Wow, people are starting to develop plugin modules for NT... now we just need some better authentication modules. Somebody want to slap MS and convince them to provide adequate documentation to develop these tools without first signing a formal contract (signing your soul over) and buying Visual Studio, TechNet, MSDN, a dozen or so dev kits, and an equal number of "Programmer's Guide to" and "Undocumented" nooks?
This is from experience, kiddies, not rumors or documentation.
1) Yes, NT 4 servers and workstations can talk to Win2K servers and workstations (and vice versa) regardless of what mode (native or compatible) the AD is in. NetBIOS is very difficult - if not impossible - to disable on both. NOTE: I have had difficulty connecting to an NT 4 server outside of my domain (no trust relationships in effect either) using My Network Places in Win2K. It likes to report that the resource is not available. Same with using Start > Run. But the net command works very well. This is not a problem when accessing machines in your domain.
2) MS modified its Kerberos implementation so that it relies on a documented, but formerly unused field. It eventually owned up to that, releasing the full specification (members of the SAMBA project may correct me on that one if they disagree), but slapped an obnoxious click-wrap NDA on it. They eventually released a less restricted, but less informative document to the same effect. Either way, no non-Win2K product is currently able to fully integrate into AD.
3) The latest versions of BIND, when properly configured do claim to support dynamic DNS, and Win2K's DNS server can be configured to support non-Windows dynamic DNS.
4) There is very little you can do to prevent administrators from gaining access. It's sort of like trying to prevent root from gaining access to a user's home directory. Slap whatever permissions you want on it, eventually they can override it. Thus, you need to have consistent, documented policies on what can be accessed by Administrators, and when and how. Bringing this to your superirors may slow the implementation of AD long enough for some tools to help you manage.
An AD migration is painful for the admins, as the learning curve is steep and fast. Your users, oth, shouldn't notice too much of a problem. For example, NT 4 and 9x are perfectly happy sitting in an AD domain, it's just that some functionality is lost.
The idea isn't to CATALOG the entire Web, merely to take snapshots of it. The concept is that this is for future archeologists. (How in the heck they're supposed to access this information, I don't know, but that's a whole other problem)
And using reasonably modern compression algorithms (say the one used by bzip2) and using differential saving, this might actually be feasible.
By way of clarification of the foregoing, the Specification is provided to you solely for your informational purposes (for review as specified above) and, pursuant to this Agreement, Microsoft does not grant you any right to implement this Specification.
Section 1 of the agreement specifically forbids you from implementing anything you read. Theoretically, the entire Samba team could be required to read and agree to Microsoft's license. In that case (and assuming the above clause didn't exist), they could use it (rename the variables, don't comment beyond "#@$! m$ compatability crap". It's the first clause that gets you though.
No amount of cryptography will suffice, as the technology for cracking just keeps getting better and eventually, any shceme will succumb to a brute force attack.
What is needed is the complete seperation of the Intenret from national or local regulation, the establishment of a completely Internet based government, which would then become soley responsible for the maintenance of the worldwide communications channels.
This would prevent crackpots in the Durma or the U.S. Congress from banning subversive and anti-status quo statements. And even if regional governments owned the hardware, they couldn't touch the data without massive international conflict.
You made a valid point when you said that many of these bioethics issues have not been dealt with adequately. However, your article did little to further the exploration of these issues, appearing as little more than a blatant attempt to rally a hardcore anti-gentic research response.
Did anyone complain when we prevented all humanity from ever succumbing to smallpox again? Likewise, if we can eliminate purely genetic diseases, like Tay Sach's, muscular dystrophy, multiple sclerosis, and cerebral palsey, would anybody complain?
Furthermore, we would not be committing genocide against living individuals with those diseases, but preventing their future recurrence.
As for the "who has access?" issue, I would guess that it would be rather simple - just like every other medical service, anybody that can afford it. Open heart surgery saves many lives every year, but most of them are in the first world because it is an expensive procedure. Likewise with HIV treatments. Nobody wants to deny third world access, but these procedures take a lot of training and a lot of research, which translates to a lot of money, to develop and implement. That money has to be recouped from the patients.
And finally, if a couple really wants to customize their offspring, why not? Is there anything inherently morally wrong with that? Beauty is highly subjective, not all people like the blond hair, blue eyes image. And the environment of the child still plays an immensely important role in determing the physical, mental, and emotional health of the individual. I for one am more than happy to do anything in my power to reduce the chance of my child succumbing to disease and disability (be it genetic, accidental, or infectious). I would also find my child beautiful regardless of their height, weight, complexion, hair or eye color, etc.
Finally, we already are rather monoculture, genetically speaking. On the whole, we're more than 99% genetically identical. And we've already faced several impossible diseases (plague, HIV) and survived.
This is the first reasonable question - and that's purely accidental. I ran NT Server 4 (SP 3-5) on a Cyrix 166 w/ 32MB RAM for over a year and never had a problem with IE or Netscape. I also administrate a lab of Pentium 100's with a wide variety of statistical, engineering, programming, and mathematical packages - along with web browsers and Office 97 and have never had a serious problem that was not a result of my own mistakes in accomodating poorly written programs.
Problems occur when programmers don't obey the API or use undocumented functions. Furthermore, many programmers still write for Win 9x, which desn't understand the concepts of multiple users and read-only systems. Programs written for 2000/NT behave very well - provided they follow the [ever changing, grr] API.
The problem isn't with Windows - it's the programmers for the platform.
Sounds morel iek you're concerned with YOUR not knowing how to use Windows than his ability to learn. Quite honestly, it is possible to lock Windows down enough to prevent the computer-illiterate user from screwing things up. Leave Windows on there, just so they can call the company and get tech support. It honestly does work (_my_ grandparents are in the same boat).
Win2K does go a long way towards fixing all of NT's stupid "features".
I fully agree that NT boxes are nearly impossible to administrate remotely (a big issue for a college student/sysadmin for multiple labs). With the help of third-party utilities (read: more money), _some_ of those stupid features get ironed out.
I installed Beta 3 of Windows 2000 on my newly-built personal machine. It appears to fix a lot of those problems. Integrated CPU, memory, and disk space quotas (FINALLY! What took them so long?!), practically requires use of NTFS (the ONLY decent filesystem they've ever produced), (X-)terminal services, and a decent networking scheme. And my complete installation took two reboots, and required very little input.
As for the admin that started this thread, something is seriously wrong if you made a 95 box the print server. Where were you hosting DHCP? My DHCP server is up nine months at a time, and then is taken down for applying patches. It's a P90 from IBM. My file and print servers (one Alpha/4-166, a dual PII-300, and a P200MMX) have uptimes of about six months.
I also have an NT Workstation box that has all sorts of beta programs, shareware, and freeware installed. It's a P200 with uptimes of three months. Oh, and it's also file and ghost image server.
The price issue is moot - except for migrations, which should only be done because of SERIOUS problems with the current platform. Migrations are naturally expensive. Licensing is definitely an issue. Microsoft licenses ARE extremely expensive, especially when compared to, oh, I don't know, almost every Linux and BSD variant.
2000 also demands hardware - and quality at that. Like NT, it is not tolerant of minor hardware glitches like 9x, or some Unix flavors are. On my K62-333, it took two hours to install itself on 900MB (Server, all options). Once installed, it used 128MB RAM. Most *nixes are much happier on much less hardware. Less Hardware = Cheaper.
All reports are true for NT and 9x. They are dead. The NT kernel did many things right, but it was bulky and unmanagable. 9x finally developed a reasonable interface, but the kernel was major suckage and the networking atrocious. 2000 became managable. Win2K actually is decent. But it's expensive and requires powerful hardware for reasonable performance.
Unfortunately, *nix had all of these features nearly a decade ago, which means that M$ is finally catching up with reality.
*nix has the kernel, the administration-capabilities. It just needs a very-compatable-with-all-sorts-of-hardware-and-inc redibly-easy-to-setup GUI, Plug'n'Play support, and it could very much become the OS of choice everywhere. Which is what you have to do to survive the bloated vaccuous force that is M$.
That's an interesting idea, but I have massive reservations. While bandwidth itself is not physical, it's medium is not. You cannot have bandwidth without wiring (or cel towers in the case of wireless). Erecting OC-48 backbones and cellular towers requires a substantial investment, something that no small group of people could possibly afford.
In fact, from looking at the web page for the New Zealand-based project, I'd say you have another corporation. Admittedly, it's smaller than US-based Sprint or MCI, but it's a company that provides bandwidth to users - an ISP.
Eventually, if your company is to expand and provide, say, Internet2-type speed, it will need a lot more money. And at that point, volunteered contributions will be insufficient.
The problem harkens back to the days of BBS's. The really popular ones got so much traffic, that the service oweners kept having to purchase more and more modems, disk space, memory, and processing power. Bu this only drove up the traffic, as more content and more people fileld the void. At some point, the owners had to start charging. People fled the BBS's when they had to pay and connected to the Internet proper (which also, not coincidentally, provided even more content and people). Perhaps we are reaching the Internet's Threshold of Payment.
Either way, the end user (re: everyone but teleco departments and companies) will never see a change - unless you exceed your allotted usage, as determined by your ISP.
Gateway (along with HP and Packard Bell) are all evil, evil companies. Having set up several boxes from Gateway (Win 9x and NT), I speak from experience that the only easy Gateway install is the one from the included CD-ROM.
It repartitions, formats, and provides a complete installation (apps and all). Just don't try to run anything else. Oh, and don't bother looking for drivers - they're not on the web site! Considering Windows 98 is pretty common and practically every consumer electronics company produces drivers for it, I am astounded that Gateway hides its drivers...
I'd also like to say that I'm impressed by the unusually low level of FUD and reverse-FUD (making Windows and NT out to be worse than they really are).
I admin NT boxes (and merely have 'heightened' access on a few *nix boxes). The exploit the mentioned seems plausible - but only in theory.
There is no builtin way to mess with the Object Tree in NT4. Even WinObj (www.sysinternals.com) doesn't let you actually edit the tree. Furthermore, the permissions can be reset with the proper kernel patches.
As to the complaints of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run, simply make it read-only to non-administrative accounts. Setting file and registry permissions to read-only can actually make a machine pretty safe.
NT was never intended to be a multi-user platform, at least in the traditional sense. It was designed so that different users could login and use the same programs, with their own unique preferences, _serially_, and carry those preferences to any other computer they used.
The biggest problem Ive found with NT is not inherent to the OS. It has to do with third-party parogrammers (and, sadly, some M$ programmers too) not programming with the assumption that the user will only have read access. Netscape, Corel, Adobe, M$ Office 95/97 (but not 2000), and most stat packages all require unacceptably high access to the registry and/or filesystem. (Most _require_ write access to non-user specific preferences files, or a few application-specific registry entries).
Give me apps that adhere to NT profile policies, and that can run in an entirely read-only environment, and you'd be surprised how secure I can make that workstation.
Slashdot Mirror
Wow, people are starting to develop plugin modules for NT... now we just need some better authentication modules. Somebody want to slap MS and convince them to provide adequate documentation to develop these tools without first signing a formal contract (signing your soul over) and buying Visual Studio, TechNet, MSDN, a dozen or so dev kits, and an equal number of "Programmer's Guide to" and "Undocumented" nooks?
This is from experience, kiddies, not rumors or documentation. 1) Yes, NT 4 servers and workstations can talk to Win2K servers and workstations (and vice versa) regardless of what mode (native or compatible) the AD is in. NetBIOS is very difficult - if not impossible - to disable on both. NOTE: I have had difficulty connecting to an NT 4 server outside of my domain (no trust relationships in effect either) using My Network Places in Win2K. It likes to report that the resource is not available. Same with using Start > Run. But the net command works very well. This is not a problem when accessing machines in your domain. 2) MS modified its Kerberos implementation so that it relies on a documented, but formerly unused field. It eventually owned up to that, releasing the full specification (members of the SAMBA project may correct me on that one if they disagree), but slapped an obnoxious click-wrap NDA on it. They eventually released a less restricted, but less informative document to the same effect. Either way, no non-Win2K product is currently able to fully integrate into AD. 3) The latest versions of BIND, when properly configured do claim to support dynamic DNS, and Win2K's DNS server can be configured to support non-Windows dynamic DNS. 4) There is very little you can do to prevent administrators from gaining access. It's sort of like trying to prevent root from gaining access to a user's home directory. Slap whatever permissions you want on it, eventually they can override it. Thus, you need to have consistent, documented policies on what can be accessed by Administrators, and when and how. Bringing this to your superirors may slow the implementation of AD long enough for some tools to help you manage. An AD migration is painful for the admins, as the learning curve is steep and fast. Your users, oth, shouldn't notice too much of a problem. For example, NT 4 and 9x are perfectly happy sitting in an AD domain, it's just that some functionality is lost.
The idea isn't to CATALOG the entire Web, merely to take snapshots of it. The concept is that this is for future archeologists. (How in the heck they're supposed to access this information, I don't know, but that's a whole other problem)
And using reasonably modern compression algorithms (say the one used by bzip2) and using differential saving, this might actually be feasible.
How long does a copyright last? I can see more than a few organizations that would be more than happy to sue for copyright infringement.
Maybe if they restricted access and made people pay for the right ot access 'sensitivie' information?
Section 1 of the agreement specifically forbids you from implementing anything you read. Theoretically, the entire Samba team could be required to read and agree to Microsoft's license. In that case (and assuming the above clause didn't exist), they could use it (rename the variables, don't comment beyond "#@$! m$ compatability crap". It's the first clause that gets you though.
No amount of cryptography will suffice, as the technology for cracking just keeps getting better and eventually, any shceme will succumb to a brute force attack.
What is needed is the complete seperation of the Intenret from national or local regulation, the establishment of a completely Internet based government, which would then become soley responsible for the maintenance of the worldwide communications channels.
This would prevent crackpots in the Durma or the U.S. Congress from banning subversive and anti-status quo statements. And even if regional governments owned the hardware, they couldn't touch the data without massive international conflict.
You made a valid point when you said that many of these bioethics issues have not been dealt with adequately. However, your article did little to further the exploration of these issues, appearing as little more than a blatant attempt to rally a hardcore anti-gentic research response.
Did anyone complain when we prevented all humanity from ever succumbing to smallpox again? Likewise, if we can eliminate purely genetic diseases, like Tay Sach's, muscular dystrophy, multiple sclerosis, and cerebral palsey, would anybody complain?
Furthermore, we would not be committing genocide against living individuals with those diseases, but preventing their future recurrence.
As for the "who has access?" issue, I would guess that it would be rather simple - just like every other medical service, anybody that can afford it. Open heart surgery saves many lives every year, but most of them are in the first world because it is an expensive procedure. Likewise with HIV treatments. Nobody wants to deny third world access, but these procedures take a lot of training and a lot of research, which translates to a lot of money, to develop and implement. That money has to be recouped from the patients.
And finally, if a couple really wants to customize their offspring, why not? Is there anything inherently morally wrong with that? Beauty is highly subjective, not all people like the blond hair, blue eyes image. And the environment of the child still plays an immensely important role in determing the physical, mental, and emotional health of the individual. I for one am more than happy to do anything in my power to reduce the chance of my child succumbing to disease and disability (be it genetic, accidental, or infectious). I would also find my child beautiful regardless of their height, weight, complexion, hair or eye color, etc.
Finally, we already are rather monoculture, genetically speaking. On the whole, we're more than 99% genetically identical. And we've already faced several impossible diseases (plague, HIV) and survived.
This is the first reasonable question - and that's purely accidental. I ran NT Server 4 (SP 3-5) on a Cyrix 166 w/ 32MB RAM for over a year and never had a problem with IE or Netscape. I also administrate a lab of Pentium 100's with a wide variety of statistical, engineering, programming, and mathematical packages - along with web browsers and Office 97 and have never had a serious problem that was not a result of my own mistakes in accomodating poorly written programs.
Problems occur when programmers don't obey the API or use undocumented functions. Furthermore, many programmers still write for Win 9x, which desn't understand the concepts of multiple users and read-only systems. Programs written for 2000/NT behave very well - provided they follow the [ever changing, grr] API.
The problem isn't with Windows - it's the programmers for the platform.
This isn't a problem inherent to intellimice. Any mouse is capable of jumping to the default button.
And quite honestly, I like not having to move my mouse. The less my hands leave the keyboard, the more work I can get done (like posting to Slashdot).
Sounds morel iek you're concerned with YOUR not knowing how to use Windows than his ability to learn. Quite honestly, it is possible to lock Windows down enough to prevent the computer-illiterate user from screwing things up. Leave Windows on there, just so they can call the company and get tech support. It honestly does work (_my_ grandparents are in the same boat).
Win2K does go a long way towards fixing all of NT's stupid "features".
c redibly-easy-to-setup GUI, Plug'n'Play support, and it could very much become the OS of choice everywhere. Which is what you have to do to survive the bloated vaccuous force that is M$.
I fully agree that NT boxes are nearly impossible to administrate remotely (a big issue for a college student/sysadmin for multiple labs). With the help of third-party utilities (read: more money), _some_ of those stupid features get ironed out.
I installed Beta 3 of Windows 2000 on my newly-built personal machine. It appears to fix a lot of those problems. Integrated CPU, memory, and disk space quotas (FINALLY! What took them so long?!), practically requires use of NTFS (the ONLY decent filesystem they've ever produced), (X-)terminal services, and a decent networking scheme. And my complete installation took two reboots, and required very little input.
As for the admin that started this thread, something is seriously wrong if you made a 95 box the print server. Where were you hosting DHCP? My DHCP server is up nine months at a time, and then is taken down for applying patches. It's a P90 from IBM. My file and print servers (one Alpha/4-166, a dual PII-300, and a P200MMX) have uptimes of about six months.
I also have an NT Workstation box that has all sorts of beta programs, shareware, and freeware installed. It's a P200 with uptimes of three months. Oh, and it's also file and ghost image server.
The price issue is moot - except for migrations, which should only be done because of SERIOUS problems with the current platform. Migrations are naturally expensive. Licensing is definitely an issue. Microsoft licenses ARE extremely expensive, especially when compared to, oh, I don't know, almost every Linux and BSD variant.
2000 also demands hardware - and quality at that. Like NT, it is not tolerant of minor hardware glitches like 9x, or some Unix flavors are. On my K62-333, it took two hours to install itself on 900MB (Server, all options). Once installed, it used 128MB RAM. Most *nixes are much happier on much less hardware. Less Hardware = Cheaper.
All reports are true for NT and 9x. They are dead. The NT kernel did many things right, but it was bulky and unmanagable. 9x finally developed a reasonable interface, but the kernel was major suckage and the networking atrocious. 2000 became managable. Win2K actually is decent. But it's expensive and requires powerful hardware for reasonable performance.
Unfortunately, *nix had all of these features nearly a decade ago, which means that M$ is finally catching up with reality.
*nix has the kernel, the administration-capabilities. It just needs a very-compatable-with-all-sorts-of-hardware-and-in
That's an interesting idea, but I have massive reservations. While bandwidth itself is not physical, it's medium is not. You cannot have bandwidth without wiring (or cel towers in the case of wireless). Erecting OC-48 backbones and cellular towers requires a substantial investment, something that no small group of people could possibly afford.
In fact, from looking at the web page for the New Zealand-based project, I'd say you have another corporation. Admittedly, it's smaller than US-based Sprint or MCI, but it's a company that provides bandwidth to users - an ISP.
Eventually, if your company is to expand and provide, say, Internet2-type speed, it will need a lot more money. And at that point, volunteered contributions will be insufficient.
The problem harkens back to the days of BBS's. The really popular ones got so much traffic, that the service oweners kept having to purchase more and more modems, disk space, memory, and processing power. Bu this only drove up the traffic, as more content and more people fileld the void. At some point, the owners had to start charging. People fled the BBS's when they had to pay and connected to the Internet proper (which also, not coincidentally, provided even more content and people). Perhaps we are reaching the Internet's Threshold of Payment.
Either way, the end user (re: everyone but teleco departments and companies) will never see a change - unless you exceed your allotted usage, as determined by your ISP.
Gateway (along with HP and Packard Bell) are all evil, evil companies. Having set up several boxes from Gateway (Win 9x and NT), I speak from experience that the only easy Gateway install is the one from the included CD-ROM.
It repartitions, formats, and provides a complete installation (apps and all). Just don't try to run anything else. Oh, and don't bother looking for drivers - they're not on the web site! Considering Windows 98 is pretty common and practically every consumer electronics company produces drivers for it, I am astounded that Gateway hides its drivers...
I'd also like to say that I'm impressed by the unusually low level of FUD and reverse-FUD (making Windows and NT out to be worse than they really are).
I admin NT boxes (and merely have 'heightened' access on a few *nix boxes). The exploit the mentioned seems plausible - but only in theory.
r entVersion\Run, simply make it read-only to non-administrative accounts. Setting file and registry permissions to read-only can actually make a machine pretty safe.
There is no builtin way to mess with the Object Tree in NT4. Even WinObj (www.sysinternals.com) doesn't let you actually edit the tree. Furthermore, the permissions can be reset with the proper kernel patches.
As to the complaints of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur
NT was never intended to be a multi-user platform, at least in the traditional sense. It was designed so that different users could login and use the same programs, with their own unique preferences, _serially_, and carry those preferences to any other computer they used.
The biggest problem Ive found with NT is not inherent to the OS. It has to do with third-party parogrammers (and, sadly, some M$ programmers too) not programming with the assumption that the user will only have read access. Netscape, Corel, Adobe, M$ Office 95/97 (but not 2000), and most stat packages all require unacceptably high access to the registry and/or filesystem. (Most _require_ write access to non-user specific preferences files, or a few application-specific registry entries).
Give me apps that adhere to NT profile policies, and that can run in an entirely read-only environment, and you'd be surprised how secure I can make that workstation.