ok, lets look at this... we have a marketing machine that has sold windows a 'easy as a toaster over', i.e. no technical knowlege needed. they seem to have pressured choices to be made that sacrificed security for simplicity/user friendliness.
we have the programmers that created bugs 6 or 7 years ago that are still being discovered and they are writing new ones. the attitude that once a piece of code is 'done', it's done. the pressure to make the new version seems to be a problem here.
the users. granted they've been told it's easy and you don't need this or that or to think. but they bought a complex system. they thought they bought a toaster oven when really they bought a car. every halfway awake person knows that a car needs regular maintanence or it will break down. and even then things go wrong. and when the car needs work you do it yourself or you *pay* someone else to do it. this seems to have escaped computer users. how many of you heard users express: 'you want me to *pay* to have a virus removed?'
anyway, i think the real reason why we have this problems is that too many people had their head in the sand and said it can't happen here. or decided to save bucks by not doing pm or save bucks by not having qualified technical talent, etc.
i think that the other countries are discovering that there is a learning curve. i remember reading that china, india, brazil, etc were planning this and that. we (america) did a serveral missions that just put someone in space or in orbit before we went to the moon. if i remember correctly we sent animals up before that. it seems that a lot of people are trying to run before they learned to walk or even crawl.
if you look at the history of the russian space program there are examples where they were in a hurry to get into space and a *lot* of people died. they lost over 100 people on one launch attempt, largely to incredible stupidity!
in a very sad way, this reminds me of compaq making printers. compaq got into making laser printers about 15 years late. they have very smart engineers and were on track to make good printers, but were in too much of a hurry. it was noted that the compaq laser printers suffered from some operational problems that hp had solved years before.
i wish all people looking up the best and hope that they don't give up.
i believe that the directories that we are talking about are based on the x.500 spec.
novell was first with NDS, Netware Directory Services sometimes called ediretory. very close to the x.500 spec including some stuff that they put into it but recommended that you don't use (r/o partitions come to mind).
ms was *very* late to the dirctory part with ads, Active Directory Services. this is an expansion of the MS domain model. it appears to not be as x.500 complient as it should.
if you want a comparision of these, there is no beter experiment than hooking up 4 or 5 servers and building something out of directory services. if you can't do that, look to the microsoft annoucement that they put 2.5 million objects in an ads network. then compare to the brainshare demo where novell put over a *billion* objects into nds.
i was wondering about the motivations of the person(s) that wrote this. they seemed to have a mad-on against microsoft. what seemed weird was that if this had been a 'quiet' worm that spread, there would have been a lot more machines that were infected on dday. ms being hit by a large number of zombies and having to *beg* people to clean up their systems would have been pretty funny.
i saw the news about the second (and third) versions and i just wondered if these (all three) we just a distraction. i wonder how many people looked for an awfully obvious process and if they did't see it, well, that was the end of the story?
it would be interesting to have a requirement of 'detailed activities' or 'detailed communications'. imagine if there was a requirement that a program document exactly where it communicated to and what kind of data was transmitted. and other types of communications or data would be illegal?
there's all sorts of 'legit' software connecting on the net. the newer versions of acrobat readers can make a connection to get updates....
the answer is not to make this stuff easier to use! first, we have been doing that for 10 years now. we've been lowering the bar and people still keep tripping over it! secondly, making it 'easier' has taken away security and safety mechanisms.
no matter how easy we make this, if you are not required to learn/know a certain amount, you will be making a mess. maybe just for you, maybe for other people.
it starts with the microbes 'consuming' uranium... ok, what does the microbe do with it? it's still radioactive and now your microbe is also!
then i get to the part where the microbe is taking water based uranium and making a solid form. ok.
don't you still have to dig this stuff up? wouldn't the 'solid' form break down after a while and still have the problem? and wouldn't the solid form still have the same amount of radioactivity?
it looks like it makes it easier to get it out of soil, but you still have to dig it up and process it out?
i suspect it is an exception. that is one of the most messed up road sections in the U.S. of A.
for those of you not familiar with this, from the beltway around washington dc (i-495) there is a toll road (owned by the state i assume) that runs to (by) dulles int'n airport. there is in the median of this toll road another highway that is free but only to and from the airport. with all sorts of cut-ins and cut-outs between the roads. along with signs that say don't cheat.
then the road (toll road) was extened from the dulles area to leesburg (?) by a private company. if my understanding is correct, this is one of the few privately owned and publicly used highways in america. i would expect that they own the road and the signs and they make the rules.
eric
that should be a function of the os (or a program)
on
State Of The Filesystem
·
· Score: 2, Insightful
there os should have a 'list' of what's supported by each fs. when you copy a file from fsa to fsb the os (or program) should compare feature and let you know (somehow) that something is not (may not) going to work right. if you copy something from the regular ext2 system that is case sensitive to a ms-dos floppy disk, something should try to remind you. or the program checks this and looks for problems.
remember that not all problems can be detected, so are you willing to live with: 'this may not work correctly' messages?
keep in mind that *some* nations have this thing called rule of law.
first of all the lawmakers are elected by the people and answer to them. the eu may make noise, but the people can decide to not reelect you.
next there are issues relating to treaties. i have no idea if there is anything like this in any european country, but it is my understanding that for a treaty to be binding in the us, the president has to deliver it to the senate for their approval.
you are basicly correct. you don't know how a car works. it just runs.
but you left out the rest of it. when the car doesn't work, it needs to be fixed. and if you don't have the know-how and tools to fix it, you take it to someone who does and you *pay* them to fix it.
there are issues here about reliability and stuff like that, but when it comes right down to it, you don't have to know anything about computers, you just have to pay to fix them/make them work.
don't get your hopes up. the 9th circuit is the most often overturned court in the federal system. nothing is settled with this until the supreme court makes a case of it.
i doubt it. the last thing that ms wants is a cheap entry into linux. even if people don't use linux on an x-box on a long term basis, it is *exposure* to linux on the cheap and easy. and i can't see any way that this would be good for ms.
...and i don't mind if you take the risk that is involved with 5Ghz radio. but there may be people *around* you that don't share the same risk affinity.
we all deal with 'trusted computing' to some extent or other. in any computer system there is a person/persons/entity that is trusted. in the simplest form it is supervisor/admin/etc. as you design a network you describe who is trusted.
when you get a commercial digital certificate you are expressing trust.
in a well designed (large) system you would build in multiple trusts to act as a check and balance. sort of an auditing feature. novell is real big on this.
i find it interesting that the ms model of trust is pretty much putting all your eggs in what is mostly their basket. no auditing, no accountability, etc.
i suspect that we will see more distributed trust as companies and isps become more involved in this.
i would vote for a slowing down the release cycle of software products. with the idea of 'new versions' every 18 months becoming common, it seems that there is more writing of code than debugging/optimizing.
and i've said this before, certain software companies have not been very good about training administrators about patching, etc.
i got a service call last week to look at a computer that couldn't talk on the net...
symantec personal firewall was installed but deactivated. no funky windows xp filtering was setup, etc, etc.
pinging local hosts generated a 'host unreachable' message rather than the std 'timed out'
tried the ms kb tactic of rebuilding the ip stack (via a netsh command). still had a problem. looked at other things that might have caused it. had dell replace system board. still had problem.
8:30 am removed the symantec personal firewall and poooft problem solved. why did i not remove the spf before this? because it was working before and there was no evidence that it had been tampered with.
i will double check with the individual, but i think this patch was installed automatically.
disclosure is important for two reasons: yes, these things can be used against you, but it can also be used *for* you.
my problem is that the insurance company will waste no time pulling this out of a hat to deny a claim or raise your rates, but i doubt that they will tell you about this so that you can use this information to help you win a case against them. so i think everyone should know that they have a recorder. (if they have one)
eric
the main cause of drug resistant bugs...
on
Mutant Mosquitos
·
· Score: 1
you forgot a very important step (unfortuneatly very common) to drug resistant diseases: people not taking all their medicine! 10 days of amoxicillin and you only take 5 or six days of pills.... argh!
let me start with some agreements:
i agree with you on the filesystem, but i'm spoiled because of netware. the recoverability of original (3x, 4x, 5x) netware fs was good and nss is outstanding.
i also agree to some extent with the poor tools.
but here's the kicker: people talk about the expensive linux (or unix, or netware) engineers and compare that to the low-cost (cheap?) ms engineers and they haven't compared oranges to oranges. a lot of people are lining up to get burned because their ms technical people don't know what they are doing. and mcse's that do know what they are doing are rare and expensive. i've made more money that i want to think about cleaning up after one or two people who thought they knew active directory.
Slashdot Mirror
ok, lets look at this...
we have a marketing machine that has sold windows a 'easy as a toaster over', i.e. no technical knowlege needed. they seem to have pressured choices to be made that sacrificed security for simplicity/user friendliness.
we have the programmers that created bugs 6 or 7 years ago that are still being discovered and they are writing new ones. the attitude that once a piece of code is 'done', it's done. the pressure to make the new version seems to be a problem here.
the users. granted they've been told it's easy and you don't need this or that or to think. but they bought a complex system. they thought they bought a toaster oven when really they bought a car. every halfway awake person knows that a car needs regular maintanence or it will break down. and even then things go wrong. and when the car needs work you do it yourself or you *pay* someone else to do it. this seems to have escaped computer users. how many of you heard users express: 'you want me to *pay* to have a virus removed?'
anyway, i think the real reason why we have this problems is that too many people had their head in the sand and said it can't happen here. or decided to save bucks by not doing pm or save bucks by not having qualified technical talent, etc.
eric
i think that the other countries are discovering that there is a learning curve. i remember reading that china, india, brazil, etc were planning this and that. we (america) did a serveral missions that just put someone in space or in orbit before we went to the moon. if i remember correctly we sent animals up before that. it seems that a lot of people are trying to run before they learned to walk or even crawl.
if you look at the history of the russian space program there are examples where they were in a hurry to get into space and a *lot* of people died. they lost over 100 people on one launch attempt, largely to incredible stupidity!
in a very sad way, this reminds me of compaq making printers. compaq got into making laser printers about 15 years late. they have very smart engineers and were on track to make good printers, but were in too much of a hurry. it was noted that the compaq laser printers suffered from some operational problems that hp had solved years before.
i wish all people looking up the best and hope that they don't give up.
eric
i believe that the directories that we are talking about are based on the x.500 spec.
novell was first with NDS, Netware Directory Services sometimes called ediretory. very close to the x.500 spec including some stuff that they put into it but recommended that you don't use (r/o partitions come to mind).
ms was *very* late to the dirctory part with ads, Active Directory Services. this is an expansion of the MS domain model. it appears to not be as x.500 complient as it should.
if you want a comparision of these, there is no beter experiment than hooking up 4 or 5 servers and building something out of directory services. if you can't do that, look to the microsoft annoucement that they put 2.5 million objects in an ads network. then compare to the brainshare demo where novell put over a *billion* objects into nds.
eric
i was wondering about the motivations of the person(s) that wrote this. they seemed to have a mad-on against microsoft. what seemed weird was that if this had been a 'quiet' worm that spread, there would have been a lot more machines that were infected on dday. ms being hit by a large number of zombies and having to *beg* people to clean up their systems would have been pretty funny.
i saw the news about the second (and third) versions and i just wondered if these (all three) we just a distraction. i wonder how many people looked for an awfully obvious process and if they did't see it, well, that was the end of the story?
somethings smells here.
eric
it would be interesting to have a requirement of 'detailed activities' or 'detailed communications'. imagine if there was a requirement that a program document exactly where it communicated to and what kind of data was transmitted. and other types of communications or data would be illegal?
there's all sorts of 'legit' software connecting on the net. the newer versions of acrobat readers can make a connection to get updates....
eric
disk space is cheap, download your favorate britney tracks and maybe 10 or 20 per track of other stuff in a random pattern.
most people that i have supported could lose a GB of storage and not notice.
eric
the answer is not to make this stuff easier to use! first, we have been doing that for 10 years now. we've been lowering the bar and people still keep tripping over it!
secondly, making it 'easier' has taken away security and safety mechanisms.
no matter how easy we make this, if you are not required to learn/know a certain amount, you will be making a mess. maybe just for you, maybe for other people.
eric
it starts with the microbes 'consuming' uranium... ok, what does the microbe do with it? it's still radioactive and now your microbe is also!
then i get to the part where the microbe is taking water based uranium and making a solid form. ok.
don't you still have to dig this stuff up? wouldn't the 'solid' form break down after a while and still have the problem? and wouldn't the solid form still have the same amount of radioactivity?
it looks like it makes it easier to get it out of soil, but you still have to dig it up and process it out?
eric
i suspect it is an exception. that is one of the most messed up road sections in the U.S. of A.
for those of you not familiar with this, from the beltway around washington dc (i-495) there is a toll road (owned by the state i assume) that runs to (by) dulles int'n airport. there is in the median of this toll road another highway that is free but only to and from the airport. with all sorts of cut-ins and cut-outs between the roads. along with signs that say don't cheat.
then the road (toll road) was extened from the dulles area to leesburg (?) by a private company. if my understanding is correct, this is one of the few privately owned and publicly used highways in america. i would expect that they own the road and the signs and they make the rules.
eric
there os should have a 'list' of what's supported by each fs. when you copy a file from fsa to fsb the os (or program) should compare feature and let you know (somehow) that something is not (may not) going to work right. if you copy something from the regular ext2 system that is case sensitive to a ms-dos floppy disk, something should try to remind you. or the program checks this and looks for problems.
remember that not all problems can be detected, so are you willing to live with: 'this may not work correctly' messages?
eric
keep in mind that *some* nations have this thing called rule of law.
first of all the lawmakers are elected by the people and answer to them. the eu may make noise, but the people can decide to not reelect you.
next there are issues relating to treaties. i have no idea if there is anything like this in any european country, but it is my understanding that for a treaty to be binding in the us, the president has to deliver it to the senate for their approval.
eric
you are basicly correct. you don't know how a car works. it just runs.
but you left out the rest of it. when the car doesn't work, it needs to be fixed. and if you don't have the know-how and tools to fix it, you take it to someone who does and you *pay* them to fix it.
there are issues here about reliability and stuff like that, but when it comes right down to it, you don't have to know anything about computers, you just have to pay to fix them/make them work.
eric
don't get your hopes up. the 9th circuit is the most often overturned court in the federal system. nothing is settled with this until the supreme court makes a case of it.
eric
i doubt it. the last thing that ms wants is a cheap entry into linux. even if people don't use linux on an x-box on a long term basis, it is *exposure* to linux on the cheap and easy. and i can't see any way that this would be good for ms.
eric
...and i don't mind if you take the risk that is involved with 5Ghz radio. but there may be people *around* you that don't share the same risk affinity.
eric
we all deal with 'trusted computing' to some extent or other. in any computer system there is a person/persons/entity that is trusted. in the simplest form it is supervisor/admin/etc. as you design a network you describe who is trusted.
when you get a commercial digital certificate you are expressing trust.
in a well designed (large) system you would build in multiple trusts to act as a check and balance. sort of an auditing feature. novell is real big on this.
i find it interesting that the ms model of trust is pretty much putting all your eggs in what is mostly their basket. no auditing, no accountability, etc.
i suspect that we will see more distributed trust as companies and isps become more involved in this.
eric
i would vote for a slowing down the release cycle of software products. with the idea of 'new versions' every 18 months becoming common, it seems that there is more writing of code than debugging/optimizing.
and i've said this before, certain software companies have not been very good about training administrators about patching, etc.
eric
Fear, Uncertainty, and Doubt. i was coined by persons that felt that this was IBMs main tactic against competition.
eric
it's not policy, it's low budget. if the company in question had a plan and a clue they wouldn't have had this problem in the first place.
it's amazing how many businesses are running around without a safety net in soooo many critical areas of their computer activities.
eric
the original code was (is) copyrighted, assuming it was written in a country that has copyright laws.
somehow i don't think that the owner of this copyright is gonna be knocking on the door to complain.
i got a service call last week to look at a computer that couldn't talk on the net...
symantec personal firewall was installed but deactivated. no funky windows xp filtering was setup, etc, etc.
pinging local hosts generated a 'host unreachable' message rather than the std 'timed out'
tried the ms kb tactic of rebuilding the ip stack (via a netsh command). still had a problem. looked at other things that might have caused it. had dell replace system board. still had problem.
8:30 am removed the symantec personal firewall and poooft problem solved. why did i not remove the spf before this? because it was working before and there was no evidence that it had been tampered with.
i will double check with the individual, but i think this patch was installed automatically.
eric
disclosure is important for two reasons: yes, these things can be used against you, but it can also be used *for* you.
my problem is that the insurance company will waste no time pulling this out of a hat to deny a claim or raise your rates, but i doubt that they will tell you about this so that you can use this information to help you win a case against them. so i think everyone should know that they have a recorder. (if they have one)
eric
you forgot a very important step (unfortuneatly very common) to drug resistant diseases: people not taking all their medicine! 10 days of amoxicillin and you only take 5 or six days of pills.... argh!
i've met people like this!
eric
i remember being a young pup and watching roadrunner (among many...), and i also remember my father cheering for the coyote!
everyone should have such fun memories!
eric
let me start with some agreements:
i agree with you on the filesystem, but i'm spoiled because of netware. the recoverability of original (3x, 4x, 5x) netware fs was good and nss is outstanding.
i also agree to some extent with the poor tools.
but here's the kicker: people talk about the expensive linux (or unix, or netware) engineers and compare that to the low-cost (cheap?) ms engineers and they haven't compared oranges to oranges. a lot of people are lining up to get burned because their ms technical people don't know what they are doing. and mcse's that do know what they are doing are rare and expensive. i've made more money that i want to think about cleaning up after one or two people who thought they knew active directory.
eric