Yep - I have XP Pro SP2 with the correct version. It all appears to work until the actual burning or image reading part - when I click go it immediately just tells me it's finished without doing anything.
I am loving this 'click here to install Linux' trend - I am wondering how long it is going to be before we see a worm exploiting this to install Linux on vulnerable machines.
All it would take is a silent installer with a built in bit torrent client to download the files and an XP theme for Gnome or KDE.
They could even advertise - don't like Windows? Want Linux? No problem - just plug your Windows machine into the net, turn off your firewall and go out for a few hours.
...and, presumably you won't get paid if what you uploaded is copyright - as it should be and a great incentive to upload original content.
The 'community thing' is bullshit of course - I was only looking at metacafe the other day thinking wait... these guys will pay me for the views of my videos? Why am I using YouTube...?
If they didn't pay now, people would move to those who did - it's not about who pays most (yet - that will come in the future when people are used to being paid).
Worse yet, there are apparently no reviews of the product, no mention of anyone trying to test it and no hardware hackers tried to make it work in Linux, even though it's been out for over 2 years.
So nobody knows it exists? Security through obscurity then...
Not URL blacklists - I'm talking about plugins that check the registrar that the domain name was registered with.
For example dodgy registrar allows spammer to register xxxadasd.com asdfawer.com wetsafsdf.com etc - say a few hundred. Spammer crafts messages that varies the URL in the message to defeat URL blacklists but they all basically go to the same place when clicked.
If a SA plugin checked the registrar and that registrar was known to be spammer friendly, then we would not need to check the URL blacklists as we would know that it was probably spam due to the registrar the domain was registered with.
The false positive rate would go through the roof if you did that - and for many companies one false positive can cost thousands (potentially millions) in lost business.
In my proposed system, a 'false positive' would allow the mail through, so no problem.
Also I don't buy into the 'a missed email can cost millions' myth - if it's that important people will sent it again or call.
As mentioned in my original post, altering SMTP is not feasible.
Fighting spam is like fishing; however all current anti-spam systems attempt to remove the water from around the fish rather than removing the fish from the water.
With present technology spam is never going to go away. Sure we could change SMTP to do 'clever stuff' to make spamming incredibly difficult, but what about the millions of mail systems out there that will need an upgrade? Not really feasible.
I propose that we start treating ALL mail as spam, then run our tests in reverse to see if it's legit or not - filter IN rather than filter OUT. Lots of words spelt right? Positive score. No URL or images in it? Positive score. Sent from the same country you are in? Positive score. Sent from someone you have received mail from before? Positive score. Sent from someone you have sent mail to in the past? Positive score. You get the idea.
Additionally I think digital signatures should be leveraged - imagine if mail clients signed messages as standard and it was easy (and I mean EASY, but not necessarily too quick or free) for average people to get a digital signature - call them 'Internet Passports' or something. Get reported for spamming and your cert gets revoked. Without a valid cert your mail is assumed to be spam unless it passes tests otherwise. 'Joe jobs' will not be possible without the correct cert. If you have a cert then your mail is trusted (more). If you don't then your validity is questioned.
The punishment is irrelevant - you could have the death penalty for running a red light - people would still do it because they don't think they are going to get caught.
The way you prevent crime is to remove feelings of privacy and security from people. If they think they are being watched, then they won't commit crimes as they believe they will be caught.
They also didn't advertise that their hardware could do EAP-FAST authentication, but added this feature in 10.4.8 update. So we should all get a bill for features add in patches now should we?
It has everything to do with the hardware - it enables you to do something with your hardware that you were unable to do previously.
802.11n hardware is already in the Mac that you paid for - it's a software change we are talking about. It's not like Apple are shipping new hardware to people, only updating a driver to enable features.
If there was a chip license fee, you already paid it when you paid for the computer. 802.11n requires no payment of license to use as the frequency is public band.
In 10.4.8 update, Apple added EAP-FAST wireless authentication. That 'feature' was not present when many people 'entered into their contract of sale willingly' with their Macs. Are you saying that all of those people should now be charged for this and any other additional features because it was not there originally?
... enables dormant hardware that isn't being charged for in the purchase of the product.
Yes it is. If you bought the hardware you paid for everything. There are no 'free parts' - all the components are part of a whole. The fact that something isn't enabled is completely irrelevant - you were charged for it and paid for it.
What happens if we apply this thinking to patches? Oh I'm sorry - we fixed that last exploit with a new version of Safari that adds xxxxx feature, but because it wasn't there when we sold you the computer, we are going to have to charge you.
This is nothing more than fleecing users for cash.
As Linux is technically 'just a kernel', then does this mean that OSX is technically also 'just a kernel' meaning that Apple can compile it for a washing machine CPU and claim it's 'running OSX'?
For example, there are several phones and PDAs that 'run Linux', however everyone will agree it's not the same as a desktop OS as they essentially are talking about the kernel.
...nobody here uses metric. Everything is in miles rather than kilometres such as all of our traffic signs for distance and speed and I don't know anyone who uses metres and centimetres for measurements - it's always feet and inches when buying anything in hardware stores for example.
Umm yes actually - however fair enough it claims 'basic' playback will not require it. (Where it wouldn't surprise me in the slightest if 'basic' means 'not HD').
Slashdot Mirror
Yep - I have XP Pro SP2 with the correct version. It all appears to work until the actual burning or image reading part - when I click go it immediately just tells me it's finished without doing anything.
I am loving this 'click here to install Linux' trend - I am wondering how long it is going to be before we see a worm exploiting this to install Linux on vulnerable machines.
All it would take is a silent installer with a built in bit torrent client to download the files and an XP theme for Gnome or KDE.
They could even advertise - don't like Windows? Want Linux? No problem - just plug your Windows machine into the net, turn off your firewall and go out for a few hours.
Microsoft do provide a program to burn ISO images - it's in the Windows Server 2003 Resource Kit and it's called 'cdburn.exe'.
WHY they can't simply distribute a mission critical tool like this along with the OS I have no idea.
I've never managed to get that working - I emailed Alex Feinman (the author) about it recently but have yet to receive a reply.
...and, presumably you won't get paid if what you uploaded is copyright - as it should be and a great incentive to upload original content.
The 'community thing' is bullshit of course - I was only looking at metacafe the other day thinking wait... these guys will pay me for the views of my videos? Why am I using YouTube...?
If they didn't pay now, people would move to those who did - it's not about who pays most (yet - that will come in the future when people are used to being paid).
Worse yet, there are apparently no reviews of the product, no mention of anyone trying to test it and no hardware hackers tried to make it work in Linux, even though it's been out for over 2 years. So nobody knows it exists? Security through obscurity then...
...in which case your cert is considered compromised and your mail is refused until you sort your computer out.
As it should be.
Not URL blacklists - I'm talking about plugins that check the registrar that the domain name was registered with.
For example dodgy registrar allows spammer to register xxxadasd.com asdfawer.com wetsafsdf.com etc - say a few hundred. Spammer crafts messages that varies the URL in the message to defeat URL blacklists but they all basically go to the same place when clicked.
If a SA plugin checked the registrar and that registrar was known to be spammer friendly, then we would not need to check the URL blacklists as we would know that it was probably spam due to the registrar the domain was registered with.
The false positive rate would go through the roof if you did that - and for many companies one false positive can cost thousands (potentially millions) in lost business.
In my proposed system, a 'false positive' would allow the mail through, so no problem.
Also I don't buy into the 'a missed email can cost millions' myth - if it's that important people will sent it again or call.
As mentioned in my original post, altering SMTP is not feasible.
Fighting spam is like fishing; however all current anti-spam systems attempt to remove the water from around the fish rather than removing the fish from the water.
With present technology spam is never going to go away. Sure we could change SMTP to do 'clever stuff' to make spamming incredibly difficult, but what about the millions of mail systems out there that will need an upgrade? Not really feasible.
I propose that we start treating ALL mail as spam, then run our tests in reverse to see if it's legit or not - filter IN rather than filter OUT. Lots of words spelt right? Positive score. No URL or images in it? Positive score. Sent from the same country you are in? Positive score. Sent from someone you have received mail from before? Positive score. Sent from someone you have sent mail to in the past? Positive score. You get the idea.
Additionally I think digital signatures should be leveraged - imagine if mail clients signed messages as standard and it was easy (and I mean EASY, but not necessarily too quick or free) for average people to get a digital signature - call them 'Internet Passports' or something. Get reported for spamming and your cert gets revoked. Without a valid cert your mail is assumed to be spam unless it passes tests otherwise. 'Joe jobs' will not be possible without the correct cert. If you have a cert then your mail is trusted (more). If you don't then your validity is questioned.
Shouldn't be too difficult to write a SA plug-in that checks the WHOIS data of any domains it finds against a blacklist of registrars.
The punishment is irrelevant - you could have the death penalty for running a red light - people would still do it because they don't think they are going to get caught.
The way you prevent crime is to remove feelings of privacy and security from people. If they think they are being watched, then they won't commit crimes as they believe they will be caught.
Why doesn't the US just stop making missiles and selling them to terrorists?
Many people will not use XBox live; does this mean those people are not paying for the networking hardware inside the XBox?
They also didn't advertise that their hardware could do EAP-FAST authentication, but added this feature in 10.4.8 update. So we should all get a bill for features add in patches now should we?
It's profiteering.
It has everything to do with the hardware - it enables you to do something with your hardware that you were unable to do previously.
802.11n hardware is already in the Mac that you paid for - it's a software change we are talking about. It's not like Apple are shipping new hardware to people, only updating a driver to enable features.
If there was a chip license fee, you already paid it when you paid for the computer. 802.11n requires no payment of license to use as the frequency is public band.
It's profiteering at the expense of users.
In 10.4.8 update, Apple added EAP-FAST wireless authentication. That 'feature' was not present when many people 'entered into their contract of sale willingly' with their Macs. Are you saying that all of those people should now be charged for this and any other additional features because it was not there originally?
Stop apologising for Apple.
... enables dormant hardware that isn't being charged for in the purchase of the product.
Yes it is. If you bought the hardware you paid for everything. There are no 'free parts' - all the components are part of a whole. The fact that something isn't enabled is completely irrelevant - you were charged for it and paid for it.
What happens if we apply this thinking to patches? Oh I'm sorry - we fixed that last exploit with a new version of Safari that adds xxxxx feature, but because it wasn't there when we sold you the computer, we are going to have to charge you.
This is nothing more than fleecing users for cash.
As Linux is technically 'just a kernel', then does this mean that OSX is technically also 'just a kernel' meaning that Apple can compile it for a washing machine CPU and claim it's 'running OSX'?
For example, there are several phones and PDAs that 'run Linux', however everyone will agree it's not the same as a desktop OS as they essentially are talking about the kernel.
But NT doesn't have any DRM.
Cue mobile version of Vista.
...nobody here uses metric. Everything is in miles rather than kilometres such as all of our traffic signs for distance and speed and I don't know anyone who uses metres and centimetres for measurements - it's always feet and inches when buying anything in hardware stores for example.
I don't need to - I have a Windows (ironically) Mobile 5 handset that runs Skype over 802.11 beautifully.
Perhaps it will be up to Microsoft can save us from Apple.
Wait a minute...
Translation: You are not getting any free calls using Skype. Now pay through the nose and keep getting screwed like everyone else.
Paying to receive calls too in the US - still can't get my head around that.
Umm yes actually - however fair enough it claims 'basic' playback will not require it. (Where it wouldn't surprise me in the slightest if 'basic' means 'not HD').