who can do that is rapidly declining, as such systems become increasingly rare). The *really* good ones are capable of managing an interactive multiuser system populated mostly by ignorant, non-technical users.

    Few of them are good at managing desktop PCs and users, regardless of the OS those PCs are running. Even fewer are capable of managing Windows desktops well, because they can't get past the "it's not unix" or "Micro$oft is t3h sux0r" attitudes (which one they have is generally related to their age). Pretty much all of them not only don't recognise this gap in their experience/knowledge/interest, but blame it on Microsoft and/or Windows.

    Here's an example: The objective is to change every user's browser home page.

    To a unix admin, the best way to achieve this is to write a script which either (depending on the exact environment) logs into every user's machine and modifies the registry and/or relevant configuration files or iterates through every user's centrally-stored home directory/user profile to do the same thing. Because that's what you'd do on a unix system, or with an office full of unix workstations - and that's fine with unix systems, because it works well with them.

    However, the *proper* way to do this in a Windows environment is with Group Policy.

    (I've always found it rather ironic that Windows is frequently criticised by (ignorant) unix people for requiring too much "interactive administration", yet the most common methodology for unix administrators to achieve tasks is with (manual or automated) SSH sessions to machines, while the proper methodology for centrally managing Windows systems is to avoid having to login to client machines at all and do everything from the server. Talk about the pot calling the kettle black.)

    There are many examples of better products not being the dominant platform.

    No, there aren't. There are, however, lots of examples of minority groups using different variables to everyone else to define what "better" is so they can feel superior (and it's not restricted to computing).

  7. Re:In my opinion, Microsoft is extremely abusive. on Microsoft Acquires Winternals and Sysinternals · · Score: 1
    For example, did you ever wonder how Microsoft Office became the standard office software? It's because there is a 2-tier marketplace. The first tier is that people pay a lot of money for Microsoft Office. The second tier is that people buy a cheap pirated copy of Microsoft Office. That's why Microsoft's competition was extinguished.

    Office dominates the market because back in the late 80s and early 90s, Microsoft expended massive amounts of effort making it a better product for the majority of users than any of the alternatives and, since then, no-one has yet managed to turn the tables.

    Microsoft is far, far more abusive than you apparently know.

    Most - if not all - of Microsoft's supposed "abuses" are commonplace behaviour both within the computing industry and business world in general.

  8. Re:More Symantec Propoganda; a new stack is better on Windows Vista still Rife with Insecure Code · · Score: 1
    The old stuff had so many holes we stopped counting. Based on BSD stuff that had been around since the early '90s, Microsoft had to change the stacks.

    The BSD-derived TCP/IP stack was replaced with Windows 2000.

  9. Re:I would like to know on Windows Vista still Rife with Insecure Code · · Score: 1
    The suggested solution sounds a lot like SELinux, where such information is part of the security policy. Each program can be supplied with such a security policy, specifying exactly what files it will need to access. I'm sure that a similar system could be implemented for Windows.

    This relies on application developers doing the right thing to make it work. Therefore, it won't.

    (Exhibit A: any and all programs <5-6 years old that still needlessly require Administrator privileges to run.)

  10. Re:You joke, but on Windows Vista still Rife with Insecure Code · · Score: 1
    Don't buy the excuse of it taking a lot of resources -- Microsoft has a *LOT* of resources including billions of dollars in the bank; and the OpenBSD group have a near perfect track record with a better performing OS with a budget thousands of times smaller than what Microsoft pays as dividends to shareholders.

    OpenBSD isn't doing anywhere near as much, nor used by anywhere near as many people. Your comparison is broken.

    Incidentally, you can't compare budgets between OSS and commercial software development. One would hope that would be obvious to even the casual observer, but clearly it isn't.

  11. Re:Wow, NEWS! on Microsoft COO Warns Google Away From Corp Search · · Score: 1
    The comment wasn't out of line, but it provides insight into the microsoft mentality. Instead of stating that they have a superior product, with valid points as to why it is superior, they just tell google to get out of their way.

    Given the remarkable lack of content in TFA, how do you know that ?

    The fact is that microsoft is egotistical and doesn't like competition what-so-ever, and this statement proves it.

    No company likes competition. No, not even the ones who tell you they do.

  12. Re:Who cares... on Microsoft Retracts Private Folder Option · · Score: 2, Insightful
    I think you mean a video called "Sailor Moon and the 7 ballz".

    If you have an Empornium account, this this is it.

  13. Re:That could've been a good feature! on Microsoft Retracts Private Folder Option · · Score: 1
    The problem is that MS Windows does nothing to provide a centralized auto-update feature. If anything, your argument is to mean that Windows has no place in the corporate world yet.. which, is true, but not in practice.

    In an enterprise environment, the client has no business whatsoever in determining when (or even if) anything on it should be modified.

  14. Re:That could've been a good feature! on Microsoft Retracts Private Folder Option · · Score: 1
    Last I checked, "Windows Update" and "SUS" will not look into a central repository on the internet to locate and apply updates to Firefox, OpenOffice, Norton AntiVirus, Photoshop, Winamp, iTunes, or any other application that isn't made by Microsoft.

    No, it won't.

    You can, however, push out software (and subsequent updates) to machines (and/or users) via GPO.

    I'll go so far as to claim that Microsoft unfairly leverages their monopoly to apply easy, integrated updates to their products without providing facilities for 3rd-party products.

    An I'll go so far as to say you're a paranoid, ignorant zealot.

  15. Re:That could've been a good feature! on Microsoft Retracts Private Folder Option · · Score: 1
    Windows is lacking many significant features and qualities required of an enterprise operating system.

    For example ?

    Give me a random list of 5 (home) windows users. How many of them have had a virus at one time or another? Spyware? How updated are their "3rd party" applications? Now, give me a list of (home) Linux users and let me know how far behind on their updates?

    Your comparison is broken. The average Linux user is *vastly* more technically competent than the average Windows user. Of *course* their systems are going to be better maintained.

    I doubt that many Windows workstations are ever configured to levels of security even on par with even an average Linux distribution's default security.

    Considering how relatively trivial that is, I'd have to say you're wrong.

    Enterprise deployments are a bit difficult, but I'll venture to say that enterprise Linux systems could possibly be less up-to-date than Windows systems within the enterprise, on average, for two major (and closely related) reasons: 1) lazy or inexperienced systems administrators, and 2) "it just works".

    Which are exactly the same reasons Windows systems in the enterprise are poorly maintained.

    I've been around to clean up the mess after such guys, and it isn't pretty.

    Yes, well, I've had the displeasure of dealing with Windows machines after the "unix guys" (or, even worse, the "linux guys") have come in and try to run it like they think a unix environment should be run, and it ain't pretty either.

    My argument is that Windows is less "enterprise ready" than other systems, but I agree that Windows is certainly "enterprise deployed". A system that is "deployed" doesn't necessarily mean it is "ready", or at the very least "less ready" than the competition.

    If Windows had even half the problems people like you insist it does, then it wouldn't enjoy the market share it does.

  16. Re:What creates terrorists on Mumbai Bombings Give Outsourcing Community Pause · · Score: 1
    is poor, desparate men and women with nothing to lose. Take someone, give them a job, a family and a future and see how eager they are to plant bombs on trains.

    I think you need to read up on the people who blew themselves up in London a while back.

  17. Re: Response from a Fanboy on Core 2 Reviews All Around the Web · · Score: 1
    This processor, imho, is as much an AMD product as it is and Intel one. Not because AMD developed it, but because it would not exist if it were not for AMD.

    Your argument applies vastly more to any and every CPU AMD has ever produced.

    If AMD were to go under tomorrow, this would be the last processor we can expect to see from Intel for at least 10 years.

    Don't kid yourself. The *market* demands faster CPUs every year.

    You may argue that progress would not be as quick, nor prices as low, but to say it would stop altogether is sycophancy of the worst kind. The first CPU AMD ever produced that was better than Intel's best was the Athlon, ca. mid-1999. According to your logic, intel shouldn't have moved on from the 386 by that point, yet by then they had managed to produce the 486, Pentium, Pentium Pro, Pentium 2 and Pentium 3.

    This is the CPU Intel should have released years ago. Good to see they are finally close to where they should be. However, don't expect me to congratulate Intel too much for doing what they should have been doing anyway!

    But, let me guess, you congratulate AMD even though they are only ever as much "finally close to where they should be" as Intel is.

  18. Re:Build one instead? on 3.5 Terabyte NAS Reviewed · · Score: 1
    Why is everyone always using 4 drives or 8 drives with RAID5?

    Most likely because it's exceptionally uncommon to find disk controllers with odd numbers of ports.

    Most everyone building big chunks o' disk value space over performance. Particularly when they're typically going to be accessing it using PCs with pitiful bus bandwidth and/or over <10G ethernet.

    I am using a software RAID5 and the difference between optimal and non-optimal is 71MB/s vs. 8MB/s writes!

    Your problem is(/was) elsewhere. I have numerous RAID5 arrays with even numbers of drives getting over 100M/s write speed.

    Possibly the RAID5 implementation on whatever OS you were using wasn't particularly good ? While I'm not a huge fan of Linux in general, it's software RAID and LVM capabilities are second to none in the OSS world.

    Hardware controllers could overcome some of this with their buffer memory, but I still think you should be using the optimal number of drives there.

    Doubtful. The scenarios where hardware RAID is faster than software RAID - particularly when you're at the filesystem level and not the raw device level - are few.

  19. Re:The more vulnerabilities the better? on PowerPoint ZeroDay Vulnerability Exploited · · Score: 1
    As the dominant Office suite, MS Office has both security problems and actual exploits. TFA mentions one such. Of course OpenOffice is going to have fewer actual exploits, because it has less market share; all the money is in breaking into MS Office.

    Marketshare has no relation to security problems. I know this, because everyone on Slashdot keeps telling me it's true.

  20. Re:The more vulnerabilities the better? on PowerPoint ZeroDay Vulnerability Exploited · · Score: 1
    The security in OOo's case is the fact that there exists a body of developers who are more likely to fix (or accept patches for) vulnerabilities as they are found simply as a consequence of the exposure of their code to the world's scrutiny.

    Your basis for the assumption OO developers are more likely to fix bugs ?

    Microsoft has no such audit process to keep them "honest".

    Your basis for this assumption ?

  21. Re:Security doesn't start at rootkit detection on Windows Rootkit Wars Escalate · · Score: 1
    The SRM Access Control Lists could be used to mitigate many of the security issues that plague Windows, but are largely ignored.

    How are they ignored ?

    (I certainly hope you have a better answer than "the default account for unmanaged installations is an Administrator").

    The userspace and administrative separations have been castrated by other design decisions, which may or may not be fixed in Vista.

    "Castrated" how ? What design decisions ?

    The hardware abstraction provides a perfect basis for leveraging VM or the like for integrated security, but is not applied to that purpose.

    The HAL primarily exists to maintain portability and modularity. I think any ideas about turning it into a hypervisor would be *extremely* ambitious.

    Not to mention the vast majority of security breaches happen at a [much] higher level.

    OpenBSD, FreeBSD, Solaris, SELinux, and I'm sure a number of other OS's have implemented features to provide this functionality.

    But none of them have done so in a way even remotely similar to the kind of use you are talking about. Added to that, none are doing it with *every* application - not even the ones that come by default, let alone automatically to new ones subsequently installed.

    By that measure, you can download VPC from Microsoft for free.

    (Not only that, but you completely ignore the fact that Microsoft almost certainly wouldn't be able to integrate any sort of decent virtualisation technology into Windows, due to anti-trust issues).

    I'd say both Solaris and OpenBSD were implemented from the ground up with security in mind.

    I wouldn't. Both of them were just reimplemtnations of UNIX with little (if any) major changes in design.

    Windows NT is *at least* as "designed and built from the ground up with security in mind" as both of them.

    Just because you reuse existing parts does not mean your design does not take security into consideration for the fundamental architecture.

    Which "security considerations" in the "fundamental architecture" are you thinking of ? Where does the fundamental security hole of the root user fit into your beliefs ?

    No it doesn't.

    Yes, it does, because by a technical measure, Windows has all the security features - more, in many cases - of its contemporaries.

    I certainly hope you aren't defining Windows's "security problem" by the number of infested machines, because market share *alone* makes that an invalid basis for any meaningful comparison.

    Which means the OS has failed.

    No, it doesn't.

    One of the single most important jobs of an Operating System is to hide information, from both end users and developers. It's called abstraction - without it we'd still be flipping switches on the front of a box with some LEDs on it.

    It is the job of the OS to let the user know what is going on and control it.

    So what should the OS do when the user *tells it* to install the rootkit ?

    If something takes over without telling the user and without letting them control it, the OS has fundamentally failed.

    So where do trojans fit into your worldview ?

    It is the OS's job to tell the user what is happening and let them make choices.

    This does not preclude them from making *bad* choices.

    Note that the OS has little chance of telling whether an end user has made a "good" choice or a "bad" choice (and apparently in your model, doesn't even make the attempt).

    Blaming the users for failing to make good choices when the OS has both failed to provide them with the information they need and failed to provide them with the choices they want is idiotic.

    Good thing I didn't do that, then.

    You assert that given the information they need and the choices they want they will still fail, but you have provided not a shred of evidence to support that, nor does it logically follow.

    Appa

  22. Re:Too late? on ReactOS Reviewed in Depth · · Score: 1

    That link does not support your assertion.

  23. Re:Security doesn't start at rootkit detection on Windows Rootkit Wars Escalate · · Score: 1
    This is very true, but the previous poster also has a point. Most of the important architectural features of the NT core that can be used to provide a secure OS are ignored by the rest of the operating system.

    Which "important architectural features" do you think are being "ignored" ?

    In the posts this person replied to I've described a design that would mitigate rootkit and other attacks. It is not something I've invented on my own, but merely the direction many of the more secure OSs (designed from the ground up with security in mind) are taking.

    Is this the run-every-app-in-a-VM idea ? Who is doing this in a fashion remotely useful for application to desktop OSes ? Which OSes are you thinking of that fit your description ? Because I'm not aware of any other contemporary OSes which aren't either a) UNIX, or b) (faithful) reimplementations of UNIX - and UNIX sure as hell wasn't "designed from the ground up with security in mind".

    I don't think anyone with a clue would argue that Windows does not have a security problem and it has not been ongoing for quite some time.

    Well, that depends on whether you think Windows "security problems" - indeed, security problems in general - are primarily a social or technical problem.

    I certainly hope you have a better basis for your belief than the sheer volume of exploited Windows systems.

    The average user cannot safely and easily use their computer and it falls down in many regards, as I documented, including letting rootkits run wild without letting the user know it is happening and giving them the opportunity to stop it.

    You seem to be missing the point. One of the inherent features of a rootkit is that it can take over the system without the user knowing.

    So long as the end user is able to install arbitrary software, the system will be vulnerable to not only rootkits, but all other forms of malicious software as well. Most users are not capable of making appropriate decisions regarding what their computer should and shouldn't run and have little interest in gaining the requisite knowledge. To compound this problem, programmatically divining whether a given application is doing something "good" or "bad" and thus informing the user, is extremely difficult (if not impossible).

    If MS cared what end users wanted, they would have implemented this or some other major security features years ago.

    Seems to me they've had more important things on the menu and higher priorities - like making sure their system is still useful to users.

    There are hundreds of security experts who are at the top of their field and almost all of them could have outlined a system like this or that would have the same effects.

    Security "experts" are notorious for placing usability a far, far second to "security". Security and usability are, unfortunately, inversely related.

    Personally, I find the thought of using a system designed by "security experts" to be frightening, at best.

    I believe the point the poster was trying to make was that for all their talk of a more secure OS they haven't done this and are not interested or capable of so doing.

    No, they have the vastly more difficult task of finding a balance between security and *usefulness*. The most secure system in the world is useless if no-one will (or can) use it.

  24. Re:I wonder... on Debian Locks Out Developers · · Score: 1
    Most Windows exploits are OS exploits.

    Most "Windows" exploits are Windows *user* exploits.

  25. Re:Offtopic? on VMware Releases Server 1.0 · · Score: 1
    It's not a silly little irrelevance.

    Yes, it is. Much like people who get all hot and bothered about how Windows has that login screen sitting there all the time.

    A server should *only* run what is required to run the apps on that server. Anything else is a security risk and a maintenence headache.

    Customising installs and making your server configurations all different from each other usually ends up being the larger maintenance headache.

    I've worked in the kind of environment where the previous sysadmin got it into his head that every single server should be carefully customised to run only the absolute barest essentials to do its job. It was a nightmare of configuration inconsistencies and dependency hell.

    When an exploit is found in directx why should the servers need to be checked?

    They wouldn't. Firstly, DirectX isn't even enabled on Windows 2003 by default. Secondly, it would require an attacker to have a local logon (in which case your machine is as good as hosed anyway).

    And of course this being windows updating all this redundant crap requires a reboot - requiring scheduled downtime which means the server may be unupdated for several weeks (one place I worked at you had to get scheduled downtime cleared by the IT manager, who went to his weekly meetings with the board.. who often said no).

    Firstly, it would be extremely unlikely to require any reboot to patch a module not in use.

    Secondly, if you cannot schedule a planned server reboot within 24 hours of knowing it's necessary, then your architecture (and/or procedure) is broken. Indeed, even if you can't handle an immediate, unscheduled reboot, your architecture is questionable.