Closed source compliance costs are such that the company I work for has moved to "Open (Wallet) Licensing" (http://www.microsoft.com/licensing/programs/open/ default.mspx).
We effectively buy 2 windows licenses for every box (one OEM, one volume license), we even have to pay for non-MS boxes (you license every box 'capable of running windows' regardless of whether or not it does. I run Ubuntu and I'm still paying an annual fee to MS!!).
Yeah, our problem is the proliferation of FOSS licenses (all of which basically say "do whatever you want in-house").
Or, it could be HD sound they're playing which is clogging up the limited bandwidth on the PCI bus.
http://en.wikipedia.org/wiki/Peripheral_Component_ Interconnect
32 bits wide, as slow as 33MHz but usually 133MHz.
You're not likely to be running Vista on a machine old enough to use a 33MHz bus, but let's assume you are.....
Also, assume some ridiculous HD sound specs: 32 bits per sample (CD's only have 16), 10 channels (CD's have 2), 100,000 samples per second (CD's have 44,100) and a 100% overhead.
That's that's 8 MBps out of your 133 MBps bus, or less than 7% of the bus.
How is this maxing out the bus?
And let me speak from personal experience when I say that it is almost imposable to grasp the amount of damage that can be caused by someone who thinks they know what they are doing.
Sure, until a newer, younger, prettier version of Ubuntu shows up and then it's goodbye solid reliable Ubuntu 7, hello slutty trophy wife Ubuntu 8.
Everyone will be sniggering at the HP behind it's back, with its comb-over and beer-belly, trying desperately to relive it's youth.
Meanwhile Ubuntu 7 will be relegated to a small server in the corner looking after a few dependant apps that don't like the new step-mom.
I don't dare upgrade to 64 bit, 32 is headache enough.
I just signed up for a broadband plan that supports vista-32 but not vista-64.
Weird, as the modem talks over 10/100 UTP or 802.11/b/g, i.e. there are no OS drivers to worry about. I should be able to use any OS that supports those (and in fact, I'm using Ubuntu), so why pick on vista-64?
Doesn't vista-64 have networking installed?
I suspect it's because the ISP doesn't want to become a generic PC-support help-desk for vista-64!
I remember when XP came out, many MS apologists said "yes, XP sucks, but Win2K is really not bad."
Now that Vista is out I'm hearing things like "yes, Vista sucks, but XP-SP2 is really not too bad."
The answer is not "don't use Vista", the answer is "don't bother with DRM"
Rip the DRM support out of Vista,...
Does this work, or will Vista 'heal' itself next time yuou reboot, apply a patch or it phones home to 'genuinely advantage' me?
What other things will it break? DRM on Office files?
What exactly is the point of buying Vista over XP if it won't even play DRM-encrusted content?
So write the reader in C for efficiency if you must, but DO NOT LET THE READER INTERPRET THE DATA!!
The reader simply passes the data to the PC, which is powerful enough to use a 'safe' language (with bounds checking, garbage collection, VM-sandboxing etc. etc.). Data obtained from the card is untrusted and should be treated as such until proven otherwise.
The problem here is not the reader, but the JPEG library running on the host.
The product is never advertsed to be a perfect, 100% fool-proof solution.
But somehow they always seem to forget to tell you about the problems, so people _assume_ it's 100% fool proof.
This false sense of security is dangerous.
What it does, what ANY security system does, is makes it harder for people to get in. That's all. And for that, it works quite well.
yeah, like not having admin accounts works quite well.... until you want to get something done.
Example: Bob is working for a company and has a spreadsheet which contains the company's top 1000 customers (or trade secrets, or next big marketing strategy, etc). He's about to leave and go to work for the competitor. He emails his GMail account the sensitive document so he can start using it when he gets to the new place.
The author of the document was smart enough to add DRM to the file. When Bob tries to open it at home, it won't. The next day when Bob returns to the office he tries to copy-and-paste it into a new file, it still can't be opened. When Bob tries to print it onto paper, he finds that he cannot. This is because the original author disabled everything through DRM.
Unfortunately Frank, the CEO who still thinks it's neat that computers come with a cupholder, doesn't know squat about security or DRM or anything like that, all he knows is that the effing spreadsheet won't effing print and someone effing better fix it right effing now and don't talk to me about effing DRM or anything like that!
Hence, the DRM is removed and Frank can happily copy the data without resorting to mobile-phone-camera-screen-captures.
In the 'real world'(tm) security it always always sacrificed for functionality (see above about non-admin logons).
Even if DRM works, even if it's set up right, even if everything else works (i.e. Frank can't simply walk up to his bosses PC and print it from there (his boss is given print permission by the DRM and his boss doesn't like to be bothered with screensavers and/or picks dumb passwords)), this kind of 'security' will still fail.
Somewhere along the line someone is going to disable it because the need to actually get something done.
16) DRM (the kind that corporations need to keep their docs secret)
Every single DRM scheme I know of has failed, and all for the very same reason: key management.
It comes down to a choice between being able to keep your secrets and being able to access your
Encryption is easy (it's not. MS have made the same blunder twice in Word!). Key management is hard. Don't kid yourself into thinking that MS Office DRM is any different.
There is either be a recovery mechanism for passwords/keys/documents (in which case that mechanism will be used to leak data) or there isn't (in which case data will be lost 'cos the encrypted data is backed up but not the keys).
NTFS encryption has such a recovery mechanism; there is a special domain account which can decrypt all data. This means that your IT department can real ALL ENCRYPTED DATA AT THEIR LEISURE.
I'm guessing Office has a similar feature.
MS Office is a de facto standard for business communications, and so forcing students to learn it and develop skills in it is a good thing.
I disagree.
I think you should teach concepts, not tools.
Teaching them MS Office 2007 may help them once they graduate and use MS Office 20xx.
Teaching them what typesetting is, how to organise a spreadsheet and how to summaries your points in a presentation will help them no matter which version of whatever tool they end up using.
It's like learning programming languages. Once you learn a few of them, you not only actually start to learn how to program (I don't think any single language can teach you that), you also find that picking up new languages becomes almost trivial.
How you define secure depends on what you're trying to protect.
The FCC is (should be) trying to protect the EM spectrum rather than content. They shouldn't care about people copying movies from 'insecure' transceivers as long as those transceivers aren't messing up the spectrum.
In this context, the FCC define 'secure' as 'unable to mess up the spectrum by transmitting out of the licensed band, using too much power or doing anything else nasty that'll mes up the spectrum'.
An open source device, with a "#define FREQ_HZ 123456" in a header file somewhere, will be 'less secure' in this context as it'll be trivial to break spectrum licensing rules.
The Vista system's warranty includes some software support, of course.
Ubuntu could easily match the best of Microsoft Support (as provided for 'free-as-in-beer' with a Dell) by including an audio CD containing the following bits of advice:
* Have you tried rebooting?
* Have you tried reinstalling?
* Have you tried upgrading?
* Have you tried resetting to the default settings?
* Have you tried contacting some other vendor?
* Have you tried crossing your fingers?
* Have you tried clicking your heels and repeating "There's no place like Redmond" three times?
To exceed the benchmark set by Microsoft/Dell, have the lines read by someone who speaks English natively.
... we already have a solution:
http://www.naa.gov.au/recordkeeping/preservation/d igital/applications.html
The Archives' approach to digital preservation relies on converting digital records from their original format into preservation formats. Xena (XML Electronic Normalising of Archives) is the program created by the National Archives to complete these processes.
Xena converts digital records into two preservation formats.
* Bitstream version. This is a metadata-wrapped bitstream version of the record, which is considered a secure original copy of the record. This version contains all of the information from the original, but requires access to the original hardware, operating system and application software for performance.
* Normalised version. This version is also wrapped in metadata. The process of normalising converts the record from its original format into eXtensible Mark-up
Language (XML). The XML version is not considered to be an original copy of the record as some information may be lost during the normalisation process. However, the performance of the normalised object is the closest to the original that is currently possible. Xena is being continually improved so, over time, the performance of normalised versions is expected to more closely replicate the original.
technology which is designed to destroy contaminated P2P networks by draining the illegal content of those networks
How is it going to detect 'contamination' by copyright material? AFAIK there's no watermarking yet. Maybe something like a signature database (ala anti-malware scanners?). Yup, I'd love to see the footprint of that little file.....
Users simply plug it in the subnet as a bridge and it goes to work without altering their network topology."
Without changing the logical topology perhaps. The physical topology is altered by introducing a whopping great single-point-of-failure and potential bottleneck.
will detect and prohibit illegal P2P traffic while allowing the passage of legal P2P such as BitTorrent.
...
"That is why our P2PD implemented in Clouseau never opens any transmission packets. Rather, we monitor the ever-changing and adapting myriad of illegal P2P protocols/networks and continually update our systems to block only these illegal transmissions."
So... BitTorrent P2P good, other P2P bad?
It must be using the Evil bit (http://tools.ietf.org/html/rfc3514)
Slashdot Mirror
Closed source compliance costs are such that the company I work for has moved to "Open (Wallet) Licensing" (http://www.microsoft.com/licensing/programs/open/ default.mspx).
We effectively buy 2 windows licenses for every box (one OEM, one volume license), we even have to pay for non-MS boxes (you license every box 'capable of running windows' regardless of whether or not it does. I run Ubuntu and I'm still paying an annual fee to MS!!).
Yeah, our problem is the proliferation of FOSS licenses (all of which basically say "do whatever you want in-house").
"Not only has no one ever found a void this big, but we never even expected to find one this size,"
... but I wish the goatse* jokes would finally stop.
Or, it could be HD sound they're playing which is clogging up the limited bandwidth on the PCI bus.
_ Interconnect
http://en.wikipedia.org/wiki/Peripheral_Component
32 bits wide, as slow as 33MHz but usually 133MHz.
You're not likely to be running Vista on a machine old enough to use a 33MHz bus, but let's assume you are.....
Also, assume some ridiculous HD sound specs: 32 bits per sample (CD's only have 16), 10 channels (CD's have 2), 100,000 samples per second (CD's have 44,100) and a 100% overhead.
That's that's 8 MBps out of your 133 MBps bus, or less than 7% of the bus.
How is this maxing out the bus?
Reminds me of the late 90s where AOL's crashing mail servers ...
me2!!
And let me speak from personal experience when I say that it is almost imposable to grasp the amount of damage that can be caused by someone who thinks they know what they are doing.
What did you break?
Frankly, they won't part until death.
Sure, until a newer, younger, prettier version of Ubuntu shows up and then it's goodbye solid reliable Ubuntu 7, hello slutty trophy wife Ubuntu 8.
Everyone will be sniggering at the HP behind it's back, with its comb-over and beer-belly, trying desperately to relive it's youth.
Meanwhile Ubuntu 7 will be relegated to a small server in the corner looking after a few dependant apps that don't like the new step-mom.
I don't dare upgrade to 64 bit, 32 is headache enough.
I just signed up for a broadband plan that supports vista-32 but not vista-64.
Weird, as the modem talks over 10/100 UTP or 802.11/b/g, i.e. there are no OS drivers to worry about. I should be able to use any OS that supports those (and in fact, I'm using Ubuntu), so why pick on vista-64?
Doesn't vista-64 have networking installed?
I suspect it's because the ISP doesn't want to become a generic PC-support help-desk for vista-64!
I remember when XP came out, many MS apologists said "yes, XP sucks, but Win2K is really not bad."
Now that Vista is out I'm hearing things like "yes, Vista sucks, but XP-SP2 is really not too bad."
The answer is not "don't use Vista", the answer is "don't bother with DRM" ...
Rip the DRM support out of Vista,
Does this work, or will Vista 'heal' itself next time yuou reboot, apply a patch or it phones home to 'genuinely advantage' me?
What other things will it break? DRM on Office files?
What exactly is the point of buying Vista over XP if it won't even play DRM-encrusted content?
So write the reader in C for efficiency if you must, but DO NOT LET THE READER INTERPRET THE DATA!!
The reader simply passes the data to the PC, which is powerful enough to use a 'safe' language (with bounds checking, garbage collection, VM-sandboxing etc. etc.). Data obtained from the card is untrusted and should be treated as such until proven otherwise.
The problem here is not the reader, but the JPEG library running on the host.
for a worthless feel-good campaign.
$40 million increasing for police funding which might actually work.
Yup.... there must be an election in the wind....
The product is never advertsed to be a perfect, 100% fool-proof solution.
But somehow they always seem to forget to tell you about the problems, so people _assume_ it's 100% fool proof. This false sense of security is dangerous.
What it does, what ANY security system does, is makes it harder for people to get in. That's all. And for that, it works quite well.
yeah, like not having admin accounts works quite well.... until you want to get something done.
Example: Bob is working for a company and has a spreadsheet which contains the company's top 1000 customers (or trade secrets, or next big marketing strategy, etc). He's about to leave and go to work for the competitor. He emails his GMail account the sensitive document so he can start using it when he gets to the new place.
The author of the document was smart enough to add DRM to the file. When Bob tries to open it at home, it won't. The next day when Bob returns to the office he tries to copy-and-paste it into a new file, it still can't be opened. When Bob tries to print it onto paper, he finds that he cannot. This is because the original author disabled everything through DRM.
Unfortunately Frank, the CEO who still thinks it's neat that computers come with a cupholder, doesn't know squat about security or DRM or anything like that, all he knows is that the effing spreadsheet won't effing print and someone effing better fix it right effing now and don't talk to me about effing DRM or anything like that!
Hence, the DRM is removed and Frank can happily copy the data without resorting to mobile-phone-camera-screen-captures.
In the 'real world'(tm) security it always always sacrificed for functionality (see above about non-admin logons).
Even if DRM works, even if it's set up right, even if everything else works (i.e. Frank can't simply walk up to his bosses PC and print it from there (his boss is given print permission by the DRM and his boss doesn't like to be bothered with screensavers and/or picks dumb passwords)), this kind of 'security' will still fail.
Somewhere along the line someone is going to disable it because the need to actually get something done.
16) DRM (the kind that corporations need to keep their docs secret)
Every single DRM scheme I know of has failed, and all for the very same reason: key management.
It comes down to a choice between being able to keep your secrets and being able to access your
Encryption is easy (it's not. MS have made the same blunder twice in Word!). Key management is hard. Don't kid yourself into thinking that MS Office DRM is any different.
There is either be a recovery mechanism for passwords/keys/documents (in which case that mechanism will be used to leak data) or there isn't (in which case data will be lost 'cos the encrypted data is backed up but not the keys). NTFS encryption has such a recovery mechanism; there is a special domain account which can decrypt all data. This means that your IT department can real ALL ENCRYPTED DATA AT THEIR LEISURE. I'm guessing Office has a similar feature.
MS Office is a de facto standard for business communications, and so forcing students to learn it and develop skills in it is a good thing.
I disagree.
I think you should teach concepts, not tools.
Teaching them MS Office 2007 may help them once they graduate and use MS Office 20xx.
Teaching them what typesetting is, how to organise a spreadsheet and how to summaries your points in a presentation will help them no matter which version of whatever tool they end up using.
It's like learning programming languages. Once you learn a few of them, you not only actually start to learn how to program (I don't think any single language can teach you that), you also find that picking up new languages becomes almost trivial.
... 7 of 9?
Does this mean there are only 2 more versions to go, or does this mean I should stop watching "Star Trek whatever" re-runs on TV?
and they have Office program managers patrolling cyberspace looking for any negative comments ?
:-)
Naah... they just google for them
Bruce, are you reading this?
How you define secure depends on what you're trying to protect.
The FCC is (should be) trying to protect the EM spectrum rather than content. They shouldn't care about people copying movies from 'insecure' transceivers as long as those transceivers aren't messing up the spectrum.
In this context, the FCC define 'secure' as 'unable to mess up the spectrum by transmitting out of the licensed band, using too much power or doing anything else nasty that'll mes up the spectrum'.
An open source device, with a "#define FREQ_HZ 123456" in a header file somewhere, will be 'less secure' in this context as it'll be trivial to break spectrum licensing rules.
The Vista system's warranty includes some software support, of course.
Ubuntu could easily match the best of Microsoft Support (as provided for 'free-as-in-beer' with a Dell) by including an audio CD containing the following bits of advice:
* Have you tried rebooting?
* Have you tried reinstalling?
* Have you tried upgrading?
* Have you tried resetting to the default settings?
* Have you tried contacting some other vendor?
* Have you tried crossing your fingers?
* Have you tried clicking your heels and repeating "There's no place like Redmond" three times?
To exceed the benchmark set by Microsoft/Dell, have the lines read by someone who speaks English natively.
You are about to post a reply that will spark yet another slashdto flamewar.
Cancel or allow?
Why, oh why didn't I take the blue pill^W^W^Wpress the cancel button?
... we already have a solution: http://www.naa.gov.au/recordkeeping/preservation/d igital/applications.html
The Archives' approach to digital preservation relies on converting digital records from their original format into preservation formats. Xena (XML Electronic Normalising of Archives) is the program created by the National Archives to complete these processes.
Xena converts digital records into two preservation formats.
* Bitstream version. This is a metadata-wrapped bitstream version of the record, which is considered a secure original copy of the record. This version contains all of the information from the original, but requires access to the original hardware, operating system and application software for performance.
* Normalised version. This version is also wrapped in metadata. The process of normalising converts the record from its original format into eXtensible Mark-up Language (XML). The XML version is not considered to be an original copy of the record as some information may be lost during the normalisation process. However, the performance of the normalised object is the closest to the original that is currently possible. Xena is being continually improved so, over time, the performance of normalised versions is expected to more closely replicate the original.
>Under the Howard government we have practically been turned into the newest US state.
Except we don't get to vote.
Voting only counts if the votes are actually counted.
technology which is designed to destroy contaminated P2P networks by draining the illegal content of those networks
How is it going to detect 'contamination' by copyright material? AFAIK there's no watermarking yet. Maybe something like a signature database (ala anti-malware scanners?). Yup, I'd love to see the footprint of that little file.....
Users simply plug it in the subnet as a bridge and it goes to work without altering their network topology."
Without changing the logical topology perhaps. The physical topology is altered by introducing a whopping great single-point-of-failure and potential bottleneck.
will detect and prohibit illegal P2P traffic while allowing the passage of legal P2P such as BitTorrent.
...
"That is why our P2PD implemented in Clouseau never opens any transmission packets. Rather, we monitor the ever-changing and adapting myriad of illegal P2P protocols/networks and continually update our systems to block only these illegal transmissions."
So... BitTorrent P2P good, other P2P bad?
It must be using the Evil bit (http://tools.ietf.org/html/rfc3514)
A friend of mine got 2 such calls simultaneously.
A few button presses later and they were talking to each other thanks to the magic of PBXs...
I wonder who recruited whom?