Email encryption works on the basis that only the recipient has the key, while those you are trying to protect against do not have the key.
DRM is flawed because the people you are trying to prevent having access to the content (ie your customers) also have the key, and through obscurity you try to restrict how they can use that key... All it takes is for one person to work it out.
Well Microsoft are pretty big, people would have considered them a relatively safe bet for DRM'd content being playable in years to come... How did that turn out?
There is no way to have standardized DRM... The whole idea of DRM relies entirely on security through obscurity, and if you publish a standard then that obscurity is gone. Even with an obscured scheme, if it's worth it to anyone (ie there aren't easier ways to get the same content) then someone will reverse engineer the format and work out how to extract the data from it in a usable way. This will _ALWAYS_ be possible, because the player itself has to get the data into a usable format itself in order to display it.
All DRM does is inconvenience legitimate users, pirates will just download media that is not drm encumbered and have a better user experience.
The problem with MCSE and other similar vendor-provided certifications is that a product vendor is absolutely the wrong entity to be providing such certifications... If they made the certification hard, then few people would pass it resulting in few people in the industry certified to use their products, bad for sales. On the other hand if they make it easy, then they have more "certified" people out there helping them sell their products.
You will find that a lot of so call security standards get watered down because microsoft is unable to comply with them...
For instance requiring AES encryption, microsoft only implemented that in windows 2008 and vista despite it existing for many years on other platforms...
Similarly requirements for removing unnecessary software, microsoft made it very difficult to remove stuff, so this basic requirement gets dropped too.
Browser bugs exist in all platforms, the only difference is that by exploiting iOS you can actually achieve something which benefits the user... The countless drive by exploits which target windows are usually not desired by the users.
Linux has a significant share of the server market... OSX (iOS) has a significant share of the smartphone market... Linux (via Android and WebOS) also has a significant share of the smartphone market... Linux has a significant share of the embedded market. Linux is dominant in the supercomputer market with over 90% share.
The only real market where Linux isn't strong is the desktop.. Conversely, windows doesn't exist at all in the embedded market (only windows ce/mobile, which is a completely different os).
The server market is and always has been very attractive to hackers...
Hacking webservers gives you a platform from which to exploit client systems... Valuable data is more likely to be stored on servers... Servers are typically more powerful, more stable and with more bandwidth (especially upstream) than workstations (and thus more useful to hackers wanting to launch DoS or spam campaigns).
Unix servers are attacked all the time, but these attacks are more crude (ssh brute force attempts etc) and usually less successful than attacks against windows systems for various reasons... Windows "servers" are often misused as workstations too, so it is not uncommon for a windows server to be misused for browsing the web and get compromised that way. Such things are extremely unlikely to occur on unix servers.
Embedded devices also make good targets for hackers, because they are generally very stable and often poorly monitored.
Supercomputers are prime targets for hackers, imagine the kudos among your hacker peers to say you got root on one of the top500 systems. Imagine how many passwords you could crack with that...
Unix may not be crash free, but it is a much simpler and better understood system. When stability or security are important, simplicity is exactly what you want because it gives you the greatest chance of having a full understanding of how and why the system works, and more importantly if something breaks its much simpler to fix. Not to mention, simpler system = less to go wrong.
And machinery is perfectly safe so long as its correctly maintained and properly operated... And yet, machines like cars are being made safer all the time because most people are lazy and are have variable levels of skill at operating machinery. You cant replace the users, but you can make the machines more foolproof to reduce the risk.
While true about the lack of central updating, this is primarily a problem of windows not offering a centralised update feature that other applications can easily hook into... I have Firefox and Chrome on my linux system and both browsers get updated centrally along with everything else on the system.
On windows you will sooner or later have to deploy some kind of third party update system, because a windows system without third party software is generally not that useful... At the very least most systems will have a PDF reader, flash, java and a handful of other custom applications... And ofcourse if all the system has is a web browser then there's no point running windows at all.
Also, do not trust WSUS... If you have a network of any size running WSUS, first check that all machines think they're fully patched, then go back and run a patch audit across the machines using something like Nessus (which checks the file versions rather than querying the windows update apis). This part is very important because you will find that on a network of any size, even when WSUS thinks every host is fully patched, there will be a handful of patches which are not correctly installed and you can verify this by manually verifying that the dll/exe versions that come with the patches are not installed.
Iptables is no more complex than any other widely used firewall system, cisco asa/pix etc... The fact the configuration is all in a single text file is a huge positive (cisco do the same, as do most other commercial firewalls).
And of course, if you really can't handle editing the textual ruleset by hand, there are plenty of graphical frontends available for iptables, and you still get a textfile at the end of it which you can copy to other systems and back up easily.
Also the windows firewall is extremely crude compared to iptables... Iptables is capable of a whole lot more, but it doesn't force that complexity on you... It's still possible to configure simple rulesets too.
Not only is windows extremely complex, but many of the security options don't really work, or are incorrectly used...
Things like the group policies for restricting access to the command prompt - thats a client side check in cmd.exe itself, modify the binary and it will run. People think its actually enforced at the OS level but its not.
The trouble is, all that complexity makes people think it's better than it really is... Complexity is a bad thing and there is much to be gained from keeping things simple, the more thoroughly you understand the system the better you can configure and monitor it.
As for why it's complex, some say windows is intentionally made as complex as possible to prevent a repeat of the dos and unix clones...
And despite the 60% figure, and having to perform a procedure that requires at least a little forethought, iphones are still selling like hotcakes...
No DRM scheme can be secure by its very nature, the only reason some schemes get cracked faster than others is down to laziness on the hackers part, why bother cracking one scheme when the same content is available via other schemes that are already cracked?
Put it this way, the sony ps3 was the last of the 3 major consoles to be cracked, and yet going for years without being cracked resulted in the xbox360 and wii taking the majority of marketshare, and very few ps3-exclusive games.
Piracy helps a platform sell, most of those pirates will also buy things and piracy allows them to have more software rather than to spend less on it, ie without piracy they would just have less content and thus less interest in the platform rather than spending more (money that they dont have)...
Piracy was also a great driver for PC gaming... But i see your point, i was in school during the Amiga days and they were by far the most prevalent computers among my peers... Parents chose them specifically so we could trade copies of games with our friends, and it didn't make us spend any less (we only had limited income and still bought games with it), we just had more games for the same spend.
Incidentally, why is windows excluded from your megacorp blacklist? I would have thought it would be one of the worst things about microsoft...
Have nokia actually released any meego based products? You really have to do this bit first before you can try persuading anyone to buy them... I know they had the N900, but that ran maemo, part of the reason meego is so delayed is because of the transition from maemo to meego...
It doesn't matter who developed a spec, what matters is the freedom you have to implement it... WebM lets anyone implement it, h.264 requires patent licenses in order to implement it.
Both specs are finalised, so noone can contribute to them anymore. Any contributions made would become part of a future spec, and there is nothing stopping you contributing to WebM and making future versions of the codec with or without google's cooperation.
Have a bootup password that's only required when powering on the phone, if you further configure the phone that it won't communicate via usb unless you've already entered the unlock code then you are at least relatively safe... Someone would need to steal your phone while its already powered up, dismantle it and try to read from memory.
On linux perhaps you can use the plaintext login password (which is not known to the system until the user logs in or you can crack the encrypted hash)... On windows the authentication system is such that the encrypted hash (which is stored on disk) is actually sufficient to authenticate...
On a phone you won't typically enter a password to boot the device, so it has to store the key on the device somehow.
There were some games like that, back in the early days of cd based consoles it was common to stream (poor quality) video from cd, overlay a minimal level of interaction on top and call it a game.
Or they could argue that the market value of a software update is zero because it's already possible to get ipv6 and other features for free by using one of the free linux based firmwares. It's also been commonplace for years that many software updates would be released for free, even when they provide new features.
Because IPv6 is not some future technology, it's been with us for over 15 years... Because every major OS has supported ipv6 now for over 10 years...
We're not asking for ipv8 or whatever might exist in the future, we're asking for support of a 15 year old standard that everyone else manages to support just fine.
The issue with most VPNs is that they are based on ipsec, which was originally part of ipv6 and therefore was never designed with NAT in mind... Ofcourse, there are always tunneling type vpns such as openvpn or pptp which only require a single tcp or udp connection.
I have had several ADSL lines over the years, and always had a/29 or/28 block of v4 with them... This is becoming increasingly hard to come by on new installs, although i still have my old addresses on one line.
Email encryption works on the basis that only the recipient has the key, while those you are trying to protect against do not have the key.
DRM is flawed because the people you are trying to prevent having access to the content (ie your customers) also have the key, and through obscurity you try to restrict how they can use that key... All it takes is for one person to work it out.
Well Microsoft are pretty big, people would have considered them a relatively safe bet for DRM'd content being playable in years to come... How did that turn out?
There is no way to have standardized DRM... The whole idea of DRM relies entirely on security through obscurity, and if you publish a standard then that obscurity is gone.
Even with an obscured scheme, if it's worth it to anyone (ie there aren't easier ways to get the same content) then someone will reverse engineer the format and work out how to extract the data from it in a usable way. This will _ALWAYS_ be possible, because the player itself has to get the data into a usable format itself in order to display it.
All DRM does is inconvenience legitimate users, pirates will just download media that is not drm encumbered and have a better user experience.
The problem with MCSE and other similar vendor-provided certifications is that a product vendor is absolutely the wrong entity to be providing such certifications...
If they made the certification hard, then few people would pass it resulting in few people in the industry certified to use their products, bad for sales.
On the other hand if they make it easy, then they have more "certified" people out there helping them sell their products.
You will find that a lot of so call security standards get watered down because microsoft is unable to comply with them...
For instance requiring AES encryption, microsoft only implemented that in windows 2008 and vista despite it existing for many years on other platforms...
Similarly requirements for removing unnecessary software, microsoft made it very difficult to remove stuff, so this basic requirement gets dropped too.
Browser bugs exist in all platforms, the only difference is that by exploiting iOS you can actually achieve something which benefits the user... The countless drive by exploits which target windows are usually not desired by the users.
Linux has a significant share of the server market...
OSX (iOS) has a significant share of the smartphone market...
Linux (via Android and WebOS) also has a significant share of the smartphone market...
Linux has a significant share of the embedded market.
Linux is dominant in the supercomputer market with over 90% share.
The only real market where Linux isn't strong is the desktop.. Conversely, windows doesn't exist at all in the embedded market (only windows ce/mobile, which is a completely different os).
The server market is and always has been very attractive to hackers...
Hacking webservers gives you a platform from which to exploit client systems...
Valuable data is more likely to be stored on servers...
Servers are typically more powerful, more stable and with more bandwidth (especially upstream) than workstations (and thus more useful to hackers wanting to launch DoS or spam campaigns).
Unix servers are attacked all the time, but these attacks are more crude (ssh brute force attempts etc) and usually less successful than attacks against windows systems for various reasons...
Windows "servers" are often misused as workstations too, so it is not uncommon for a windows server to be misused for browsing the web and get compromised that way. Such things are extremely unlikely to occur on unix servers.
Embedded devices also make good targets for hackers, because they are generally very stable and often poorly monitored.
Supercomputers are prime targets for hackers, imagine the kudos among your hacker peers to say you got root on one of the top500 systems. Imagine how many passwords you could crack with that...
Unix may not be crash free, but it is a much simpler and better understood system.
When stability or security are important, simplicity is exactly what you want because it gives you the greatest chance of having a full understanding of how and why the system works, and more importantly if something breaks its much simpler to fix. Not to mention, simpler system = less to go wrong.
And machinery is perfectly safe so long as its correctly maintained and properly operated...
And yet, machines like cars are being made safer all the time because most people are lazy and are have variable levels of skill at operating machinery. You cant replace the users, but you can make the machines more foolproof to reduce the risk.
While true about the lack of central updating, this is primarily a problem of windows not offering a centralised update feature that other applications can easily hook into... I have Firefox and Chrome on my linux system and both browsers get updated centrally along with everything else on the system.
On windows you will sooner or later have to deploy some kind of third party update system, because a windows system without third party software is generally not that useful... At the very least most systems will have a PDF reader, flash, java and a handful of other custom applications... And ofcourse if all the system has is a web browser then there's no point running windows at all.
Also, do not trust WSUS... If you have a network of any size running WSUS, first check that all machines think they're fully patched, then go back and run a patch audit across the machines using something like Nessus (which checks the file versions rather than querying the windows update apis). This part is very important because you will find that on a network of any size, even when WSUS thinks every host is fully patched, there will be a handful of patches which are not correctly installed and you can verify this by manually verifying that the dll/exe versions that come with the patches are not installed.
Iptables is no more complex than any other widely used firewall system, cisco asa/pix etc...
The fact the configuration is all in a single text file is a huge positive (cisco do the same, as do most other commercial firewalls).
And of course, if you really can't handle editing the textual ruleset by hand, there are plenty of graphical frontends available for iptables, and you still get a textfile at the end of it which you can copy to other systems and back up easily.
Also the windows firewall is extremely crude compared to iptables... Iptables is capable of a whole lot more, but it doesn't force that complexity on you... It's still possible to configure simple rulesets too.
Not only is windows extremely complex, but many of the security options don't really work, or are incorrectly used...
Things like the group policies for restricting access to the command prompt - thats a client side check in cmd.exe itself, modify the binary and it will run. People think its actually enforced at the OS level but its not.
The trouble is, all that complexity makes people think it's better than it really is... Complexity is a bad thing and there is much to be gained from keeping things simple, the more thoroughly you understand the system the better you can configure and monitor it.
As for why it's complex, some say windows is intentionally made as complex as possible to prevent a repeat of the dos and unix clones...
And despite the 60% figure, and having to perform a procedure that requires at least a little forethought, iphones are still selling like hotcakes...
No DRM scheme can be secure by its very nature, the only reason some schemes get cracked faster than others is down to laziness on the hackers part, why bother cracking one scheme when the same content is available via other schemes that are already cracked?
Put it this way, the sony ps3 was the last of the 3 major consoles to be cracked, and yet going for years without being cracked resulted in the xbox360 and wii taking the majority of marketshare, and very few ps3-exclusive games.
Piracy helps a platform sell, most of those pirates will also buy things and piracy allows them to have more software rather than to spend less on it, ie without piracy they would just have less content and thus less interest in the platform rather than spending more (money that they dont have)...
Piracy was also a great driver for PC gaming... But i see your point, i was in school during the Amiga days and they were by far the most prevalent computers among my peers... Parents chose them specifically so we could trade copies of games with our friends, and it didn't make us spend any less (we only had limited income and still bought games with it), we just had more games for the same spend.
Incidentally, why is windows excluded from your megacorp blacklist? I would have thought it would be one of the worst things about microsoft...
Have nokia actually released any meego based products? You really have to do this bit first before you can try persuading anyone to buy them...
I know they had the N900, but that ran maemo, part of the reason meego is so delayed is because of the transition from maemo to meego...
It doesn't matter who developed a spec, what matters is the freedom you have to implement it... WebM lets anyone implement it, h.264 requires patent licenses in order to implement it.
Both specs are finalised, so noone can contribute to them anymore. Any contributions made would become part of a future spec, and there is nothing stopping you contributing to WebM and making future versions of the codec with or without google's cooperation.
Have a bootup password that's only required when powering on the phone, if you further configure the phone that it won't communicate via usb unless you've already entered the unlock code then you are at least relatively safe... Someone would need to steal your phone while its already powered up, dismantle it and try to read from memory.
On linux perhaps you can use the plaintext login password (which is not known to the system until the user logs in or you can crack the encrypted hash)...
On windows the authentication system is such that the encrypted hash (which is stored on disk) is actually sufficient to authenticate...
On a phone you won't typically enter a password to boot the device, so it has to store the key on the device somehow.
There were some games like that, back in the early days of cd based consoles it was common to stream (poor quality) video from cd, overlay a minimal level of interaction on top and call it a game.
Or they could argue that the market value of a software update is zero because it's already possible to get ipv6 and other features for free by using one of the free linux based firmwares.
It's also been commonplace for years that many software updates would be released for free, even when they provide new features.
If that's fraud, how about the sony behaviour of selling you features now and then taking some of them away later?
Because IPv6 is not some future technology, it's been with us for over 15 years...
Because every major OS has supported ipv6 now for over 10 years...
We're not asking for ipv8 or whatever might exist in the future, we're asking for support of a 15 year old standard that everyone else manages to support just fine.
The issue with most VPNs is that they are based on ipsec, which was originally part of ipv6 and therefore was never designed with NAT in mind...
Ofcourse, there are always tunneling type vpns such as openvpn or pptp which only require a single tcp or udp connection.
I have had several ADSL lines over the years, and always had a /29 or /28 block of v4 with them...
This is becoming increasingly hard to come by on new installs, although i still have my old addresses on one line.
I have a Buffalo WZR-HP-G300NH, it came preinstalled with DD-WRT, has a 4 port (dumb) gigabit switch, has 64mb of flash and a usb port.