Exactly. Intel got lucky in the sense that this little R&D group in Israel was able to come up with something brilliant, and the company was able to capitalize on it. If the Israeli group hadn't done so, the situation might be much much different.
That doesn't mean the Israeli R&D group got lucky - they're just brilliant. The company got lucky.
If they have good redundancy, they have two separate networks and two independent, preferrably different network cards, in all systems. Then they would do fail-over. Seems to me that if one card can bring this down, then the people that designed the redundancy screwed up badly.
It sounds to me like they DID have two separate networks. A faulty NIC was able to overcome that setup, by tricking the fail-over system into thinking that it didn't need to switch to the backup network.
The problem is, NICs can fail in all kinds of ways that yanking cables won't simulate. In this case it sounds like if they had yanked the cable, the backup system would have come online exactly like it was supposed to, but because the faulty NIC was kinda-sorta-almost-but-not-really working, it didn't. That's a difficult thing to test in the lab.
Most of our country's laws are based off Christianity. I honestly don't see why they don't just ratify the Bible and get it over with.
As a Christian I can tell you that no, they're not really.
People pick and choose which parts of the Bible they want to pay attention to (e.g. Leviticus 18:22) and which parts they want to ignore (e.g. Matthew 18:22).
Sure, which is why when the 5th Amendment (or the 4th, 6th, or 8th) is inconvenient, the government can just send you outside the US. Problem solved!
(The 4th Circuit Court of Appeals just ruled that the President can designate anyone, including US citizens and legal residents, as "enemy combatants" and ship them off to a military base in Cuba, which is technically outside the United States even though we have complete control over it.)
What you request, on a kernel level, is no different than programmatically allowing a process to execute without an elevation prompt. Even though *you* gave it permission once, any malware that you install later on can fake this and run with elevated permissions.
Ah, but what I'm envisioning is a simple database of applications that I have approved to run with administrator privileges without a UAC prompt. The database would include the path to the file, obviously, but also a hash (MD5 or whatever) of the actual binary, to protect against tampering. This would be an application that I explicitly trust to run on my system, even if a piece of malware launches it instead of me. For added security, let me specify which command-line options are OK to launch it with (typically none), to prevent malware from launching it with command-line options I don't like.
Keep in mind that ClamWin won't scan files in realtime as they come into your system; it only does a full system scan periodically (the thing other AV programs recommend that you also do in addition to their normal realtime scanning). This is why ClamWin doesn't satisfy the requirements of XPSP2/Vista's Security Center.
OK, to be fair, ClamWin also lets you scan a specific file by right-clicking it; you don't have to do a full system scan for that. And there's a plugin for Outlook, so it will scan attachments as they come in. And there are probably plugins for Firefox and Thunderbird to do the same for those apps. Still, I can't recommend ClamWin as a good solution for my clients yet.
It is different, but it is also crippled. This is a deliberate choice by Steve Jobs, who likes things to be "just so". If you adjust your personal preferences to match what Apple will allow, then everything is fine, but good luck trying to modify the OS to fit your personal preferences.
Vista is a step up from XP in my (not very popular) opinion.
You're not alone; I share your unpopular opinion. Vista doesn't piss me off the way XP always did. Although, the lack of fine-grained controls for UAC (e.g. being able to specify that a particular application can run with administrator privileges at login time without asking) is just stupid.
And apparently there's no way to change the color used to highlight selected items in Explorer (the default light blue isn't visible on my LCD projector). You can change it if you use a Windows Classic theme, but the new Aero uses a completely different theming system that doesn't respect that setting.
Before your friend introduced you to Windows 2000, while most people were still running 98, the early adopters started switching to 2000. You know what they found? A disaster. It was a mess. Nothing worked. Those games people wanted to play were all broken. Video drivers just weren't available. Applications that weren't written with the new security model in mind just wouldn't run.
People complained to Microsoft, but their response was, "Windows 2000 is a workstation OS designed for corporate use where it can be managed by an IT department; it is not intended for home use. Don't blame us if your applications don't work."
So they went to the application vendors and hardware manufacturers, and demanded solutions. They got them. Everybody fixed their crap to make it work on 2000. By the time you switched, most things worked, and 2000 was solid as a rock compared to 98. When Microsoft released XP, it was mostly just 2000 with a Fisher-Price theme, but marketed to the masses. Everything generally worked.
Vista is broken in the same ways that 2000 was broken before you switched to it. The difference is, Microsoft can't dodge the blame this time - Vista is being marketed to consumers, not just to businesses, so Microsoft can't say it's not their fault. However, third party developers are slowly fixing their crap, and while the next version of Windows will be mostly identical to Vista under the hood, everything will generally work. By that time, Vista will work fine too, and just like some people swore by 2000 and refused to upgrade to XP, there will be people who swear by Vista and refuse to upgrade.
There are several people here with UIDs lower than mine. They usually come out of the woodwork whenever somebody mentions how low somebody's UID is. Cueing in 5, 4, 3...
A botnet with 10,000 zombies randomly guessing which of them might be kittens (without ever look at the pictures themselves) will breeze through that like it's not even there.
it is no wonder that the "under 25" crowd now says "myspace me" or "facebook me" and no longer use email. why would they?
You're not wrong, but there's also another reason:
The vast majority of non-technical people use web-based e-mail services such as Yahoo, Hotmail, GMail, etc. Personally I hate webmail (and I suspect most other Slashdotters do too), but 1) it's ISP-independent, so you don't lose your e-mail address if you change ISPs (which will probably happen if you move, even if there's a monopoly and you only have one choice for broadband); 2) it's computer-independent, so it's easy to check your mail at a friend's house and you don't lose anything if your computer dies and you have to buy a new one; 3) no configuration is required, you just enter your username and password and you've got your mail.
So if that's what e-mail is to you - if you've never used pine or mutt or Thunderbird or Outlook Express or Eudora or Windows Live Mail or Apple Mail or Microsoft Outlook (except at work where the IT department set it up and you have absolutely no idea how to configure it yourself), then what's the difference between that and Facebook or Myspace? What difference does it make whether you log into Yahoo Mail's web site to check your messages, or log into Facebook's web site to check your messages? One of them gets V1AG*RA spam, the other one just gets those annoying little "so-and-so has just turned you into a zombie!" messages from everyone you know.
And no, whitelists aren't the answer. If someone I don't know isn't on my whitelist, how can they get on my whitelist so they can contact me? If someone I do know isn't on my whitelist, they have to remember to tell me their e-mail address, and I have to remember to add it, before they can e-mail me. It's user-unfriendly. Social networking sites can do it because friend requests are controlled; e-mail has no such mechanism.
That's because your site gets a lot more traffic than most people's blogs. Also, it sounds like the CAPTCHAs you're using are standard CAPTCHAs created by other people and widely used, thus widely understood by crackers. Finally, if your kittens thing is like one I've seen (9 photos, 3 of which are kittens, you have to click the three kittens without clicking anything else), I can't think of how the math works but there are less than a few hundred possible combinations of three answers out of 9 options. A botnet with tens of thousands of compromised hosts just guessing randomly (without ever trying to analyze the photos) will cut through that like butter.
I wrote my own custom CAPTCHA for the mail form on my home page. It's extremely simple, and would be easy to write a crack for, but since 1) my site doesn't get that much traffic, 2) it's just a mail form, not an account creation form, so therefore less valuable, and 3) I didn't use anything pre-made, nobody has bothered. From my logs it looks like there have been about a hundred submissions in the last two weeks; they were all rejected because they failed the CAPTCHA.
Precisely. Anything that requires a human to set up the problem (by taking a photo and identifying what color each person's hair is, which computers are currently incapable of doing) doesn't work.
Here is my experiment in coming up with a text-based CAPTCHA using randomly generated questions. It is VERY difficult to generate questions that actually make sense and are not contradictory... and the a botnet could breeze through my current implementation like it wasn't even there, if anybody bothered to write a parser for it. There's a lot I could do to make it more complex and harder to crack, but it will take a lot of work figuring out how, and I haven't had the time.
But... you could install a virtual network adapter in the virtual machine, share the printer on the LAN, and install it as a network printer on Vista...
Haha. I don't know whether to laugh or cry now.
Unfortunately not. Anybody who prints to a shared printer needs the correct driver, not just the print server.
My roommates have a Dell printer. They have it shared on their PC, which has the correct driver installed, but I cannot print to it from Mac OS X or Linux, because no driver is available for those platforms.
What you would need is a program that would essentially emulate a standard PostScript printer, accepting print jobs from anybody using a generic PostScript driver, then printing those using the native driver. I'm not aware of any such software package existing. I tried to cobble something like this together once, using a CUPS server with a plugin that saved documents to PDF files instead of printing them, then an old Mac running System 7 that would watch the shared folder on the CUPS server for new PDF files to appear, launch Acrobat Reader, and print them to an old Apple LaserWriter connected via a serial port. The main issue I had was some incompatibilities between the PDF generating plugin and such an old version of Acrobat Reader, the Mac and the printer both running out of RAM trying to print complex documents, the fact that it was only printing at about one page per minute, and the final print quality was very poor due to the age of the printer. So it wasn't practical, but the concept was sound. Feel free to hack together something better!
Internet Explorer is now competing against Firefox, Safari, and Opera. This is good for everyone. They all borrow features from each other (for example, Firefox borrowed tabs from Opera, the security alert bar from Internet Explorer, and individual close buttons on each tab from Safari). And the end of browser monoculture (first it was Netscape, then it was Internet Explorer) means that most web sites are now being designed with multiple browsers in mind, rather than exclusively targeting whatever happens to be the most popular at the moment. THIS IS A GOOD THING.
Microsoft still has an unfair advantage in that Internet Explorer is bundled with every Windows machine, and if most users perceive IE8 to be as good as Firefox, or good enough that the benefits of switching don't outweigh the hassle of doing so, then IE will continue to hold its position of most-used browser. For the foreseeable future, however, IE will not regain the monopoly status it enjoyed a few years ago.
You know when you want to unplug a USB device safely? You go to the taskbar and choose the option, and Windows tells you "Sorry, can't do that, that device is being used right now".
How about telling me what the hell is using it?
Good call. Mac OS X needs this too.
Come to think of it, Linux's umount could also benefit from this feature; I normally have to use lsof to track it down (if it's not obvious).
But why not take it to the next level? Add an API that allows the OS to send a message to the offending application saying "hey, the user wants to remove this resource, could you please stop using it?" Not all apps would support this obviously, but say you had a document open in Microsoft Word; when you tell it you want to safely remove the flash drive the Word document is saved on, Word would either close the document or, if there are unsaved changes, ask if you want to save first (with a Cancel button, which would send a message back to the OS, "never mind"). The OS should know whether a given app supports this feature or not, and for apps that don't, it can just give you a list of them and say "these apps are currently using this device; please close them and try again," with "Try Again" and "Cancel" buttons.
UAC should be a single dialogue with 'Continue' and 'Cancel' and an explanation of why the user was interrupted.
In what way is UAC not currently a single dialog with "Continue" and "Cancel"? Admittedly it doesn't explain the philosophy behind the reason the user was interrupted, but it does at least tell you (tersely) what you were trying to do that set it off.
Slashdot Mirror
"Fool me once... shame on... shame on you... it fooled me; you can't get fooled again."
Exactly. Intel got lucky in the sense that this little R&D group in Israel was able to come up with something brilliant, and the company was able to capitalize on it. If the Israeli group hadn't done so, the situation might be much much different.
That doesn't mean the Israeli R&D group got lucky - they're just brilliant. The company got lucky.
If they have good redundancy, they have two separate networks and two independent, preferrably different network cards, in all systems. Then they would do fail-over. Seems to me that if one card can bring this down, then the people that designed the redundancy screwed up badly.
It sounds to me like they DID have two separate networks. A faulty NIC was able to overcome that setup, by tricking the fail-over system into thinking that it didn't need to switch to the backup network.
The problem is, NICs can fail in all kinds of ways that yanking cables won't simulate. In this case it sounds like if they had yanked the cable, the backup system would have come online exactly like it was supposed to, but because the faulty NIC was kinda-sorta-almost-but-not-really working, it didn't. That's a difficult thing to test in the lab.
That's funny, the name of your ISP is the same as my password...
Most of our country's laws are based off Christianity. I honestly don't see why they don't just ratify the Bible and get it over with.
As a Christian I can tell you that no, they're not really.
People pick and choose which parts of the Bible they want to pay attention to (e.g. Leviticus 18:22) and which parts they want to ignore (e.g. Matthew 18:22).
Sure, which is why when the 5th Amendment (or the 4th, 6th, or 8th) is inconvenient, the government can just send you outside the US. Problem solved!
(The 4th Circuit Court of Appeals just ruled that the President can designate anyone, including US citizens and legal residents, as "enemy combatants" and ship them off to a military base in Cuba, which is technically outside the United States even though we have complete control over it.)
What you request, on a kernel level, is no different than programmatically allowing a process to execute without an elevation prompt. Even though *you* gave it permission once, any malware that you install later on can fake this and run with elevated permissions.
Ah, but what I'm envisioning is a simple database of applications that I have approved to run with administrator privileges without a UAC prompt. The database would include the path to the file, obviously, but also a hash (MD5 or whatever) of the actual binary, to protect against tampering. This would be an application that I explicitly trust to run on my system, even if a piece of malware launches it instead of me. For added security, let me specify which command-line options are OK to launch it with (typically none), to prevent malware from launching it with command-line options I don't like.
Do you see any problem with this?
Keep in mind that ClamWin won't scan files in realtime as they come into your system; it only does a full system scan periodically (the thing other AV programs recommend that you also do in addition to their normal realtime scanning). This is why ClamWin doesn't satisfy the requirements of XPSP2/Vista's Security Center.
OK, to be fair, ClamWin also lets you scan a specific file by right-clicking it; you don't have to do a full system scan for that. And there's a plugin for Outlook, so it will scan attachments as they come in. And there are probably plugins for Firefox and Thunderbird to do the same for those apps. Still, I can't recommend ClamWin as a good solution for my clients yet.
It is different, but it is also crippled. This is a deliberate choice by Steve Jobs, who likes things to be "just so". If you adjust your personal preferences to match what Apple will allow, then everything is fine, but good luck trying to modify the OS to fit your personal preferences.
Vista is a step up from XP in my (not very popular) opinion.
You're not alone; I share your unpopular opinion. Vista doesn't piss me off the way XP always did. Although, the lack of fine-grained controls for UAC (e.g. being able to specify that a particular application can run with administrator privileges at login time without asking) is just stupid.
And apparently there's no way to change the color used to highlight selected items in Explorer (the default light blue isn't visible on my LCD projector). You can change it if you use a Windows Classic theme, but the new Aero uses a completely different theming system that doesn't respect that setting.
Yes, history is repeating itself.
Before your friend introduced you to Windows 2000, while most people were still running 98, the early adopters started switching to 2000. You know what they found? A disaster. It was a mess. Nothing worked. Those games people wanted to play were all broken. Video drivers just weren't available. Applications that weren't written with the new security model in mind just wouldn't run.
People complained to Microsoft, but their response was, "Windows 2000 is a workstation OS designed for corporate use where it can be managed by an IT department; it is not intended for home use. Don't blame us if your applications don't work."
So they went to the application vendors and hardware manufacturers, and demanded solutions. They got them. Everybody fixed their crap to make it work on 2000. By the time you switched, most things worked, and 2000 was solid as a rock compared to 98. When Microsoft released XP, it was mostly just 2000 with a Fisher-Price theme, but marketed to the masses. Everything generally worked.
Vista is broken in the same ways that 2000 was broken before you switched to it. The difference is, Microsoft can't dodge the blame this time - Vista is being marketed to consumers, not just to businesses, so Microsoft can't say it's not their fault. However, third party developers are slowly fixing their crap, and while the next version of Windows will be mostly identical to Vista under the hood, everything will generally work. By that time, Vista will work fine too, and just like some people swore by 2000 and refused to upgrade to XP, there will be people who swear by Vista and refuse to upgrade.
There are several people here with UIDs lower than mine. They usually come out of the woodwork whenever somebody mentions how low somebody's UID is. Cueing in 5, 4, 3...
Contract negotiations with Bruce Willis fell through. We're all doomed.
Haven't browsed at -1 lately, have you?
A botnet with 10,000 zombies randomly guessing which of them might be kittens (without ever look at the pictures themselves) will breeze through that like it's not even there.
I get a bunch on Yahoo Messenger, but none on AIM.
it is no wonder that the "under 25" crowd now says "myspace me" or "facebook me" and no longer use email. why would they?
You're not wrong, but there's also another reason:
The vast majority of non-technical people use web-based e-mail services such as Yahoo, Hotmail, GMail, etc. Personally I hate webmail (and I suspect most other Slashdotters do too), but 1) it's ISP-independent, so you don't lose your e-mail address if you change ISPs (which will probably happen if you move, even if there's a monopoly and you only have one choice for broadband); 2) it's computer-independent, so it's easy to check your mail at a friend's house and you don't lose anything if your computer dies and you have to buy a new one; 3) no configuration is required, you just enter your username and password and you've got your mail.
So if that's what e-mail is to you - if you've never used pine or mutt or Thunderbird or Outlook Express or Eudora or Windows Live Mail or Apple Mail or Microsoft Outlook (except at work where the IT department set it up and you have absolutely no idea how to configure it yourself), then what's the difference between that and Facebook or Myspace? What difference does it make whether you log into Yahoo Mail's web site to check your messages, or log into Facebook's web site to check your messages? One of them gets V1AG*RA spam, the other one just gets those annoying little "so-and-so has just turned you into a zombie!" messages from everyone you know.
And no, whitelists aren't the answer. If someone I don't know isn't on my whitelist, how can they get on my whitelist so they can contact me? If someone I do know isn't on my whitelist, they have to remember to tell me their e-mail address, and I have to remember to add it, before they can e-mail me. It's user-unfriendly. Social networking sites can do it because friend requests are controlled; e-mail has no such mechanism.
That's because your site gets a lot more traffic than most people's blogs. Also, it sounds like the CAPTCHAs you're using are standard CAPTCHAs created by other people and widely used, thus widely understood by crackers. Finally, if your kittens thing is like one I've seen (9 photos, 3 of which are kittens, you have to click the three kittens without clicking anything else), I can't think of how the math works but there are less than a few hundred possible combinations of three answers out of 9 options. A botnet with tens of thousands of compromised hosts just guessing randomly (without ever trying to analyze the photos) will cut through that like butter.
I wrote my own custom CAPTCHA for the mail form on my home page. It's extremely simple, and would be easy to write a crack for, but since 1) my site doesn't get that much traffic, 2) it's just a mail form, not an account creation form, so therefore less valuable, and 3) I didn't use anything pre-made, nobody has bothered. From my logs it looks like there have been about a hundred submissions in the last two weeks; they were all rejected because they failed the CAPTCHA.
Damn it, they're taking our jobs!
Precisely. Anything that requires a human to set up the problem (by taking a photo and identifying what color each person's hair is, which computers are currently incapable of doing) doesn't work.
Here is my experiment in coming up with a text-based CAPTCHA using randomly generated questions. It is VERY difficult to generate questions that actually make sense and are not contradictory... and the a botnet could breeze through my current implementation like it wasn't even there, if anybody bothered to write a parser for it. There's a lot I could do to make it more complex and harder to crack, but it will take a lot of work figuring out how, and I haven't had the time.
But... you could install a virtual network adapter in the virtual machine, share the printer on the LAN, and install it as a network printer on Vista...
Haha. I don't know whether to laugh or cry now.
Unfortunately not. Anybody who prints to a shared printer needs the correct driver, not just the print server.
My roommates have a Dell printer. They have it shared on their PC, which has the correct driver installed, but I cannot print to it from Mac OS X or Linux, because no driver is available for those platforms.
What you would need is a program that would essentially emulate a standard PostScript printer, accepting print jobs from anybody using a generic PostScript driver, then printing those using the native driver. I'm not aware of any such software package existing. I tried to cobble something like this together once, using a CUPS server with a plugin that saved documents to PDF files instead of printing them, then an old Mac running System 7 that would watch the shared folder on the CUPS server for new PDF files to appear, launch Acrobat Reader, and print them to an old Apple LaserWriter connected via a serial port. The main issue I had was some incompatibilities between the PDF generating plugin and such an old version of Acrobat Reader, the Mac and the printer both running out of RAM trying to print complex documents, the fact that it was only printing at about one page per minute, and the final print quality was very poor due to the age of the printer. So it wasn't practical, but the concept was sound. Feel free to hack together something better!
Internet Explorer is now competing against Firefox, Safari, and Opera. This is good for everyone. They all borrow features from each other (for example, Firefox borrowed tabs from Opera, the security alert bar from Internet Explorer, and individual close buttons on each tab from Safari). And the end of browser monoculture (first it was Netscape, then it was Internet Explorer) means that most web sites are now being designed with multiple browsers in mind, rather than exclusively targeting whatever happens to be the most popular at the moment. THIS IS A GOOD THING.
Microsoft still has an unfair advantage in that Internet Explorer is bundled with every Windows machine, and if most users perceive IE8 to be as good as Firefox, or good enough that the benefits of switching don't outweigh the hassle of doing so, then IE will continue to hold its position of most-used browser. For the foreseeable future, however, IE will not regain the monopoly status it enjoyed a few years ago.
You know when you want to unplug a USB device safely? You go to the taskbar and choose the option, and Windows tells you "Sorry, can't do that, that device is being used right now".
How about telling me what the hell is using it?
Good call. Mac OS X needs this too.
Come to think of it, Linux's umount could also benefit from this feature; I normally have to use lsof to track it down (if it's not obvious).
But why not take it to the next level? Add an API that allows the OS to send a message to the offending application saying "hey, the user wants to remove this resource, could you please stop using it?" Not all apps would support this obviously, but say you had a document open in Microsoft Word; when you tell it you want to safely remove the flash drive the Word document is saved on, Word would either close the document or, if there are unsaved changes, ask if you want to save first (with a Cancel button, which would send a message back to the OS, "never mind"). The OS should know whether a given app supports this feature or not, and for apps that don't, it can just give you a list of them and say "these apps are currently using this device; please close them and try again," with "Try Again" and "Cancel" buttons.
UAC should be a single dialogue with 'Continue' and 'Cancel' and an explanation of why the user was interrupted.
In what way is UAC not currently a single dialog with "Continue" and "Cancel"? Admittedly it doesn't explain the philosophy behind the reason the user was interrupted, but it does at least tell you (tersely) what you were trying to do that set it off.