"If any instructor comes to our department and expresses the need and justification for their students to visit some site that we feel was questionable and already blocked by whatever means, we will TEMPORARILY remove the block.. This would allow the students/class to complete the assignment. After that the block would be reinstated. This is no way interferes with education. Not a bit."
Except for the ~90% of people who wont come ask, because: 1. They're too embarrased, even if it is perfectly legitimate, 2. They dont have the time to go fight with the sysadmin and justify their use (not to mention why is a staff position requiring faculty to justify their use of school resources), 3. They dont know who you are and that they can ask you to unblock it.
I would guess that the vast, vast majority of people who have a legitimate need get blocked you never even hear from.
"I said I would love to have some packet shaping/monitoring software so that the filtering/blocking would not be necessary.. Funds prevent that, I'm sorry. Printing my own money to purchase it is against the law."
I think you'll find that the cost of putting in a traffic shaping infrastructure pales in comparison to the rising cost of your commodity internet connections, which will likely need to get bigger every year, even with just 'justified' connectivity.
Plus there's the question of whether your attempts to block what you consider inappropriate sites has any actual effect on legitimate bandwidth management. It is possible (I'd say likely) that the set of traffic you block is very disjoing with the set of traffic which interferes with 'legitimate' traffic. Assuming you can even define what is legitimate reasonably.
Wow, that is one of the most surreal things I've read recently.
Why is a sysadmin playing moral cop on content? Isnt that a little bit outside of your job description?
If the goal is to truly manage bandwidth to non-critical content, then why not just manage bandwidth to non-critical content (ie, traffic shaping)?
Blocking what the sysadmin considers inappropriate content may not even help you reach your goal, not to mention the question of why a sysadmin is making moral judgements as to what's appropriate. Wouldnt that be more in line with a Faculty, or a Dean of Students or similar? Just really strikes me as the tail wagging the dog.
Traffic shaping is what every University I've been involved with does (not that the number is a huge number, but its very consistent).
There are much, much better ways to control bandwidth usage and maintain quality of service to critical content (which is a reasonable goal), without destroying all notion of academic freedom. Just throttle back the offending traffic when there's contention.
Lastly, as word gets out that you do this sort of thing, students will tend to not want to come to your school. Quality of IT infrastructure (wireless coverage, ethernet in the dorms, speed of connection to commodity internet, i2 connectivity, etc) is a big deciding factor for academically oriented students.
I'm not privy to your business plan, being a private university (all of my experience is with large public), but I think this sort of thing may do you more harm than good.
I get a kick out of people who think that anyone that doesnt share their personal work-style or aesthetic is 'wrong' or 'stupid'. It's a personal work style, not an absolute. I realize you're not saying that, but I've definitely run into people who do, and your note triggered the memory.
One other thing I've noticed is that keyboard-focused people (those who rarely use the mouse) tend to like things maximized, whereas mouse-focused people tend to like to arrange all their windows in an abstract tile pattern.
Myself, if I have to grab the mouse and spend a few minutes fiddling with window sizes to get everything laid out right, then its too much of a pain to be worthwhile.
ALT+TAB is so fast, subconscious that I cant see why anyone would ever use the mouse to change windows. ALT+TAB requires zero hand-movement, and can be done without taking your eyes off the screen, and in significantly less than a second.
This is basically saying that if you disable the DRM you wont be able to use the DRM.
'protected high-definition multimedia content' is a form of DRM. It's things like PAP (Protected Audio Path) and the video equivalent, where the entire audio stream is encrypted from source to speaker.
This will in no way stop you from using regular media or playing high-def content, assuming your hardware can do it.
Never had it crash? Thats pretty impressive, and quite unusual in my experience.
Last time I tried Thunderbird (a year ago or so), these are the things I could do to cause it to consistently lock up, where I had to kill it with task manager.
1. Come out of standby. 2. Come out of hibernate. 3. Change from wired to wireless. 4. Change from wireless to wired. 5. Active my VPN. 6. Drop by VPN. 7. Let it run for more than ~12 hours.
Basically it seemed that it is designed to be completely unable to change networks while live. If you change networks while its running, it gets confused.
Now grant you, it did encryption _fabulously_. But it was quite poor at actually running without failing.
Well, it might be, but it might not. There's alot of assumptions there.
IF a school has signed the subscription agreement with MS, and pays a per-FTE fee:
IF a school chooses to pay for this subscription with a per-student tuition (or more likely, fee) increase:
THEN your statement is correct
Some schools may find their net cost for MS software goes down with the subscription (versus every department doing their own contracts with MS or some reseller... you'd be surprised how common that is in large, decentralized universities).
Some schools may find that their net cost for MS doesnt really go up or down for each additional student FTE. It's been a while since I looked at these agreements, but from what I remember you pay per STAFF FTE, and for some additional sum get all of your students, or something. But I could be mis-remembering it. I do remember the student part of it being very cheap, and a very low or zero marginal cost once you're paying for your staff. But that may be specific to a large university in the US, or at that time, or something else. I just dont remember the specifics.
I'm sure someone who was generally interested can search the MS website and find the formula.
Also, unfortunately, for those schools that DO choose to pass it on, it probably wont be an increase in tuition. It'll probably be a new fee, or a larger 'Student Technology Fee' or something similar. At least in the US, this is worse than an increased tuition, as most waivers and scholarships only cover tuition, and not fees. Many schools do this for their Gym/RecCenter fees.
What he didnt tell you is that you can setup the exact same infrastructure on a Windows system with a smart-card and a windows forest/domain. And there are a number of different ways you can approach this, from diskless workstations, to lightweight workstations that cache and process locally (but cant work off the network), to laptops that use all server-based resources when on the network but use cached resources when off the network.
And its not any random workstation for the sun solution anyway. You have to set it up to be part of your organization, which knows how to process your card and where to go to get your server information.
Dont get me wrong, I like Sun's approach in certain situations (engineering labs at uni, for example, is a place where this excels). But its hardly unique or something special to sun.
This is absolutely not true, at least not in the general case. Some schools may choose to do this, but thats their bad choice.
Higher Ed institutions have several options for licensing windows/office/etc. Only one of them is the subscription-based option where the school pays yearly per student FTE.
If a school participates in the subscription, then they are paying a yearly dollar amount per student head, and then will probably charge you a media+processing fee. But there is no requirement to either participate in the subscription, or if they do to pass it on to their students in their tuition.
For an example, my alum has these prices, with no yearly payment or per-student-fte cost:
XP Pro - $100 Office 2003 Student & Teacher Version - $150 Office 2003 Pro - $200
Interestingly, here is the prices for departments (ie, staff & faculty):
MS Office 2003 Pro - $56 Windows XP Pro (at-home-rights-for-staff) - $10 Windows XP Pro Upgrade - $54 Windows 2003 R2 Server Standard - $93 Windows 2003 R2 Server Enterprise - $350
"Out of curiosity, how does windows handle a 133dpi screen? are the fonts too small to be readable?"
You can adjust the DPI for Windows in the Display Settings. As long as the fonts you're using are TrueType fonts and not bitmaps, then you are generally okay.
The problem comes with a number of 3rd party apps who make assumptions about the dpi setting on a machine. So you'll sometimes get a modal dialog box whose text is pushed off-screen (on the window), or whose button is partially off-screen.
IE and most windows apps deal with it just fine though.
Fortunately, for an app developer, its much easier to deal with arbitrary dpi settings when working with Windows Forms apps on.NET.
That may be your definition of RC, but cyberthing has it right wrt MS software.
RC for MS software has a very specific and exact meaning. If you're an ISV, its what you really start cranking on to make sure your software will work properly, and the APIs and general functionality will stay the same.
You dont have the same guarantee with a Beta.... there could be drastic changes to the underlying mechanisms and APIs.
So while the way you personally define the phrase 'Release Candidate' may mean 'ready to ship unless we find showstopper bugs' thats not what it means with MS products. And since its their product and their process, in this specific context, they get to define the lingo.
All meanings are contextual and relative. Remember Lewis Carroll's thoughts on the subject (speaking through Humpty Dumpty):
Thats not really how it works. Rather than downloading the full app every time, it'd be one of two things:
1. The app runs completely in the browser, or some browser plug-in like Flash, and there's either no download, or its so small as to be negligible.
2. You only download the software once, and then patches as necessary. Each time you run the app, the first thing it does is to call home and says, 'Hey home-base, I'm running version 2.3.1, what version do you have available?' If the server replies with greater than 2.3.1, then the app downloads and applies the new version (or maybe asks the user if its okay to do thsi now).
There may be other good hybrid models out there, but those two capture the primary cases.
What 'glazed over security problems' did you see? We've been using Sharepoint for quite a while now (internally, since we do security/authorization based on domain accounts), and have never found any security holes.
Doesnt mean there arent any.... but I've yet to see any known holes being 'glazed over'.
"but a brand new pretty high end dell laptop for business purposes will run under 900 and that WILL include vista. That IS using core2 duo...anything extra is just smoke and fluff."
Not that I agree with the insanity of TFA... but your pricing isnt really right.
I just recently ordered some developer laptops, and they run ~$2500 _without_ a bag or docking station (since we already have those).
Dell Latitude D820 Core 2 Duo T7400 (2.16 GHz) 15.4" WUXGA (1920 x 1200) screen 2 GB memory (2x1GB DDR2-667 DIMMS) Nvidia Quadro 256MB card (only one they offer, other than integrated) 80GB 7200RPM harddrive DVDRW/CDRW modular bay drive Intel a/b/g wifi card 9cell battery 6cell modular bay battery
And these arent even the workstation-class laptops, though they are more expensive than the crappy consumer equipment.
This is with WinXP, so I dont know how much the premium will be for Vista Enterprise. But Office 2003 Pro runs us $100 per seat, so that doesnt add too much.
BackupExec (forget who owns it now, its been gobbled up so many times) does alot of what you're talking about with no problems. I'm not sure if it still acts dumb and treats a backup-to-disk like a tape when doing restores, but for the rest it does what you're talking about.
You can create backup devices that are tapes or disks. You can re-create lost catalogs from the actual tapes. Since its catalogs are stored in MSDE/SQLServer Express, you just backup that SQL Server database like you would any others, and have the backup sweep it. And since SQLServer backups are hot, it can happen during running backups.
BackupExec isnt free, but you can get their new Quickstart version (single server) for like $50. We've started using this on all the SMB Dell servers we consult on, as BackupExec is a fantastic product, and you cant beat the price for single-server small office environments of the quickstart version. And if you need a bigger version because you have more servers, you can just pay for it.
The ability to modify kernel tables was, for all intents and purposes, a security bug. The only reason MS left it there as long as they did was for backwards compatibility. This was essentially MS being a nice guy, although it was arguably a short-term-good, but a long-term-bad.
But MS is in no way obligated to replicate their old bugs in future versions of their products, just because some third-party vendors have found a way to use those bugs/holes to make money. You may as well have malware authors suing microsoft for patching vulnerabilities.
Also, make sure you're not confusing the way the term 'patching' is being used here. It doesnt mean the ability to patch a kernel file, or apply file-based patches to the system. It means the ability to 'patch' (or modify) kernel data structures present in memory, in run-time, without going through any APIs.
This is clearly and unambiguously a 'Very Bad Thing' from a software engineering perspective. It violates all sorts of tenets of abstraction and encapsulation.
Read the blog on msdn, do some googling. You'll see pretty quickly that allowing this to happen is 'A Bad Idea' for consumers, as it just leaves the front door open to the bad guys. There are still work-arounds to this that some have discovered, and MS will shore those up over the next year or so as they are discovered.
Also, I think you're making a leap with your statement about what Antitrust law requires them to do. There is no (AFAIK) specific wording to this effect in the original case in the US, and I'm not aware of any similar provision in the EU's case. So they are certainly not, at the moment, required to do this. It is conceivable that some court/lawyer/politician in the future may create such a ruling/legislation, but thats hard to predict.
"It's important to note that Kernel Patch Protection applies uniformly to Microsoft products as well as third party products. No code is allowed to modify the kernel using unsupported patching techniques. Security products developed by Microsoft only have access to the same supported interfaces that any other vendor would use."
MS didnt lock anyone out of the interfaces, they simply closed an UNSUPPORTED interface. There is a well-published, fully functional API for companies like these to do what they need to do.
The core issue here is kernel hooking, and modifying kernel tables in memory. This is something that is very explicitly not supported in every windows internals spec and api. Nortons and others were using unsupported APIs that MS has been warning about not using for years.
Now MS did the right thing and finally closed up those holes. You can no longer modify kernel tables in memory by directly manipulating the data in memory. You can no longer insert your own arbitrary code into function calls by manipulating the in-memory tables.
This is 'A Good Thing', and something MS warned about not doing for quite a long time.
This is purely companies like Symantec getting burned for BAD CODING PRACTICES. They did things they were explicitly told not to do, because what they were doing was unsupported, and could change at any time.
Now it changed. And they're whining.
Yet other (more competent) AV companies have no problems with this, because they're using the officially supported APIs.
And if you want more, just google on "kernel patch protection".
The bottom line is that this is something MS should have done 5 years ago, and its the right thing to do. Symantec just needs to hire some quality developers who know how to read an API spec.
There are certain industries or business types that need this, however, and his (and mine) are of this type.
Take an IT services & consulting company, particularly one that specializes in small businesses.
You build out everything from domains, to webservices, to firewalls, to wifi, to email hosting, and beyond.
Just take the wifi situation, for example (though it generalizes to most of the other cases). You've built the wifi, and you have the admin password to the wap, and documentation about how it is configured. You have this documentation because you only are there once or twice a year, so wont remember, but you need the access information when you do go.
The business owner, given that this is a small business with no IT shop, doesnt have a clue, and doesnt need or want to know the password to the wap (though you give him a sheet with it anyway).
So when you go there to deal with wifi issues, or anything and just need to get on the wap, you need the login.
The same applies to their DC or SBS server. You dont want their domain connected to yours, but you need to be able to get into it when you do need to service it.
And if they choose to retain us for continuous monitoring and management of their IT infrastructure, then we need to be able to VPN in to their office and access their equipment for service.
But the GP's situation is not unique. For example, how do you give just enough information to your contract employees (or other young, not fully vetted staff) to let them do the work, but not really put your client at risk?
We're looking at Smart Cards for this, as we deal with a nearly 100% MS homogenous client-base, but its not an easy problem to solve generally, while providing audited and progressive disclosure of sensitive information necessary for these people to do their jobs.
Some people just dont like to sit around in the dark while they're at home.
For myself, it makes me sleepy if the rooms are dark, and it just kills my energy levels. In other words, its depressing, a big downer. And I dont want to be depressed in my own house.
Ideally, it should be roughly the same brightness as standing outside during a bright, but overcast day. That is, in my opinion, the ideal color and brightness of the inside of the house.
I know plenty of people, however, who like their homes dark. I dont get it, but I dont make it a moral issue either. If they want to live like trolls in a cave, thats their business.:)
How about this wild and crazy idea... we each light our house to the level of color and brightness that we like. I know its whacky... but there you go.
When power fails where I live (Arizona), people die from the heat.
And have you ever tried going a couple days with your bedroom temperature in the 90's? For myself at least, it disrupts my sleep so much that it affects my quality of life quite severely.
In the places where it gets hot, AC is unavoidable.
Windows has a System Administration role, not just one account. It's a group (which in this case is synonymous with role) that you can assign whomever you would like into.
If you need to run multiple apps through an elevated account you have a couple options.
1. Launch a command prompt with runas, then everything launched from that command shell has the same privs.
2. Launch a new shell with runas, then everything launched from that command shell has the same privs. This can be done by doing runas explorer.exe with some configuration changes, or the much easier runas iexplore.exe.
3. Put all your point n' click admin apps into a consolidated MMC app, and run that with your elevated account using runas.
4. Log off and log in as your elevated account.
5. If you're on the server, term-serv (ie, remote desktop) into the same box with your elevated account.
Slashdot Mirror
"If any instructor comes to our department and expresses the need and justification for their students to visit some site that we feel was questionable and already blocked by whatever means, we will TEMPORARILY remove the block.. This would allow the students/class to complete the assignment. After that the block would be reinstated. This is no way interferes with education. Not a bit."
Except for the ~90% of people who wont come ask, because: 1. They're too embarrased, even if it is perfectly legitimate, 2. They dont have the time to go fight with the sysadmin and justify their use (not to mention why is a staff position requiring faculty to justify their use of school resources), 3. They dont know who you are and that they can ask you to unblock it.
I would guess that the vast, vast majority of people who have a legitimate need get blocked you never even hear from.
"I said I would love to have some packet shaping/monitoring software so that the filtering/blocking would not be necessary.. Funds prevent that, I'm sorry. Printing my own money to purchase it is against the law."
I think you'll find that the cost of putting in a traffic shaping infrastructure pales in comparison to the rising cost of your commodity internet connections, which will likely need to get bigger every year, even with just 'justified' connectivity.
Plus there's the question of whether your attempts to block what you consider inappropriate sites has any actual effect on legitimate bandwidth management. It is possible (I'd say likely) that the set of traffic you block is very disjoing with the set of traffic which interferes with 'legitimate' traffic. Assuming you can even define what is legitimate reasonably.
Wow, that is one of the most surreal things I've read recently.
Why is a sysadmin playing moral cop on content? Isnt that a little bit outside of your job description?
If the goal is to truly manage bandwidth to non-critical content, then why not just manage bandwidth to non-critical content (ie, traffic shaping)?
Blocking what the sysadmin considers inappropriate content may not even help you reach your goal, not to mention the question of why a sysadmin is making moral judgements as to what's appropriate. Wouldnt that be more in line with a Faculty, or a Dean of Students or similar? Just really strikes me as the tail wagging the dog.
Traffic shaping is what every University I've been involved with does (not that the number is a huge number, but its very consistent).
There are much, much better ways to control bandwidth usage and maintain quality of service to critical content (which is a reasonable goal), without destroying all notion of academic freedom. Just throttle back the offending traffic when there's contention.
Lastly, as word gets out that you do this sort of thing, students will tend to not want to come to your school. Quality of IT infrastructure (wireless coverage, ethernet in the dorms, speed of connection to commodity internet, i2 connectivity, etc) is a big deciding factor for academically oriented students.
I'm not privy to your business plan, being a private university (all of my experience is with large public), but I think this sort of thing may do you more harm than good.
I get a kick out of people who think that anyone that doesnt share their personal work-style or aesthetic is 'wrong' or 'stupid'. It's a personal work style, not an absolute. I realize you're not saying that, but I've definitely run into people who do, and your note triggered the memory.
One other thing I've noticed is that keyboard-focused people (those who rarely use the mouse) tend to like things maximized, whereas mouse-focused people tend to like to arrange all their windows in an abstract tile pattern.
Myself, if I have to grab the mouse and spend a few minutes fiddling with window sizes to get everything laid out right, then its too much of a pain to be worthwhile.
ALT+TAB is so fast, subconscious that I cant see why anyone would ever use the mouse to change windows. ALT+TAB requires zero hand-movement, and can be done without taking your eyes off the screen, and in significantly less than a second.
This is basically saying that if you disable the DRM you wont be able to use the DRM.
'protected high-definition multimedia content' is a form of DRM. It's things like PAP (Protected Audio Path) and the video equivalent, where the entire audio stream is encrypted from source to speaker.
This will in no way stop you from using regular media or playing high-def content, assuming your hardware can do it.
Never had it crash? Thats pretty impressive, and quite unusual in my experience.
Last time I tried Thunderbird (a year ago or so), these are the things I could do to cause it to consistently lock up, where I had to kill it with task manager.
1. Come out of standby.
2. Come out of hibernate.
3. Change from wired to wireless.
4. Change from wireless to wired.
5. Active my VPN.
6. Drop by VPN.
7. Let it run for more than ~12 hours.
Basically it seemed that it is designed to be completely unable to change networks while live. If you change networks while its running, it gets confused.
Now grant you, it did encryption _fabulously_. But it was quite poor at actually running without failing.
Well, it might be, but it might not. There's alot of assumptions there.
... you'd be surprised how common that is in large, decentralized universities).
IF a school has signed the subscription agreement with MS, and pays a per-FTE fee:
IF a school chooses to pay for this subscription with a per-student tuition (or more likely, fee) increase:
THEN your statement is correct
Some schools may find their net cost for MS software goes down with the subscription (versus every department doing their own contracts with MS or some reseller
Some schools may find that their net cost for MS doesnt really go up or down for each additional student FTE. It's been a while since I looked at these agreements, but from what I remember you pay per STAFF FTE, and for some additional sum get all of your students, or something. But I could be mis-remembering it. I do remember the student part of it being very cheap, and a very low or zero marginal cost once you're paying for your staff. But that may be specific to a large university in the US, or at that time, or something else. I just dont remember the specifics.
I'm sure someone who was generally interested can search the MS website and find the formula.
Also, unfortunately, for those schools that DO choose to pass it on, it probably wont be an increase in tuition. It'll probably be a new fee, or a larger 'Student Technology Fee' or something similar. At least in the US, this is worse than an increased tuition, as most waivers and scholarships only cover tuition, and not fees. Many schools do this for their Gym/RecCenter fees.
What he didnt tell you is that you can setup the exact same infrastructure on a Windows system with a smart-card and a windows forest/domain. And there are a number of different ways you can approach this, from diskless workstations, to lightweight workstations that cache and process locally (but cant work off the network), to laptops that use all server-based resources when on the network but use cached resources when off the network.
And its not any random workstation for the sun solution anyway. You have to set it up to be part of your organization, which knows how to process your card and where to go to get your server information.
Dont get me wrong, I like Sun's approach in certain situations (engineering labs at uni, for example, is a place where this excels). But its hardly unique or something special to sun.
This is absolutely not true, at least not in the general case. Some schools may choose to do this, but thats their bad choice.
Higher Ed institutions have several options for licensing windows/office/etc. Only one of them is the subscription-based option where the school pays yearly per student FTE.
If a school participates in the subscription, then they are paying a yearly dollar amount per student head, and then will probably charge you a media+processing fee. But there is no requirement to either participate in the subscription, or if they do to pass it on to their students in their tuition.
For an example, my alum has these prices, with no yearly payment or per-student-fte cost:
XP Pro - $100
Office 2003 Student & Teacher Version - $150
Office 2003 Pro - $200
Interestingly, here is the prices for departments (ie, staff & faculty):
MS Office 2003 Pro - $56
Windows XP Pro (at-home-rights-for-staff) - $10
Windows XP Pro Upgrade - $54
Windows 2003 R2 Server Standard - $93
Windows 2003 R2 Server Enterprise - $350
"Out of curiosity, how does windows handle a 133dpi screen? are the fonts too small to be readable?"
.NET.
You can adjust the DPI for Windows in the Display Settings. As long as the fonts you're using are TrueType fonts and not bitmaps, then you are generally okay.
The problem comes with a number of 3rd party apps who make assumptions about the dpi setting on a machine. So you'll sometimes get a modal dialog box whose text is pushed off-screen (on the window), or whose button is partially off-screen.
IE and most windows apps deal with it just fine though.
Fortunately, for an app developer, its much easier to deal with arbitrary dpi settings when working with Windows Forms apps on
"Guess you have 1GB or less of RAM, otherwise Win XP has problems hibernating reliably."
This is true but its also an easy fix.
http://support.microsoft.com/kb/909095
Though frankly I'm surprised they havent rolled this hotfix into the regular patch routine yet.
Its a very useful key:
Lock: Windows+L
Explorer: Windows+E
Minimize All: Windows+M
Plus you can use it to get to your start-menu items very quickly.
For example, on my setup (where my corp vpn starts with a U), I hit:
Windows, S, N, U
and that fires up my VPN in less than a second.
That may be your definition of RC, but cyberthing has it right wrt MS software.
.... there could be drastic changes to the underlying mechanisms and APIs.
RC for MS software has a very specific and exact meaning. If you're an ISV, its what you really start cranking on to make sure your software will work properly, and the APIs and general functionality will stay the same.
You dont have the same guarantee with a Beta
So while the way you personally define the phrase 'Release Candidate' may mean 'ready to ship unless we find showstopper bugs' thats not what it means with MS products. And since its their product and their process, in this specific context, they get to define the lingo.
All meanings are contextual and relative. Remember Lewis Carroll's thoughts on the subject (speaking through Humpty Dumpty):
http://en.wikipedia.org/wiki/Humpty_Dumptyism
'When I use a word,' Humpty Dumpty said, in rather a scornful tone, 'it means just what I choose it to meanneither more nor less.'
'The question is,' said Alice, 'whether you can make words mean so many different things.'
'The question is,' said Humpty Dumpty, 'which is to be masterthat's all.'
Thats not really how it works. Rather than downloading the full app every time, it'd be one of two things:
1. The app runs completely in the browser, or some browser plug-in like Flash, and there's either no download, or its so small as to be negligible.
2. You only download the software once, and then patches as necessary. Each time you run the app, the first thing it does is to call home and says, 'Hey home-base, I'm running version 2.3.1, what version do you have available?' If the server replies with greater than 2.3.1, then the app downloads and applies the new version (or maybe asks the user if its okay to do thsi now).
There may be other good hybrid models out there, but those two capture the primary cases.
What 'glazed over security problems' did you see? We've been using Sharepoint for quite a while now (internally, since we do security/authorization based on domain accounts), and have never found any security holes.
.... but I've yet to see any known holes being 'glazed over'.
Doesnt mean there arent any
"but a brand new pretty high end dell laptop for business purposes will run under 900 and that WILL include vista. That IS using core2 duo...anything extra is just smoke and fluff."
... but your pricing isnt really right.
Not that I agree with the insanity of TFA
I just recently ordered some developer laptops, and they run ~$2500 _without_ a bag or docking station (since we already have those).
Dell Latitude D820
Core 2 Duo T7400 (2.16 GHz)
15.4" WUXGA (1920 x 1200) screen
2 GB memory (2x1GB DDR2-667 DIMMS)
Nvidia Quadro 256MB card (only one they offer, other than integrated)
80GB 7200RPM harddrive
DVDRW/CDRW modular bay drive
Intel a/b/g wifi card
9cell battery
6cell modular bay battery
And these arent even the workstation-class laptops, though they are more expensive than the crappy consumer equipment.
This is with WinXP, so I dont know how much the premium will be for Vista Enterprise. But Office 2003 Pro runs us $100 per seat, so that doesnt add too much.
WRT backup software:
BackupExec (forget who owns it now, its been gobbled up so many times) does alot of what you're talking about with no problems. I'm not sure if it still acts dumb and treats a backup-to-disk like a tape when doing restores, but for the rest it does what you're talking about.
You can create backup devices that are tapes or disks. You can re-create lost catalogs from the actual tapes. Since its catalogs are stored in MSDE/SQLServer Express, you just backup that SQL Server database like you would any others, and have the backup sweep it. And since SQLServer backups are hot, it can happen during running backups.
BackupExec isnt free, but you can get their new Quickstart version (single server) for like $50. We've started using this on all the SMB Dell servers we consult on, as BackupExec is a fantastic product, and you cant beat the price for single-server small office environments of the quickstart version. And if you need a bigger version because you have more servers, you can just pay for it.
I think you're stretching things a bit with this.
The ability to modify kernel tables was, for all intents and purposes, a security bug. The only reason MS left it there as long as they did was for backwards compatibility. This was essentially MS being a nice guy, although it was arguably a short-term-good, but a long-term-bad.
But MS is in no way obligated to replicate their old bugs in future versions of their products, just because some third-party vendors have found a way to use those bugs/holes to make money. You may as well have malware authors suing microsoft for patching vulnerabilities.
Also, make sure you're not confusing the way the term 'patching' is being used here. It doesnt mean the ability to patch a kernel file, or apply file-based patches to the system. It means the ability to 'patch' (or modify) kernel data structures present in memory, in run-time, without going through any APIs.
This is clearly and unambiguously a 'Very Bad Thing' from a software engineering perspective. It violates all sorts of tenets of abstraction and encapsulation.
Read the blog on msdn, do some googling. You'll see pretty quickly that allowing this to happen is 'A Bad Idea' for consumers, as it just leaves the front door open to the bad guys. There are still work-arounds to this that some have discovered, and MS will shore those up over the next year or so as they are discovered.
Also, I think you're making a leap with your statement about what Antitrust law requires them to do. There is no (AFAIK) specific wording to this effect in the original case in the US, and I'm not aware of any similar provision in the EU's case. So they are certainly not, at the moment, required to do this. It is conceivable that some court/lawyer/politician in the future may create such a ruling/legislation, but thats hard to predict.
This is a pertinent paragraph:
"It's important to note that Kernel Patch Protection applies uniformly to Microsoft products as well as third party products. No code is allowed to modify the kernel using unsupported patching techniques. Security products developed by Microsoft only have access to the same supported interfaces that any other vendor would use."
I think you've missed the point.
e /2006/08/11/695993.aspx
MS didnt lock anyone out of the interfaces, they simply closed an UNSUPPORTED interface. There is a well-published, fully functional API for companies like these to do what they need to do.
The core issue here is kernel hooking, and modifying kernel tables in memory. This is something that is very explicitly not supported in every windows internals spec and api. Nortons and others were using unsupported APIs that MS has been warning about not using for years.
Now MS did the right thing and finally closed up those holes. You can no longer modify kernel tables in memory by directly manipulating the data in memory. You can no longer insert your own arbitrary code into function calls by manipulating the in-memory tables.
This is 'A Good Thing', and something MS warned about not doing for quite a long time.
This is purely companies like Symantec getting burned for BAD CODING PRACTICES. They did things they were explicitly told not to do, because what they were doing was unsupported, and could change at any time.
Now it changed. And they're whining.
Yet other (more competent) AV companies have no problems with this, because they're using the officially supported APIs.
See this link for some further information:
http://blogs.msdn.com/windowsvistasecurity/archiv
And if you want more, just google on "kernel patch protection".
The bottom line is that this is something MS should have done 5 years ago, and its the right thing to do. Symantec just needs to hire some quality developers who know how to read an API spec.
There are certain industries or business types that need this, however, and his (and mine) are of this type.
Take an IT services & consulting company, particularly one that specializes in small businesses.
You build out everything from domains, to webservices, to firewalls, to wifi, to email hosting, and beyond.
Just take the wifi situation, for example (though it generalizes to most of the other cases). You've built the wifi, and you have the admin password to the wap, and documentation about how it is configured. You have this documentation because you only are there once or twice a year, so wont remember, but you need the access information when you do go.
The business owner, given that this is a small business with no IT shop, doesnt have a clue, and doesnt need or want to know the password to the wap (though you give him a sheet with it anyway).
So when you go there to deal with wifi issues, or anything and just need to get on the wap, you need the login.
The same applies to their DC or SBS server. You dont want their domain connected to yours, but you need to be able to get into it when you do need to service it.
And if they choose to retain us for continuous monitoring and management of their IT infrastructure, then we need to be able to VPN in to their office and access their equipment for service.
But the GP's situation is not unique. For example, how do you give just enough information to your contract employees (or other young, not fully vetted staff) to let them do the work, but not really put your client at risk?
We're looking at Smart Cards for this, as we deal with a nearly 100% MS homogenous client-base, but its not an easy problem to solve generally, while providing audited and progressive disclosure of sensitive information necessary for these people to do their jobs.
You, sir, are a god!
...
... I'm just giddy with my new Opera feature that I didnt even know about before.
I love my Opera, but I didnt even know about the 'Fit to Width' command. I now love my Opera even more than before.
How people struggle along with weak browsers like IE and FireFox is beyond me.
Just kidding! (mostly)
I'm not sure what whacky-doodle company you work for, but let me assure the non-Americans here that this is not typical nor representative.
While there probably are some companies that have this kind of culture, thats fairly unusual.
Some people just dont like to sit around in the dark while they're at home.
:)
... we each light our house to the level of color and brightness that we like. I know its whacky ... but there you go.
For myself, it makes me sleepy if the rooms are dark, and it just kills my energy levels. In other words, its depressing, a big downer. And I dont want to be depressed in my own house.
Ideally, it should be roughly the same brightness as standing outside during a bright, but overcast day. That is, in my opinion, the ideal color and brightness of the inside of the house.
I know plenty of people, however, who like their homes dark. I dont get it, but I dont make it a moral issue either. If they want to live like trolls in a cave, thats their business.
How about this wild and crazy idea
You're kidding right?
When power fails where I live (Arizona), people die from the heat.
And have you ever tried going a couple days with your bedroom temperature in the 90's? For myself at least, it disrupts my sleep so much that it affects my quality of life quite severely.
In the places where it gets hot, AC is unavoidable.
Windows has a System Administration role, not just one account. It's a group (which in this case is synonymous with role) that you can assign whomever you would like into.
If you need to run multiple apps through an elevated account you have a couple options.
1. Launch a command prompt with runas, then everything launched from that command shell has the same privs.
2. Launch a new shell with runas, then everything launched from that command shell has the same privs. This can be done by doing runas explorer.exe with some configuration changes, or the much easier runas iexplore.exe.
3. Put all your point n' click admin apps into a consolidated MMC app, and run that with your elevated account using runas.
4. Log off and log in as your elevated account.
5. If you're on the server, term-serv (ie, remote desktop) into the same box with your elevated account.