Do you think patching your OS is for weenies?
Do you start anything sent to you from anywhere?
Do you forgo all common sense when you log into the web?
For a period, Outlook and/or Outlook Express would automatically launch content. Malware can spread to networked machines where files are shared or services are vulnerable. Browser hijackers take effect before people realise. As dissed here often, user applications running with full admin privilege is a major issue. Phishing works because people can't tell it's not real - and the only reason they'd be suspicious is because they've heard of such scams and know people have been caught in the past.
That said, there used to be some very effective antivirus software that didn't require daily signature updates, until a/v vendors realised there was more money to be made from subscriptions.
Re:Why not lock, instead of unlock?
on
Just Let Me Play!
·
· Score: 1
..so use some careful design and make it a more interesting trade-off. Perhaps larger weapons make you slower, or less agile, or consume more energy while carrying them. Then have late-game areas that are more demanding on your speed / agility / energy..
Except that'll never work. To educate people about a threat, and expect them to listen and remember, they need to see the threat regularly enough. Suppose you educated everyone today, and spam was ignored/deleted whenever it was seen. Some spammers would quit (for now). People would stop seeing so much junk, and forget about it. New users would either not be educated, or would not see the point. After a while some become complacent, and people stop worrying. Then the spammers resume operation and find some people who have forgotten, who never learned the lesson, or who are just plain thick.
To keep educating people, you need the threat to remain visible, and there will always be newbies and stupid people to remain vulnerable. People need a licence to drive a car, and even then there are accidents caused by stupidity and/or ignorance. People don't need a licence to use email.
Software adjustments can be made, but with so many million domains run by so many admins, there's no-one who CAN keep tabs on abusers and do much about them. Back when the internet was mostly.edu.gov and.mil, each sysadmin would be responsible for his local users and abuse could be dealt with. Nowdays the worst an ISP does is close down an account that can quickly be replaced by another one for $25 or so. The telephone comparison is interesting, as there are far fewer telephone carriers than email hosts. Phones are still subject to cold-callers, but where there are laws and do-not-call lists at least abusers can be traced.
Some have come to hate DNS Blacklist operators because it's often hard to get removed from a list, but if we really want secure email it will require a smallish network of trusted authorities with the power and willingness to investigate abuse and punish or restrict their clients. They also need to know that THEY will become untrusted if they don't. Obtaining addresses and domains is too quick and too easy for DNS to be the key. A certificate hierarchy can be superimposed and could be effective, but only if abuse is detectable, traceable, and known to be punished.
That is very different to what the Internet is today, but is not so different from where it started. Ever wonder why DNS is a hierarchy? Do you think the way everyone assumes.com = "on the internet" reflects a shift in the way DNS is managed?
Perhaps the inverse of Striesand effect would apply here. If they did succeed in blocking others from using the term, then there wouldn't be any buzz, and people could just forget about it.
However, if the trend continues, I think you need to revise your numbering strategy. Popular sequences include numbers like: 2, 3, 5, 8 (got to keep up with the competition), 97, 2000, millenium, experience, 2003, enterprise, premium, 11.5, somecodenamethatspointlessbecauseyoutelleveryonewh atitis,...
For most people, particularly most of those unable to discern what is safe and sensible, have a computer with no way to persistently store executable/scriptable content. Most people use very few apps, and change or upgrade their apps very rarely. Back in the olden days, software came on cartridges, or even CDs. Now USB dongles are cheap and portable, as are USB hubs. So, distribute software on hard media, and don't run it from anywhere else.
It's not for everyone, but it's viable, and would save a lot of confusion and risk.
.. and it's (relatively) easy to spend money on a "solution" as a once-off expense, but getting value requires someone to stay in the environment and work with it. How easy is it to justify employing someone with a good mix of background and intelligence (even if you can find them), to deliver, well, their job is to find out what they can deliver..
11 years ago I was using OS/2. In 6M RAM it'd do a gui, networking, applications, and multitask well. It ran a web browser, email client, word proc, spreadsheet, and development of desktop applications. Windows 95 needed 8M just for the gui + networking if you only run 1 application. Linux protagonists at the time were boasting they could run GUI + networking + good multitasking in 4M.
At the time, getting 16M into a machine was often impossible even if affordable.
Hm. Why is my mobile phone 10x more powerful than those desktops, yet even with a video connector it wouldn't be a desktop substitute.. something sucks about that.
It actually IS an hour longer here as far as/. is concerned. Your idea of "Saturday" started on Saturday, ends sometime Sunday morning, and we're just ending DST.
Well, yeah, but it's pretty sad. For the sake of argument, try to think of something other than computers, e.g. a car.
If someone else invents a way to improve a product, then let them protect it for a short time with patents and expect some time to make back their money.
If someone sells a kit to fix a known problem on old or existing product, fair enough. If the original manufacturer fixes the problem on all new models sold, the fixer-seller will soon be out of business, but can't really complain. If your job depends on people using old or defective technology, you won't win the argument to keep it. (otherwise most of us would still be farmers, using hand-made implements)
If the original manufacturer sells a fixer for old models, you could understand that, assuming they're out of warranty. It costs money to make and distribute stuff.
BUT If the manufacturer continues to sell a competing fixer for defects in new and current product, then it's clearly a cash-grab and a conflict of interest - they should be solving the problem in the base product!
It all depends whether you believe a computer should be intrinsically safe from viruses and worms etc , or whether exposure to such threats is a user choice (like 4WD-ing on a beach - you should get extra rust protection first) Microsoft clearly assume their product is going almost entirely to internet users, so it should be suited to the environment, or at least the "required" add-ons be either included in the base price or explicitly listed at the point of sale.
.. and have you noticed how easy it is to legally have and use MSDE, which is SQL Server with a size limit and without the GUI? That has to be a significant funnel of customers for MS, and a real nuisance for their commercial competitors.
I thought they made some change in their compiler/s and libraries last year to preclude buffer overflows, and were working through the code base one module at a time to make it compliant. Haven't heard anything for a while though. Does anyone know more about this?
Slashdot renders fine. The site carrying the article, linked from/., has advertising. It's a regular in-place ad that the text should arrange around, but it didn't.
OSC wrote the novelisation of The Abyss (movie) during its production (not before, not after). Everyone working on the movie liked what he did, but the movie came out making no sense at all if you hadn't read the book.
This is a different scenario, but I don't like its chances.
Slashdot Mirror
Your 3 questions aren't enough:
Do you think patching your OS is for weenies?
Do you start anything sent to you from anywhere?
Do you forgo all common sense when you log into the web?
For a period, Outlook and/or Outlook Express would automatically launch content. Malware can spread to networked machines where files are shared or services are vulnerable. Browser hijackers take effect before people realise.
As dissed here often, user applications running with full admin privilege is a major issue.
Phishing works because people can't tell it's not real - and the only reason they'd be suspicious is because they've heard of such scams and know people have been caught in the past.
That said, there used to be some very effective antivirus software that didn't require daily signature updates, until a/v vendors realised there was more money to be made from subscriptions.
..so use some careful design and make it a more interesting trade-off.
Perhaps larger weapons make you slower, or less agile, or consume more energy while carrying them. Then have late-game areas that are more demanding on your speed / agility / energy..
Except that'll never work. To educate people about a threat, and expect them to listen and remember, they need to see the threat regularly enough. Suppose you educated everyone today, and spam was ignored/deleted whenever it was seen. Some spammers would quit (for now). People would stop seeing so much junk, and forget about it. New users would either not be educated, or would not see the point. After a while some become complacent, and people stop worrying. Then the spammers resume operation and find some people who have forgotten, who never learned the lesson, or who are just plain thick.
To keep educating people, you need the threat to remain visible, and there will always be newbies and stupid people to remain vulnerable.
People need a licence to drive a car, and even then there are accidents caused by stupidity and/or ignorance. People don't need a licence to use email.
Software adjustments can be made, but with so many million domains run by so many admins, there's no-one who CAN keep tabs on abusers and do much about them. Back when the internet was mostly .edu .gov and .mil, each sysadmin would be responsible for his local users and abuse could be dealt with. Nowdays the worst an ISP does is close down an account that can quickly be replaced by another one for $25 or so.
.com = "on the internet" reflects a shift in the way DNS is managed?
The telephone comparison is interesting, as there are far fewer telephone carriers than email hosts. Phones are still subject to cold-callers, but where there are laws and do-not-call lists at least abusers can be traced.
Some have come to hate DNS Blacklist operators because it's often hard to get removed from a list, but if we really want secure email it will require a smallish network of trusted authorities with the power and willingness to investigate abuse and punish or restrict their clients. They also need to know that THEY will become untrusted if they don't.
Obtaining addresses and domains is too quick and too easy for DNS to be the key.
A certificate hierarchy can be superimposed and could be effective, but only if abuse is detectable, traceable, and known to be punished.
That is very different to what the Internet is today, but is not so different from where it started. Ever wonder why DNS is a hierarchy? Do you think the way everyone assumes
I'd have to point out most Aussies recognise VB as Victorian Bitter, ie beer. Is that a problem?
Perhaps the inverse of Striesand effect would apply here. If they did succeed in blocking others from using the term, then there wouldn't be any buzz, and people could just forget about it.
h atitis, ...
However, if the trend continues, I think you need to revise your numbering strategy. Popular sequences include numbers like:
2, 3, 5, 8 (got to keep up with the competition), 97, 2000, millenium, experience, 2003, enterprise, premium, 11.5, somecodenamethatspointlessbecauseyoutelleveryonew
For most people, particularly most of those unable to discern what is safe and sensible, have a computer with no way to persistently store executable/scriptable content.
Most people use very few apps, and change or upgrade their apps very rarely. Back in the olden days, software came on cartridges, or even CDs. Now USB dongles are cheap and portable, as are USB hubs. So, distribute software on hard media, and don't run it from anywhere else.
It's not for everyone, but it's viable, and would save a lot of confusion and risk.
only if it's 97% fat-free
What could be more appropriate ?!
.. and it's (relatively) easy to spend money on a "solution" as a once-off expense, but getting value requires someone to stay in the environment and work with it. How easy is it to justify employing someone with a good mix of background and intelligence (even if you can find them), to deliver, well, their job is to find out what they can deliver..
11 years ago I was using OS/2. In 6M RAM it'd do a gui, networking, applications, and multitask well. It ran a web browser, email client, word proc, spreadsheet, and development of desktop applications. Windows 95 needed 8M just for the gui + networking if you only run 1 application.
Linux protagonists at the time were boasting they could run GUI + networking + good multitasking in 4M.
At the time, getting 16M into a machine was often impossible even if affordable.
Hm. Why is my mobile phone 10x more powerful than those desktops, yet even with a video connector it wouldn't be a desktop substitute.. something sucks about that.
It actually IS an hour longer here as far as /. is concerned. Your idea of "Saturday" started on Saturday, ends sometime Sunday morning, and we're just ending DST.
"Time is an illusion; lunchtime doubly so"
Well, yeah, but it's pretty sad. For the sake of argument, try to think of something other than computers, e.g. a car.
If someone else invents a way to improve a product, then let them protect it for a short time with patents and expect some time to make back their money.
If someone sells a kit to fix a known problem on old or existing product, fair enough.
If the original manufacturer fixes the problem on all new models sold, the fixer-seller will soon be out of business, but can't really complain. If your job depends on people using old or defective technology, you won't win the argument to keep it. (otherwise most of us would still be farmers, using hand-made implements)
If the original manufacturer sells a fixer for old models, you could understand that, assuming they're out of warranty. It costs money to make and distribute stuff.
BUT
If the manufacturer continues to sell a competing fixer for defects in new and current product, then it's clearly a cash-grab and a conflict of interest - they should be solving the problem in the base product!
It all depends whether you believe a computer should be intrinsically safe from viruses and worms etc , or whether exposure to such threats is a user choice (like 4WD-ing on a beach - you should get extra rust protection first)
Microsoft clearly assume their product is going almost entirely to internet users, so it should be suited to the environment, or at least the "required" add-ons be either included in the base price or explicitly listed at the point of sale.
nah, BOG pollution.
or perhaps >blog is the appropriate sound effect for generating a big lump of pigeon pollution?
.. and have you noticed how easy it is to legally have and use MSDE, which is SQL Server with a size limit and without the GUI? That has to be a significant funnel of customers for MS, and a real nuisance for their commercial competitors.
... unless the world ends before he dies ...
[duck]
when he could say "broohroohroohoo! my assets are frozen!"
Compared to USA and EU, Aussies also have less iSeries (AS/400) and less DB2.
The "critical mass" thing probably factoring into all these areas..
.. catching a virus :-)
I thought they made some change in their compiler/s and libraries last year to preclude buffer overflows, and were working through the code base one module at a time to make it compliant. Haven't heard anything for a while though. Does anyone know more about this?
Slashdot renders fine. The site carrying the article, linked from /., has advertising. It's a regular in-place ad that the text should arrange around, but it didn't.
I viewed the article using Opera, and the text ran over the advertisement on right-hand-side.
OSC wrote the novelisation of The Abyss (movie) during its production (not before, not after). Everyone working on the movie liked what he did, but the movie came out making no sense at all if you hadn't read the book.
This is a different scenario, but I don't like its chances.
Of course it is - Beagle2 got pixellated on the way down. But who did it, and why?