Well, most importantly you can simply use the hash without needing to crack it... Google for pass the hash.
Even if your password is long and stored as NTLM, it will still get cracked quicker than the same password stored using other algorithms typically employed by unix systems... Rainbow tables are not viable for unix passwords at all.
I switched from a blackberry to an iphone, the blackberry didn't have flash either (do the current models?) but the iphone had a browser that was orders of magnitude better... I missed cut+paste for a while but i generally found the rest of the phones features much better, and i use it far more heavily than i did any previous phones i had.
On a desktop i generally browse with flashblock, and have found that the vast majority of flash content i encounter is just ads including the extremely annoying ones that include sound (having to hunt through 50 tabs looking for the one that just rotated to a noisy ad is EXTREMELY annoying). The few times i've ever allowed flash content, were primarily to play video but the iphone already has a dedicated app for youtube at least.
I also consider flash quite dangerous, there is finally some competition in the browser market now but there is still only one flash plugin, creating a dangerous monoculture for the blackhats to exploit.
Apple don't really innovate, they take existing ideas and implement and market them well... Your 5 year old laptop probably ran software designed for use with a mouse and keyboard, and which wasn't terribly usable with the touchscreen. It was also probably quite thick, heavy and noisy compared to an ipad...
The apple app store is basically a copy of the package management system in linux too...
The "marketplace" is nothing new, linux has had something similar for years it's just that apple dressed it up to look pretty and marketed it well..
The wepad is bigger and heavier than the ipad while having inferior battery life, and seems to have vents at the top suggesting it gets quite hot. I would rather have an open arm based tablet, ipad like hardware and open software...
On the subject of software, for anything like this to succeed it needs to have a slick interface, all the previous tablets i've used had really lousy interfaces, typically just desktop interfaces that don't work well on a tablet.
Single sign on is a massive compromise... It's convenient for the users, and enables them to have a single password for everything... It's also convenient for hackers, and enables them to have a single password for everything...
Whatever central system you use for managing the passwords becomes a HUGE target for anyone wanting to attack your network.
Depending what you use, it may be possible to compromise the server from a single workstation system too... This is especially true for windows based networks, or to a lesser degree unix based networks that run NIS. I haven't encountered enough networks based on other systems to be able to judge. Most organizations implement such systems without taking adequate care and end up making it possible to compromise machines which would otherwise have been secure.
And if you can work out the schema (easy enough once you get access to password histories), you can calculate future passwords and be sure of future access. I found a network where the users default passwords were their date of birth, somewhat mangled, eg: !27^March_1980! On its own, such a password would be relatively hard to brute force... But once you found out the formula, it was trivial to create a script that fed every possibly birthdate since 1900 into a cracker.
If someone cracks your old password, they could potentially work out your modifier process and calculate your current password. Especially if password histories are saved, such that you can see several revisions at a glance.
Any well implemented password strength checking algorithm will reject a change of password which is based on the old one with a few characters appended - cracklib (installed by default on most linux distros) for example will reject that.
Also consider how the passwords are stored... If they're salted SHA512 hashes, than a reasonably complex non dictionary password will be virtually impossible to brute force... If they're stored using the encryption schemes present in windows, then it doesn't matter how complex your password is - it can still be easily cracked (trivially if lanman is enabled), or you can simply use the hash without cracking it.
Depending on how its implemented... If it's using the default options built in to active directory for instance, then the password policy only really pays lip service to security while still being extremely weak... You might be required to use mixed case letters and numbers, and change your password every month or so... But it still doesn't stop you having weak passwords, for instance "Password1" is perfectly valid under every implementation i've seen, and when it forces you to change your password "Password2" works just fine. Eventually it forgets your old passwords so you can simply wrap back round to Password1.
It also only remembers a fixed number of passwords, not any password for a particular length of time... Which means you now need such nasty kludges as setting a minimum password age to avoid people wrapping the password round quickly.
If forced to change your password, just increment a number at the end...
But you are right, forcing someone to change a password regularly forces them to remember new passwords regularly, choose a poor change policy (like the incrementing numbers), or write their passwords down.
Opera may be more widely installed and available for more devices, but how many people actually make significant use of it? Based on what i've seen, people who have iphones do a LOT more web browsing from their phone than users of other types of phone. When i had a blackberry i very rarely used it for browsing, in contrast to having an iphone now when i browse from it most days if i'm not at home.
I'm surprised any browser supports BMP... Totally uncompressed images are extremely stupid, there is no reason to use such a format today and in the past when connections were slower there was even less reason. BMP as a format really had no reason to exist at all, there are several lossless image formats (ILBM, PCX, TIFF etc) which predate it while offering varying levels of rudimentary compression that make the files in all cases smaller than BMP.
Not if they simply bundled third party applications, like Ubuntu does... Or used a package management system that made it trivial to install a choice of such applications.
I have an HP all-in-one from a few years ago, and my experiences with it are thus:
windows 2000/xp - plug in printer, detects it but doesnt know what to do with it... have to install the drivers from hp windows vista/7 - plug in printer, detects it but cant find drivers for it, the drivers for xp wont install macosx 10.4 ppc - plug in printer, detects it but doesnt know what to do with it... have to install the drivers from hp macos 10.5/10.6 intel - plug in printer, detects it and uses it as a printer, cannot drive the scanner component, drivers from hp don't install linux ubuntu 8.04 - 9.10 - plug in printer, printing and scanning works immediately
How do you update that additional software on windows? Most people fall flat when doing this, which is why so many people these days are getting owned through adobe acrobat or flash...
Installing additional software requires you to manually locate the installer, get it onto the machine, execute it and answer a bunch of inane questions by just accepting the defaults, or you might have to input a string of characters for no good reason. On ubuntu you just select what you want from a list and let it install, and it will then be kept up to date automatically with everything else.
I run several ubuntu systems, and all of them are hands off, even the one i updated to the beta version of 10.04, and i've not been forced to touch a compiler or the commandline on any of them...
The problem is that users don't know linux exists, don't know the advantages it offers and there is very little in the way of advertising out there to tell them.
Your mother doesn't want to worry about updating her system and each individual application she has installed... She doesn't want to have to manually download and install apps, having a single place to acquire and update apps is great - people love the iphone.
If you want a machine pre setup, there's no reason one couldn't be preconfigured with a linux install capable of doing everything most people would want, while still offering significant advantages over windows and costing a lot less.
Re:your first sentence is technically flawed
on
Ubuntu on a Dime
·
· Score: 1
I worked at places where defective hard drives (ie ones that were dying, starting to show bad sectors or even totally dead) were retained in a pile with good drives... Someone built a production server using a dying disk, and had to rebuild a month later.
Re:your first sentence is technically flawed
on
Ubuntu on a Dime
·
· Score: 1
Well, if your business is supporting people to whom you sell hardware... Having them unsure if $randomhardwaredevice will work with linux just means they will come to you rather than just going out and buying it, you can ensure that you have stock of devices which are tested and found to be compatible with linux.
Re:your first sentence is technically flawed
on
Ubuntu on a Dime
·
· Score: 1
If you want old hardware running old software, you can get a mac for a similar price with an old version of OSX... Or you can get a highend risc workstation complete with whatever os it had for a similar price...
With Linux you can assemble a fully working machine of current which is still under the original 1 year warranty for less than you can a windows machine, and the differences are more obvious when buying cheaper hardware.
Re:your first sentence is technically flawed
on
Ubuntu on a Dime
·
· Score: 1
Well, the other cheap processor of the time was the Motorola 68k series, which can indeed run unix (although it typically required an external MMU to do so)... Workstations from Sun, SGI and some others used to run on these processors.
Windows group policy is very easy to circumvent... Consider that most kids know a lot more than their parents about this kind of thing, and if they don't yet they will soon learn if they need to.
If you have physical access to the machine, elevating your privilege level is pretty trivial... If you don't have admin on a windows machine, some games won't play properly...
Create 2 networks - one that doesn't extend outside of a locked rack, and one that goes around the house... The former is the only one with direct internet access and accessing it from the latter requires using a vpn client...
Well, most importantly you can simply use the hash without needing to crack it... Google for pass the hash.
Even if your password is long and stored as NTLM, it will still get cracked quicker than the same password stored using other algorithms typically employed by unix systems... Rainbow tables are not viable for unix passwords at all.
I switched from a blackberry to an iphone, the blackberry didn't have flash either (do the current models?) but the iphone had a browser that was orders of magnitude better... I missed cut+paste for a while but i generally found the rest of the phones features much better, and i use it far more heavily than i did any previous phones i had.
On a desktop i generally browse with flashblock, and have found that the vast majority of flash content i encounter is just ads including the extremely annoying ones that include sound (having to hunt through 50 tabs looking for the one that just rotated to a noisy ad is EXTREMELY annoying). The few times i've ever allowed flash content, were primarily to play video but the iphone already has a dedicated app for youtube at least.
I also consider flash quite dangerous, there is finally some competition in the browser market now but there is still only one flash plugin, creating a dangerous monoculture for the blackhats to exploit.
Amiga INC were planning on moving into cellphones a few years ago, not much ever happened with this...
Graphical remote desktop support? Wasn't X11 doing that long before?
Apple don't really innovate, they take existing ideas and implement and market them well...
Your 5 year old laptop probably ran software designed for use with a mouse and keyboard, and which wasn't terribly usable with the touchscreen. It was also probably quite thick, heavy and noisy compared to an ipad...
The apple app store is basically a copy of the package management system in linux too...
The "marketplace" is nothing new, linux has had something similar for years it's just that apple dressed it up to look pretty and marketed it well..
The wepad is bigger and heavier than the ipad while having inferior battery life, and seems to have vents at the top suggesting it gets quite hot. I would rather have an open arm based tablet, ipad like hardware and open software...
On the subject of software, for anything like this to succeed it needs to have a slick interface, all the previous tablets i've used had really lousy interfaces, typically just desktop interfaces that don't work well on a tablet.
Single sign on is a massive compromise...
It's convenient for the users, and enables them to have a single password for everything...
It's also convenient for hackers, and enables them to have a single password for everything...
Whatever central system you use for managing the passwords becomes a HUGE target for anyone wanting to attack your network.
Depending what you use, it may be possible to compromise the server from a single workstation system too... This is especially true for windows based networks, or to a lesser degree unix based networks that run NIS. I haven't encountered enough networks based on other systems to be able to judge. Most organizations implement such systems without taking adequate care and end up making it possible to compromise machines which would otherwise have been secure.
And if you can work out the schema (easy enough once you get access to password histories), you can calculate future passwords and be sure of future access.
I found a network where the users default passwords were their date of birth, somewhat mangled, eg:
!27^March_1980!
On its own, such a password would be relatively hard to brute force... But once you found out the formula, it was trivial to create a script that fed every possibly birthdate since 1900 into a cracker.
If someone cracks your old password, they could potentially work out your modifier process and calculate your current password. Especially if password histories are saved, such that you can see several revisions at a glance.
Any well implemented password strength checking algorithm will reject a change of password which is based on the old one with a few characters appended - cracklib (installed by default on most linux distros) for example will reject that.
Also consider how the passwords are stored...
If they're salted SHA512 hashes, than a reasonably complex non dictionary password will be virtually impossible to brute force...
If they're stored using the encryption schemes present in windows, then it doesn't matter how complex your password is - it can still be easily cracked (trivially if lanman is enabled), or you can simply use the hash without cracking it.
Depending on how its implemented... If it's using the default options built in to active directory for instance, then the password policy only really pays lip service to security while still being extremely weak...
You might be required to use mixed case letters and numbers, and change your password every month or so... But it still doesn't stop you having weak passwords, for instance "Password1" is perfectly valid under every implementation i've seen, and when it forces you to change your password "Password2" works just fine. Eventually it forgets your old passwords so you can simply wrap back round to Password1.
It also only remembers a fixed number of passwords, not any password for a particular length of time... Which means you now need such nasty kludges as setting a minimum password age to avoid people wrapping the password round quickly.
If forced to change your password, just increment a number at the end...
But you are right, forcing someone to change a password regularly forces them to remember new passwords regularly, choose a poor change policy (like the incrementing numbers), or write their passwords down.
Opera may be more widely installed and available for more devices, but how many people actually make significant use of it?
Based on what i've seen, people who have iphones do a LOT more web browsing from their phone than users of other types of phone. When i had a blackberry i very rarely used it for browsing, in contrast to having an iphone now when i browse from it most days if i'm not at home.
I'm surprised any browser supports BMP... Totally uncompressed images are extremely stupid, there is no reason to use such a format today and in the past when connections were slower there was even less reason. BMP as a format really had no reason to exist at all, there are several lossless image formats (ILBM, PCX, TIFF etc) which predate it while offering varying levels of rudimentary compression that make the files in all cases smaller than BMP.
Not if they simply bundled third party applications, like Ubuntu does...
Or used a package management system that made it trivial to install a choice of such applications.
I have an HP all-in-one from a few years ago, and my experiences with it are thus:
windows 2000/xp - plug in printer, detects it but doesnt know what to do with it... have to install the drivers from hp
windows vista/7 - plug in printer, detects it but cant find drivers for it, the drivers for xp wont install
macosx 10.4 ppc - plug in printer, detects it but doesnt know what to do with it... have to install the drivers from hp
macos 10.5/10.6 intel - plug in printer, detects it and uses it as a printer, cannot drive the scanner component, drivers from hp don't install
linux ubuntu 8.04 - 9.10 - plug in printer, printing and scanning works immediately
How do you update that additional software on windows? Most people fall flat when doing this, which is why so many people these days are getting owned through adobe acrobat or flash...
Installing additional software requires you to manually locate the installer, get it onto the machine, execute it and answer a bunch of inane questions by just accepting the defaults, or you might have to input a string of characters for no good reason.
On ubuntu you just select what you want from a list and let it install, and it will then be kept up to date automatically with everything else.
I run several ubuntu systems, and all of them are hands off, even the one i updated to the beta version of 10.04, and i've not been forced to touch a compiler or the commandline on any of them...
The problem is that users don't know linux exists, don't know the advantages it offers and there is very little in the way of advertising out there to tell them.
Your mother doesn't want to worry about updating her system and each individual application she has installed...
She doesn't want to have to manually download and install apps, having a single place to acquire and update apps is great - people love the iphone.
If you want a machine pre setup, there's no reason one couldn't be preconfigured with a linux install capable of doing everything most people would want, while still offering significant advantages over windows and costing a lot less.
I worked at places where defective hard drives (ie ones that were dying, starting to show bad sectors or even totally dead) were retained in a pile with good drives...
Someone built a production server using a dying disk, and had to rebuild a month later.
Well, if your business is supporting people to whom you sell hardware...
Having them unsure if $randomhardwaredevice will work with linux just means they will come to you rather than just going out and buying it, you can ensure that you have stock of devices which are tested and found to be compatible with linux.
If you want old hardware running old software, you can get a mac for a similar price with an old version of OSX... Or you can get a highend risc workstation complete with whatever os it had for a similar price...
With Linux you can assemble a fully working machine of current which is still under the original 1 year warranty for less than you can a windows machine, and the differences are more obvious when buying cheaper hardware.
Well, the other cheap processor of the time was the Motorola 68k series, which can indeed run unix (although it typically required an external MMU to do so)... Workstations from Sun, SGI and some others used to run on these processors.
Windows group policy is very easy to circumvent... Consider that most kids know a lot more than their parents about this kind of thing, and if they don't yet they will soon learn if they need to.
If you have physical access to the machine, elevating your privilege level is pretty trivial... If you don't have admin on a windows machine, some games won't play properly...
Create 2 networks - one that doesn't extend outside of a locked rack, and one that goes around the house... The former is the only one with direct internet access and accessing it from the latter requires using a vpn client...