In this particular case at least - and any similar - I would think that MS is (at least partially) to blame.
Making an OS that has a port for a certain protocol (namely NetBIOS) available over another *by default* that exposes it to millions of other machines (namely TCP/IP via the 'net) is definitely NOT the way to release an OS that you are claiming is supposed to be so secure.
Who is "the admin" for all of those people who are just regular home users/gamers/students (with no real interest in computers, or anyone for that matter for whom the computer is just another tool?
The answer? Microsoft. Thus, this is their screwup - again.
When you get your license and you buy your first car, does the manufacturer/dealer hold you responsible for knowing how to fix the engine or rebuild it? No - you just have to know how to use the vehicle - ie: drive, add gas, check oil and tires. Just like how every casual (ie: non "admin-type" computer user) expects that with a computer, they need to plug it in, turn it on, maybe defrag it or run a virus scan every now and then, and use their favorite program/game on it... NOT be a network admin for it.
With the Internet "slowly" making it's way into everyone's house - and via faster and faster connections - and the large majority of those Internet users being computer users, default Windows setup should account for that.
Oddly though, each new release of Windows opens MORE ports instead of less - and also even MORE "accidental" back doors.
ProfBooty writes: "Quite honestly, I can't understand why science and engineering majors are held to one standard for grades and academics versus humanities majors even in the same school... It really is too bad the media doesn't report enough on education from the technical side." regarding grade inflation.
More importantly, why does this trend seem to be increasing/spreading? We are intentionally dumbing down our society. We've already set up an economic system that increasingly is promoting the construction of disposable or short lasting items - and then complain that the quality of what we buy is lacking. Soon, we wont even have people trained well enough to make such products.
The solution to poor education is *NOT* artificially educating grades - it's better education.
The solution to better SAT grades shouldnt be (but is) artificially inflating test scores but should be better education.
The solution to raising grades in educationally disadvantaged areas isnt artificially educating grades - it's better education.
Maybe I have a 1 track mind, but I managed to get in the high 90th percentile on my SAT - when it wasnt the joke of a "test" it is now, and when they didnt artificially inflate the test scores. I for one am happy that instead of raising my test score, they just taught me.
Keeping in mind I havent read the actual article, two things I can think of that at least pertain to your comments... (1) I've seen a web server that was pretty much a boot loader and a web server that included it's own (though limited) network and file i/o routines. So, though I dont know about this particular case, it's possible to make one that doesnt run on an OS. The UI was text based but "graphical" (ie: status bars, etc - sorta like the old "graphical" text mode PC GUIs). (2) a GUI doesnt slow down a decent web server noticably (assuming the machine wasnt borderline maxxed on CPU or RAM). It's the usage thereof that determines whether that GUI is a problem. I use Lotus DominoGo Webserver and though it is a GUI app, I've yet to notice any measurable difference between having it log to the GUI (in an ever expanding selection box) or not. In "dont log to gui" mode, it just updates the # of connections served, current, and kb sent about once a second. (Regardles, to date I havent found any web server that is faster, even approaching 1/4 of it's 4,000 connection per CPU limit).
The other big issue (I think) is ISP liability. First, many of these "IP specific" attacks are competitor driven - I know, we receive thousands of such attacks a day, and SANS recently published a report indicating that competitor initiated worms, virii, attacks, etc are one of the top 5 reasons for virii and attack proliferation on the net.
So, since an ISP wont give you the customer's info without a court order, and obtaining one could take weeks or months, wouldnt it be logical, that when reported, after a certain period of time, the ISP becomes liable? I even beleive there are points of law to support this.
Point being, if so, how does one perhaps advise and enforce this on ISPs, and secondly, how does one implement a system that allows an easier way of dealing with this?
Currently, dealing with such "Internet Giants" as Comcast and RoadRunner have resulted in nothing but email after email after email, begging, pleading, explaining, complaining, and eventually threatening legal action - and regardless, no action but the automated response.
How much can you sue a negligent ISP for damage to image (for instance, spoofed emails with derogatory or virus laden content), loss of bandwith or other profit generating resources, etc?
I think this may be the big issue. With a simple "Check here what type of attack you are reporting" and a submission field for the IP address, a simple automated routine could monitor, verify and take action [whether informing a (for instance) Comcast tech or automatically blocking that type of/or all traffic from the offending IP].
For many types of attacks (other than Code Red, Nimbda, etc - this consists of 95% of our attacks), since they are ongoing till someone contacts the user and stops them (or blocks their connection which amounts to the same thing whther they are an innocent infected or guilty of initiating the attack).
These are some of the biggest causes of internet attacks. If you measure the number of businesses and the number of non-commercial entities on the net, and then factor int he massive number of attacks that were Code Red/Nimbda/The NeverEnding MS Hole Of The Week Saga... it's interesting to note that selective, planned attacks against businesses by (presumed by myself - and SANS - as well as others) presumably competition ranks in the top causes of such traffic on the net.
In addition, what most non-commercial entities never realize is, name an Internet worm/virus/script... tell me when you think it came out. Now, 80% of you are probably wrong. It came out many months if not YEARS before you think, and was used to target specific businesses. This includes Nimbda and Code Red and all their variants. The worms later make it mainstream. We had been receiving attacks like these often a year before someone shoved the vulnerability down MS's throat so they coudlnt ingore it. Stive Gibson at GRC has info on some similar incidents.
The ease of it is astonishing, especially with so many "script kiddies" and so many legititmate hackers - jump into an IRC chat room of such type, and claiming to be the business in question, tell them what type of losers they are. Or post such an post with "forged" headers in the newsgroups - it happened to us (newsgroup post). The ISP wouldnt help us, and by the time we knew and responded that the post was not made by us with "proof" ("well, you could have been on a dialin" - "um, not with those host names, which have never been registered to that dialin IP - it's a forged header on a fake post") - by then, attack bots were already being circulated on the IRC channels, much like the ones used against Steve Gibson, attacking us on average 30,000+ a day... some days hitting 6 digits. Our servers can laugh at that, but our bandwidth cant. And you cant firewall it either. Those scripts infect near anything with WinCrap on them. We had universities with OC3s attacking us, people from all over the world, you name it.
If you cant beat the competition, take down their servers. That seems to be the big motto.
If ISPs were liable for inaction, the attacks (including stuff like Nimbda and Code Red that could be blocked with simple filters in many cases) would eventually die off.
I dunno about the Linux world, but OS/2's "Media Player" (WarpVision) is barely 800K, SO I am willing to bet that "media players" for Linux that support more media formats than Windows Media Player and Report To Redmond What You Listen To And Watch is far smaller.
So my question to any considering Windows Media Player 9 for Linux is this... why would anyone choose MS WMP9 for Linux when there must be smaller, faster, more efficient (CPU speed needed for a given format) more capable (plays more formats) players than MS WMP9?
The only reason I can think of is to support certain MS formats, like asf, WMV, their other funky mpeg formats. I'd expect that if OS/2 supports them, that a native Linux media player must also support them (with all the Linux-like factors I listed above).
[OS/2's WarpVision supports (video:) DVD, DivX-3, DivX-4, DivX-5, XViD, MPEG-1, MPEG-2, MPEG-4, AVI, ASF, Quicktime/Sorenson v1, (audio:) AC3, PCM, MP3 and WMA] including scaling 16:9/4:3/16:9, arbitrary scaling, audio resampling, full DVD title, angle, chapter, subtitle language, soundtrack language (even select from multiple instances of the same language) and more.
This ISNT meant to sound like an OS/2 ad... here's why: Much of the work on WarpVision is from the Linux world. SO, if OS/2's WarpVision plays all of those formats with all those features (and is skinnable), is 800K, plays DiVX,s on half the hardware Win98 needs, I'd imagine that the Linux base that WarpVision is partially based off of is at least as capable or nearly as capable (making WMP9 for Linux obsolete before it's even written)...
And if not, then the Linux guys should probably talk to the WarpVision for OS/2 guys about porting some of the OS/2 code (codecs, whatever the code happens to be that is needed on the Linux player )that OS/2 has, back to Linux.
A MUCH MORE (I think) IMPORTANT NOTE is this: Linux (and Apple) adopting WinMedPlay9 will just reinforce MS's push into DRM (hmmm... wonder if the Linux versions are supposed to come with it built in like their Win counterparts? Oh wait, yes they are - hence the whole first paragraph on The Register).
A SECOND EQUALLY (I think) IMPORTANT NOTE is this: since it would have to come with DRM (if I am reading the Register article correctly) there are of course a dozen insecure back doors that WMP9 would open to an (otherwise) secure Linux system, both to implement DRM, and for whatever reason MS seems to keep opening more non-DRM related ports and more non-DRM related back doors on every Windows and WinMediaPlay release. This alone should be enough reason that (regardless of available codecs) NO Linux user would want to download/choose over a Linux app/switche to Win Media Player9.
MS (I mean the BSA) and Sony (I mean the RIAA) will come to an agreement and the bill will then have the support of both...
or MS will endorse the bill while the BSA will fight it, making MS look like a big hero, achieve their end results and more. Takes the pressure off of them for all they have the BSA then continue to do on their behalf.
- Rob
...business.
Microsoft does not want any DRM tool that is not theirs being implemented. The Hollings bill doesnt ratify and/or demand their (MS') solution. Thus, Microsoft... I mean the BSA... are against it.
MS is the majority member, founding member and has the most control of, over and in the BSA. If you look at their neat figures and understand them, you will see that 90% of their "successes" battling piracy are MS related, and most instituted by MS.
Of course MS will not endorse a bill that puts into question their (stolen) DRM technology, much less one that legislates how DRM will be implemented (regardless of who implements what).
This isnt just uninnovative, it's behind the times. In dash computers have been around for a while, and since 1996, you could use OS/2 with IBM's ScreenReader/2 and Netscape Communicator and VoiceType to have your computer read a web page to you, while you told it what links to go to (you would simply speak whatever link text was underlined or the ALT text for the image that was the link...)
Didnt the Amiga have this? And I know OS/2 did... and Linux (or most or all flavors of Unix)... hey, wait, in some fashion or another only Windows has lacked these features! Yet the press eats it up!
THIS IS STUPID! This is once again old technology (ie: already in use by others) that some company is trying to capitalize off of by being granted a patent. They were far from first.
"A good read if you're looking to see what's going to keep you glued to your couch in 2003."
The entire thing smells "ADVERTISEMENT" from one end to the other.
C'mon Taco, did you actually read it? It doesnt discuss performance, ease, game play (not the vague candy coated statements in the not-reviews at the end), interaction with others or antyhing else that would have been a review of xBoX Live. This is so unlike you to oversensationalize an advertisment as "a good read". (You all can decide for yourself whether that is sarcasm or not).
This article discusses:
"Buy the hype and go xbox!"
"Subscription Services and Policies"
"How to install, just in case your box didnt come with instructions"
"how to go wireless"
"How to hook up your cables, just in case you didnt get a manual in the box"
"Unpacking the xbox for idiots: never opened and emptied a box before? We'll help!" (including a nice picture of the manuals that would alleviate the need for the previous article sections)
"Assembling, for those who dont have the manuals we've shown you in our neat little picture in the previous section"
"How to sign up, since we know none of you have manuals - or are familiar with how difficult it is to type text with a game pad - since we've all been doing that for years"
"xbox live and systemlink titles arent compatible"
"The titles! Time for some advertising that is more blatant - including SPECULATION about 60 promised titles - that MS already promised for christmas (more actuallY) but never materialized - but vague promises and speculation are not allowed about the other platforms - read the first couple sections to see that"
"System Configurations - just in case your box was missing that panel, AND you were missing the manual as well"
"Gee, like nearly every other game system or addon, you get a bundled game!"
followed by "I'll review a few more games in lame, dont say anything real reviews"
finished up with "And that's why xbox live is the best bang for your buck! Because in case you dont have your manual, you can just read this article and that will make owning xbox live great!!!"
Some other things to note?
Does it matter how many people jump on a service when it first rolls out? Where are the REAL numbers like how many people played in weeks 2-12?
MS has how many more online titles? A whole lot/slight edge/none/bunches commited? But Nintendo "rumors" arent permitted.
"Since we were not asked to participate in the beta test, we can't tell you much about the beta; but things must have gone fairly smoothly, because on November 15th, Microsoft rolled out Xbox Live to the masses." Of course they did... I didnt beta test WinME, but since they released it, the testing must have went smoothly MY ASS! This is again pure rubbish and pure advertising.
"Gee (paraphrased), it's so terrible to have a bill for each game instead of paying MS one fee!" Gee, since they all require credit cards, that is so much more difficult how? I find it BETTER since I know what each penny spent is for, instead of trying to have to track down $12 for this game, $5 for this, $9 for this... hey, my bill is $32 - what's the other $6?
Is it just me, or did the article really stink and was the/. post over sensationalized?
>>One of the few joys I had rubbing Mac OS X in my advisor's face
>You see, this is why I'm anti-Mac. Well, one of the reasons. Mac people pretend to be better than me. That really pisses me off.
Though you may think that's the case, think about what Mac and Linux and OS/2 and Amiga, and Atari 2600, and TRS-80 users go through every time they have to listen to a Windows user extolling either some amazing, new, innovative feature in Windows that the rest of the world has had for years, or a dozen other similar conversations along similar lines.
Now keep in mind, I'm not accussing you of this. I am merely pointing out that so many Windows users seem to wonder why users of every other OS seem to evangelize their OS... and perhaps that's a big part of it. Tired of hearing the shit from MS, and Windows users who just plain and simply dont know better. It's not entirely the Win users fault, and I know in my case, I found unenlightened Win users more funny than anything... it's very much MS's and the media's fault though - and they I did indeed get very pissed at.
Of course, any response from me - because Windows wasnt my OS of choice, made me a zealot. This, by the way, was when MS had big shares in Ziff Davis, who used to go as far as printing MS pre-prepared "media kits" as Win95 reviews, even in 3 different publications in one particular case, 2 written by one author, the 3rd written by someone else... identical to the word though... identical also to the copy that MS sent us at CompUSA. Oh - and mostly false. True 32 bit, no more DOS, 4MB of RAM... I'm sure you remember all those early claims that MS made that were just pure bs.
So... people wonder why users of other OS's seem to lean towards zealotry? Perhaps it's because many Win users, without knowing better, have went far beyond that extreme... we may brag about what our OS can do, and probably did long before Windows could... but Win users brag often about what their OS is NOT (like stable, secure, fast, slim, non resource hungry, etc...), or about features that their OS had last out of the pack - because they believe the "propaghanda" (for lack of a better word) that they hear in MS ads and paid "reviews".
Again, nothing personal... but perhaps something every Win user should think of the next time they wanna get mad at the user of another OS for being proud of what their OS can do...
- Rob
(Heck, I'm still waiting for MS's promised 64 way cpu support - since 1995... )
...is that companies are using mouseovers to track where a person is on a page and onclicks to track where they click without having to do redirects, or running all sorts of other code because of mouse events.
Gee, will the wonders ever cease!?!?!
I honestly cannot believe it is just now that people (ie: webmasters and web programmers) are figuring out what can be done with such things and some very minor Javascripting and/or Java.
Hmm didnt I say something like this would happen?
on
The End of Solotrek
·
· Score: 1
How very odd... "amazingly" yet another company with ambiguous claims on their site, suspended "flight" (a la old Superman moviemaking style), and it is such a surprise to the business world that some sort of "accident" would happen so they have to bow out after all the money infused into them? Oh well... maybe it's all innocent... I am getting very jaded in my old age... but there are a lot of stories like this in the last year or so.
The school is acting as an ISP and because of the DMCA they are immune from liability as long as they investigate when they are notified by copyright holders that users on their network are infringing. Seizing the computers is a drastic measure that is probably not legal for the academy to do anyways. Only law enforcement can seize things.
Excellent points all but the last. The US Military branches have their own law enforcement divisions that act outside of standard law enforcement (MPs being one set of them), and if I am correct, any officer or post commander has the power to utilize discretionary policing powers and act in such fashion as well, until MPs or other such personnel can take over.
I can do both. I can put a picture of a toaster online, and say it's a microwave, but that doesnt change anything. The picture is of a gearbox and a car starter. They can say anything they want in the caption... or perhaps the "motor" is missing such vital things as an intake and exhaust manifold. And perhaps the other "motors" (ie: alternators or generators) are brilliantly housed in an alternator casing, with what sure as heck looks like the same plug hookups still intact and no manifolds. Even rotary motors require a place for fuel to go in and waste to go out...
Many people are pointing out links to possible technology like this, but honestly, I am very skeptical about them all.
Pictures (and ads selling the units) like the personal 1 man helicopter are nothing new and can be found in the back of Popular Mechanics for DECADES - yet you see no one owning one.
Moller SkyCar is a perfect example of something, that to me looks quite dubious... why? Let's see...
The main page shows the "Freedom Motor" which is a gearbox (ie: small motor transmission - you can find them on small AC power generators) with an automotive starter coupled to it via a flywheel... sorry, though they have lotsa torque, nothing near the power/HP that is needed to fly - much less drive at any decent speed - a car.
Going to the Freedom Motors site linked to the pic shows all sorts of "motors" - which look more like standard US car alternators or generators (arent they inversely named??). Now, while a generator may be able to be used as a motor, again, the unit would not have enough power to move a car much less fly it...
Installed engine power: 645 hp (Moller claim) - while their engine site shows 120hp max, a drawing of inconspicuous identity, with the images of alternators and starters being claimed as combustion motors
While Solotrek seems to have more believable claims - perhaps that is also what makes them so less believable... they're working with lots of government agencies on this project... neat! (Really??? or have those agencies just said "Well, if you get it to work, call us, we'll be interested then").
Fortunately, to make me a believer, they have a bunch of pictures of "tethered" (from above... ie: suspended on a "rope", superman style) flight. So.... wil it actually work on it's own one day, or does it come with the crane, and crane operator to hoist you into the air? And all for a whopping 19 seconds! Wow! I can make it all the way... across my yard... in that time! My travel problems are over!
Weird, huh?
Perhaps one day, someone will come up with something that works, or something that looks more realistic or believable. The Wright brothers actually built something and flew it... no tethers, no pictures of alternators and engine starters claimed to be combustion engines... make it, cut the ropes, fly it and then talk to us.
- Rob
The opinions expressed herein are entirely my own. Anyone who agrees with them may also suffer from the same mental problems I do... whatever they are.;-)
MS loses BILLIONS a year. The cost of WinKludge development is enormous. MS has been amortizing those costs over periods far in excess of the earnings each product will bring in.
Thus, let's say a product generates a certain revenue stream for 2 years, but you amortize the costs over 10. It looks great on paper, but year 3-10 you have no way of recouping it... "Sure you do... other products!" Yeah... like the next version, with the same problem due to the same faulty accounting.
The time frames MS used are large enough that they will show a profit for another half decade or more - but the money isnt real. The SEC was convinced to drop the investigation (plenty online about it... simply go to Google) - and no, not because MS wasnt guilty of doing so - the SEC decided they were guilty on a number of counts and told them "dont do it again...".
Now, knowing that only the Win/Office divisions are (falsly) profitable, that means the true MS losses must be staggering.
Simply do a Google Search and check it out - now, the hard part is reading about a dozen (no joke) stories to actually see all of what the SEC accused them of and told them to stop doing. Most of the articles downplay it as simply forgetting to list a few accounts and other BS. Keep reading and you'll see it's a long long list of violations.
Rob
What I have experienced and what you will find...
on
Restaurant POS Systems?
·
· Score: 3, Insightful
Most P(iece)O(f)S(hit) systems nowadays seem to be the following...
(1) Older or revamped OS/2 solutions... highest flexibility, but requiring someone who knows OS/2 and such to allow use of such flexibility.
(2) AIX/*NIX with OS/2, Win__, etc clients
(3) Entirely Win systems
Now my breakdown on the matter...
(1) OS/2 - will be difficult (unless you know people who are on Sears' support team or that of some other company like them) to find someone with the "expertise" to implement or expand or customize an OS/2 solution... even though it is far easier (even 5 years ago) than most every other solution.
- "Unlimited" expandability (add up all the SEARS POS terminals, catalog system and multimedia kiosks and then you see what a true network OS with a high end commercial scale POS system can do on "mere" PC hardware. The Win solutions will never approach that level. - handles POS and related systems for 3,000 departments.
- All in all, unless or until eComStation continues to gain more Win converts that the POS market on OS/2 is revitalized, it is probably not the way to go.
(2) Numerous packages can still be bought with phenomenal support (at a phenomenal cost though).
*IX solutions use some TTY interface (depends on implementation) so most client OS's work. Not very flexible or customizable.
There are GUI (Solaris) apps available, including with perl scripting support, but they are very very expensive, and (thus) usually "customized" for each client. We used one such at UUNet back in the late 90's (and I think still today, but I no longer work there).
(3) Win apps seem mostly to be VB apps, poorly written, (ask CompUSA who dumped a perfectly running RS/6000 POS setup for a "glitzy" Win95/98 in house written, crash a lot system - they never even finished transferring the whole system to it due to the problems, hence the sales and stock system is still separate and on the mainframe, or ask Best Buy and PetCo who are having nothing but crashing issues on package "off the shelf" (well, the "high-end" commercial version).
I've researched a lot of the issues, and have yet to find any people truly happy with the lower end systems, most especially on Win__. (I researched it because we were in teh process of writing our own app, but as the maker of our main development tool fell behind on their final release, we never were able to release ours (required DLLs from their final release).
From our plans based off feedback just like you are requesting, here is what I've gleaned is needed nowadays (as well as 4 years ago when we planned this)...
integrated fax capabilites (user selectable per customer as method of invoicing and statements)
integrated email capabilities (same)
web integration of most or all components
integrated account and contact database (with all components such as web, fax, email, phone, etc)
credit card processing (directly or through a third party processor)
callout feature [larger scale users (collections purposes, cold calling, re-calls, etc) or "glitz" feature for smaller users]
image and basic catalog support (output to pdf or direct to print for those with their own high end printers)
Caller ID incoming capabilities (larger firms for increased productivity in auto records retrieval, etc, or smaller firms "glitz" feature).
Variable print formats (sorry those who sell these retardely overprice POS systems, but STAR and other printers are simple Epson graphics mode with a couple extra codes for cash drawer machines, or HPPL/PCL printers... you dont need to charge a fortune to add 3 extra control sequences and a manual that explains how large a graphic can be).
Contract, form and misc document feature (to for instance, print a web contract with the related invoice with all the appropriate info - I mean, c'mon gang (who writes this expensive crap), it can even be done with a simple "mail merge" into a pre-typeset document).
flexibility for various network schemes (really simply use of __SQL back end and appropriate net protocol to talk to the ___SQL server.
Of course, all the standard accounting features
Job and item numbering, serialization (serial number tracking and recording), etc.
Item lookup by serial number or product number (makes selling and invoicing a breeze with most computer and electronic devices... the beginning of the serial number on most identifies the product, meaning, you can inventory by serial number scanning once the identifier is in the database and let the system handle all the rest. Sell a product, scan only the serial number and let the system cross reference all the rest also allowing for fully accurate SN tracking).
Contact manager (I dont mean an address book - I mean "12/10/2001 13:45 Called Joe and advised payment late. He said check in mail." etc... with related options always available that generate Contact entries such as click "Re-Invoice" and the next entry is "12/10/2001 13:47 Generated new invoice to be sent via regular mail" (or preferred method per customer).
EASY options to change on the fly methods of sending invoices and documents
[Note the subject... type it into Google, in case you forget that for anything anti MS you can just search/. - and you will find result #2... Slashdot (gee, what a weird place to find this info) and #5/6 The Register (another frequent/. story source - even cited in the noted/. article].
Now, if you read the posts, and the links to the stories and EULA, you notice what you find?
1 - these EULA's give MS the rights to FORCE their updates on you.
2 - these updates, fixes, security fixes, etc, focus on DRM more than true security issues.
So... anyone STILL falling for this "Gee, we finally realized that security is a big deal... took us 3 years since that turnip truck - dunno why we were on a turnip truck 3 years ago, but we were... but anyway, this time we really mean what we say about security being important. Before when we said it was and did nothing, that was different - but the same as the time before that, which was also different than this time... oh - and this has nothing to do with DRM - so dont read your EULAs that come with these 'fixes' since they tell you it does have to do with DRM and give us permission to full access to your machine, as well as rights to update, add or delete files as we see fit..."
So... who's buying this latest round of bull? Show of hands anyone?
Why do people keep repeating this "forced on them?" crap?!??! MS already admitted in their newest EULA that comes with various "security updates" and Media Player that they are indeed mandatory, at whatever interval or time MS decides they want to do an update.
READ first, post later. Especially when you dont even have to leave/. to find the EULA in question.
hany (hany@NOSPAM.terminus.sk) noticed as well... I'm not jumping to page 2+ but at least one other person noticed...
It'd be nice if this debate were about the real topic... how will this really affect the issues? With no real focus on security, and updates that address DRM more than anything... well, actually, I dont care, I dont run Windows.
I am not sure what you are talking about... but maybe you arent either and that's why.
First, MS has fixed very few "security holes" to date of the ones they have addressed. I am not even counting the ones they havent gotten to.
Why? Well, that's #2. The biggest issue in Windoze, besides Outlook, Word, et al macro issues is... BUFFER OVERFLOWS!!!
MS hasnt fixed them. They address specific attacks, and the code itself doesnt get fixed.
Or has everyone else failed to notice that the differences in Code Red 1-3, Nimda, et al when it comes to the buffer overflow portion is just a matter of figuring out a new string that will fill the right part of memory due to the unpatched overflow.
MS seems to be in effect writing simple filters to grab that string and ignore it, leaving the overflow issue, and thus the exploit wide open.
I could be wrong... but I've logged hundreds of thousands of attacks that seem to prove otherwise, and Steve Gibson of grc.com could argue this even better.
Slashdot Mirror
Making an OS that has a port for a certain protocol (namely NetBIOS) available over another *by default* that exposes it to millions of other machines (namely TCP/IP via the 'net) is definitely NOT the way to release an OS that you are claiming is supposed to be so secure.
Who is "the admin" for all of those people who are just regular home users/gamers/students (with no real interest in computers, or anyone for that matter for whom the computer is just another tool?
The answer? Microsoft. Thus, this is their screwup - again.
When you get your license and you buy your first car, does the manufacturer/dealer hold you responsible for knowing how to fix the engine or rebuild it? No - you just have to know how to use the vehicle - ie: drive, add gas, check oil and tires. Just like how every casual (ie: non "admin-type" computer user) expects that with a computer, they need to plug it in, turn it on, maybe defrag it or run a virus scan every now and then, and use their favorite program/game on it... NOT be a network admin for it.
With the Internet "slowly" making it's way into everyone's house - and via faster and faster connections - and the large majority of those Internet users being computer users, default Windows setup should account for that.
Oddly though, each new release of Windows opens MORE ports instead of less - and also even MORE "accidental" back doors.
More importantly, why does this trend seem to be increasing/spreading? We are intentionally dumbing down our society. We've already set up an economic system that increasingly is promoting the construction of disposable or short lasting items - and then complain that the quality of what we buy is lacking. Soon, we wont even have people trained well enough to make such products.
The solution to poor education is *NOT* artificially educating grades - it's better education.
The solution to better SAT grades shouldnt be (but is) artificially inflating test scores but should be better education.
The solution to raising grades in educationally disadvantaged areas isnt artificially educating grades - it's better education.
Maybe I have a 1 track mind, but I managed to get in the high 90th percentile on my SAT - when it wasnt the joke of a "test" it is now, and when they didnt artificially inflate the test scores. I for one am happy that instead of raising my test score, they just taught me.
Just my 1 cent...
Robert
Keeping in mind I havent read the actual article, two things I can think of that at least pertain to your comments... (1) I've seen a web server that was pretty much a boot loader and a web server that included it's own (though limited) network and file i/o routines. So, though I dont know about this particular case, it's possible to make one that doesnt run on an OS. The UI was text based but "graphical" (ie: status bars, etc - sorta like the old "graphical" text mode PC GUIs). (2) a GUI doesnt slow down a decent web server noticably (assuming the machine wasnt borderline maxxed on CPU or RAM). It's the usage thereof that determines whether that GUI is a problem. I use Lotus DominoGo Webserver and though it is a GUI app, I've yet to notice any measurable difference between having it log to the GUI (in an ever expanding selection box) or not. In "dont log to gui" mode, it just updates the # of connections served, current, and kb sent about once a second. (Regardles, to date I havent found any web server that is faster, even approaching 1/4 of it's 4,000 connection per CPU limit).
- Rob
So, since an ISP wont give you the customer's info without a court order, and obtaining one could take weeks or months, wouldnt it be logical, that when reported, after a certain period of time, the ISP becomes liable? I even beleive there are points of law to support this.
Point being, if so, how does one perhaps advise and enforce this on ISPs, and secondly, how does one implement a system that allows an easier way of dealing with this?
Currently, dealing with such "Internet Giants" as Comcast and RoadRunner have resulted in nothing but email after email after email, begging, pleading, explaining, complaining, and eventually threatening legal action - and regardless, no action but the automated response.
How much can you sue a negligent ISP for damage to image (for instance, spoofed emails with derogatory or virus laden content), loss of bandwith or other profit generating resources, etc?
I think this may be the big issue. With a simple "Check here what type of attack you are reporting" and a submission field for the IP address, a simple automated routine could monitor, verify and take action [whether informing a (for instance) Comcast tech or automatically blocking that type of/or all traffic from the offending IP].
For many types of attacks (other than Code Red, Nimbda, etc - this consists of 95% of our attacks), since they are ongoing till someone contacts the user and stops them (or blocks their connection which amounts to the same thing whther they are an innocent infected or guilty of initiating the attack).
These are some of the biggest causes of internet attacks. If you measure the number of businesses and the number of non-commercial entities on the net, and then factor int he massive number of attacks that were Code Red/Nimbda/The NeverEnding MS Hole Of The Week Saga... it's interesting to note that selective, planned attacks against businesses by (presumed by myself - and SANS - as well as others) presumably competition ranks in the top causes of such traffic on the net.
In addition, what most non-commercial entities never realize is, name an Internet worm/virus/script... tell me when you think it came out. Now, 80% of you are probably wrong. It came out many months if not YEARS before you think, and was used to target specific businesses. This includes Nimbda and Code Red and all their variants. The worms later make it mainstream. We had been receiving attacks like these often a year before someone shoved the vulnerability down MS's throat so they coudlnt ingore it. Stive Gibson at GRC has info on some similar incidents.
The ease of it is astonishing, especially with so many "script kiddies" and so many legititmate hackers - jump into an IRC chat room of such type, and claiming to be the business in question, tell them what type of losers they are. Or post such an post with "forged" headers in the newsgroups - it happened to us (newsgroup post). The ISP wouldnt help us, and by the time we knew and responded that the post was not made by us with "proof" ("well, you could have been on a dialin" - "um, not with those host names, which have never been registered to that dialin IP - it's a forged header on a fake post") - by then, attack bots were already being circulated on the IRC channels, much like the ones used against Steve Gibson, attacking us on average 30,000+ a day... some days hitting 6 digits. Our servers can laugh at that, but our bandwidth cant. And you cant firewall it either. Those scripts infect near anything with WinCrap on them. We had universities with OC3s attacking us, people from all over the world, you name it.
If you cant beat the competition, take down their servers. That seems to be the big motto.
If ISPs were liable for inaction, the attacks (including stuff like Nimbda and Code Red that could be blocked with simple filters in many cases) would eventually die off.
Just my 1 or 2 cents...
Rob
So my question to any considering Windows Media Player 9 for Linux is this... why would anyone choose MS WMP9 for Linux when there must be smaller, faster, more efficient (CPU speed needed for a given format) more capable (plays more formats) players than MS WMP9?
The only reason I can think of is to support certain MS formats, like asf, WMV, their other funky mpeg formats. I'd expect that if OS/2 supports them, that a native Linux media player must also support them (with all the Linux-like factors I listed above).
[OS/2's WarpVision supports (video:) DVD, DivX-3, DivX-4, DivX-5, XViD, MPEG-1, MPEG-2, MPEG-4, AVI, ASF, Quicktime/Sorenson v1, (audio:) AC3, PCM, MP3 and WMA] including scaling 16:9/4:3/16:9, arbitrary scaling, audio resampling, full DVD title, angle, chapter, subtitle language, soundtrack language (even select from multiple instances of the same language) and more.
This ISNT meant to sound like an OS/2 ad... here's why: Much of the work on WarpVision is from the Linux world. SO, if OS/2's WarpVision plays all of those formats with all those features (and is skinnable), is 800K, plays DiVX,s on half the hardware Win98 needs, I'd imagine that the Linux base that WarpVision is partially based off of is at least as capable or nearly as capable (making WMP9 for Linux obsolete before it's even written)...
And if not, then the Linux guys should probably talk to the WarpVision for OS/2 guys about porting some of the OS/2 code (codecs, whatever the code happens to be that is needed on the Linux player )that OS/2 has, back to Linux.
The WarpVision home page is at WarpVision for OS/2 Warp and eComStation
A MUCH MORE (I think) IMPORTANT NOTE is this: Linux (and Apple) adopting WinMedPlay9 will just reinforce MS's push into DRM (hmmm... wonder if the Linux versions are supposed to come with it built in like their Win counterparts? Oh wait, yes they are - hence the whole first paragraph on The Register).
A SECOND EQUALLY (I think) IMPORTANT NOTE is this: since it would have to come with DRM (if I am reading the Register article correctly) there are of course a dozen insecure back doors that WMP9 would open to an (otherwise) secure Linux system, both to implement DRM, and for whatever reason MS seems to keep opening more non-DRM related ports and more non-DRM related back doors on every Windows and WinMediaPlay release. This alone should be enough reason that (regardless of available codecs) NO Linux user would want to download/choose over a Linux app/switche to Win Media Player9.
Just my (overcaffeinated and rambling) opinion
-Rob
MS (I mean the BSA) and Sony (I mean the RIAA) will come to an agreement and the bill will then have the support of both... or MS will endorse the bill while the BSA will fight it, making MS look like a big hero, achieve their end results and more. Takes the pressure off of them for all they have the BSA then continue to do on their behalf. - Rob
MS is the majority member, founding member and has the most control of, over and in the BSA. If you look at their neat figures and understand them, you will see that 90% of their "successes" battling piracy are MS related, and most instituted by MS.
Of course MS will not endorse a bill that puts into question their (stolen) DRM technology, much less one that legislates how DRM will be implemented (regardless of who implements what).
Rob
Oh well...
Wow! Will tis stupidity ever end?
Rob
I think we need an "MS Advertisements depicted as reviews" department.
The entire thing smells "ADVERTISEMENT" from one end to the other.
C'mon Taco, did you actually read it? It doesnt discuss performance, ease, game play (not the vague candy coated statements in the not-reviews at the end), interaction with others or antyhing else that would have been a review of xBoX Live. This is so unlike you to oversensationalize an advertisment as "a good read". (You all can decide for yourself whether that is sarcasm or not).
This article discusses:
Some other things to note?
Is it just me, or did the article really stink and was the /. post over sensationalized?
- Rob
They said...
>>One of the few joys I had rubbing Mac OS X in my advisor's face
>You see, this is why I'm anti-Mac. Well, one of the reasons. Mac people pretend to be better than me. That really pisses me off.
Though you may think that's the case, think about what Mac and Linux and OS/2 and Amiga, and Atari 2600, and TRS-80 users go through every time they have to listen to a Windows user extolling either some amazing, new, innovative feature in Windows that the rest of the world has had for years, or a dozen other similar conversations along similar lines.
Now keep in mind, I'm not accussing you of this. I am merely pointing out that so many Windows users seem to wonder why users of every other OS seem to evangelize their OS... and perhaps that's a big part of it. Tired of hearing the shit from MS, and Windows users who just plain and simply dont know better. It's not entirely the Win users fault, and I know in my case, I found unenlightened Win users more funny than anything... it's very much MS's and the media's fault though - and they I did indeed get very pissed at.
Of course, any response from me - because Windows wasnt my OS of choice, made me a zealot. This, by the way, was when MS had big shares in Ziff Davis, who used to go as far as printing MS pre-prepared "media kits" as Win95 reviews, even in 3 different publications in one particular case, 2 written by one author, the 3rd written by someone else... identical to the word though... identical also to the copy that MS sent us at CompUSA. Oh - and mostly false. True 32 bit, no more DOS, 4MB of RAM... I'm sure you remember all those early claims that MS made that were just pure bs.
So... people wonder why users of other OS's seem to lean towards zealotry? Perhaps it's because many Win users, without knowing better, have went far beyond that extreme... we may brag about what our OS can do, and probably did long before Windows could... but Win users brag often about what their OS is NOT (like stable, secure, fast, slim, non resource hungry, etc...), or about features that their OS had last out of the pack - because they believe the "propaghanda" (for lack of a better word) that they hear in MS ads and paid "reviews".
Again, nothing personal... but perhaps something every Win user should think of the next time they wanna get mad at the user of another OS for being proud of what their OS can do...
- Rob
(Heck, I'm still waiting for MS's promised 64 way cpu support - since 1995... )
Gee, will the wonders ever cease!?!?!
I honestly cannot believe it is just now that people (ie: webmasters and web programmers) are figuring out what can be done with such things and some very minor Javascripting and/or Java.
Totally unimpressed...
Rob - My Place
- Rob
Home
Excellent points all but the last. The US Military branches have their own law enforcement divisions that act outside of standard law enforcement (MPs being one set of them), and if I am correct, any officer or post commander has the power to utilize discretionary policing powers and act in such fashion as well, until MPs or other such personnel can take over.
Rob
I can do both. I can put a picture of a toaster online, and say it's a microwave, but that doesnt change anything. The picture is of a gearbox and a car starter. They can say anything they want in the caption... or perhaps the "motor" is missing such vital things as an intake and exhaust manifold. And perhaps the other "motors" (ie: alternators or generators) are brilliantly housed in an alternator casing, with what sure as heck looks like the same plug hookups still intact and no manifolds. Even rotary motors require a place for fuel to go in and waste to go out...
Pictures (and ads selling the units) like the personal 1 man helicopter are nothing new and can be found in the back of Popular Mechanics for DECADES - yet you see no one owning one.
Moller SkyCar is a perfect example of something, that to me looks quite dubious... why? Let's see...
- The main page shows the "Freedom Motor" which is a gearbox (ie: small motor transmission - you can find them on small AC power generators) with an automotive starter coupled to it via a flywheel... sorry, though they have lotsa torque, nothing near the power/HP that is needed to fly - much less drive at any decent speed - a car.
- Going to the Freedom Motors site linked to the pic shows all sorts of "motors" - which look more like standard US car alternators or generators (arent they inversely named??). Now, while a generator may be able to be used as a motor, again, the unit would not have enough power to move a car much less fly it...
- Installed engine power: 645 hp (Moller claim) - while their engine site shows 120hp max, a drawing of inconspicuous identity, with the images of alternators and starters being claimed as combustion motors
- While Solotrek seems to have more believable claims - perhaps that is also what makes them so less believable... they're working with lots of government agencies on this project... neat! (Really??? or have those agencies just said "Well, if you get it to work, call us, we'll be interested then").
- Fortunately, to make me a believer, they have a bunch of pictures of "tethered" (from above... ie: suspended on a "rope", superman style) flight. So.... wil it actually work on it's own one day, or does it come with the crane, and crane operator to hoist you into the air? And all for a whopping 19 seconds! Wow! I can make it all the way... across my yard... in that time! My travel problems are over!
Weird, huh?Perhaps one day, someone will come up with something that works, or something that looks more realistic or believable. The Wright brothers actually built something and flew it... no tethers, no pictures of alternators and engine starters claimed to be combustion engines... make it, cut the ropes, fly it and then talk to us.
- Rob
The opinions expressed herein are entirely my own. Anyone who agrees with them may also suffer from the same mental problems I do... whatever they are. ;-)
Thus, let's say a product generates a certain revenue stream for 2 years, but you amortize the costs over 10. It looks great on paper, but year 3-10 you have no way of recouping it... "Sure you do... other products!" Yeah... like the next version, with the same problem due to the same faulty accounting.
The time frames MS used are large enough that they will show a profit for another half decade or more - but the money isnt real. The SEC was convinced to drop the investigation (plenty online about it... simply go to Google) - and no, not because MS wasnt guilty of doing so - the SEC decided they were guilty on a number of counts and told them "dont do it again...".
Now, knowing that only the Win/Office divisions are (falsly) profitable, that means the true MS losses must be staggering.
Simply do a Google Search and check it out - now, the hard part is reading about a dozen (no joke) stories to actually see all of what the SEC accused them of and told them to stop doing. Most of the articles downplay it as simply forgetting to list a few accounts and other BS. Keep reading and you'll see it's a long long list of violations.
Rob
(1) Older or revamped OS/2 solutions... highest flexibility, but requiring someone who knows OS/2 and such to allow use of such flexibility.
(2) AIX/*NIX with OS/2, Win__, etc clients
(3) Entirely Win systems
Now my breakdown on the matter...
(1) OS/2 - will be difficult (unless you know people who are on Sears' support team or that of some other company like them) to find someone with the "expertise" to implement or expand or customize an OS/2 solution... even though it is far easier (even 5 years ago) than most every other solution.
- "Unlimited" expandability (add up all the SEARS POS terminals, catalog system and multimedia kiosks and then you see what a true network OS with a high end commercial scale POS system can do on "mere" PC hardware. The Win solutions will never approach that level. - handles POS and related systems for 3,000 departments.
- All in all, unless or until eComStation continues to gain more Win converts that the POS market on OS/2 is revitalized, it is probably not the way to go.
(2) Numerous packages can still be bought with phenomenal support (at a phenomenal cost though).
*IX solutions use some TTY interface (depends on implementation) so most client OS's work. Not very flexible or customizable.
There are GUI (Solaris) apps available, including with perl scripting support, but they are very very expensive, and (thus) usually "customized" for each client. We used one such at UUNet back in the late 90's (and I think still today, but I no longer work there).
(3) Win apps seem mostly to be VB apps, poorly written, (ask CompUSA who dumped a perfectly running RS/6000 POS setup for a "glitzy" Win95/98 in house written, crash a lot system - they never even finished transferring the whole system to it due to the problems, hence the sales and stock system is still separate and on the mainframe, or ask Best Buy and PetCo who are having nothing but crashing issues on package "off the shelf" (well, the "high-end" commercial version).
I've researched a lot of the issues, and have yet to find any people truly happy with the lower end systems, most especially on Win__. (I researched it because we were in teh process of writing our own app, but as the maker of our main development tool fell behind on their final release, we never were able to release ours (required DLLs from their final release).
From our plans based off feedback just like you are requesting, here is what I've gleaned is needed nowadays (as well as 4 years ago when we planned this)...
- integrated fax capabilites (user selectable per customer as method of invoicing and statements)
- integrated email capabilities (same)
- web integration of most or all components
- integrated account and contact database (with all components such as web, fax, email, phone, etc)
- online ordering (web integration, "shopping cart")
- barcoding and barcode reading
- credit card processing (directly or through a third party processor)
- callout feature [larger scale users (collections purposes, cold calling, re-calls, etc) or "glitz" feature for smaller users]
- image and basic catalog support (output to pdf or direct to print for those with their own high end printers)
- Caller ID incoming capabilities (larger firms for increased productivity in auto records retrieval, etc, or smaller firms "glitz" feature).
- Variable print formats (sorry those who sell these retardely overprice POS systems, but STAR and other printers are simple Epson graphics mode with a couple extra codes for cash drawer machines, or HPPL/PCL printers... you dont need to charge a fortune to add 3 extra control sequences and a manual that explains how large a graphic can be).
- Contract, form and misc document feature (to for instance, print a web contract with the related invoice with all the appropriate info - I mean, c'mon gang (who writes this expensive crap), it can even be done with a simple "mail merge" into a pre-typeset document).
- flexibility for various network schemes (really simply use of __SQL back end and appropriate net protocol to talk to the ___SQL server.
- Of course, all the standard accounting features
- Job and item numbering, serialization (serial number tracking and recording), etc.
- Item lookup by serial number or product number (makes selling and invoicing a breeze with most computer and electronic devices... the beginning of the serial number on most identifies the product, meaning, you can inventory by serial number scanning once the identifier is in the database and let the system handle all the rest. Sell a product, scan only the serial number and let the system cross reference all the rest also allowing for fully accurate SN tracking).
- Contact manager (I dont mean an address book - I mean "12/10/2001 13:45 Called Joe and advised payment late. He said check in mail." etc... with related options always available that generate Contact entries such as click "Re-Invoice" and the next entry is "12/10/2001 13:47 Generated new invoice to be sent via regular mail" (or preferred method per customer).
- EASY options to change on the fly methods of sending invoices and documents
Those are just a few off the top of my head...Rob
Now, if you read the posts, and the links to the stories and EULA, you notice what you find?
1 - these EULA's give MS the rights to FORCE their updates on you.
2 - these updates, fixes, security fixes, etc, focus on DRM more than true security issues.
So... anyone STILL falling for this "Gee, we finally realized that security is a big deal... took us 3 years since that turnip truck - dunno why we were on a turnip truck 3 years ago, but we were... but anyway, this time we really mean what we say about security being important. Before when we said it was and did nothing, that was different - but the same as the time before that, which was also different than this time... oh - and this has nothing to do with DRM - so dont read your EULAs that come with these 'fixes' since they tell you it does have to do with DRM and give us permission to full access to your machine, as well as rights to update, add or delete files as we see fit..."
So... who's buying this latest round of bull? Show of hands anyone?
READ first, post later. Especially when you dont even have to leave /. to find the EULA in question.
It'd be nice if this debate were about the real topic... how will this really affect the issues? With no real focus on security, and updates that address DRM more than anything... well, actually, I dont care, I dont run Windows.
First, MS has fixed very few "security holes" to date of the ones they have addressed. I am not even counting the ones they havent gotten to.
Why? Well, that's #2. The biggest issue in Windoze, besides Outlook, Word, et al macro issues is... BUFFER OVERFLOWS!!!
MS hasnt fixed them. They address specific attacks, and the code itself doesnt get fixed.
Or has everyone else failed to notice that the differences in Code Red 1-3, Nimda, et al when it comes to the buffer overflow portion is just a matter of figuring out a new string that will fill the right part of memory due to the unpatched overflow.
MS seems to be in effect writing simple filters to grab that string and ignore it, leaving the overflow issue, and thus the exploit wide open.
I could be wrong... but I've logged hundreds of thousands of attacks that seem to prove otherwise, and Steve Gibson of grc.com could argue this even better.
Rob
Oh? When since didnt Win98 come with "Hactive Update"? or whatever they wanted to call it?