Thus, he learns that theft and lying are an acceptable means of getting what you want.
Not necessarily acceptable - most criminals know what they are doing is unacceptable - but effective. If you perform small crimes a number of times with no consequences, you tend to think that it's an effective way of making money. You still know it's "wrong" but you don't believe you'll ever have to face the consequences.
I've heard the same is true about gambling - most chronic gamblers are those who have a big win early on. If you give it a go a few times and consistently lose money, your likely not to get hooked. But if you win during your first few tries, your much more likely to become addicted.
It's called "Criminal Indifferenc". Like seeing someone hanging from the edge of a cliff, a rope right there, in sight and accessible, and just watching while they lose their grip and fall.
In this case the crime is not witnessing the crime, but failing to intervene to prevent the crime. That doesn't necessarily mean facing down the bully, but notifying authorities who could physically intervene.
The big issue here is we're talking about a movie -- a multi-million dollar venue, corporations don't lightly toss around the idea of letting you put a $500 million production on five other computers for nothing.
Huh? They currently sell DVDs which can be played on an unlimited number of computers. DVDs are encrypted sure, but it's been cracked, and people can rip and re-encode DVDs at the drop of a hat. You don't see the studios suddenly stopping distributing DVDs because of the piracy risk, do you?
None of the traditional media currently being distributed has any effective DRM restrictions. The movie studios aren't trying to add DRM to digital video to make it the equivelant of it's analog counterpart; they're trying to add restrictions which currently do not exist on DVDs or VHS. They're not trying to maintain their rights, they're trying to grab more.
If they just sold their videos as MPEG4, XviD, H.264, whatever, with no DRM, no restrictions it would not change the current piracy situation at all. Piracy groups would still make them available for download (like they do now) and people would still make copies of them for friends (like you can now). Unencumbered video files would not change the marketplace at all. But the studios aren't interested in maintaining the status quo - they want to tighten their control.
Wouldn't a better method be to use your card not as a password, but as a one-time pad generator? I'm not an expert on crypto, but the process would go something as follows.
You apply for a credit card. Card issuer generates a number, and uses it to seed a pseudo random number generator in your credit card
Every time your card is used in a transaction, it issues a transaction ID and a "random" number.
Because the credit card issuer knows both your seed and the RNG algorithm, it can use the transaction ID to determine what random number your card should have generated.
If the transaction succeeds, that transaction ID is locked out - only one debit per transaction is allowed. Retransmission of the same transaction and number would allow for refunds against that transaction.
Thus, if a store has your info, they can only use it once. If a store is compromised, the only time the information is useful is in between the time you gave it to them, and the time it was processed. For further security, you could encrypt the number against the amount charged in the card before issuing, so a charge could only be made against the card if the attacker knew the ID, the number, and amount being charged, and even then, only one transaction could be made. The cardholder would be safe, but the merchant whose security was compromised would be shafted. Bit of an incentive to tighten the security, eh?
As long as there was no way of extracting the number from the card itself, and the issuing agency did not disclose your seed, you're pretty safe. The only danger would be if the attacker had access to a number of transactions from the same card (and knew the amounts if you're using that system). If they had sufficient data, they may be able to reverse engineer the RNG and guess the seed depending on the strength of the algos. That's a heck of a lot better than what we have now.
My bank sends me an email whenever an amount over a certain threshold is deducted from my account. If someone nicks some money from me, Ill get an email about it within 5-10 minutes (assuming Im sitting at my computer which, alas, I generally am). I can then log on and check the details of the transaction through their online banking facility, and contact them straight away.
My bank's St. George. It's an Australian bank, I doubt they offer consumer accounts in the US.
Never actually got very far in Pools of Darkness. I got them all in the form of the Gold Box Collection, which included those four, plus the two Savage Frontier games, Hillsfar, and the Krynn collection. Never realized Pools of Darkness was part of that first series.
Hell yeah, my first introduction to RPGs. Of course, there wasn't much role-playing in them, but they were still damn cool. Pool of Radiance, Curse of the Azure Bonds, and Secret of the Silver Blades were the first trilogy IIRC. My next door neighbour used to come over, and we'd design half our party each, and control three characters each (in a full party) in combat. Great fun!
Tape has fewer points of failure than a hard drive?
It does, because, unlike hard-drives, the media and the reading mechanism separate components. If your read head drives on your hard-drive, it is difficult and expensive (but not impossible) to retrieve your data.
Explain to me why the entire industry is moving to disk-to-disk recovery backup with tape relegated to archival backup.
Convenience
Explain to me why most data is kept on hard drives for day to day use if they are so failure prone.
Convenience
Hard drives are more prone to failures than tape drives, but that can be alleviated through stuff like RAID. Hard drives are more convenient than tape for all but the most fundamental backup needs (full backup, full restore).I prefer to use hard drives too; but they are more prone to failure than tape. If I had to choose to trust all my data to a single tape or a single hard drive, I'd go tape every time. If I had the capacity to create a redundant array of hard drives, I'd go with hard drives. If I needed offsite storage on a budget, I'd go with tape - it's easier to transport and store than a hard drive array. If I had the money for it, or my needs were simple enough that the solution wasn't that expensive, I'd go for a local hard drive array backup, and a remote network backup.
That last one is, in fact, the backup system I use at home. I have a cheap RAID array, and a script that encrypts my most important files and FTPs them to a friend's computer once a week. My important files are mostly source code and documents I've written myself - it doesn't chew through much bandwidth or storage space.
For businesses, a tape backup is better and cheaper than S3.
For home users, a DVD+/-R is better and cheaper than S3.
>
Except that tape/DVD backup doesn't, in and of itself, guarantee geographic redundancy. You need to then take those tapes or DVDs and store them in a secure location offsite. That may or may not be expensive, depending on how paranoid your are, or how sensitive your files are. But even if you just take them home and put them under the mattress, it's impossible to automate.
Whereas with an offering like S3, you could simply setup a cron job to zip, crypt, and send your critical files each night. This is obviously only good when only a reasonably small amount of data needs to be transferred - even good connections are going to have trouble sending 10 gig of data each night. But for a small number of critical files (ie: Not your MP3 collection, or stash of DVD rips), this sounds like a decent solution. If you really do need to critically backup 10GB+ each week or so, then yeah, maybe media-based backup w/ offsite secure storage is the best solution. But there's definately a niche for stuff like this.
No, the password criteria given above SUCK. 8 characters, 2 lower, 2 upper, 2 numeric, 2 symbol. There's too much information given away in the security policy about the composition of the password. Whereas a normal 8-character password would have around 90 possibilities for each letter, in this case, each character would have a maximum of around 26 possibilities - even less for some because numerics only have 10 possibilities. You really cut your password space down with overly-restrictive policies.
Of course, hard-to-crack passwords only matter in cases where it would be feasible for someone to try and brute-force the system without being detected and locked out. That's generally only possible against targets like encrypted files, not live system logins.
The only thing that is going to let people in to live targets via the normal user login (ie: Not through a bug/hole/exploit) is either easy-to-guess passwords (like spouse name, dog name, birthdate, etc - dictionary words are not necessarily easy to guess unless there would be some reason an attacker would be likely to guess the word) or through the user disclosing their password in some manner.
Of the two, user disclosure is more likely. Even with an easy-to-guess password, it's unlikely even a knowledgable attacker would be able to guess it in few enough tries not to set off any lockouts the system may have. In any case, you don't need to go to such a draconian level to prevent easy-to-guess passwords. Require two non-alphabetic characters in non-adjacent positions in the password, and you're pretty much safe.
The most likely route for password compromise is user disclosure, and there is no technical way to protect against that except for relying on additional, non-password security measures (keycards, biometrics, etc). You could try educating your users, but like that's going to work.
I have. My homebrew OS doesn't even compile. No security problems there.
Joking aside, if you apply that little mantra of yours to other scenarios, you'll see how silly it is. How about "Don't criticise Gigli unless you've produced the perfect film"? How about "Don't criticise your plumber for not fixing your leak and flooding your basement until you've laid the perfect pipe"? How about "Don't criticise your goverment until you've ruled over the perfect society"?
You do not need to be an expert to see when an expert is doing a crap job of it.
And even if centralized power is bad, there is no solution. If you decentralize it, eventually somebodys going to come along and start concentrating it again. Centralized power may be bad. but its also inevitable.
Flash is pretty much a way of embedding an executable in a browser. AJAX is a buzzword for using javascript to manipulate the layout and contents of a page; the two are not directly interchangable.
If I were to be given a choice, I'd develop in Flash over "AJAX" any day. No issues with browser sniffing, cross-browser glitches, or the debugging hell that comes bundled with complex javascript apps. But there are some things you can do with javascript that you simply cannot do with Flash. And there are degrees of "AJAX" - in a number of my sites I've used a single call to XmlHTTPRequest to send data contained in a page to the server without changing the page the user is on. Trying to fulfil that requirement by redeveloping the whole site in Flash is overkill.
It would be. Which is why Sony went into defence mode, called in their spin doctors, offered uninstall software, issued press releases, etc. That hurt their corporate image because Sony is the brand name they market with, and their marketable brand name was associated with the debacle.
It's one advantage to being a cartel^H^H^H^H^H^H assosciation. It's always "the RIAA" or "the MPAA" doing the suing. The individual companies aren't being assosciated with the bad publicity. If you started seeing "Sony sues grandpa without computer" or "Vivendi sues 13 year old girl", then you might start getting some reaction to the bad press. As it is, the MPAA is sort of like a meta-corporation. Corporations exist to limit the risk to individuals involved in the corporation. The MPAA exists to limit the risk to the companies involved in it.
Except all of the many Linux distributions are pretty much interchangable.
Everything you can do with RedHat, you can do with Debian, or Suse, or Mandrake, or Ubuntu, or whatever other distribution you want. All that changes is how you do it. Assuming MS stays true to form, all their versions of windows will ship with different functionality. How you do something stays the same, but each version allows you to do different things.
I mean, evolution is based on adaptation to environment. If early humans were sufficiently well-adapted to their environment that they dominated it, what forces would be acting on them to propel evolution?
Well, it actually isn't a flip-flop, if you realize that the war in Iraq has absolutely no connection whatsoever to action against al-Qaeda. It wasn't a flip-flop, it was just George forgetting his own lies for a few seconds and letting a bit of truth slip out.
Awesome show, one of my top 3 anime shows (Hikaru no Go and Saishuu Heiki Kanojo being the other two). But yes, sub-orbital means that if it goes up, it's gonna come right back down again unless you're expending energy to keep it there. Ain't no such thing as sub-orbital space debris, since it very quickly becomes terrestrial space debris:P
Developers have had no excuse not to be writing LUA-friendly applications since about 1998. That's when every shipping version of Windows had support for per-user profiles and registries.
That was support for multiple users was added. But when did MS start saying that programs should be developed so they can work in a non-root setting? From the development perspective, "LUA-friendly" is just another feature. If you don't need it, you don't use it. You just keep doing things the way you usually do. It's not until MS issues best practices and "written for XP"-type certification that development houses are going to change their in-house practices (if then). The "encouragement" I was trying to refer to in the last paragraph was that situation. Microsoft didn't go out there saying "we want everyone to write insecure code". But they created a system that let developers assume they had global read/write to the harddrive. Once the developers fall into that mindset, changing it is going to be a long, slow process. That's the encouragement I'm talking about - they set up single-user system, and then tried to change it mid-stride to a multi-user one.
Ignorantly != accidentally. If they double-click an icon, that's deliberate.
It's a deliberate action, but they're not intentionally trying to run a program. It's like the difference between giving away your credit card numbers to random strangers, and being spoofed into giving to someone setting up a fake ebay interface. One is plain stupidity, and one is fraud.
Conceptually, a double click action only has one meaning - "open this" (or "activate this"). Whether this actually entails running an executable or passing the file to a handler program is an implementation detail that the user doesn't - and shouldn't have to - know about
Except that every user has to know that running code can be dangerous. Every user has to know that, or there's no helping them. And most, especially these days, do. If you simply modified the popup box that appears when you double-click a file with an unassigned helper app to say something like "This file appears to be an executable. Executable files may damage your computer and/or files. If you are sure you want to execute this file, right click and tick 'Make File Executable'" it would be a big help. It wouldn't help those bound and determined to run the happy elephants screensaver no matter the cost, but it'd help those who were fooled into believing that.PIF was a.JPG.
You'll probably also find that the vast bulk of data on these machines is in a "shared folder". IIRC Windows calls it "Common Files"....most "household computers", if they're even used by more than one person, just have a single account that everyone uses
Maybe we've just had exposure to different households. Most that I've seen just save stuff to "My Documents" or the desktop, both of which are separate for each user.
In the Real World, however, this hypothetical difference doesn't add up to a hill of beans, because the vast bulk of OSS users only get their software through "vendors" like Red Had, Gentoo, Ubuntu and the like - so they're in exactly the same situation waiting for them as they would be waiting for Microsoft.
The thing is, the vendors themselves don't always write the patches. People in the Linux community did. With MS, there's one central point of failure - Microsoft. If they drop the ball, you're SOL. With Linux, if the usual guy doesn't deliver a patch in a timely fashion, some other interested party can. And then the vendors can vet his patch, and deliver it. People don't have to be able to code themselves to benefit from the advantages of open code. It's not a case of telling people to patch their own kernel, it's about not being totally dependant on a single entity for your patches.
When Linux has the same userbase proportion and demographic that Windows does, it will have the same problems, unless som
Encouraged how ? What Microsoft documentation can you provide showing that developers have been told to write applications dependant on Administrator level access ? How do you reconcile this claim with the requirement of the "Made for Windows XP" logo that applications must run in a normal user account ?
They encouraged it prior to the release of XP. Then they released XP, and changed the way programs are supposed to perform OS operations. Ok, that was a good step. But you can't expect millions of programs out there to be re-written to do it the new way. Even though they have now changed the way they recommend programs be written for their OS, their previous stance still has repurcussions in the current state of windows software.
Very little malware is executed "accidentally". If you seriously think the need to run "chmod a+x" or GUI equivalent is going to stop many people from running their "watching the dancing elephants" program, you're delusional. People are happy to open up password-protected zipfiles to get their malware fix, having to make something executable is barely a speed bump.
I'd say a whole lot of malware is executed accidentally. Ok, so the people who will jump through a hundred hoops to destroy their system are beyond hope, no matter what architecture they use. But it's the people who encounter a file like...
"holiday photo.gif_________________________________.exe"
(Due to slashcode, you'll have to pretend those underscores are whitespace)
...and click it that I'm talking about. Particularly when the last ".exe" has been hidden by the OS. The problem is that double-clicking a file has two meanings - "execute me" and "open me with associated program". If the OS uses an execute bit, then it forces users to manually specify which of these actions are to be performed - which means fewer users accidentally executing what they assumed to be a non-executable file.
Does it matter ? Most unmanaged machines are single user and the most important files on the system are the ones the user has full permissions to anyway.
Many of the machines used by inexperienced people I see these days are family machines. There's a Mum account, a Dad account, a little Johnny and little Betsie account. Households with multiple computers (at least in Australia, might be different in the US) tend to be those with computer-savvy household members in my experience. And if your file system is permissions-based, it means little Johnnies naieve attempt to access the wonderful world of internet porn won't delete all Daddy's financial records.
There's been no shortage of "critical vulnerabilities" in OSS apps that have gone unnoticed for extended lengths of time.
Which is why I used the word "potentially". Also, notice that I wasn't talking about bugs that go unnoticed, I was talking about bugs that are found, but sat on by Microsoft. In the OS community, as soon as a bug is found it can be patched by anyone. This is the advantage of an OS whose source code is public - anyone can modify it to protect themselves. So even if Linus (or Redhat, or whoever you consider to be the MS equivelant in Linuxland) doesn't develop a patch, some other party can. You're not going to be seeing the same sort of thing happening in Windowsworld because nobody really has any clue how it all works - they don't have access to the code.
Thus, he learns that theft and lying are an acceptable means of getting what you want.
Not necessarily acceptable - most criminals know what they are doing is unacceptable - but effective. If you perform small crimes a number of times with no consequences, you tend to think that it's an effective way of making money. You still know it's "wrong" but you don't believe you'll ever have to face the consequences.
I've heard the same is true about gambling - most chronic gamblers are those who have a big win early on. If you give it a go a few times and consistently lose money, your likely not to get hooked. But if you win during your first few tries, your much more likely to become addicted.
It's called "Criminal Indifferenc". Like seeing someone hanging from the edge of a cliff, a rope right there, in sight and accessible, and just watching while they lose their grip and fall.
In this case the crime is not witnessing the crime, but failing to intervene to prevent the crime. That doesn't necessarily mean facing down the bully, but notifying authorities who could physically intervene.
The big issue here is we're talking about a movie -- a multi-million dollar venue, corporations don't lightly toss around the idea of letting you put a $500 million production on five other computers for nothing.
Huh? They currently sell DVDs which can be played on an unlimited number of computers. DVDs are encrypted sure, but it's been cracked, and people can rip and re-encode DVDs at the drop of a hat. You don't see the studios suddenly stopping distributing DVDs because of the piracy risk, do you?
None of the traditional media currently being distributed has any effective DRM restrictions. The movie studios aren't trying to add DRM to digital video to make it the equivelant of it's analog counterpart; they're trying to add restrictions which currently do not exist on DVDs or VHS. They're not trying to maintain their rights, they're trying to grab more.
If they just sold their videos as MPEG4, XviD, H.264, whatever, with no DRM, no restrictions it would not change the current piracy situation at all. Piracy groups would still make them available for download (like they do now) and people would still make copies of them for friends (like you can now). Unencumbered video files would not change the marketplace at all. But the studios aren't interested in maintaining the status quo - they want to tighten their control.
- You apply for a credit card. Card issuer generates a number, and uses it to seed a pseudo random number generator in your credit card
- Every time your card is used in a transaction, it issues a transaction ID and a "random" number.
- Because the credit card issuer knows both your seed and the RNG algorithm, it can use the transaction ID to determine what random number your card should have generated.
- If the transaction succeeds, that transaction ID is locked out - only one debit per transaction is allowed. Retransmission of the same transaction and number would allow for refunds against that transaction.
Thus, if a store has your info, they can only use it once. If a store is compromised, the only time the information is useful is in between the time you gave it to them, and the time it was processed. For further security, you could encrypt the number against the amount charged in the card before issuing, so a charge could only be made against the card if the attacker knew the ID, the number, and amount being charged, and even then, only one transaction could be made. The cardholder would be safe, but the merchant whose security was compromised would be shafted. Bit of an incentive to tighten the security, eh?As long as there was no way of extracting the number from the card itself, and the issuing agency did not disclose your seed, you're pretty safe. The only danger would be if the attacker had access to a number of transactions from the same card (and knew the amounts if you're using that system). If they had sufficient data, they may be able to reverse engineer the RNG and guess the seed depending on the strength of the algos. That's a heck of a lot better than what we have now.
My bank sends me an email whenever an amount over a certain threshold is deducted from my account. If someone nicks some money from me, Ill get an email about it within 5-10 minutes (assuming Im sitting at my computer which, alas, I generally am). I can then log on and check the details of the transaction through their online banking facility, and contact them straight away.
My bank's St. George. It's an Australian bank, I doubt they offer consumer accounts in the US.
Never actually got very far in Pools of Darkness. I got them all in the form of the Gold Box Collection, which included those four, plus the two Savage Frontier games, Hillsfar, and the Krynn collection. Never realized Pools of Darkness was part of that first series.
Hell yeah, my first introduction to RPGs. Of course, there wasn't much role-playing in them, but they were still damn cool. Pool of Radiance, Curse of the Azure Bonds, and Secret of the Silver Blades were the first trilogy IIRC. My next door neighbour used to come over, and we'd design half our party each, and control three characters each (in a full party) in combat. Great fun!
Tape has fewer points of failure than a hard drive?
It does, because, unlike hard-drives, the media and the reading mechanism separate components. If your read head drives on your hard-drive, it is difficult and expensive (but not impossible) to retrieve your data.
Explain to me why the entire industry is moving to disk-to-disk recovery backup with tape relegated to archival backup.
Convenience
Explain to me why most data is kept on hard drives for day to day use if they are so failure prone.
Convenience
Hard drives are more prone to failures than tape drives, but that can be alleviated through stuff like RAID. Hard drives are more convenient than tape for all but the most fundamental backup needs (full backup, full restore).I prefer to use hard drives too; but they are more prone to failure than tape. If I had to choose to trust all my data to a single tape or a single hard drive, I'd go tape every time. If I had the capacity to create a redundant array of hard drives, I'd go with hard drives. If I needed offsite storage on a budget, I'd go with tape - it's easier to transport and store than a hard drive array. If I had the money for it, or my needs were simple enough that the solution wasn't that expensive, I'd go for a local hard drive array backup, and a remote network backup.
That last one is, in fact, the backup system I use at home. I have a cheap RAID array, and a script that encrypts my most important files and FTPs them to a friend's computer once a week. My important files are mostly source code and documents I've written myself - it doesn't chew through much bandwidth or storage space.
For businesses, a tape backup is better and cheaper than S3.
For home users, a DVD+/-R is better and cheaper than S3. >
Except that tape/DVD backup doesn't, in and of itself, guarantee geographic redundancy. You need to then take those tapes or DVDs and store them in a secure location offsite. That may or may not be expensive, depending on how paranoid your are, or how sensitive your files are. But even if you just take them home and put them under the mattress, it's impossible to automate.
Whereas with an offering like S3, you could simply setup a cron job to zip, crypt, and send your critical files each night. This is obviously only good when only a reasonably small amount of data needs to be transferred - even good connections are going to have trouble sending 10 gig of data each night. But for a small number of critical files (ie: Not your MP3 collection, or stash of DVD rips), this sounds like a decent solution. If you really do need to critically backup 10GB+ each week or so, then yeah, maybe media-based backup w/ offsite secure storage is the best solution. But there's definately a niche for stuff like this.
No, the password criteria given above SUCK. 8 characters, 2 lower, 2 upper, 2 numeric, 2 symbol. There's too much information given away in the security policy about the composition of the password. Whereas a normal 8-character password would have around 90 possibilities for each letter, in this case, each character would have a maximum of around 26 possibilities - even less for some because numerics only have 10 possibilities. You really cut your password space down with overly-restrictive policies.
Of course, hard-to-crack passwords only matter in cases where it would be feasible for someone to try and brute-force the system without being detected and locked out. That's generally only possible against targets like encrypted files, not live system logins.
The only thing that is going to let people in to live targets via the normal user login (ie: Not through a bug/hole/exploit) is either easy-to-guess passwords (like spouse name, dog name, birthdate, etc - dictionary words are not necessarily easy to guess unless there would be some reason an attacker would be likely to guess the word) or through the user disclosing their password in some manner.
Of the two, user disclosure is more likely. Even with an easy-to-guess password, it's unlikely even a knowledgable attacker would be able to guess it in few enough tries not to set off any lockouts the system may have. In any case, you don't need to go to such a draconian level to prevent easy-to-guess passwords. Require two non-alphabetic characters in non-adjacent positions in the password, and you're pretty much safe.
The most likely route for password compromise is user disclosure, and there is no technical way to protect against that except for relying on additional, non-password security measures (keycards, biometrics, etc). You could try educating your users, but like that's going to work.
I have. My homebrew OS doesn't even compile. No security problems there.
Joking aside, if you apply that little mantra of yours to other scenarios, you'll see how silly it is. How about "Don't criticise Gigli unless you've produced the perfect film"? How about "Don't criticise your plumber for not fixing your leak and flooding your basement until you've laid the perfect pipe"? How about "Don't criticise your goverment until you've ruled over the perfect society"?
You do not need to be an expert to see when an expert is doing a crap job of it.
And others would still be alive.
And even if centralized power is bad, there is no solution. If you decentralize it, eventually somebodys going to come along and start concentrating it again. Centralized power may be bad. but its also inevitable.
5) Force all your customers to wear fancy dress so that you don't need to perform any sort of grammar check when you post lists on slashdot.
Flash is pretty much a way of embedding an executable in a browser. AJAX is a buzzword for using javascript to manipulate the layout and contents of a page; the two are not directly interchangable.
If I were to be given a choice, I'd develop in Flash over "AJAX" any day. No issues with browser sniffing, cross-browser glitches, or the debugging hell that comes bundled with complex javascript apps. But there are some things you can do with javascript that you simply cannot do with Flash. And there are degrees of "AJAX" - in a number of my sites I've used a single call to XmlHTTPRequest to send data contained in a page to the server without changing the page the user is on. Trying to fulfil that requirement by redeveloping the whole site in Flash is overkill.
Becoming a Me Inc. Sales Agent requires no technical skills or training
So why would you be a Sales Agent when you could go for CEO with the same skill set?
Mystics. And third vote for the asploding head at that scene
It would be. Which is why Sony went into defence mode, called in their spin doctors, offered uninstall software, issued press releases, etc. That hurt their corporate image because Sony is the brand name they market with, and their marketable brand name was associated with the debacle.
It's one advantage to being a cartel^H^H^H^H^H^H assosciation. It's always "the RIAA" or "the MPAA" doing the suing. The individual companies aren't being assosciated with the bad publicity. If you started seeing "Sony sues grandpa without computer" or "Vivendi sues 13 year old girl", then you might start getting some reaction to the bad press. As it is, the MPAA is sort of like a meta-corporation. Corporations exist to limit the risk to individuals involved in the corporation. The MPAA exists to limit the risk to the companies involved in it.
Except all of the many Linux distributions are pretty much interchangable. Everything you can do with RedHat, you can do with Debian, or Suse, or Mandrake, or Ubuntu, or whatever other distribution you want. All that changes is how you do it. Assuming MS stays true to form, all their versions of windows will ship with different functionality. How you do something stays the same, but each version allows you to do different things.
Isn't this bleeding obvious?
I mean, evolution is based on adaptation to environment. If early humans were sufficiently well-adapted to their environment that they dominated it, what forces would be acting on them to propel evolution?
Erm, doesn't that quote just back up my post? Iraq apparently never responded...they do not appear to have resulted in a collaborative relationship.
So, there was contact - Iraq knocked al-Qaeda back. And that's why the US attacked them?
Well, it actually isn't a flip-flop, if you realize that the war in Iraq has absolutely no connection whatsoever to action against al-Qaeda. It wasn't a flip-flop, it was just George forgetting his own lies for a few seconds and letting a bit of truth slip out.
Awesome show, one of my top 3 anime shows (Hikaru no Go and Saishuu Heiki Kanojo being the other two). But yes, sub-orbital means that if it goes up, it's gonna come right back down again unless you're expending energy to keep it there. Ain't no such thing as sub-orbital space debris, since it very quickly becomes terrestrial space debris :P
Developers have had no excuse not to be writing LUA-friendly applications since about 1998. That's when every shipping version of Windows had support for per-user profiles and registries.
.PIF was a .JPG.
That was support for multiple users was added. But when did MS start saying that programs should be developed so they can work in a non-root setting? From the development perspective, "LUA-friendly" is just another feature. If you don't need it, you don't use it. You just keep doing things the way you usually do. It's not until MS issues best practices and "written for XP"-type certification that development houses are going to change their in-house practices (if then). The "encouragement" I was trying to refer to in the last paragraph was that situation. Microsoft didn't go out there saying "we want everyone to write insecure code". But they created a system that let developers assume they had global read/write to the harddrive. Once the developers fall into that mindset, changing it is going to be a long, slow process. That's the encouragement I'm talking about - they set up single-user system, and then tried to change it mid-stride to a multi-user one.
Ignorantly != accidentally. If they double-click an icon, that's deliberate.
It's a deliberate action, but they're not intentionally trying to run a program. It's like the difference between giving away your credit card numbers to random strangers, and being spoofed into giving to someone setting up a fake ebay interface. One is plain stupidity, and one is fraud.
Conceptually, a double click action only has one meaning - "open this" (or "activate this"). Whether this actually entails running an executable or passing the file to a handler program is an implementation detail that the user doesn't - and shouldn't have to - know about
Except that every user has to know that running code can be dangerous. Every user has to know that, or there's no helping them. And most, especially these days, do. If you simply modified the popup box that appears when you double-click a file with an unassigned helper app to say something like "This file appears to be an executable. Executable files may damage your computer and/or files. If you are sure you want to execute this file, right click and tick 'Make File Executable'" it would be a big help. It wouldn't help those bound and determined to run the happy elephants screensaver no matter the cost, but it'd help those who were fooled into believing that
You'll probably also find that the vast bulk of data on these machines is in a "shared folder". IIRC Windows calls it "Common Files"....most "household computers", if they're even used by more than one person, just have a single account that everyone uses
Maybe we've just had exposure to different households. Most that I've seen just save stuff to "My Documents" or the desktop, both of which are separate for each user.
In the Real World, however, this hypothetical difference doesn't add up to a hill of beans, because the vast bulk of OSS users only get their software through "vendors" like Red Had, Gentoo, Ubuntu and the like - so they're in exactly the same situation waiting for them as they would be waiting for Microsoft.
The thing is, the vendors themselves don't always write the patches. People in the Linux community did. With MS, there's one central point of failure - Microsoft. If they drop the ball, you're SOL. With Linux, if the usual guy doesn't deliver a patch in a timely fashion, some other interested party can. And then the vendors can vet his patch, and deliver it. People don't have to be able to code themselves to benefit from the advantages of open code. It's not a case of telling people to patch their own kernel, it's about not being totally dependant on a single entity for your patches.
When Linux has the same userbase proportion and demographic that Windows does, it will have the same problems, unless som
Encouraged how ? What Microsoft documentation can you provide showing that developers have been told to write applications dependant on Administrator level access ? How do you reconcile this claim with the requirement of the "Made for Windows XP" logo that applications must run in a normal user account ?
...and click it that I'm talking about. Particularly when the last ".exe" has been hidden by the OS. The problem is that double-clicking a file has two meanings - "execute me" and "open me with associated program". If the OS uses an execute bit, then it forces users to manually specify which of these actions are to be performed - which means fewer users accidentally executing what they assumed to be a non-executable file.
They encouraged it prior to the release of XP. Then they released XP, and changed the way programs are supposed to perform OS operations. Ok, that was a good step. But you can't expect millions of programs out there to be re-written to do it the new way. Even though they have now changed the way they recommend programs be written for their OS, their previous stance still has repurcussions in the current state of windows software.
Very little malware is executed "accidentally". If you seriously think the need to run "chmod a+x" or GUI equivalent is going to stop many people from running their "watching the dancing elephants" program, you're delusional. People are happy to open up password-protected zipfiles to get their malware fix, having to make something executable is barely a speed bump.
I'd say a whole lot of malware is executed accidentally. Ok, so the people who will jump through a hundred hoops to destroy their system are beyond hope, no matter what architecture they use. But it's the people who encounter a file like...
"holiday photo.gif_________________________________.exe"
(Due to slashcode, you'll have to pretend those underscores are whitespace)
Does it matter ? Most unmanaged machines are single user and the most important files on the system are the ones the user has full permissions to anyway.
Many of the machines used by inexperienced people I see these days are family machines. There's a Mum account, a Dad account, a little Johnny and little Betsie account. Households with multiple computers (at least in Australia, might be different in the US) tend to be those with computer-savvy household members in my experience. And if your file system is permissions-based, it means little Johnnies naieve attempt to access the wonderful world of internet porn won't delete all Daddy's financial records.
There's been no shortage of "critical vulnerabilities" in OSS apps that have gone unnoticed for extended lengths of time.
Which is why I used the word "potentially". Also, notice that I wasn't talking about bugs that go unnoticed, I was talking about bugs that are found, but sat on by Microsoft. In the OS community, as soon as a bug is found it can be patched by anyone. This is the advantage of an OS whose source code is public - anyone can modify it to protect themselves. So even if Linus (or Redhat, or whoever you consider to be the MS equivelant in Linuxland) doesn't develop a patch, some other party can. You're not going to be seeing the same sort of thing happening in Windowsworld because nobody really has any clue how it all works - they don't have access to the code.