Slashdot Mirror


User: drsmithy

drsmithy's activity in the archive.

Stories
0
Comments
12,153
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,153

  1. Re:Easy on What Corporate Email Limits Do You Have? · · Score: 1

    The post is an oustanding example of everything that is wrong with the average corporate IT department.

  2. Re:Storage limits and mailbox management on What Corporate Email Limits Do You Have? · · Score: 4, Insightful
    If you're storing a 1GB or more in your mailbox, you need a better method of storage.

    Trouble is there isn't one.

    You wouldn't think of keeping all of your snail mail in a single box.

    Actually, if I had a simple, automatic way of copying the entire thing and searching it, I most certainly would.

    Contrary to common belief, users don't use their email as a universal archive to annoy IT departments, they do it because they don't have a better option. The reason they don't have a better option, is graphically demonstrated from the numerous replies in this forum suggesting things like "FTP" and "CVS" as suitable alternatives.

  3. Re: SATA on What Corporate Email Limits Do You Have? · · Score: 2, Interesting
    The odds against 2 drives in a SATA RAID-5 array breaking before you can get one replaced is highly unlikely.

    Actually during the rebuild is the time the next drive is *most likely* to fail, since it's usually the first time for quite a while every part of every disk gets touched.

    Anyone using SATA disks that aren't configured in either a RAID6 or RAID10 is playing with fire. The risk increases dramatically with the number of disks. Anyone with an array holding critical data with 8 or more disks that isn't RAID6 or RAID10, is nucking futs.

  4. Re:George Lucas is wrong on George Lucas Predicts Death of Big Budget Movies · · Score: 1
    If copyright'd be gone, how *would* content creators actually protect their work?

    Assuming by "protect" you mean "restrict", then they wouldn't - the law would merely agree with real life.

    I'm all against patents, and against authoritarian punishment as it's being done now if you do as much as copy a CD, but I fail to see how things would work without any notion of plagiarism or copyright.

    There is a vast, vast gulf between recognising who is responsible for a work and the use of force to restrict the distribution of information. You should not conflate the two.

    "Things would work" the way they do now, just with less money ending up in the hands of everyone involved (except the consumers). Despite the Chicken Little-like behaviour of the movie industry, most people would still prefer to see a movie at the cinema. Similarly, most people would still like to see a movie "now" rather than 6 months down the track when it comes out on DVD. The movie (and record) industry won't have any trouble convincing people to spend $$$ going to the movies. What would really take a hit (relatively speaking) would be the profits from DVD sales and rentals.

  5. Re:No flight simulator either on MS Thinks OOo is 10 Years Behind · · Score: 1
    I'm more worried about the auditing process that allows several pages of code with unknown or unapproved funcionality to be slipped past management and into shipping.

    Right. And you seriously think that this process has not changed since then ?

    And once again Micrsoft does something to create the 'appearance' of improved security, without doing the slightest thing about the underlying problem.

    So the presence of a rudimentary terrain generator - maybe a couple of pages worth of code - in a product nearly 10 years old, is relevant to their current methodologies how, exactly ?

  6. Re:No flight simulator either on MS Thinks OOo is 10 Years Behind · · Score: 1
    If some programmers at Microsoft with too much free time can slip an entire fucking _flight simulator_ into a business product and get it shipped past management, how safe does that make you feel about Microsoft products in general?

    Not particularly concerned.

  7. Re:10 years behind? Sounds about right on MS Thinks OOo is 10 Years Behind · · Score: 1
    So perhaps you can tell us exactly how ms office is leaps and bounds ahead and is a compelling upgrade from 97.

    If you don't already know, chances are pretty high newer versions of Office *aren't* a compelling upgrade for you.

  8. Re:protection? yeah, right on Symantec Users, Start Your Keyloggers · · Score: 2, Insightful
    The OS can protect the system from stupid users so they can't do anything damaginng.

    Which, were it still the 70s and everyone was using dumb terminals off a mainframe, might be something worth considering.

    However, in today's world we have these things called *Personal* Computers that aren't managed by a team of engineers and rarely have more than one user. On PCs, the "system" is the *least* important data on the machine.

    In Linux and other UNIX-like OS its trivial to set it up so a ignorant user never can download a random file from Internet or save an email attachment and then execute it so it infects the computer. Just give the user a home directory which may not contain executable files.

    Which is fine for a managed environment (and is just as possible with Windows). On a home PC without a dedicated sysadmin, it's not even a realistic - let alone practical - solution.

    In Windows this nearly requires an masters in CS to be able to do.

    If you can figure it out in Linux, you should be able to figure it out in Windows. Unless, of course, you have no interest in doing so.

    Linux are better for home users and non-computer literate users since its easy to become safe from email viruses and web viruses.

    If you've got your own sysadmin to manage and run the system, sure - but the same applies to Windows.

    If you want security go with a UNIX-like operating system and set it up so ignorant users CAN'T infect the system.

    Or you could just set Windows up likewise. Neither will be terribly useful as a general purpose computer, however.

    One don't need anti-virus programs in Linux since one can use the OS to protect against ignorant users.

    Not while remaining useful as a general purpose computer, you can't.

  9. Re:protection? yeah, right on Symantec Users, Start Your Keyloggers · · Score: 1
    Antivirus software to secure their unsecure operating system.

    No, Antivirus software to protect ignorant users.

    OS security can't protect users from deliberately running malicious code, which is why AV software is necessary for some people.

  10. Re:same trick as msn search on Microsoft Claims Worlds Best Search Engine Soon · · Score: 2, Insightful
    This is what I don't get about MS. Every time they come out with a new OS, they block off a large segment of the market because of very high minimum requirements.

    Eh ? Windows has an _excellent_ record of being usable on older hardware. Typically if it's 5 years old or newer, it'll run the latest version of Windows either out of the box or with some very minor tweaks/upgrades.

    Windows XP and 2003, for example, are quite usable on ca. 1998 PCs if they're bumped up to 512M or more of RAM. They're both usable for very basic tasks (email, word processing, simple web browsing) on ca. 1995 Pentium machines, if you really want to.

    Even the current version of Linux will run on a 486.

    No feature-comparable version of Linux runs on a 486 (particulary a 486 as it would have existed ca. 1994). No KDE, no GNOME, no Firefox - at least not at any sort of acceptable performance level.

    DOS runs quite happily on a 25 year old PC. That doesn't make it a valid comparison to Windows XP. Neither is any version of Linux that runs acceptably on a 486.

    When you look at it, windows XP doesn't really offer anything new over windows 95.

    Much like Linux doesn't offer anything over DOS...

    Since microsoft doesn't sell PCs, doesn't it make sense that they sell a product that works on as many PCs as possible, instead of working only on PCs made in the last 2 years?

    Generally, Microsoft set their baseline machine as something that was high end ~5 years previously and mainstream ~3 years previously (since most businesses run on about a 3 year cycle). This has been true for pretty much every version of Windows ever released.

    Additionally, you ignore that the vast majority of customers don't buy Windows, they buy a new PC that has Windows installed - so how well it runs on older hardware for most of their customers really is irrelevant, because they'll only ever use it on hardware that is quite capable of running it.

  11. Re:Of course they do on 'Infectious' Open Source Software? · · Score: 1
    The GPL does not expose a company's source code to competitors unless they choose to incorporate GPL code into their own.

    Unfortunately under the GPL linking is considering "incorporating".

    This is a choice, a conscious decision. It's a decision you don't even have with proprietary closed-source software.

    Linking to libraries under proprietry licenses almost never requires any special considerations on the developer's behalf.

    Linking to GPLed licenses, OTOH, *does*.

  12. Re:Another Flaming Troll, Complete with Sigh. on 'Infectious' Open Source Software? · · Score: 1
    1. FOSS licenses are less restrictive than non free licenses in every way.

    Not true. Linking to GPLed code exposes the developer to far more restrictions (ie: their code must be GPLed, or some license of equivalent or fewer restrictions) than linking to proprietry code.

    The rest of your opinionated rambling I'll leave.

  13. Re:Popularity decides if an OS is secure. on Computer 'Worms' Turn on Macs · · Score: 1
    Exactly the problem. The concept of true discreet roles doesn't exist in the architecture.

    Yes, it does. Windows NT has been multiuser since day 1.

    This results in no real difference between launching a program as an Administrative user and launching it as an unprivileged user because the user mode components of the kernel (e.g., csrss.exe and lsass.exe) run under the Local System account which has complete access to all the resources of the machine. Additionally, most of the daemon programs run under this account as well.

    This is as dumb as saying unix lacks user seperation because lots of daemons run as root.

    Under Windows XP, user accounts have fairly granular privilege control that allows you to specify what the user themselves can actually do, but you always have the user mode components running with full privileges (which I would consider the equivalent of SUID root) [...]

    Er, no. Applications run at the same privilege level of the user.

    Prior to XP, you didn't even have that level of access control and the system was pretty much open.

    False. Windows NT has _always_ been multiuser.

    (This stuff is so basic, and you're so wrong about it, that I'm pretty sure you're just trolling, now).

    As long as this situation exists, Windows is inherently insecure. Hopefully, Vista will change this, but sticking your head in the sand doesn't make it less true.

    Your fundamental knowledge of Windows is simply wrong.

    Probably not by design, but true nonetheless. With a default installation using default Microsoft tools, it is possible, for example, for received e-mail atachments to be launched or launch executables, and Active X components embedded on web pages can all.

    Not without user interaction or a changing of default settings (or a software bug, but that's outside the scope of this discussion).

    In these cases, they are able to interact with the user mode components I mentioned before that run with full privileges. Spend five minutes with Google and I guarantee you can find an example of this.

    Well, since you're so fundamentally confused about what you're talking about, it's difficult to do any meaningful Google searches based on the comments you've made.

    Bruce Schneir once showed a proof of concept exploit using an ActiveX component on a web page that, if loaded in Internet Explorer deletes your entire hard drive without any further interaction by the user!

    So link to it. I'll be quite happy to give it a go in a VMWare machine.

    Feel free to keep thinking I don't know what I'm talking about.

    You don't. Well, you might in theory, but since your comments regarding Windows are based on fundamentally incorrect assumptions, your conclusions certainly demonstrate you have no idea what you're talking about regarding Windows.

    Not only that, but disproving your claims is trivially simple (eg: according to you, a regular user should be able to delete any file on the system, but they can't, they should be able to modify any part of the registry, but they can't, they should be able to kill any running task, but they can't, etc, etc). Anyone with any version of Windows NT (running on NTFS) can see how wrong you are and anyone who has even a passing acquaintance with Windows NT already knows how wrong you are.

    Sure, just type [...] and you have malware if you can get somebody to run it.

    This basically describes 99% of Windows malware.

    That's annoying and inevitable - only common sense can stop trojans, but writing a true worm for OS X or Linux that can spread from machine to machine quickly? Go ahead and do a proof of concept one if it's so trivial. So far, I've seen one that comes close to being that - which is the iChat 'worm', and that is nowhere near the threat as the SQL Slammer or Blaster worms...

    The iChat worm is a trojan, not a worm. Real worms - that propogate without any user interact

  14. Re:Geee....we forget so easily.... on Why Vista Won't Suck · · Score: 1
    Okay, so 10 yrs I had a 7,200rpm drive. And today...I still have a 7,200rpm drive.

    A 7.2k RPM drive in 1996 was top-end SCSI hardware, very expensive, probably around 9G in size and a 2M cache, if that. A 7.2k RPM, 160G, 8M cache drive today is dirt cheap.

    Todays equivalent to your ca. 1996 7.2k RPM drive is a 146G, 15k RPM, 16M cache SCSI device costing US$500+ that has *substantially* greater performance.

  15. Re:Viruses? on A DVR Security System That Isn't Based on Windows? · · Score: 1

    One reboot? If you install Windows, allowing for its one reboot, then install one app, skip the reboot (when prompted), install the next, skip the reboot, etc. you're getting right back to the exact DLL Hell that Win3x and Win9x were known for.

    WTF kind of applications are you installing that need a reboot after each one (even if they do, it's the application's fault, not Windows's) ?

    The reboots are not just to waste your time, it's to upgrade files that are in use, and by skipping the reboot you'll be (potentially) overwriting the .1 files again and again with various versions - sometimes upgrading (which is usually not a problem) and sometimes downgrading again (usually a big problem and sometimes too sporadic to track down in a reasonable timeframe).

    Actually those operations are fine to queue up, the system has been designed to do so. Not that applications replace existing files very often.

    Your complaints sound very much like they're ten years old.

    *nix is a little smarter than that. Need to update a library? Go right ahead. When the current processes end and new ones launch, the new version will be loaded automagically.

    Yes, and woe betide any application which expects to find one library then suddenly finds another.

    Also, how exactly are you getting Windows XP itself installed in 15 minutes, let alone Windows XP plus a full suite of applications to be comparable to ubuntu?

    You can create an unattended Windows + patches + applications install, if you so desire, that was the requirement I was commenting on. No, it probably can't do it in 15 minutes without going the imaging route, but if that time constraint is anything more than pointless bragging and imaging is not an option, your environment has architectural issues that need addressing.

  16. Re:Viruses? on A DVR Security System That Isn't Based on Windows? · · Score: 1

    Windows cannot be installed, and up to date, WITH APPLICATIONS in anywhere near this time.

    If the time is anything more than pointless bragging, your environment has problems.

    You cannot slipstream a completely configured IIS install.

    You can automate it though.

    You cannot slipstream a nontrivial user environment.

    Roaming profiles.

    You cannot slipstream anything but updates.

    And drivers. You can also automate application installations.

    Even with SMS remote rollout it takes more time. You cannot slipstream a configured Active Directory.

    Group Policy.

    This just isn't something that is tolerable on more than 100 machines.

    You can completely automate a Windows installation from bare machine to functional OS and applications. That was the requirement and that is what can be done.

    Bottom line is, there are things, as a Unix guru, that I can automate at unit install time that would require a team of programmers and cooperation from Microsoft to accomplish with Windows. Even more importantly, they are things that you WANT to be able to do.

    For example ?

    Finally, licensing is TECHNICAL. When Windows doesn't feel good about being licensed, IT REFUSES TO RUN! This was bad for people whose images tripped issues when going from SP1 to SP2 and it was bad for a similar group of people when Windows Genuine Licensing stuff hit the scene. Regardless of "philosophical" issues, the it helps your software to run and upgrade reliably when it doesn't have a paranoid mode designed into it whereby it refuses to correctly run. When thousands of desktops (or worse, embedded seats) require attention due to a completely unnecessary "feature", it is hardly philosophical. It turns into dollars and cents.

    You haven't described any technical issues, merely the results of not having appropriately licensed software. This is hardly an issue unique to Windows, it is common to *all* software that uses licensing to determine functionality.

    If the licensing were only on paper it would be philosophical. The licensing is in the code. Soon enough it will be in the hardware.

    Software licensing has been enforced in hardware for a very, very long time (typically with a parallel port dongle). Again, it's hardly something unique to Windows or Microsoft - indeed, they're pretty late to the party.

    How anyone can recommend software with mandatory licensing for mission critical systems is beyond me.

    Yet strangely, this applies to most "mission critical" systems.

    Truly astounding, how something you cannot understand is common practice across pretty much the entire industry. I wonder why that might be ?

    For what its worth, with identical hardware I've got some homegrown deployment stuff that deploys images of Windows, FreeBSD, and Linux. I can do about 100 machines in 30 minutes. That said, the Windows machines require about ten minutes each to adjust the SID and replace the license key (to protect us from future problems with licensing). I have used Ghost in the past but it gets argumentative about some hardware and, when properly licensed, costs more money than I care to spend. It works better than most stuff I've tried. Face it, this is not a problem that Microsoft has solved yet.

    Maybe you should inquire as to how those major OEMs like Dell, HP and IBM manage to get so many machines out the door.

    I have to laugh at most of this thread. When you run your own business, and IT budget saved is your extra salary, suddenly it become painfully obvious how corporate culture prevents people from truly appreciating the cost of Windows. If the costs are always hidden in someone else's wasted time or just another line-item in the budget, its easy to accept the mess of costs, licensing, and strong-armed industry tactics that come with Microsoft. I, for one, do just fine without them.

    Which is great for you. If the

  17. Re:Popularity decides if an OS is secure. on Computer 'Worms' Turn on Macs · · Score: 1
    Comparing over 200,000 exploits, many of which have been exploited by malware in the wild versus somewhere around 200 with only a few actual exploits, most of which are proof-of-concept?

    The only difference between "in the wild" and "proof of concept" exploits is their propogation.

    Both OS X and Linux are very poor environments for propogation because they are uncommon. Linux is worse again, because it is typically operated by users who are quickly able to identify and fix problems, then pass that information along to other users.

    Windows, OTOH, is an ideal environment for fast, wide-scale propogation. It's ubiquitous and the userbase is typically incapable of even identifying - let alone fixing - problems.

    When the userbases of OS X and Linux have anything even approaching the marketshare of Windows, and the end user demographic of Linux is at all similar to OS X and Window, only then will comparing "security" by way of looking at the "security record" be meaningful. Until then it's a pointless exercise, because there's simply too many key variables that cannot be reasonably normalised.

  18. Re:not a worm or a virus! on Computer 'Worms' Turn on Macs · · Score: 1
    No, it's been demonstrated that really poorly crafted dialogue boxes that the average person can't understand, always provide the same two choices, and don't give the user the option to select what they need does not work well. I think anyone who has ever read a book, taken a class, or practiced UI design or usability could have told you that without ever seeing the system in action. Just because the implementation in Windows is horrible does not mean it cannot be done right.

    It's the concepts, rationale and results that are difficult to understand, not the messages.

    The problem isn't the communication of the information, it's the information itself.

    First, you don't give them "Yes/No" answers.

    Yes, you do. Certainly, you dress it up with some more verbiage and make the actual text of the buttons themselves actions, rather than questions, but in the end it still boils down to:

    "Do something: Yes/No".

    Your assumption is that you can convey enough information in the dialogs for the user to be able to make a decision that is always the right one. My belief - and experience - is that it cannot be done. If some random email tells users they need to permit its attachment to open their address book, access their files and send a thousand emails before it allows them to see the boobies, give $10 for free to aid third world hunger, or a one in a billion shot at winning an iPod, then they'll do it.

    Eventually MS did add such an option, but the problem this demonstrates is not that dialogue boxes suck. The problem is the user was not given the control they needed.

    And my point is proven simply by noting that even when this option exists, people *still* open Word documents with destructive macros.

    Users want and need a third option to "run the program but don't let it screw anything up."

    How can you define "don't screw anything up" programatically ?

    And really how often is he going to install a program that he does want to have access to his kernel, address book, and internet?

    Quite frequently, once those things have to be done for malware to get anywhere.

    The other fatal flaw in your reasoning is your assumption that programmers won't needlessly attempt to acquire higher privilege levels, thus triggering all this warnings and dialogs so frequently that clicking "yes" just becomes the automatic reaction it is today. This assumption is, at best, naive.

    If the software won't let him do anything or is getting in his way unnecessarily then it is poorly designed.

    Or maybe it's just protecting him from "screwing up his system". Who's to decide ?

    Defaults should be set for the most common cases.

    The default for Outlook when "opening" an attachment has been "Save" rather than "Open" since day 1, with every-more-alarmingly worded dialogs accompanying it through every relase. Hasn't made a difference - people still happily open attachments without even reading the dialog, let alone thinking about the possible consequences. Why ? Because the "common case" for secure computing (save, scan and/or sandbox, open) does not equal the "common case" for "ease of use" ("show me the boobies NOW").

    I don't think users will be upset if they get a dialogue box warning them, in plain and understandable English the first time a new program tries to access their buddy list and asks if they really want that program to have access.

    Neither do I. Nor do I think they'll hesitate for an instant to click "Yes" if that's what it requires to get the program to produce the result they expect.

    Ditto for editing files created by other programs, modifying the OS or other programs, accessing the e-mail address book, sending e-mail, etc.This is where the dialog-box barrage appears. If you're going to pop up a dialog every time something "risky" is attempted - or even just the first time - the end user is going to get a lot of dialogs, most of which are going

  19. Re:Popularity decides if an OS is secure. on Computer 'Worms' Turn on Macs · · Score: 1
    Primarily the fact that any executable running on Windows runs as the equivalent of SUID root in Unix - applications are privileged to do things the user launching them can't.

    False. Indeed, Windows doesn't even *have* the equivalent of the Unix SUID concept, let alone use it by default.

    Additionally, there are mechanisms built into the system that allow malicious code to be fired automatically without any interaction by the user.

    Not by design there aren't.

    the combination of the ability to make code (from an e-mail, ActiveX component on a web page, etc.) run without interaction and the fact that executing code runs with super-user privileges means that there is a much greater potential for damage with Windows malware.

    Your assumptions - and therefore your conclusions - are wrong.

    A trojan on my Mac, or on Linux or any Unix, or for that matter OS/2, BeOS... can only do what the user launching it can do, no more. It can't touch files or ports or processes that the user doesn't have access to, and the most sensitive stuff (by default) standard users don't have access to. Attempts to exceed the launching user's authority will either be rejected or will result in an authorization prompt.

    Neither OS/2 nor BeOS are multiuser OSes and thus don't even have the concept of "what the user can do" (or, put another way, they behave the way you mistakenly assume Windows does).

    Not so on Windows, where once the code is launched, it can do just about anything, including modify the registry.

    False. The code can't do anything more than the users privilege level allows.

    There ARE potential exploits on Mac OS X or other Unix or unix-like operating systems that can get around this, but they are much more difficult to write and are usually patched relatively quickly, often before an exploit exists in the wild.

    It would be trivial to write malware for OS X or Linux, since 99.9% of the things malware does has no requirement for elevated privileges.

  20. Re:Viruses? on A DVR Security System That Isn't Based on Windows? · · Score: 1
    I mean, a system loaded, setup, and READY FOR PRODUCTION in 15 minutes, not just a bare O/S. One reboot. Sorry, but Windows just can't cut this mustard.

    Windows can do it just as well, if you know what you're doing.

    (Well, apart from the licensing thing, but that's a legal and/or philosophical, not technical, limitation.

  21. Re:There are two parts to this. on Computer 'Worms' Turn on Macs · · Score: 1
    Its trivial to check the 1st few blocks of a program against a table and not let the user run it even if they keep clicking on the shiny icon

    Who maintains the "table" ?

  22. Re:I disagree with this on Computer 'Worms' Turn on Macs · · Score: 1
    But, come on, there's absolutely nothing obscure about writing a virus for OS X.

    You misunderstand. The "obscurity" part for OS X comes from the fact that it's only represented by 1 in every 100 machines. For Linux, it comes from the fact that the vast majority of the userbase will either be smart enough not to let your malware in and/or capable enough to clean it up before it does any damage.

    The relative "vulnerability" of Windows comes from the intersection of its marketshare *and* its user demographic. Take either away and malware infestations would be practically nonexistant (limited to those that actually exploit the OS).

    All we're really arguing then is whether any virus writers care more about notoriety than zombie machines, and I think there are certainly a number out there who do.

    Indeed - and those "concept viruses" for OS X (and Linux) that get scorn heaped upon them are the result. The "first" OS X and Linux viruses have already been written. What you're after is the first catastrophic infection, which is highly unlikely to ever happen to OS X or Linux in their current states of marketshare and user demographic.

    It's not *hard* to write a piece of OS X or Linux malware - any amateur programmer could knock one up in a matter of hours. The hard part is getting it to propogate on systems that are either a) uncommon or b) properly maintained.

  23. Re:Popularity decides if an OS is secure. on Computer 'Worms' Turn on Macs · · Score: 1
    Far be it for me to shatter your little bubble, but Apache Web Server is more popular than IIS, and has significantly less critical exploits.

    This comparison is so stupid it's amazing people continue to make it (and that's ignoring that it's simply flat-out wrong).

  24. Re:Popularity decides if an OS is secure. on Computer 'Worms' Turn on Macs · · Score: 1
    Hardly. There's a correlation, but it's not even close to being a direct correlation. If it were, there would be somewhere in the realm of 15,000 exploits in the wild for Mac OS X.

    Only if the relationship is linear. Even a few brief thoughts about the environment should tell you it won't be.

    Windows, although it's getting better, and hopefully Vista will be much better, has architectural issues that make it easier to exploit.

    Such as ?

  25. Re:not a worm or a virus! on Computer 'Worms' Turn on Macs · · Score: 1
    The problem is that "trading freedom for security" may seem like a good deal to millions of users sick of viruses and spyware. Hopefully Linux or BSD can demonstrate that it's possible to protect against malware while putting the user's interests above Hollywood's.

    As long as the user has the ability to run arbitrary code on their computer, protection against malware is impossible.