And despite Apple's success, Steve Jobs has said a thousand times he's not getting within 100 yards of the DVR hardware market. They're smart enough to know they can't compete with the cable companies right now, because their free solution is "good enough" for most consumers.
More often than not, "Good enough" and cheap wins for emerging technologies. Look at Microsoft as a prime example of this. Its after everyone has the item in their home and gaining market share is a point of competition, not a point of nabbing virgin customers, that the quality war starts.
My Tivo crapped out about a year and a half back and I didn't really want to spend the money to get a new one, so I went with Cox's DVR. It drove me crazy at first, but you're right - it has been getting progressively better. Just last month I noticed they finally put in the option to only record first run episodes, and back in October, a new option to burn out to DVD popped up.
Not to mention that according to their rep, their HD DVR will be the same service charge and no hardware fee when it comes out of beta.
I don't know where your "mainly M$" bit came from. MS competes with Tivo with its XP Home Media Center edition, of which they've shipped slightly above a million units, but the two aren't even in the same price area. In fact, given that at CES Microsoft announced a partnership with Tivo despite the competing product lines, I'd say Microsoft is a big fan of Tivo.
Tivo is dying because cable companies subsidize the cost of the hardware, market it better, and charge less per month than Tivo does. Cox gives me two DVRs for free with digital cable, and charges me 8 dollars a month combined extra for the service for the two units. The unit itself has about 40 hours storage, is approximate in quality to the Tivo Series 1. Is it worth it for me to go out and spend 2x$199 replacing the hardware, only to then have to spend more than 20 bucks a month in service charges? Absolutely not.
Avalon is not part of the Longhorn kernel - The Avalon graphics layer is a user process. The Longhorn kernel is, at the moment, relatively unmodified from XP, which saving some security changes in SP2 is relatively unmodified from Win2k. There has been some discussion of moving the security engine for the.NET runtime into the kernel, and some discussion of moving the core DRM system component for Windows into the kernel, but both of these changes are unlikely for Longhorn and are more oriented at the Blackcomb (2009) timeframe.
To the best of my knowledge, the only substantial kernel change in Longhorn is improved support for device drivers running as a user process.
I agree - after the infamous Win98 demo at Comdex where BillG's presentation blue screened when they plugged in a scanner, Microsoft fired four Win98 product managers and about 15 developers. This time around, I haven't heard of anyone getting fired yet (although the people who set up the presentation to use an IR remote should definitely go) and the technical people behind the scenes are allowed to blog about it.
I'm not sure if the blogging will continue, though - alot of MS execs are worried that the level of transparency into the company is altering their release dates. I read somewhere recently that WinFS was never expected to be available in the Longhorn release timeframe - they were just hoping it'd be ready by then, but they were predicting a SP1 release. After WinFS was previewed at PDC and the blogosphere sunk its claws into it, Microsoft lost control of the story and it became "common knowledge" that WinFS would be available when Longhorn was released, which ultimately embarassed Microsoft when they had to announce the later release date.
I hope the more reasonable voices in Microsoft keep the movement towards transparency alive. They're not where the world needs them to be, but they're making steps, and whatever OS you choose to use, everyone is benefitted by a more open and honest Microsoft. Keep up the good work, guys - I know that reinventing corporate culture isn't easy to do in a short amount of time, and I know that no company your size has ever turned around as quickly as you're trying to, but you're making good steps. Just don't think you're done yet.
As far as this demo goes, their software seemed to do a pretty good job. The game crashing was a complete failure, and should be noted as such, but if everything this blogger says is true, Windows Media Center continued to run flawlessly in its own right despite numerous power outages. Its not the fault of an IR remote that the signal can't get through in that sort of situation, although its very much the fault of the presentation team that they thought they could use an IR remote without problems with that much interference around.
I'm not disappointed - why would you buy a product to distribute and then rewrite it?
I suspect MS is rebranding the product and testing it internally with as few changes as possible to release it to market faster - They'll likely expand the product later. They did the same thing when they bought Lookout.
I think its alot of investment with relatively little payoff - They don't have the technology now, so they'd have to invest in creating it, or acquire a company like Tivo that already does. The problem is, even Tivo can't compete in the market they created. As has been mentioned before, my cable company charges me 6 bucks a month for their DVR service, and they provided the hardware for free. How is Apple (or Microsoft for that matter) supposed to be profitable competing with that?
There is a market for people who would want to digitally edit tv content for various purposes - and with iLife the Apple is the perfect platform to do that on. I think that puts them in such a legal mindfield that they don't want to go there. Microsoft DRMs the hell out of the feeds you save in order to keep the industry at bay, and Apple would pretty much have to do the exact same thing in order to keep the content industries appeased. Apple may be profitable, but one thing that could utterly destroy Apple is to be on the losing end of a multibillion dollar lawsuit.
That said, Microsoft hasn't released an antivirus product yet for legal reasons. Although they purchased antivirus resources (in fact, they purchased full applications, which Microsoft historically can rebrand and turn around in months) in 2003, they elected to delay releasing a product until 2006 soas to give the existing antivirus companies a reasonable amount of time to respond to the change in their market. A Microsoft antivirus suite would have an incredible edge over existing systems, particularly in the home market.
Don't be mistake - they didn't do it out of the kindness of their hearts. They're just trying to limit the number of concurrent anticompetitive lawsuits they're involved in to double digit numbers.
All that said, I seem to remember reading about how Microsoft was dropping.NET, however I highly suspect I dreamt it.
I'm pretty sure what you were reading about is their attempt to drop the name.NET, not the technology. Microsoft is not backing off.NET as platform - if anything they're more excited about it now than they ever were.
From a marketing perspective, everything that came out in 2001 was labeled X.NET. Office.NET. MS Money.NET. They dilluted the phrase.NET so much that people didn't ever figure out what it is, and from the looks of most people on slashdot's comments, people still don't know what it is..NET is not an attempt to take over the internet (in fact, if you look at the technologies love of web services and XML, you might even think.NET is trying to play nice on the internet). MSN Passport.NET which shares the name was an attempt to take over the internet that failed miserably, but its unrelated to.NET.
The search tools of old simply return all files that contain a certain substring. You can sort them by name or date created, but that's about it. Desktop searching, on the other hand, has the oppurtunity to make guesses as to a document's relevance based on context, the very power that has made Google as useful as it is.
I've got a couple hundred technical ebooks on my box at work - With GDS if I search for "sql server replication performance", the ones that show up first are the ones that have entire chapters written about the subject. It'll still turn up that email where I bitched to a coworker about sql server replication performance sucking because the client had them connected through 6 vpns, but in all likelyhood, that's not the document I'm looking for.
On the same note, if my girlfriend searches her box for a specific legal document form, the empty templates always come up first, which is exactly what she's looking for 95% of the time. Last year, if she was looking for the IDS template for the French patent office, she'd have to wade through the 500 or so that were sitting on her work machine until she found it.
When Microsoft was talking about desktop search, they said that within 4 years, searching for a person's name on your computer will return photographs of them that you took on a vacation last year via face recognition. I highly doubt they'll beat Google to figuring out how to do that one right (and I doubt that anyone's figuring it out in 4 years), but who cares who invents it - ultimately that's something that has value to my grandma. What we're seeing now is the first generation of desktop search tools - gen1 might not be that much better than a find/grep, but the foundation of the technology allows it to go in directions that simple text searching just can't.
I think you're right, and I think if this type of organization actually occurs, its much harder on the anti-virus companies than it is on software development companies. Companies like Symantec are going to have to learn to recognize, identify and respond to multiple similar yet distinct day-zero viruses and worms in a very short period of time, and when they start to analyze new outbreaks that exhibit similar symptoms but come from a variety of sources, I suspect it will slow down their ability to respond.
With the problem with outsourcing, one of the most stable and lucrative markets in the US is contracting to the federal government. Payrates are set by the GSA schedule, which heavily favors college degrees. Sure, you can make up for having a college degree by having 15-20 years of experience, but even then, that same 15-20 years experience plus a college degree is still a good 35% higher.
If you work for a company that doesn't do much federal contract work, but does some, it still impacts their hiring decisions - if they can put you on private contracts 80% of the time, but for 20% of the time you're billing on a federal contract at half the rate that your coworkers are, you're likely not going to be profitable at the same salary, and they probably won't hire you. Consider most contracting firms get between 10 and 20% profit of the hourly wage they charge for T&M contracts - with that 80/20 model mentioned above, at the same salary as everyone else, that 20% of your time reduces their margin so that they barely break even on you for your work for the entire year. Unless you have a particular skill they are in desperate need of, they'll fill the empty desk with someone else, or they'll offer you a much lower salary.
More importantly, they're the types of organizations that don't take anything as a given. If they use a smart card, you can damn well bet it is built to their specification. The rest of us are stuck with off-the-shelf stuff we really, really can't trust if we want to be honest about a system's security.
Fair statement - I'm not jumping onboard the one BillG is talking about. I don't know anything about it. I'm just saying that the method (not any specific implementation) is historically sound. We're in total agreement if this discussion is about blackbox security systems - I'm sure both of us would immediately write off an encryption algorythm that wasn't publically available for the same reason.
It is a different approach from one-time-passwords, and I don't think either is better than the other universally. They're both reasonable ideas to approach the same problem. I hope I haven't given the impression that I think smart cards are THE answer - they're not. But I do strongly believe they are one of several valid systems for authentication that are all universally better than the username/password shit we're using across the board today. That said, most one time password solutions I've seen are vulnerable on more surfaces than smartcards - Like smartcards, they're vulnerable to stealing the physical generator, and like smartcards, they're also algorythmically vulnerable (although in the case of most one time password solutions, its vulnerable to predicting the sequence) - In addition, many are vulnerable to dictionary attacks in the window of oppurtunity that a password is valid. Also, because the server performing the authentication must be able to validate the password, many of the implementations I've seen have their private keys in both the generator AND the authentication server. They're often vulnerable to the password being intercepted and being reused within the same window. Lastly, they're still technically vulnerable to the same social engineering attacks that passwords are because at some point in the data flow, the user has knowledge of the secret.
That said, I suppose a one time password can be implemented via a shared public key policy that would allow each asset to individually guard its own private key, but my gut impression is that you're restricted in keysize based and potentially more algorythmically vulnerable simply on the fact that no one wants to type a cypher phrase that's 8 paragraphs long, and you're restricted by the combinations of ascii values. I might be wrong on that - like I said, I'm no security expert, this is just based on what I've learned about the technologies on my own time. You can also defend against the interception vector by immediately making a password invalid the second there's a successful login, but that system will have limitations as to its uses - you'll need to dramatically shorten the window of password oppurtunity for it to be useful in many arenas.
I disagree with the assertion that all security is security through obscurity. It makes the expression meaningless, and its an important little catchphrase. True, all information security is based on secrets, but secrecy is not neccesarily obscurity - obscurity more often than not implies a heuristic pattern approach that's easily uncovered once you discover the known method of decyphering the message. Respectable encryption is strengthened by the number of people who know the method of decyphering the message - but the standard method is protected because even if you know the process, you have uncover one or more protected secrets in order to reveal the secret message. Granted, in encryption there is always the possibility of another method out there that can break it, but unlike security through obscurity, no one (including those responsible for the algorythm in the first place) knows whether or not such a method exists. As such, until the method is discovered, its reasonable security when employed correctly.
There is a fundamental difference between an encrypted channel garage door opener and hiding a key under the doormat.
You love this phrase, "security through obscurity". I've never met a security expert who would consider dual private key challenge response encryption schemas security through obscurity - they're not because they're only vulnerable to the algorythmic weaknesses of the encryption method in use. Smart cards are a fantastic system for key management because they do an amazing job of protecting keys. Deployed smartcard authentication systems are generally only vulnerable to key spoofing (which is a failure of the algorythm behind the authentication, NOT of the key storage mechanism) and vulnerable to physical decoding if the card is stolen, a point which even the PR guys in most smartcard vendors will stipulate. Are they perfect? No. But there exists no perfect security system in the IT world.
The crack about hoping I'm not in charge of keeping systems secure is immature - if you think there are perfect ways of securing assets, you're the dangerous one. It says something about the method that, individual vendor problems ignored, there exist only two general attack vectors against challenge-response smartcard systems after over a decade of them having been fielded in critical positions in the US (I have no idea who/when they've been used outside the US). Heck, you can consider the worldwide GSM phone network a challenge response smartcard network, and after all the time its been up there's still only those two attack vectors on it. Like I said, I'm not a security expert, but I'm not aware of any other key management method for networked systems that only has two vulnerable surfaces, neither of which is a cakewalk. There's like 6 attack vectors on biometrics (not to mention the fact that biometrics do not allow for secrecy recovery after being compromised), and biometrics have been fielded for a substantially shorter time than smart cards have been.
So let me rephrase what I said before - Given proper implementation, I KNOW its a level of security far above and beyond simple passwords. Perfect? No. Better? Significantly. Best solution out there? Depends on the social requirements of your group, whether or not its reasonable to expect you to have your smartcard. But it is a battle-tested approach that's been very successful in deployment, and continues to be a favored system of authentication at the NSA and the Pentagon, two institutions who've spent quite a bit more brain cycles thinking about this problem then I'm sure you or I have.
From a social engineering perspective, the secret becomes "more secret". The secret is a key nestled inside the smartcard. A user can't reveal the secret because even they don't know it - certainly, they can give someone their smartcard, although I think that from a social perspective, you'd have alot harder time convincing a stranger to give you their car keys than give you their password - people know how to protect physical things.
The user can't inadvertantly reveal their secret, and malware on a machine connected to the smartcard can't uncover it. Also, you can't run dictionary attacks against a key that can be made as complicated as neccesary since a person doesn't have to remember it. I think that's a level of secret protection far above and beyond simple passwords.
Any time you have secrets, its not security-through-obscurity. Security through obscurity is any time you try to make a secret out of something that is trivially discovered. Real security almost always relies on secrets, and if those secrets are protected in a reasonable way that makes them very difficult to uncover, the security can be a meaningful protection.
With a proper smart card, uncovering the secret means stealing the smartcard, cracking it open, and attaching it to a device that can extract the private keys in the physical device. That's certainly not easy. I've seen schemas for secure devices that require three keys to respond to a challenge - two of which are on the smart card, and one of which is on the pc that the smartcard will be attached to. I'm no cryptoexpert, but an algorythmic weakness notwithstanding, that seems to be a real meaningful way of authentication.
You can't perform challenge response algorythms with biometrics. At the end of the day, the secret has to be processed on the machine and is subject to being intercepted or sniffed using that technology.
Smart cards are great because there is no secret sharing. Once an encrypted connection is set up, the challenge is sent to the smart card, which returns the response. Malware on the machine can pick out the exact response to the specific challenge, but the challenge should be unique, and therefor storing the response is useless. Malware would be completely unable to ever retrieve the secret private key neccesary for generating valid responses.
Honestly, the best part about SP2 was recompiling all of the core windows components to protect against buffer overflow attacks. Another 7 critical updates released over the weekend, none of which affect SP2 machines.
Changing to the authorization scheme on socket connections used by underlying services to require kerberos tokens for SYSTEM or higher was also a nice touch. Its a line of defense behind the firewall, and it also removes a good number of attacks against the system when you're running as a less privledged user.
Rows and rows of black and white TVs connected up to closed circuit cameras planted all over the campus. There were hundreds of them. You see, MS had a habit of hiring corporate spies to sit in the parking lot with binoculars and write down code snippets they saw on white-boards in the developers offices.
I'm not sure I buy that. If that was really the case (and I doubt it because Microsoft doesn't need to steal 10 lines of pseudocode off someone's whiteboard), the cheaper and thus proper corporate solution would be to draw your shades or only use whiteboards that don't face outwards. Or call the police. But building a giant security network to solve a problem that trivial doesn't seem the least bit rational.
MS hiring marketing guys to report back features would probably be worth the bribe cash to them, but an entire building of security isn't going to warn off against that.
Then again, maybe us defense contractors are just better at implementing meaningful security.
I've heard rumors that MS antivirus solution will be free for XP Home and Longhorn Home edition. They might only charge for the enterprise distribution console.
That said, in an odd twist of fate, they might HAVE to charge for their antivirus solution because otherwise Symantec/Trend/McAfee would bring up another antitrust suit. Same reason why MS won't give away Visual Studio until Borland finally realizes its done.
Oddly enough, Microsoft seems to be following your advice. They're moving Win32 to the WoW engine for Longhorn (2006), which will eventually be virtualized in Blackcomb (2008). The Longhorn command line (codename Monad) is absolutely fantastic - you should check out the beta on msbetas. Windows Media remains integrated into the OS because Windows Media's processing is being handled at the DirectX level - that said, I don't know of a single vulnerability in Windows Media itself. Every WM vuln was related to Windows Media Player, which is an optional component.
I don't know the future of Outlook Express, but according to Scoble, IE7 is the last version of IE. Post IE7, Microsoft intends to release MSN Explorer as an optional standalone browser that's not integrated into the OS. I suspect MSHTML is still integrated, but hopefully IE7 will address the loads of design errors they put in. Until then, we do have alternatives on Windows for web browsing.
As for user management, in a couple of the Longhorn alpha builds they release internally, the shell annoys the hell out of you if you run as admin. The problem is the vast universe of software that doesn't work for that.
As for your secure blue-box. That's in part what WoW is. Microsoft's been clear about their intent to phase out Win32 as we move to 64 bit machines, but they have also said they won't virtualize Win32 calls until Blackcomb.
Hey, I voted for Kerry too but lets be 100% honest. What difference was he going to make on the above points? He had a plan to help with outsourcing and the economy - that's good. But he didn't have a foreign policy plan. We'd still be in Iraq, terrorism will still exist. I think Kerry was a shitty candidate. I voted for him because of the non-Bush factor, but outside of his stance on L1 visas, he didn't have answers to most of the issues he attacked Bush on.
And remember, btw, that the bill to reinstate the draft was proposed by Charles Rangel, a very staunch democrat, and then voted down by 100% of Republicans. It was an attempt to make a statement (a good one at that) and a political ploy, but I don't see the draft being an issue this time around. Give credit where its due - the Republicans are amazing at the politics part of governing, and they know it won't fly with the American people.
They're certainly in the right position to do it, but they need to smarten up FAST. All of their various products are related in theory, but from a technical perspective, there's no integration yet. There's no reason GMail and blogger aren't fully integrated yet, and no reason why Google Desktop Search can't include GMail and My Google News results.
I know it takes time to integrate Picasa to Blogger to Google Desktop Search to GMail, but they need to hurry - Google has been successful because Yahoo and Microsoft failed to realize the profit potential of search, but they've wisen up to that. MSN and Yahoo searches that rival Google are probably less than 2 to 3 years out, simply due to the sheer size of their research budgets, and both companies have an existing network of integrated products that gives them substantial value that Google doesn't have yet.
Microsoft plays catchup better than the Red Sox do - they may not be the most innovative bunch, but one thing you have to say about MS is that no company should feel safe when Microsoft has them in their sites. A brief history of Microsoft's battles with Sun, Borland, Apple, Sony and Netscape shows that when they stretch out their technical arm and marketing might, they can catch up to any product in two years time, and surpass in three unless the company they're chasing is moving forward like the very power of hell is bearing down on them.
Slashdot Mirror
More often than not, "Good enough" and cheap wins for emerging technologies. Look at Microsoft as a prime example of this. Its after everyone has the item in their home and gaining market share is a point of competition, not a point of nabbing virgin customers, that the quality war starts.
Not to mention that according to their rep, their HD DVR will be the same service charge and no hardware fee when it comes out of beta.
Tivo is dying because cable companies subsidize the cost of the hardware, market it better, and charge less per month than Tivo does. Cox gives me two DVRs for free with digital cable, and charges me 8 dollars a month combined extra for the service for the two units. The unit itself has about 40 hours storage, is approximate in quality to the Tivo Series 1. Is it worth it for me to go out and spend 2x$199 replacing the hardware, only to then have to spend more than 20 bucks a month in service charges? Absolutely not.
To the best of my knowledge, the only substantial kernel change in Longhorn is improved support for device drivers running as a user process.
I'm not sure if the blogging will continue, though - alot of MS execs are worried that the level of transparency into the company is altering their release dates. I read somewhere recently that WinFS was never expected to be available in the Longhorn release timeframe - they were just hoping it'd be ready by then, but they were predicting a SP1 release. After WinFS was previewed at PDC and the blogosphere sunk its claws into it, Microsoft lost control of the story and it became "common knowledge" that WinFS would be available when Longhorn was released, which ultimately embarassed Microsoft when they had to announce the later release date.
I hope the more reasonable voices in Microsoft keep the movement towards transparency alive. They're not where the world needs them to be, but they're making steps, and whatever OS you choose to use, everyone is benefitted by a more open and honest Microsoft. Keep up the good work, guys - I know that reinventing corporate culture isn't easy to do in a short amount of time, and I know that no company your size has ever turned around as quickly as you're trying to, but you're making good steps. Just don't think you're done yet.
As far as this demo goes, their software seemed to do a pretty good job. The game crashing was a complete failure, and should be noted as such, but if everything this blogger says is true, Windows Media Center continued to run flawlessly in its own right despite numerous power outages. Its not the fault of an IR remote that the signal can't get through in that sort of situation, although its very much the fault of the presentation team that they thought they could use an IR remote without problems with that much interference around.
I think you missed an extra reboot in there. Sadly, not kidding.
I suspect MS is rebranding the product and testing it internally with as few changes as possible to release it to market faster - They'll likely expand the product later. They did the same thing when they bought Lookout.
There is a market for people who would want to digitally edit tv content for various purposes - and with iLife the Apple is the perfect platform to do that on. I think that puts them in such a legal mindfield that they don't want to go there. Microsoft DRMs the hell out of the feeds you save in order to keep the industry at bay, and Apple would pretty much have to do the exact same thing in order to keep the content industries appeased. Apple may be profitable, but one thing that could utterly destroy Apple is to be on the losing end of a multibillion dollar lawsuit.
That said, Microsoft hasn't released an antivirus product yet for legal reasons. Although they purchased antivirus resources (in fact, they purchased full applications, which Microsoft historically can rebrand and turn around in months) in 2003, they elected to delay releasing a product until 2006 soas to give the existing antivirus companies a reasonable amount of time to respond to the change in their market. A Microsoft antivirus suite would have an incredible edge over existing systems, particularly in the home market.
Don't be mistake - they didn't do it out of the kindness of their hearts. They're just trying to limit the number of concurrent anticompetitive lawsuits they're involved in to double digit numbers.
I'm pretty sure what you were reading about is their attempt to drop the name .NET, not the technology. Microsoft is not backing off .NET as platform - if anything they're more excited about it now than they ever were.
From a marketing perspective, everything that came out in 2001 was labeled X.NET. Office.NET. MS Money.NET. They dilluted the phrase .NET so much that people didn't ever figure out what it is, and from the looks of most people on slashdot's comments, people still don't know what it is. .NET is not an attempt to take over the internet (in fact, if you look at the technologies love of web services and XML, you might even think .NET is trying to play nice on the internet). MSN Passport.NET which shares the name was an attempt to take over the internet that failed miserably, but its unrelated to .NET.
I've got a couple hundred technical ebooks on my box at work - With GDS if I search for "sql server replication performance", the ones that show up first are the ones that have entire chapters written about the subject. It'll still turn up that email where I bitched to a coworker about sql server replication performance sucking because the client had them connected through 6 vpns, but in all likelyhood, that's not the document I'm looking for.
On the same note, if my girlfriend searches her box for a specific legal document form, the empty templates always come up first, which is exactly what she's looking for 95% of the time. Last year, if she was looking for the IDS template for the French patent office, she'd have to wade through the 500 or so that were sitting on her work machine until she found it.
When Microsoft was talking about desktop search, they said that within 4 years, searching for a person's name on your computer will return photographs of them that you took on a vacation last year via face recognition. I highly doubt they'll beat Google to figuring out how to do that one right (and I doubt that anyone's figuring it out in 4 years), but who cares who invents it - ultimately that's something that has value to my grandma. What we're seeing now is the first generation of desktop search tools - gen1 might not be that much better than a find/grep, but the foundation of the technology allows it to go in directions that simple text searching just can't.
I think you're right, and I think if this type of organization actually occurs, its much harder on the anti-virus companies than it is on software development companies. Companies like Symantec are going to have to learn to recognize, identify and respond to multiple similar yet distinct day-zero viruses and worms in a very short period of time, and when they start to analyze new outbreaks that exhibit similar symptoms but come from a variety of sources, I suspect it will slow down their ability to respond.
With the problem with outsourcing, one of the most stable and lucrative markets in the US is contracting to the federal government. Payrates are set by the GSA schedule, which heavily favors college degrees. Sure, you can make up for having a college degree by having 15-20 years of experience, but even then, that same 15-20 years experience plus a college degree is still a good 35% higher.
If you work for a company that doesn't do much federal contract work, but does some, it still impacts their hiring decisions - if they can put you on private contracts 80% of the time, but for 20% of the time you're billing on a federal contract at half the rate that your coworkers are, you're likely not going to be profitable at the same salary, and they probably won't hire you. Consider most contracting firms get between 10 and 20% profit of the hourly wage they charge for T&M contracts - with that 80/20 model mentioned above, at the same salary as everyone else, that 20% of your time reduces their margin so that they barely break even on you for your work for the entire year. Unless you have a particular skill they are in desperate need of, they'll fill the empty desk with someone else, or they'll offer you a much lower salary.
Fair statement - I'm not jumping onboard the one BillG is talking about. I don't know anything about it. I'm just saying that the method (not any specific implementation) is historically sound. We're in total agreement if this discussion is about blackbox security systems - I'm sure both of us would immediately write off an encryption algorythm that wasn't publically available for the same reason.
It is a different approach from one-time-passwords, and I don't think either is better than the other universally. They're both reasonable ideas to approach the same problem. I hope I haven't given the impression that I think smart cards are THE answer - they're not. But I do strongly believe they are one of several valid systems for authentication that are all universally better than the username/password shit we're using across the board today. That said, most one time password solutions I've seen are vulnerable on more surfaces than smartcards - Like smartcards, they're vulnerable to stealing the physical generator, and like smartcards, they're also algorythmically vulnerable (although in the case of most one time password solutions, its vulnerable to predicting the sequence) - In addition, many are vulnerable to dictionary attacks in the window of oppurtunity that a password is valid. Also, because the server performing the authentication must be able to validate the password, many of the implementations I've seen have their private keys in both the generator AND the authentication server. They're often vulnerable to the password being intercepted and being reused within the same window. Lastly, they're still technically vulnerable to the same social engineering attacks that passwords are because at some point in the data flow, the user has knowledge of the secret.
That said, I suppose a one time password can be implemented via a shared public key policy that would allow each asset to individually guard its own private key, but my gut impression is that you're restricted in keysize based and potentially more algorythmically vulnerable simply on the fact that no one wants to type a cypher phrase that's 8 paragraphs long, and you're restricted by the combinations of ascii values. I might be wrong on that - like I said, I'm no security expert, this is just based on what I've learned about the technologies on my own time. You can also defend against the interception vector by immediately making a password invalid the second there's a successful login, but that system will have limitations as to its uses - you'll need to dramatically shorten the window of password oppurtunity for it to be useful in many arenas.
I disagree with the assertion that all security is security through obscurity. It makes the expression meaningless, and its an important little catchphrase. True, all information security is based on secrets, but secrecy is not neccesarily obscurity - obscurity more often than not implies a heuristic pattern approach that's easily uncovered once you discover the known method of decyphering the message. Respectable encryption is strengthened by the number of people who know the method of decyphering the message - but the standard method is protected because even if you know the process, you have uncover one or more protected secrets in order to reveal the secret message. Granted, in encryption there is always the possibility of another method out there that can break it, but unlike security through obscurity, no one (including those responsible for the algorythm in the first place) knows whether or not such a method exists. As such, until the method is discovered, its reasonable security when employed correctly.
There is a fundamental difference between an encrypted channel garage door opener and hiding a key under the doormat.
The crack about hoping I'm not in charge of keeping systems secure is immature - if you think there are perfect ways of securing assets, you're the dangerous one. It says something about the method that, individual vendor problems ignored, there exist only two general attack vectors against challenge-response smartcard systems after over a decade of them having been fielded in critical positions in the US (I have no idea who/when they've been used outside the US). Heck, you can consider the worldwide GSM phone network a challenge response smartcard network, and after all the time its been up there's still only those two attack vectors on it. Like I said, I'm not a security expert, but I'm not aware of any other key management method for networked systems that only has two vulnerable surfaces, neither of which is a cakewalk. There's like 6 attack vectors on biometrics (not to mention the fact that biometrics do not allow for secrecy recovery after being compromised), and biometrics have been fielded for a substantially shorter time than smart cards have been.
So let me rephrase what I said before - Given proper implementation, I KNOW its a level of security far above and beyond simple passwords. Perfect? No. Better? Significantly. Best solution out there? Depends on the social requirements of your group, whether or not its reasonable to expect you to have your smartcard. But it is a battle-tested approach that's been very successful in deployment, and continues to be a favored system of authentication at the NSA and the Pentagon, two institutions who've spent quite a bit more brain cycles thinking about this problem then I'm sure you or I have.
The user can't inadvertantly reveal their secret, and malware on a machine connected to the smartcard can't uncover it. Also, you can't run dictionary attacks against a key that can be made as complicated as neccesary since a person doesn't have to remember it. I think that's a level of secret protection far above and beyond simple passwords.
With a proper smart card, uncovering the secret means stealing the smartcard, cracking it open, and attaching it to a device that can extract the private keys in the physical device. That's certainly not easy. I've seen schemas for secure devices that require three keys to respond to a challenge - two of which are on the smart card, and one of which is on the pc that the smartcard will be attached to. I'm no cryptoexpert, but an algorythmic weakness notwithstanding, that seems to be a real meaningful way of authentication.
Smart cards are great because there is no secret sharing. Once an encrypted connection is set up, the challenge is sent to the smart card, which returns the response. Malware on the machine can pick out the exact response to the specific challenge, but the challenge should be unique, and therefor storing the response is useless. Malware would be completely unable to ever retrieve the secret private key neccesary for generating valid responses.
Changing to the authorization scheme on socket connections used by underlying services to require kerberos tokens for SYSTEM or higher was also a nice touch. Its a line of defense behind the firewall, and it also removes a good number of attacks against the system when you're running as a less privledged user.
I'm not sure I buy that. If that was really the case (and I doubt it because Microsoft doesn't need to steal 10 lines of pseudocode off someone's whiteboard), the cheaper and thus proper corporate solution would be to draw your shades or only use whiteboards that don't face outwards. Or call the police. But building a giant security network to solve a problem that trivial doesn't seem the least bit rational.
MS hiring marketing guys to report back features would probably be worth the bribe cash to them, but an entire building of security isn't going to warn off against that.
Then again, maybe us defense contractors are just better at implementing meaningful security.
I've heard rumors that MS antivirus solution will be free for XP Home and Longhorn Home edition. They might only charge for the enterprise distribution console.
That said, in an odd twist of fate, they might HAVE to charge for their antivirus solution because otherwise Symantec/Trend/McAfee would bring up another antitrust suit. Same reason why MS won't give away Visual Studio until Borland finally realizes its done.
Oddly enough, Microsoft seems to be following your advice. They're moving Win32 to the WoW engine for Longhorn (2006), which will eventually be virtualized in Blackcomb (2008). The Longhorn command line (codename Monad) is absolutely fantastic - you should check out the beta on msbetas. Windows Media remains integrated into the OS because Windows Media's processing is being handled at the DirectX level - that said, I don't know of a single vulnerability in Windows Media itself. Every WM vuln was related to Windows Media Player, which is an optional component.
I don't know the future of Outlook Express, but according to Scoble, IE7 is the last version of IE. Post IE7, Microsoft intends to release MSN Explorer as an optional standalone browser that's not integrated into the OS. I suspect MSHTML is still integrated, but hopefully IE7 will address the loads of design errors they put in. Until then, we do have alternatives on Windows for web browsing.
As for user management, in a couple of the Longhorn alpha builds they release internally, the shell annoys the hell out of you if you run as admin. The problem is the vast universe of software that doesn't work for that.
As for your secure blue-box. That's in part what WoW is. Microsoft's been clear about their intent to phase out Win32 as we move to 64 bit machines, but they have also said they won't virtualize Win32 calls until Blackcomb.
Hey, I voted for Kerry too but lets be 100% honest. What difference was he going to make on the above points? He had a plan to help with outsourcing and the economy - that's good. But he didn't have a foreign policy plan. We'd still be in Iraq, terrorism will still exist. I think Kerry was a shitty candidate. I voted for him because of the non-Bush factor, but outside of his stance on L1 visas, he didn't have answers to most of the issues he attacked Bush on.
And remember, btw, that the bill to reinstate the draft was proposed by Charles Rangel, a very staunch democrat, and then voted down by 100% of Republicans. It was an attempt to make a statement (a good one at that) and a political ploy, but I don't see the draft being an issue this time around. Give credit where its due - the Republicans are amazing at the politics part of governing, and they know it won't fly with the American people.
They're certainly in the right position to do it, but they need to smarten up FAST. All of their various products are related in theory, but from a technical perspective, there's no integration yet. There's no reason GMail and blogger aren't fully integrated yet, and no reason why Google Desktop Search can't include GMail and My Google News results.
I know it takes time to integrate Picasa to Blogger to Google Desktop Search to GMail, but they need to hurry - Google has been successful because Yahoo and Microsoft failed to realize the profit potential of search, but they've wisen up to that. MSN and Yahoo searches that rival Google are probably less than 2 to 3 years out, simply due to the sheer size of their research budgets, and both companies have an existing network of integrated products that gives them substantial value that Google doesn't have yet.
Microsoft plays catchup better than the Red Sox do - they may not be the most innovative bunch, but one thing you have to say about MS is that no company should feel safe when Microsoft has them in their sites. A brief history of Microsoft's battles with Sun, Borland, Apple, Sony and Netscape shows that when they stretch out their technical arm and marketing might, they can catch up to any product in two years time, and surpass in three unless the company they're chasing is moving forward like the very power of hell is bearing down on them.