The system is ultimately ineffective (screen shots anyone?, hand made copies?, pocket cell-phone cameras?), and false security is worse than none
You need special tools to take a screenshot (print screen doesn't cut the mustard). I also would propose that it would be difficult/impossible to copy by hand or photograph a 400 page word document while not drawing attention to yourself.
The point of this technology is to help prevent accidental disclosure of information to untrusted 3rd parties. It is not meant to control access to a document by an untrusted 3rd party.
Similar analogy: why do you bother hiding the password as you type it in when a user can record/watch you type the password on your keyboard?
It requires additional infrastructure (cost) and software upgrades (cost) then locks you in to the M$ implementation
Great, point me to a non MS implementation that doesn't suck (having to mess with CLI apps in windows == suck).
Single point of failure:What if the DRM server is down (temporary downtime company-wide for M$ Office)
Keys are cached on the client, and are set to expire after a predetermined amount of time. Additionally, you don't have to be running just one server -- you can have multiple servers, or whatever kind of load-balancing/redundant setup you want.
Same arguement could be made against using file servers, so I'd say it's pretty much a moot point.
What if the DRM server crashes and can't be restored (permanent loss of important data)
This is a backup issue. Same problem can be present with file servers, so it's a moot point.
Will M$ provide a backdoor (for Law Enforcement, PATRIOT ACT, etc), what if it's leaked ?
Doubtful that they'd put in a back door. See Admin note below.
THIS IS A DOCUMENT MANAGEMENT ISSUE - not a security problem, people need EDM/ECM not more gimmicks !
And hey, what better place to edit your document management settings than your DOCUMENT EDITOR.
'Hacking' into the document to provide interoperability or to recover data may be a FEDERAL OFFENSE under DMCA
If the purpose of 'hacking' is to provide unrestricted access to the document, then yes. If it is just for interoperability purposes (ie: provides and respects the access control mechanisms) then no.
What about search/rescue for the users who screw up and lock themselves or others out of documents accidentally ???
There is supposed to be a feature that allows the admin to deal with this problem, though I haven't used it.
Forced upgrades (al la Win2K) just to continue to use YOUR OWN (DRMed) corporate assets
Err, if you want the feature you've got to upgrade. If you don't want the feature, don't upgrade. Once you have the feature, you don't have to upgrade to keep it working.
Louts Notes has had a (less user-friendly) version of this since R2, and very few shops use it (encryption keys)
So we'll find out if the reason why it wasn't used is because it wasn' tuser friendly, or because nobody wanted the feature.
There are a huge number of users/customers/vendors/partners who will not be able to use the DRM documents (requires upgrade), so it will take years to even marginally implement for external communications (which is one of the main items people want it for in the first place)
Doubtful this will be used for document distributed outside of a company, due to the nature of the key management system. Additionally, the scenarios where you want to restrict access to a document generally occur within the walls of a company, not outside of them.
a) make it a pain in the ass to edit the document b) have an encrypted an unencrypted version of the document c) lose the collaboration features of office d) don't solve the problem (you now have two copies of the document to let loose, one of which is useless, one of which is not).
He probably meant Windows 3.0 (which WAS released in 1990) and not Win3.11.
Incidentally, NT 3.51 and 4 were intended for use in a server enviornment and not a desktop environment. Neither were "hugely" adopted either; I've never seen anything before NT 4, and I didn't see NT4 very much either.
Win98 & 98SE were major revisions to Win95, but were based on the same fundamental code/technology. As such, 98 and 98SE were not fundamental changes to windows.
Win2k represented the first version of NT that was "good", and was also the first version of NT that was widely used beyond a server role.
The original poster's timeline was correct. Major OS release events from Microsoft generally happen every 5 years.
That's like saying by having the recipie for the cake you're making, you should know if it'll taste bad or not before you bake it. You can't tell what it'll taste like until you bake it. The recipie might look good, but it could taste aweful. Or the recipie might look horrible, but it could taste wonderful.
If inspecting the code allowed you to find all the possible problems with it, that'd be great. If it were that easy, you wouldn't need a QA process -- you'd just have to do code reviews to make perfect software. But you can't "prove" that a non-trivial piece of software works.
Nobody gives a shit about inspecting the code before running a piece of software. To prove the point, I'd like everyone who's read every line of the linux source to raise their hand. If by some miracle someone actually has, I'd like them to keep their hand up if they understood the implications of the interactions between each and every single line of code. I'm going to hazard a guess and say that nobody on this planet will have their hand up.
Now if you can't do that with something as small as the linux kernel, tell me how you're going to do that for something which has over a billion lines of code?
Saying "well, you can look at it" doesn't do you any good when looking at it doesn't tell you anything.
The OS running on a mainframe targets one set of hardware. If you're lucky, there might be a handfull of peripherals designed to work with that mainframe from the manufacturer of the mainframe.
I could probably go on for an hour about how much simpler the OS design for a mainframe is, but I don't that's needed...
You are right. But if you want people to be able to execute it, but not copy it, you use -rwx--x--x.
Great, but that doesn't change the fact that if you have a file that people have read access to, but not execute access, that simply copying the file and setting some permissions gives them a way to execute the file. The fact that the user has read access to a file gives them the ability to run it.
Being able to disable reading while retaining execute permissions on a file has no "security" benefit that I can see, unless security through obscurity is your goal...or your security model requires a "trusted" client app (neither of which are good security models).
IF you don't want people to execute it, just don't give them read or execute permisions. Some times you just want people to write to a file, and not be able to read or execute it. This is useful on a web server.
Same thing can be done on WinNT. This isn't an area that Linux is superior to NT in. In fact, as far as flexibility of file permissions goes, NT wins hands down.
Unix has the concept of owner permissions, group permissions, and "anybody" permission levels. Root is granted all privledges. You are able to control execute, read, and write access. That's it (except for maybe the superuser flag, but hopefully nobody is dumb enough to use that anymore...).
The NT access model allows different access settings for the owner, multiple groups, multiple users, and "anybody". You are able to control read, write, execute, delete, permissions control, and ownership. Each of these flags can be set via "Special Access" permissions, or a selection of these attributes can be chosen from the default selection of no access, read, change, or full controll. And you can have a unique set of permissions for each user in the access list. Depending on the permissions you set, an administrator may not have access to a file.
If you can read an.exe file in Windows, you can run it. In Linux, you need to explicitly be given permision to run a file.
The same thing is true in linux -- it just takes more work. If you can read a file, you can make a copy of it. If you have a copy of it, you can modify the permissions. If you can modify the permissions, you can execute it.
Alternatively, you can write a script that will load in the file and execute it.
The policy went into effect after the lawsuit with Sun, or rather because of it. Think about it... they had to search through 100,000 tape backups for email messages to comply with the court order. After doing that once, would YOU want to do it again? I didn't think so. You don't have to search through what you don't have.:p
It wasn't part of any Microsoft settlement. In fact it is company policy not to retain email for more than 30 days (while I assume people will think it is for devious reasons, I suspect it is more because of storage requirements...).
You might be thinking of NASD requirements for financial institutions to keep records of email (and now IM) conversations.
Microsoft has a company policy not to retain email for more than 30 days. What makes you think they'd keep backups of stuff they don't want to keep in the first place?
What kind of crack are you smoking? "Network casualty?" The fricking engine control app crashed, not "the network." The problem was strictly an application error -- when an application crashes it crashes. There is no way that you can have an OS that magically knows how to rescue an application from that sort of error.
The article states that the "computer crashed", however based on further text in the article is is clear that the computers are running just fine as the "user" is able to change the value from zero to something else.
So now someone writes a crappy application and it's Microsoft's fault? The os or the db on the ships didn't take a crap, the engine control software did. The input software did not validate input, the input software stored invalid input, the control software didn't validate data it read, and the control software handled invalid data in a manner that crashed the control software.
This type of problem hasn't happened before because the Yorktown is the first ship with this level of automation present. Previous ships don't have "computer problems" because they don't have a huge massive system designed to control the entire ship.
But hey, don't let common sense interrupt a good bashing session...
If everyone in town parks a Mercedes in front of their house with the doors open, the keys in the ignition and a welcome mat thrown down, does anybody in town have a right to complain when their cars are gone in the morning?
The scenario you describe is still theft. And someone who haves their property stolen are violated has every right to complain about it.
There are actually cities which have special police squads that do exactly what you suggest -- there is a staged fight between a couple that arrive to a parkinglot in two cars -- one person leaves their car and enters the other car. The car that is left behind is unlocked, has the keys in the ignition, and THE ENGINE RUNNING.
If someone gets in the car and drives off with it, they get busted for auto theft. (note: this is not entrapment, because the officers in question never say anything to the thief).
Why? BECAUSE IT IS STILL THEFT.
In the same way, people are running an OS platform with a truly horrible security record. It's their own fault.
This is the kind of reasoning a criminal uses. "It's the victim's fault"... "They were just asking for it"... A crime is a crime. Just because it's easy to do doesn't make it any less of a crime.
Reasons why using the netcraft survey to determine "server marketshare" doesn't work: * there are more than just webservers out there * it doesn't count any servers sitting behind the "site" * unknown if they filter by domain or ip (if by domain, a single "server" may be counted multiple times) * not all servers are available via the web * it makes no distinction between a "real" server and the P90 sitting next to my desk in my apartment * you can NOT extrapolate what is running in a companies internal network based on what they run their webserver off of * survey only counts sites netcraft surveys (they surveyed 42m websites... there are BILLIONS of servers out there)
Nobody can make any assumptions about what kind of marketshare MS does or does not have, especially from a netcraft survey. I don't think anybody can say they're hurting in the enterprise area though (points finger at billion dollar wads of cash).
The "software developers" are probably busy "developing software", seeing how that's their job.
The job of an IT person is to maintain the computing infrastructure of a company. This means keeping all of the computers running and up to date. This means making sure data is backed up. This means making sure the company website doesn't fall over (in a small company anyway), and so on. It's a full time job, not little peacemeal tasks that ought to be done while developing software or while on lunch break. On top of that, why would you want to have one of your developers, who you pay 1.5-2x as much as IT personell, doing IT work?
From my experience, 1 IT person in a company with 100 developers is a bit understaffed. The last company I worked at had 80 employees and a whopping two IT people, they were busy 90% of the time. The other 10% of the time they were playing pingpong in the lunchroom...:)
Depending on a file extension to convey an accurate representation of it's contents is just asking for trouble. This, fact, combined with the fact that Microsoft wants to hide that information from the user was my (poorly conveyed) point.
I'm missing something here. We agree that it's bad to depend on file extensions -- yet, you argue that it is bad to hide file extensions... On a system where extensions are not shown, you still see an icon representing the suppossed content of the file. You see a little picture icon if it's a picture file, or a weird webbrowserish looking icon if it's a form of html file. Still not getting why it is so evil to hide file extensions for people who "don't get it."
As for educating your mom on Windows file extensions, I will gladly do that, as, if she is running Windows, she had better learn what extensions are, or she'll fall victim to the latest email virus, or she won't understand why the (zipped) pictures she downloaded don't just display, etc. etc. My going rate is $75.00 an hour, and my current customers gladly pay that for me fixing their systems after they've been hit by a virus, and they gladly pay that rate for me educating them on why and how they got infected in the first place. That includes a lesson on Windows file extensions.
No, she won't have that problem. Mainly because she can't figure out how to download attachments from the website she goes to check her email on (which is yahoo, which also does a good job of filtering spam & worm related mail AND will show simple picture attachments sent from family in a manner that doesn't require her to call me). See, it isn't worth paying $75 an hour to have someone teach her something she doesn't care about when the $0 solution works just as well. If she does somehow manage to mess up her machine, it'll take all of 10 minutes to re-image the c drive from a cd.
She uses her computer to write letters to family, look up stuff on the collectables she "collects", and to scan & print pictures. She isn't a sophisticated user. She doesn't give a rats ass about how any of it works, nor should she have to. That information just gets in the way, and makes her afraid she's going to break something (she has this idea that if she touches the mouse button wrong the computer will burst into flames or some silly nonsense...she's finally starting to 'explore' what she can do instead of replaying the steps she's been shown to get whatever she wants to get done done).
What you propose, "educating" users about file extensions, actually leads to the problems you are trying to prevent -- people that don't get it see.jpg in the filename and go "hey, it's a picture." If it is.jpg.vbs doesn't mean jack (hmm, must be a special jpg). So you can continue to try and explain how things really work, further confusing them and making them afraid to use the computer, or you can dumb it down enough so that they can do what they want to do without having to worry about it.
If that means that someday I'll have to go home and pick up the pieces from a worm or virus, I will. But I haven't had to do so once in the last 5 years. With the way the computer is setup, I doubt I ever will have to.
Great. I'll let you spend the 6 months it'll take to teach my mom what an "extension" is, what it means, why she should care, and then the differences with all of the nitty gritty details (why the same files have different extensions (htm, html, shtml, etc), why pictures have different extensions (jpg, jpeg, gif, tiff, tif) and so on.
Fact of the matter is extensions shouldn't matter -- they're just a legacy artifact of 8.3 filenames and commandline interfaces. Macs have worked just fine without them for years. Unix system use a hodgepodge of extensions, mainly to represent what content a file contains to a person on the commandline (the same effect is derrived by giving files icons in a GUI). On a unix system I could have a file named foo.jpg -- doesn't mean it's a jpg. In fact, it could contain a binary and could be executed if the right bits were set on the filename. Depending on a file extension to convey an accurate representation of it's contents is just asking for trouble.
I suspect that if there was an executable file extension called ".virus", and all worm/virus writers used that extension, that people would STILL try to run them if it was sent to them as an email attachment...
As many you have read recently, MSN has decided to no longer support older versions of their clients. Within their announcement, they mention that some third party applications may be affected. Trillian Pro 2.0, which is currently in beta, supports the latest and greatest MSN protocols. The free version of Trillian will be updated in time to reflect the new protocol as well. If we hear anything from Microsoft directly, or find out any more information, we will be sure to let you know first.
Thank you all for your support!
~The Cerulean Studios Team
Sounds like they think they're not going to have any problems...
It looks like you need a GForce just to run the desktop. Just my 2 cents.
Actually, right now I believe the minimum hardware specs are currently targeting an ATI Radeon 9800...(maybe it was a 9500). Theory being by the time Longhorn is released it will be a low end budget card...
But it's still vulerable to a man-in-the-middle attack. SSL uses a shared secret, which is not vulerable to such an attack.
If you know the random string, and you know the MD5 hash of the that string and the password, you have enough information to brute force the password -- and I'd be willing to bet that a most of the passwords used by normal people could be found with a dictionary attack.
I think the real problem is that the passwords re sent to the server. The protocols being phased out send back some random string + the password in MD5 hash form. I can't imagine that it would be very hard for someone (on a cable modem) to capture the data required to determine the password (either via brute force or by a dictionary attack).
They're switching to using SSL for user authentication.
The original poster was referring to the Trillian Pro 2.0 beta, which does infact support version 6 of the MSN protocol.
Everyone's reaction to this is overkill -- all they're doing is dropping support for an old protocol... But then again, people around here seem to think that something should be supported for the duration of copyright, so...
Turning the firewall on by default for any machine that is setup as a gateway (as selected in the "home and office networking" setup wizard), and shipping the AV software, on by default and auto-updating, would do a lot to prevent this sort of thing.
I believe they're considering turning on the firewall by default for home XP users. I also think they're considering having windows update configured to automatically apply critical updates on a default install. Though, this will be for the home version of XP only -- the logic being the corporate customers/people who know enough about computers to want some of the extras in Pro will know if/when they should do this on their systems. It will be interesting to see what they end up doing...though I'm sure there will be endless complaining here regardless of what they do though...:)
I haven't heard anything on the AV front. I wouldn't expect any MS anti-virus software for quite awhile...
Slashdot Mirror
How do you control the "printable" property on the filestore?
The system is ultimately ineffective (screen shots anyone?, hand made copies?, pocket cell-phone cameras?), and false security is worse than none
You need special tools to take a screenshot (print screen doesn't cut the mustard). I also would propose that it would be difficult/impossible to copy by hand or photograph a 400 page word document while not drawing attention to yourself.
The point of this technology is to help prevent accidental disclosure of information to untrusted 3rd parties. It is not meant to control access to a document by an untrusted 3rd party.
Similar analogy: why do you bother hiding the password as you type it in when a user can record/watch you type the password on your keyboard?
It requires additional infrastructure (cost) and software upgrades (cost) then locks you in to the M$ implementation
Great, point me to a non MS implementation that doesn't suck (having to mess with CLI apps in windows == suck).
Single point of failure:What if the DRM server is down (temporary downtime company-wide for M$ Office)
Keys are cached on the client, and are set to expire after a predetermined amount of time. Additionally, you don't have to be running just one server -- you can have multiple servers, or whatever kind of load-balancing/redundant setup you want.
Same arguement could be made against using file servers, so I'd say it's pretty much a moot point.
What if the DRM server crashes and can't be restored (permanent loss of important data)
This is a backup issue. Same problem can be present with file servers, so it's a moot point.
Will M$ provide a backdoor (for Law Enforcement, PATRIOT ACT, etc), what if it's leaked ?
Doubtful that they'd put in a back door. See Admin note below.
THIS IS A DOCUMENT MANAGEMENT ISSUE - not a security problem, people need EDM/ECM not more gimmicks !
And hey, what better place to edit your document management settings than your DOCUMENT EDITOR.
'Hacking' into the document to provide interoperability or to recover data may be a FEDERAL OFFENSE under DMCA
If the purpose of 'hacking' is to provide unrestricted access to the document, then yes. If it is just for interoperability purposes (ie: provides and respects the access control mechanisms) then no.
What about search/rescue for the users who screw up and lock themselves or others out of documents accidentally ???
There is supposed to be a feature that allows the admin to deal with this problem, though I haven't used it.
Forced upgrades (al la Win2K) just to continue to use YOUR OWN (DRMed) corporate assets
Err, if you want the feature you've got to upgrade. If you don't want the feature, don't upgrade. Once you have the feature, you don't have to upgrade to keep it working.
Louts Notes has had a (less user-friendly) version of this since R2, and very few shops use it (encryption keys)
So we'll find out if the reason why it wasn't used is because it wasn' tuser friendly, or because nobody wanted the feature.
There are a huge number of users/customers/vendors/partners who will not be able to use the DRM documents (requires upgrade), so it will take years to even marginally implement for external communications (which is one of the main items people want it for in the first place)
Doubtful this will be used for document distributed outside of a company, due to the nature of the key management system. Additionally, the scenarios where you want to restrict access to a document generally occur within the walls of a company, not outside of them.
Stopping Whistleblowers (Enron, Pentagon, Worldcom/Arthur Anderson, Whitewater)
Erasing potential evidence: stockbroker send you bad advice in a doc that expires in 30 days
Erasing potential evidence: boss tells you to do something unusual that gets you into trouble
ok, so now you
a) make it a pain in the ass to edit the document
b) have an encrypted an unencrypted version of the document
c) lose the collaboration features of office
d) don't solve the problem (you now have two copies of the document to let loose, one of which is useless, one of which is not).
He probably meant Windows 3.0 (which WAS released in 1990) and not Win3.11.
Incidentally, NT 3.51 and 4 were intended for use in a server enviornment and not a desktop environment. Neither were "hugely" adopted either; I've never seen anything before NT 4, and I didn't see NT4 very much either.
Win98 & 98SE were major revisions to Win95, but were based on the same fundamental code/technology. As such, 98 and 98SE were not fundamental changes to windows.
Win2k represented the first version of NT that was "good", and was also the first version of NT that was widely used beyond a server role.
The original poster's timeline was correct. Major OS release events from Microsoft generally happen every 5 years.
That's like saying by having the recipie for the cake you're making, you should know if it'll taste bad or not before you bake it. You can't tell what it'll taste like until you bake it. The recipie might look good, but it could taste aweful. Or the recipie might look horrible, but it could taste wonderful.
If inspecting the code allowed you to find all the possible problems with it, that'd be great. If it were that easy, you wouldn't need a QA process -- you'd just have to do code reviews to make perfect software. But you can't "prove" that a non-trivial piece of software works.
Nobody gives a shit about inspecting the code before running a piece of software. To prove the point, I'd like everyone who's read every line of the linux source to raise their hand. If by some miracle someone actually has, I'd like them to keep their hand up if they understood the implications of the interactions between each and every single line of code. I'm going to hazard a guess and say that nobody on this planet will have their hand up.
Now if you can't do that with something as small as the linux kernel, tell me how you're going to do that for something which has over a billion lines of code?
Saying "well, you can look at it" doesn't do you any good when looking at it doesn't tell you anything.
The OS running on a mainframe targets one set of hardware. If you're lucky, there might be a handfull of peripherals designed to work with that mainframe from the manufacturer of the mainframe.
I could probably go on for an hour about how much simpler the OS design for a mainframe is, but I don't that's needed...
You are right. But if you want people to be able to execute it, but not copy it, you use -rwx--x--x.
Great, but that doesn't change the fact that if you have a file that people have read access to, but not execute access, that simply copying the file and setting some permissions gives them a way to execute the file. The fact that the user has read access to a file gives them the ability to run it.
Being able to disable reading while retaining execute permissions on a file has no "security" benefit that I can see, unless security through obscurity is your goal...or your security model requires a "trusted" client app (neither of which are good security models).
IF you don't want people to execute it, just don't give them read or execute permisions. Some times you just want people to write to a file, and not be able to read or execute it. This is useful on a web server.
Same thing can be done on WinNT. This isn't an area that Linux is superior to NT in. In fact, as far as flexibility of file permissions goes, NT wins hands down.
Unix has the concept of owner permissions, group permissions, and "anybody" permission levels. Root is granted all privledges. You are able to control execute, read, and write access. That's it (except for maybe the superuser flag, but hopefully nobody is dumb enough to use that anymore...).
The NT access model allows different access settings for the owner, multiple groups, multiple users, and "anybody". You are able to control read, write, execute, delete, permissions control, and ownership. Each of these flags can be set via "Special Access" permissions, or a selection of these attributes can be chosen from the default selection of no access, read, change, or full controll. And you can have a unique set of permissions for each user in the access list. Depending on the permissions you set, an administrator may not have access to a file.
If you can read an .exe file in Windows, you can run it. In Linux, you need to explicitly be given permision to run a file.
The same thing is true in linux -- it just takes more work. If you can read a file, you can make a copy of it. If you have a copy of it, you can modify the permissions. If you can modify the permissions, you can execute it.
Alternatively, you can write a script that will load in the file and execute it.
Don't confuse "hard to use" with "security."
The policy went into effect after the lawsuit with Sun, or rather because of it. Think about it ... they had to search through 100,000 tape backups for email messages to comply with the court order. After doing that once, would YOU want to do it again? I didn't think so. You don't have to search through what you don't have. :p
It wasn't part of any Microsoft settlement. In fact it is company policy not to retain email for more than 30 days (while I assume people will think it is for devious reasons, I suspect it is more because of storage requirements...).
You might be thinking of NASD requirements for financial institutions to keep records of email (and now IM) conversations.
Microsoft has a company policy not to retain email for more than 30 days. What makes you think they'd keep backups of stuff they don't want to keep in the first place?
What kind of crack are you smoking? "Network casualty?" The fricking engine control app crashed, not "the network." The problem was strictly an application error -- when an application crashes it crashes. There is no way that you can have an OS that magically knows how to rescue an application from that sort of error.
The article states that the "computer crashed", however based on further text in the article is is clear that the computers are running just fine as the "user" is able to change the value from zero to something else.
So now someone writes a crappy application and it's Microsoft's fault? The os or the db on the ships didn't take a crap, the engine control software did. The input software did not validate input, the input software stored invalid input, the control software didn't validate data it read, and the control software handled invalid data in a manner that crashed the control software.
This type of problem hasn't happened before because the Yorktown is the first ship with this level of automation present. Previous ships don't have "computer problems" because they don't have a huge massive system designed to control the entire ship.
But hey, don't let common sense interrupt a good bashing session...
If everyone in town parks a Mercedes in front of their house with the doors open, the keys in the ignition and a welcome mat thrown down, does anybody in town have a right to complain when their cars are gone in the morning?
... "They were just asking for it" ... A crime is a crime. Just because it's easy to do doesn't make it any less of a crime.
The scenario you describe is still theft. And someone who haves their property stolen are violated has every right to complain about it.
There are actually cities which have special police squads that do exactly what you suggest -- there is a staged fight between a couple that arrive to a parkinglot in two cars -- one person leaves their car and enters the other car. The car that is left behind is unlocked, has the keys in the ignition, and THE ENGINE RUNNING.
If someone gets in the car and drives off with it, they get busted for auto theft. (note: this is not entrapment, because the officers in question never say anything to the thief).
Why? BECAUSE IT IS STILL THEFT.
In the same way, people are running an OS platform with a truly horrible security record. It's their own fault.
This is the kind of reasoning a criminal uses. "It's the victim's fault"
Reasons why using the netcraft survey to determine "server marketshare" doesn't work: ... there are BILLIONS of servers out there)
* there are more than just webservers out there
* it doesn't count any servers sitting behind the "site"
* unknown if they filter by domain or ip (if by domain, a single "server" may be counted multiple times)
* not all servers are available via the web
* it makes no distinction between a "real" server and the P90 sitting next to my desk in my apartment
* you can NOT extrapolate what is running in a companies internal network based on what they run their webserver off of
* survey only counts sites netcraft surveys (they surveyed 42m websites
Nobody can make any assumptions about what kind of marketshare MS does or does not have, especially from a netcraft survey. I don't think anybody can say they're hurting in the enterprise area though (points finger at billion dollar wads of cash).
The "software developers" are probably busy "developing software", seeing how that's their job.
The job of an IT person is to maintain the computing infrastructure of a company. This means keeping all of the computers running and up to date. This means making sure data is backed up. This means making sure the company website doesn't fall over (in a small company anyway), and so on. It's a full time job, not little peacemeal tasks that ought to be done while developing software or while on lunch break. On top of that, why would you want to have one of your developers, who you pay 1.5-2x as much as IT personell, doing IT work?
From my experience, 1 IT person in a company with 100 developers is a bit understaffed. The last company I worked at had 80 employees and a whopping two IT people, they were busy 90% of the time. The other 10% of the time they were playing pingpong in the lunchroom...:)
Depending on a file extension to convey an accurate representation of it's contents is just asking for trouble.
.jpg in the filename and go "hey, it's a picture." If it is .jpg.vbs doesn't mean jack (hmm, must be a special jpg). So you can continue to try and explain how things really work, further confusing them and making them afraid to use the computer, or you can dumb it down enough so that they can do what they want to do without having to worry about it.
This, fact, combined with the fact that Microsoft wants to hide that information from the user was my (poorly conveyed) point.
I'm missing something here. We agree that it's bad to depend on file extensions -- yet, you argue that it is bad to hide file extensions... On a system where extensions are not shown, you still see an icon representing the suppossed content of the file. You see a little picture icon if it's a picture file, or a weird webbrowserish looking icon if it's a form of html file. Still not getting why it is so evil to hide file extensions for people who "don't get it."
As for educating your mom on Windows file extensions, I will gladly do that, as, if she is running Windows, she had better learn what extensions are, or she'll fall victim to the latest email virus, or she won't understand why the (zipped) pictures she downloaded don't just display, etc. etc. My going rate is $75.00 an hour, and my current customers gladly pay that for me fixing their systems after they've been hit by a virus, and they gladly pay that rate for me educating them on why and how they got infected in the first place. That includes a lesson on Windows file extensions.
No, she won't have that problem. Mainly because she can't figure out how to download attachments from the website she goes to check her email on (which is yahoo, which also does a good job of filtering spam & worm related mail AND will show simple picture attachments sent from family in a manner that doesn't require her to call me). See, it isn't worth paying $75 an hour to have someone teach her something she doesn't care about when the $0 solution works just as well. If she does somehow manage to mess up her machine, it'll take all of 10 minutes to re-image the c drive from a cd.
She uses her computer to write letters to family, look up stuff on the collectables she "collects", and to scan & print pictures. She isn't a sophisticated user. She doesn't give a rats ass about how any of it works, nor should she have to. That information just gets in the way, and makes her afraid she's going to break something (she has this idea that if she touches the mouse button wrong the computer will burst into flames or some silly nonsense...she's finally starting to 'explore' what she can do instead of replaying the steps she's been shown to get whatever she wants to get done done).
What you propose, "educating" users about file extensions, actually leads to the problems you are trying to prevent -- people that don't get it see
If that means that someday I'll have to go home and pick up the pieces from a worm or virus, I will. But I haven't had to do so once in the last 5 years. With the way the computer is setup, I doubt I ever will have to.
Great. I'll let you spend the 6 months it'll take to teach my mom what an "extension" is, what it means, why she should care, and then the differences with all of the nitty gritty details (why the same files have different extensions (htm, html, shtml, etc), why pictures have different extensions (jpg, jpeg, gif, tiff, tif) and so on.
Fact of the matter is extensions shouldn't matter -- they're just a legacy artifact of 8.3 filenames and commandline interfaces. Macs have worked just fine without them for years. Unix system use a hodgepodge of extensions, mainly to represent what content a file contains to a person on the commandline (the same effect is derrived by giving files icons in a GUI). On a unix system I could have a file named foo.jpg -- doesn't mean it's a jpg. In fact, it could contain a binary and could be executed if the right bits were set on the filename. Depending on a file extension to convey an accurate representation of it's contents is just asking for trouble.
I suspect that if there was an executable file extension called ".virus", and all worm/virus writers used that extension, that people would STILL try to run them if it was sent to them as an email attachment...
Off of the Trillian members area:
Hi Folks,
As many you have read recently, MSN has decided to no longer support older versions of their clients. Within their announcement, they mention that some third party applications may be affected. Trillian Pro 2.0, which is currently in beta, supports the latest and greatest MSN protocols. The free version of Trillian will be updated in time to reflect the new protocol as well. If we hear anything from Microsoft directly, or find out any more information, we will be sure to let you know first.
Thank you all for your support!
~The Cerulean Studios Team
Sounds like they think they're not going to have any problems...
It looks like you need a GForce just to run the desktop. Just my 2 cents.
Actually, right now I believe the minimum hardware specs are currently targeting an ATI Radeon 9800...(maybe it was a 9500). Theory being by the time Longhorn is released it will be a low end budget card...
But it's still vulerable to a man-in-the-middle attack. SSL uses a shared secret, which is not vulerable to such an attack.
If you know the random string, and you know the MD5 hash of the that string and the password, you have enough information to brute force the password -- and I'd be willing to bet that a most of the passwords used by normal people could be found with a dictionary attack.
I think the real problem is that the passwords re sent to the server. The protocols being phased out send back some random string + the password in MD5 hash form. I can't imagine that it would be very hard for someone (on a cable modem) to capture the data required to determine the password (either via brute force or by a dictionary attack).
They're switching to using SSL for user authentication.
The original poster was referring to the Trillian Pro 2.0 beta, which does infact support version 6 of the MSN protocol.
...
Everyone's reaction to this is overkill -- all they're doing is dropping support for an old protocol... But then again, people around here seem to think that something should be supported for the duration of copyright, so
Turning the firewall on by default for any machine that is setup as a gateway (as selected in the "home and office networking" setup wizard), and shipping the AV software, on by default and auto-updating, would do a lot to prevent this sort of thing.
I believe they're considering turning on the firewall by default for home XP users. I also think they're considering having windows update configured to automatically apply critical updates on a default install. Though, this will be for the home version of XP only -- the logic being the corporate customers/people who know enough about computers to want some of the extras in Pro will know if/when they should do this on their systems. It will be interesting to see what they end up doing...though I'm sure there will be endless complaining here regardless of what they do though...:)
I haven't heard anything on the AV front. I wouldn't expect any MS anti-virus software for quite awhile...