I tell my students that the purpose of security is not absolute proteciton -- for that, you can encase your box in cement and drop it in a deep lake. The point of security is to make it so hard for an attacker that (s)he goes hunting for a better target (easier and/or juicer). Currently (as he points out), Firefox makes it harder on most attackers, so it's the better bet for most users.
Even though the conversion was intended mostly for the staff, they didn't expect the almost 100% conversion to OO that they got. My guess is that most of the staff running XP (about half of them) still have MS Office installed on their machines and they were expected to stay with MS Office, but they (for whatever reason) preferred to use OO.
Sure they will... It'll help them calibrate their spam-blocking techniques. If the volume goes up (or stays the same) and the hit count drops, then they'll know that something's working especially well.
one of the reasons this may have worked is because it was in a learning environment.
It was the staff who converted -- and (to their surprise) found that it was way better than they expected. Learning curve for the staff is quite relevant, since they all probably knew MS Office before hand.
On the other hand, you still have a learning curve for every new version of MS Office too... Probably about as much as the difference between MS and Open..
and kept MS Office for some of the administration stuff, probably because they couldn't afford not openning certain documents.
MS Office couldn't open some MS office documents, and OO couldn't open some MS Office documents -- so overall, I'd say we're about equal here.
how much more postage is going to cost them because secretarial staff can now write more letters per day? Things like this add up and can cost big money that isn't represented in this report.
Not having to retype old documents means that staff can afford to take more breaks -- That's Lost productive time that I don't see taken into account.
There's lots more, but I have to go to the beach (to get my hair cut -- honest!).
Microsoft is supposed to be injuncted from punnishing vendors for selling machines with other OSs, but for some strange reason, nobody with a decent market share is brave enough to supply a machine pre-loaded with Linux.
HP knows that these machines are intended to run Linux, but they're somehow unable to ship them with the OS installed. If it's not pressure from Microsoft, then why? More importantly, how would one reasonably go about proving the conspiracy theory?
In this case, they're marking the site so that later 'marks' recognize that the site isn't legitimate -- but otherwise leave it up and functional. Yes, it might run over some forensic info, but given the dearth of arrests for these scams, it's rather productive to save some newbie's but (and bucks) from these people.
... the point was - Do you really think that your average consumer who buys the new uC controlled refrigerator with nifty 'email you when out of milk' is going to have any clue about any of that stuff?
If he does that with IP4, he's even more toast (if you'll allow the pun) With every home getting a/48 network, guessing the address of the fridge isn't going to be as easy as with your average NATed IP4 network -- and if the routers have sane firewall rules in place of NAT, then you won't be able to do anything anyways.
Of course, if you don't want your toaster to be world-addressable, then you should just limit it to link scope addresses -- job done. You actually end up with the best of both worlds: Link scope inside the house for private units and global scope for world accessible stuff -- along with the built-in security that IP6 provides.
The more I think about this, the better it sounds.
Just as long as they don't take out the entire server. A lot of these sites are hosted on hijacked and otherwise innocent boxes. If it's a multi-hosted box, you could easily end up taking out a couple hundred unrelated websites.
Even for a single-hosted box, the person running the box may not be aware of what it's doing.
Those caveats having been stated, however, I think that it's a nice thing to see being done. I've sent emails to the sites being spoofed suggesting that they ask for this sort of change, but I've never seen it actually done. They seem to either do nothing, or shut down the website -- no inbetween.
I think I'll just quietly install NS8 on all of my clients' boxes before they fix this 'feature'.
No need to tell them about it, though... Just leave them using Firefox.
You don't need NAT to lock out all of your boxes... Any firewall powerful enough to do NAT can do stateful filtering -- If an incoming packet isn't related to an outbound connection, you just don't accept it.
Even when you are using NAT you still have to filter out packets that are routed to your outside interface and aimed at your inside boxes (you do do that, don't you?). This is especially true of cable systems where I can often see broadcasts from the other boxes in my neighbourhood and know that inside networks are almost always 192.168.[0123].* . There are often other ways to suss out the inside topology of a network besides just guessing.
Presumimg that just nat is going to protect you is the kind of false security thing that leads to gaping holes in your defences.
The last time I checked with my ISP (telus), they weren't supporting IPV6. This means that I need to tunnel to the nearest IP6 gateway -- so much for improved speed.
Once most ISPs are IPV6 native, there'll be a lot more reason for people to play with it -- if only because it'll then be a lot easier. (Hey, I'm lazy. I expect that others are too). I had tunnelling working for a while but it broke and I haven't gotten around to getting it working again.
[Systems] long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such [systems], and to provide new Guards for their future security.
For those of you who don't recognize it, that's a direct quote from the US Declaration of Independence -- s/Government/System/g
People might just tell their friends that it starts out good, but just gets hard to read after a while. -> lost sales.
The trick, if it worked at all, would only work for Ebook beginners -- and would have the side effect of possibly turning them off of Ebooks, generally.
So the Linux kernel is.. what? 20Meg? and Knoppix (a relatively limited linux release) is about 2GB uncompressed. In other words, Nokia is 'protecting' about 1% of Linux.
Not quite to be sneezed at, but it's still far from blanket protection (more like a brazillian bikini).
The problem is people who do things like write down their password, and then tape it to the keyboard (and things like that).
A friend of mine has a good rule "Never store a written password within 8 feet of your computer". (why 8 feet, and not 10?? 10 sounds like a rounded-off number that quickly degenerates to 5, and then 2 8 sounds like it was chosen for a reason -- Just tell them that it was chosen for social engineering reasons).
Another thing that I'll do is not actually put the password itself onto paper == instead, I'll put something from which I can generate the password. For passwords that I use often enough to memorize I'll destroy the written version once I've got it memorized.
For short passwords (e.g. Solaris 8,9) I suggest that people use the mnemonic method
That is fine for an established author who may receive significant compensation based on things other than raw book sales.
It's also good for an author who depends on sales generally -- One person downloads the book and recommends it to his/her friends. Some of those friends will also download it from the net, but most who want to read it will go out and buy the physical book -- so that 'free' download will result in more purchases than it 'costs'.
I similarly had a friend get a number of sales (and a small film project) by putting copies of her music on her website. I really had to beat on her to put it up, but it seems to have paid off.
For the initial install, you need something to get the updates, etc.
Similarly, I won't let someone go onto the net with a virgin 2000 or XP install. I'll use knoppix to download the initial updates, spybot and adaware. (I had one student who gave up after 4 attempts to install upgrade without getting infected).
(( Just recently, I had a friend who had to do a (dell) clean-and-install. By the time she called me, she had a 'virgin' machine infected like a cheap crack-whore. Nothing much to do other than reinstall, then use Linux to grab updates and tools before letting her loose. ))
In this case, however, the MS guy had a completed install -- and if MS can't keep their own software working properly, how can you expect a regular joe blow to?
For me, the process of recovering a virus-infected PC includes running clam-av from knoppix (in the hopes that it helps find anything that's seriously embeded in the OS, as a driver, etc.)
I don't think the picture makes it too easy to see that this is OpenOffice.org 1.1.2 and ALT Linux Compact 2.3
It's pretty clear that it's OO1.1.2. the upper left icon on the window reminds me of TWM -- not sure about that, but it's almost certainly not Windows.
The image zoom extension to Firefox definitely helps.
Security decisions often have to include the fight between ease of use and actual security. When I worked at one ISP, I kept on asking that the user passwords be encrypted -- just on principle. This was vetoed because it would make it harder for the mid-level support reps to compare the typed in (and logged) passwords to what was in the password file.
Slashdot Mirror
What more is there to say?
I tell my students that the purpose of security is not absolute proteciton -- for that, you can encase your box in cement and drop it in a deep lake. The point of security is to make it so hard for an attacker that (s)he goes hunting for a better target (easier and/or juicer). Currently (as he points out), Firefox makes it harder on most attackers, so it's the better bet for most users.
Even though the conversion was intended mostly for the staff, they didn't expect the almost 100% conversion to OO that they got. My guess is that most of the staff running XP (about half of them) still have MS Office installed on their machines and they were expected to stay with MS Office, but they (for whatever reason) preferred to use OO.
Sure they will... It'll help them calibrate their spam-blocking techniques. If the volume goes up (or stays the same) and the hit count drops, then they'll know that something's working especially well.
It was the staff who converted -- and (to their surprise) found that it was way better than they expected. Learning curve for the staff is quite relevant, since they all probably knew MS Office before hand.
On the other hand, you still have a learning curve for every new version of MS Office too... Probably about as much as the difference between MS and Open..
and kept MS Office for some of the administration stuff, probably because they couldn't afford not openning certain documents.
MS Office couldn't open some MS office documents, and OO couldn't open some MS Office documents -- so overall, I'd say we're about equal here.
- how much more postage is going to cost them because secretarial staff can now write more letters per day? Things like this add up and can cost big money that isn't represented in this report.
- Not having to retype old documents means that staff can afford to take more breaks -- That's Lost productive time that I don't see taken into account.
There's lots more, but I have to go to the beach (to get my hair cut -- honest!).HP knows that these machines are intended to run Linux, but they're somehow unable to ship them with the OS installed. If it's not pressure from Microsoft, then why? More importantly, how would one reasonably go about proving the conspiracy theory?
In this case, they're marking the site so that later 'marks' recognize that the site isn't legitimate -- but otherwise leave it up and functional. Yes, it might run over some forensic info, but given the dearth of arrests for these scams, it's rather productive to save some newbie's but (and bucks) from these people.
If he does that with IP4, he's even more toast (if you'll allow the pun) With every home getting a /48 network, guessing the address of the fridge isn't going to be as easy as with your average NATed IP4 network -- and if the routers have sane firewall rules in place of NAT, then you won't be able to do anything anyways.
Of course, if you don't want your toaster to be world-addressable, then you should just limit it to link scope addresses -- job done. You actually end up with the best of both worlds: Link scope inside the house for private units and global scope for world accessible stuff -- along with the built-in security that IP6 provides.
The more I think about this, the better it sounds.
Even for a single-hosted box, the person running the box may not be aware of what it's doing.
Those caveats having been stated, however, I think that it's a nice thing to see being done. I've sent emails to the sites being spoofed suggesting that they ask for this sort of change, but I've never seen it actually done. They seem to either do nothing, or shut down the website -- no inbetween.
I think I'll just quietly install NS8 on all of my clients' boxes before they fix this 'feature'.
No need to tell them about it, though... Just leave them using Firefox.
Even when you are using NAT you still have to filter out packets that are routed to your outside interface and aimed at your inside boxes (you do do that, don't you?). This is especially true of cable systems where I can often see broadcasts from the other boxes in my neighbourhood and know that inside networks are almost always 192.168.[0123].* . There are often other ways to suss out the inside topology of a network besides just guessing.
Presumimg that just nat is going to protect you is the kind of false security thing that leads to gaping holes in your defences.
Once most ISPs are IPV6 native, there'll be a lot more reason for people to play with it -- if only because it'll then be a lot easier. (Hey, I'm lazy. I expect that others are too). I had tunnelling working for a while but it broke and I haven't gotten around to getting it working again.
For those of you who don't recognize it, that's a direct quote from the US Declaration of Independence -- s/Government/System/g
That's so good, I put it on my second website
The trick, if it worked at all, would only work for Ebook beginners -- and would have the side effect of possibly turning them off of Ebooks, generally.
Not quite to be sneezed at, but it's still far from blanket protection (more like a brazillian bikini).
A Knoppix CD is a trivial to setup and a lot smaller to carry around.
A friend of mine has a good rule "Never store a written password within 8 feet of your computer". (why 8 feet, and not 10?? 10 sounds like a rounded-off number that quickly degenerates to 5, and then 2 8 sounds like it was chosen for a reason -- Just tell them that it was chosen for social engineering reasons).
Another thing that I'll do is not actually put the password itself onto paper == instead, I'll put something from which I can generate the password. For passwords that I use often enough to memorize I'll destroy the written version once I've got it memorized.
For short passwords (e.g. Solaris 8,9) I suggest that people use the mnemonic method
It's also good for an author who depends on sales generally -- One person downloads the book and recommends it to his/her friends. Some of those friends will also download it from the net, but most who want to read it will go out and buy the physical book -- so that 'free' download will result in more purchases than it 'costs'.
I similarly had a friend get a number of sales (and a small film project) by putting copies of her music on her website. I really had to beat on her to put it up, but it seems to have paid off.
Similarly, I won't let someone go onto the net with a virgin 2000 or XP install. I'll use knoppix to download the initial updates, spybot and adaware. (I had one student who gave up after 4 attempts to install upgrade without getting infected).
(( Just recently, I had a friend who had to do a (dell) clean-and-install. By the time she called me, she had a 'virgin' machine infected like a cheap crack-whore. Nothing much to do other than reinstall, then use Linux to grab updates and tools before letting her loose. ))
In this case, however, the MS guy had a completed install -- and if MS can't keep their own software working properly, how can you expect a regular joe blow to?
For me, the process of recovering a virus-infected PC includes running clam-av from knoppix (in the hopes that it helps find anything that's seriously embeded in the OS, as a driver, etc.)
It's pretty clear that it's OO1.1.2. the upper left icon on the window reminds me of TWM -- not sure about that, but it's almost certainly not Windows.
The image zoom extension to Firefox definitely helps.
Try learning Ukranian (or russian, or...)
Some brits would buy you a pint for that comment.
oh well.