Back in Windows 95 you could click on your country on the world map to set the time zone. A border dispute caused complaints to Microsoft and they removed the feature (http://blogs.msdn.com/b/oldnewthing/archive/2003/08/22/54679.aspx). This reminds me of that, only sillier.
You can do the same thing with desktop PCs and well-managed operating systems (fully automated OS installations and application loads, least-privilege users, automated patch deployment, all user state data stored on servers) and come in below the cost of thin-client devices, the associated "big iron" backoffice hardware to handle them, and the inordinately expensive licensing fees associated with all the products that made a virtual desktop infrastructure (VDI) possible. In large scale installations or installations where PCs aren't well-managed VDI will be a "win", but in smaller environments you'll spend more on licensing than you'd spend on desktops and their associated support.
Being vaccinated is part of being a responsible citizen. There are risks, and some people will be harmed or killed as a result. The net effect to society, though, is better, though. I get flu vaccines, boosters for my childhood vaccination regime, and I'll vaccinate any children I have. I'm willing to take the risk because I love living in a society where these preventable diseases occur infrequently.
Your rant re: vaccine manufacturers is a non sequitur and doesn't speak to the issue we're discussing.
Being a self-righteous asshole doesn't invalidate my premise-- it just makes me a dick.
Anti-vaxers unfairly minimize the risk to their children w/ respect to vaccine reactions yet they receive (freeload) the benefits of herd immunity. They also put herd immunity at risk and place those who are too young or unable to be vaccinated at risk.
Their behavior is anti-social and they have no place in a civilized society and should be shunned (by legal means, in my opinion).
I'll suppose I can be a little more civil in my tone. This "issue" really peeves me, as you probably saw.
Vaccination has risks, but it also has great rewards. Your child might've died if he'd received an egg-based vaccine (or, he might've never developed an egg allergy to begin with... but that's a different debate with different science behind it). The published rates of vaccine reactions, combined with the reward for the individual and society, make me put my money on vaccination.
If your child ends up being unable to receive vaccinations I do hope that he's not horribly disfigured or killed later in life as a result of others not vaccinating their children.
Having a child means accepting risks. Living in a society that receives the benefits of vaccines and herd immunity, to me, means accepting the risks. I find it unfair to parents who accept vaccines (and expose their children to the risks) when anti-vaxers seek to be relieved of the risk by eschewing vaccines. They erode herd immunity and endangering those who legitimately cannot be vaccinated while, at the same time. They receive all the rewards of vaccination (at least, until herd immunity breaks down), are exposed none of the risks, and are actively hurting society. They are anti-social, selfish people who deserve no place in a civilized society.
The benefits to the individual and society outweigh the risks, to me, I accept that the risks are part of having a child. I'd gladly vote for legislation that made freeloading, anti-social anti-vaxers go live somewhere else.
Let's make it a law because after all we wouldn't want people to believe they own their OWN bodies, and actually have the temerity to say what does or does not go into it.
Yes. I want this. I want to live in a society where people are forced to give up this bullshit "freedom" to refuse vaccines. I'll vote for that all day long. If you don't like it then I don't want you living in my society. Go somewhere else.
Assuming we have vaccines that are scientifically vetted and tested I'd be happy to live in a society where vaccination is mandatory.
Maybe you think my opinion is strong but THE FUCKING IDIOTS WHO REFUSE TO VACCINATE THEIR CHILDREN ARE MAKING THE WORLD LESS SAFE FOR EVERYONE ELSE. They're the selfish bastards...
I.E. if someone else was to get sick via a non-vaccinated person then in theory they were also NOT vaccinated. Hence they only people suffering would be those who chose not to get the shot.
You're a fucking idiot. You don't understand "herd immunity".
Infants can't be vaccinated immediately, but they're susceptible to disease. Some people have health problems that prevent them from being vaccinated. Sometimes the vaccines just don't work.
When the vast majority of people (the "herd") are vaccinated then enough immunity exists to prevent the disease from gaining a foothold and spreading. As soon as there are enough people who aren't vaccinated herd immunity breaks down and the world becomes unsafe for infants, those who cannot be vaccinated, or the unlucky few who the vaccine doesn't work on.
If my child died as a result of a preventable disease that they contracted while too young to be vaccinated and I found out they were infected by an the child of an anti-vax nutjob I think I'd have little choice but to kill the anti-vax parents. I'm quite sure I'd have a hard time staying my hand. People who are that anti-social and selfish don't deserve to live.
Reminds me of the short-lived Critical Update Notification Tool Microsoft released back in the early 2000's. (Yeah-- they really named it that, though they _quickly_ backpedaled on the name...)
There's some precedent for this in telephony. I've photographed a couple of old Cincinnati Bell central offices in residential neighborhoods in Cincinnati. They were built to match the architecture and landscaping of the houses around them. If you're not looking for them it's easy to mistake them for plain old houses.
I can't tell you about that funny Mac stuff... (thought the idea that a binary is specific to a specific OS release is really, really funny to me as a Windows user).
I didn't compile their app at all. I just found the "location.db" SQLite database on my phone, copied it over to my PC, and dumped it with an SQLite browser. I looked at the source of TFA's app to figure out what the timestamp epoch date was, but other than that I didn't use their app for anything.
I just dumped the file from my iPhone and imported it into a Google map. I had to check out the source code to the tool at TFA to figure out that the dates are based on an epoch of 2001-01-01 and not the usual Unix epoch date.
I'm looking forward to using this feature to help me track my location. Since the phone is already doing this "for free" it's not going to "cost" me any more battery power to use this log. It's not as accurate as GPS, but it's accurate enough for my needs.
Once I've got a cron job setup to offload the file from my (jailbroken) iPhone 3GS to a box on my network I'll work out how to wipe the file on the device after each upload (so that the device isn't carrying around weeks or months of my position data).
Without "trusted" hardware the user will always be able to override software "protections" designed to prevent arbitrary code execution. This is just another "leapfrog" in this arms race.
Give me "trusted computing" where I control the keys and decide what software is "trusted" and I'd be fine w/ it. Otherwise, I'll take the current situation on personal computers because, at least, I can run arbitrary software. ("Don't turn my PC into an iPhone, bro!")
NAP / NAC without trusted computing platforms on the client nodes is a stupid, pointless idea. Unless the client can be trusted not to lie about its "health status" there's no guarantee that the client isn't simply infected with something that's smart enough to hide from "health scans".
It seems like most everybody doesn't understand (or notice footnote 14 on page 5) that, in order for this to work, all the subject devices must have trusted processing capability. That means "TPM" chips, signed OS kernels / hypervisors, and the inability to run untrusted root-level code. Take a second to laugh at the idea that anyone will be able to introduce a bug-free hypervisor / TPM environment that can't run unsigned and untrusted code. After you're done laughing at that I'd recommend being angered at the notion of such a thing, since it will effectively eliminate control of the devices owned by consumers.. turning every device with a "clean bill of health" into a walled-garden appliance.
As long as consumers own and control their general purpose devices there will never be a way to do what this paper describes. Frankly, I'm alright with that. We'd do a lot better to just assume that every device is untrusted and act accordingly.
How did you make sure that none of your entrants subconsciously copied an existing work that they had heard 10 years ago on the radio? (See Bright Tunes Music v. Harrisongs Music, the "My Sweet Lord" case.) If you required all artists to warrant that they had done this checking themselves, what method did you suggest that they use?
I don't run the site, so I don't see it as my problem. Believe me, I'm as angry and frustrated by the silliness in the U.S. "intellectual property" law as you appear to be. It's a, pardon the vulgarity, dumb fucking pain. I write songs occasionally for the site, release them as public domain, and don't particularly care to get in a fight w/ anybody 'bout the intellectual property concerns. Something's gotta give, w/ respect to intellectual property and the way that things work in this "Internet age". I think we're in line for a copyright-fundend police state, destruction of the Internet as we know it, and ubiquitous prohibition of free expression. I hate it, but I can't really do much of anything about it.
We used Bittorrent to host some of the larger Songfight weeks. (Songfight is a semi-weekly music competition where artists / bands / etc compose a song based on a title chosen by the "Fightmaster". The following week, all the compositions are posted and voted-on.) Bittorrent was never used as the primary means of distribution for the songs, but in weeks that the 'fight was 100MB+ it was nice to have a torrent available.
I'm a contractor that's been with a fairly small district (2500 student enrollment) for about eight (8) years. I'm a self-employeed contractor, and work with a mix of educational, governmental, and private-industry Customers.
At my districg, I manage ten (10) servers (Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, and a couple different flavours of Fedora Linux), and a mostly Cisco Systems branded Ethernet infrastructure. I've got about five-hundred (500) Windows XP Professional-based PC's, and about eight-hundred (800) Windows 98SE-based PC's. Our network infrastructure is all Ethernet based, with gigabit-Ethernet based fiber links between our buildings, and 10/100 switched Ethernet inside the buildings. Besides running basic "File 'n Print" services, Microsoft Exchange 2003-based email, and providing access to the Internet, our LAN/WAN also supports about three-hundred Cisco IP phones. Our Internet access comes over three (3) bonded T1 lines. Major applications include our telephone system (Cisco CallManager and Unity), email, file 'n print sharing, gradebook (Pinnacle Excelsior... *blech*), student management (a AS/400-based application), and a host of small "boutique" apps (library automation, planning for "special needs" students, cafeteria POS, various student assessment systems).
I've been with this district since they deployed their first networked PC, and I've managed the entire infrastructure since the beginning. I brought us thru the Windows NT 4.0 and Exchange 5.5 days to where we are today. I don't handle PC problems (we have a combination of in-house and contracted support for broken PC's), but I handle any communcations / networking issues, management of the Active Directory installation, and provide general planning, design, and guidance.
We use a Linux-based disk imaging system that I put together for imaging our PC's via either CD-ROM based imaging or multicast network imaging. _ALL_ user data is stored on servers and PC's are re-imaged as a first response to PC issues. This fixes the majority of reported issues, and our lowest-level response staff are trained in these activities. I've eschewed what I consider silliness with programs like "Deep Freeze" or "Fortres", and use "System Policies" for my Windows 9X PC's and Group Policy for my Windows XP PC's, along with judicious use of re-imaging when necessary. (It takes around 15 minutes to re-image a Windows 98 PC and 25 minutes to re-image a Windows XP PC.) PC's (or, at least, their software environments) are disposable.
Overall, I'm pleased with how well things work. My duties are an approximately 20% full-time equivalent. Over our entire technical staff, we have approximately 2 full-time equivalents managing the network, phones, servers, PC's, and applications. It's split over six (6) people, including myself, and works out really well. We do most of our communcation via email, and I may go several weeks w/o seeing any of the other staff face-to-face.
The things that have helped most include:
A very thorough understanding of the features of Active Directory and Windows XP Professional. Translate this to whatever directory-service and client operating systems you use. Windows and AD have been good to me, and I've been a "MCSE" since 1997, but I cut my teeth on XENIX and SCO Unix, and I'm a die-hard free and open source software user. Like a lot of people, managing Windows systems is my "day job", though I've managed to work Linux or other free and open source software into nearly every one of my Customers networks in some way or another.
The ability to write code when I need it-- especially scripting during PC startups or logons. Our disk imager is a bunch of scripts tying open-source tools together on bootable CD's or PXE boot images. I wrote a system-policy handler DLL for Windows 9X that allows these PC's to obtain software installation instructions from scripts, not unlike Windows 2000/XP PC's obtaining installation instructions from Active Directory. I've heavily sc
I think you're asking about how I used Group Policy to roll this patch to clients. I built an MSI of the patch with a couple Custom Actions to take care of the installation and removal of the registry entry for the patch. Then I assigned it to all the client PC's in the enterprise w/ a GPO.
Will Windows Update be able to overwrite the unofficial patch when the official one is released? Does WU do a hash check of some sort to verify if the files that is is replacing are versions that it is allowed to replace?
The unofficial patch doesn't modify Windows files on disk, it patches the offending code in memory. The official patch will actually be a modification to Windows.
Some people might want to consider the unofficial patch - personally, I wouldn't let it anywhere near the network of 3000+ machines. If something goes wrong, that a lot of cleaning up to do, and Microsoft will not be interested in helping.
I rolled the MSI-based version of this patch to around 1,500 client PC's this morning. The MSI cleanly uninstalls and has been tested on the US versions of W2K Server SP4, W2K Pro SP4, WXP Pro Gold, WXP Pro SP1, WXP Pro SP2, W2K3 Gold, and W2K3 SP1.
Of course, I'm a bit biased, as I'm the guy that spent most of the weekend writing the Custom Action code for the MSI file that SANS is distributing now. Full source for the MSI is available here.
E-mail WON'T CUT IT. They KNOW that e-mail takes no effort, compared to sending an actual physical letter.
I've always been interested in this logic. It's simply asinie to think that the value of a constituent's opinion varies in proportion to the amount of difficulty one has to undergo to have their opinion heard. We should be electing representatives who have a more rational mentality.
(Why do I bother anyway? Representative democracy in the United States is all shot to hell. Nobody pursues positions of leadership anymore out of the desire to do their civic duty... it's all "career politicians" fucktards. Meanwhile, the public is completely brainwashed to believe that this is how things have to be... *sigh*)
The discussion threads for this article are killing me! You silly little Windows users w/ your cadres of anti-"spyware" programs, your bordering-on-mythos secondhand, thirdhand, and forthhand instructions on how to remove these unwanted programs, and your fun little superstitions-- you're hilarious!
I run Windows 2000 Profesional on a couple of my boxes, but I don't have a "spyware" problem. It baffles me that anybody else does, at least with any of the NT-based Windows OS's.
Don't logon as a user with administrative rights except when absolutely necessary. If an application doesn't run right as a non-Administrator user, figure out why and fix the permissions causing the problem, or get a better app. There's no excuse for needing to run apps as an Administrator user in 2005.
Don't install crappy software that you're not sure the origin of. You're monumentally stupid to install most peer-to-peer file sharing apps.
Password protect all the user accounts on the PC with reasonably good passwords, lest file-and-print-based self-replicating programs copy themselves onto the PC via default "Administrative shares".
Keep up-to-date with operating system and application patches.
Consider using a browser other than Internet Explorer and a mail reader that doesn't use the IE engine to render HTML. Better yet, stop using HTML email.
Install the OS with the PC disconnected from a LAN. Apply service packs and fixes via CD before plugging into the LAN.
Is it really all that hard?
The most hilarious things are the myths and superstitions. I liked the dude who suggested you should "unplug" the computer after removing "malware", because "Some malware will try reinsert registry keys at shutdown". That's suitably vague, and dangerous! Instead of just explaining WinLogon Notification Packages (the way that most of this unwanted software handles re-populating the registry with its references on shutdown) and how to disable them, the author just suggests you risk trashing your filesystem! It highlights the fact that most of you little Windows puppies don't have any idea how the OS works.
I'd clean a contaminated PC up by putting the contaiminated hard disk into a clean Windows PC, accesing the registry hives of the contaminated PC, and cleaning up its filesystem and registry carefully. Then you don't have to muck around with hostile programs detecting that you're excising them and trying to put themselves back. Don't have a second PC to do that on? Get a second hard disk drive, pull the contaminated one, install a clean OS on the new drive, then strap in the contaminated drive and clean away? (Don't boot the contaminated disk, though, or you get to start all over again.) Can't afford that? Use some rigged bootable CD thingamagig and take your chances... Sucks to be you.
The trick of using NTFS ACL's to deny the unwanted software access to its own files is cute, but the authors of this software are already working around that. They usually have SYSTEM privileges-- they don't need to worry about ACL's if they don't want to. In general, the days of troubleshooting contaminated PC's while booted in the contaminated environment are fast drawing to a close.
This is the state of the art in our industry... Sheesh. I'm so proud to work in IT.
Now someone comes along and says "we need the program to do X + Y". You stop, you think, and say "well, I can add in the Y functions HERE. It may may not be perfect, but there is no budget or time to refactor the entire system to do X + Y" Then along comes someone who wants to add Z. Again, the process is "We need it next week, and for N dollars"
Keep doing this for 20 years, and sometimes 100s of releases, and what you find is you have things that make NO sense, but WORK
You're an apologist for poor software engineering practices. Think about what a civil engineer would do when working on a public works project, with respect to safety. Software developers should be doing that with respect to maintainability. The fact that the "legacy systems" designation even exists is proof enough that adopting better software engineering practices and implementing lifecycle processes for software would result in a better end result for all involved.
The problem may start w/ "the suits" wanting the application to "do X", but it ends with the developers who give it to them w/o thinking about the consequences.
*sigh* I suppose it is human nature to steal from the future to bankroll today...
But the environment in which the software operates changes, and that change is analagous to weather corroding a pieces of physical equipment. Every time the OS gets a patch, the filesystem changes, a shared library is upgraded, the underlying hardware changes, there's a chance of triggering a failure in the software.
It's rather sad, to me, that we design these wonderful machines that can perform logical operations in great quantities with a high degree of repeatability and low occurance of failure, then create a culture around them that encourages sloppiness, and ultimately introduces a large measure of uncertainty into the operation of these machines. I am baffled at the perverse desire-- nay need-- that people seem to have to make software suffer from entropy.
The only "decay" in software should happen as a result of changing business requirements. There's no reason that, provided the business requirements don't change, that a well designed and properly implemented piece of software should not be usable in perpetuity. There may be changes in the underlying hardware and operating system software, but provided that the application is sufficiently abstracted from the underlying platform (or, provided that an emulation-layer for the original platform can be constructed) there's no reason other than changing business requirements for software to be "thrown away".
Let's put this a different way: How does a patch to the underlying operating system cause an application to fail? If the patch changes the behaviour of the underlying operating system in such a manner as to return unexepected values to the application, the patch is the cause of the failure. A flawed patch doesn't make an application "age" or "decay"-- it's simply a flawed patch. An application has to make assumptions about the underlying operating system. These assumptions are based on the API documentation-- the contact between the operating system and the application. When the OS violates the terms of the contract, that doesn't mean the application "decayed"-- it means some moron who coded the operating system patch messed up, and the operating system manufacturer/maintainer didn't perform good regression testing.
We should be designing software systems with 10 to 20 year usability goals. It would do a lot for the frustration level that the "suits" have with IT if we stopped being proponents of hugely expensive but "throwaway" systems, and started designing systems with an eye for longevity.
Slashdot Mirror
Back in Windows 95 you could click on your country on the world map to set the time zone. A border dispute caused complaints to Microsoft and they removed the feature (http://blogs.msdn.com/b/oldnewthing/archive/2003/08/22/54679.aspx). This reminds me of that, only sillier.
You can do the same thing with desktop PCs and well-managed operating systems (fully automated OS installations and application loads, least-privilege users, automated patch deployment, all user state data stored on servers) and come in below the cost of thin-client devices, the associated "big iron" backoffice hardware to handle them, and the inordinately expensive licensing fees associated with all the products that made a virtual desktop infrastructure (VDI) possible. In large scale installations or installations where PCs aren't well-managed VDI will be a "win", but in smaller environments you'll spend more on licensing than you'd spend on desktops and their associated support.
Being vaccinated is part of being a responsible citizen. There are risks, and some people will be harmed or killed as a result. The net effect to society, though, is better, though. I get flu vaccines, boosters for my childhood vaccination regime, and I'll vaccinate any children I have. I'm willing to take the risk because I love living in a society where these preventable diseases occur infrequently.
Your rant re: vaccine manufacturers is a non sequitur and doesn't speak to the issue we're discussing.
Being a self-righteous asshole doesn't invalidate my premise-- it just makes me a dick.
Anti-vaxers unfairly minimize the risk to their children w/ respect to vaccine reactions yet they receive (freeload) the benefits of herd immunity. They also put herd immunity at risk and place those who are too young or unable to be vaccinated at risk.
Their behavior is anti-social and they have no place in a civilized society and should be shunned (by legal means, in my opinion).
I'll suppose I can be a little more civil in my tone. This "issue" really peeves me, as you probably saw.
Vaccination has risks, but it also has great rewards. Your child might've died if he'd received an egg-based vaccine (or, he might've never developed an egg allergy to begin with... but that's a different debate with different science behind it). The published rates of vaccine reactions, combined with the reward for the individual and society, make me put my money on vaccination.
If your child ends up being unable to receive vaccinations I do hope that he's not horribly disfigured or killed later in life as a result of others not vaccinating their children.
Having a child means accepting risks. Living in a society that receives the benefits of vaccines and herd immunity, to me, means accepting the risks. I find it unfair to parents who accept vaccines (and expose their children to the risks) when anti-vaxers seek to be relieved of the risk by eschewing vaccines. They erode herd immunity and endangering those who legitimately cannot be vaccinated while, at the same time. They receive all the rewards of vaccination (at least, until herd immunity breaks down), are exposed none of the risks, and are actively hurting society. They are anti-social, selfish people who deserve no place in a civilized society.
The benefits to the individual and society outweigh the risks, to me, I accept that the risks are part of having a child. I'd gladly vote for legislation that made freeloading, anti-social anti-vaxers go live somewhere else.
Let's make it a law because after all we wouldn't want people to believe they own their OWN bodies, and actually have the temerity to say what does or does not go into it.
Yes. I want this. I want to live in a society where people are forced to give up this bullshit "freedom" to refuse vaccines. I'll vote for that all day long. If you don't like it then I don't want you living in my society. Go somewhere else. Assuming we have vaccines that are scientifically vetted and tested I'd be happy to live in a society where vaccination is mandatory. Maybe you think my opinion is strong but THE FUCKING IDIOTS WHO REFUSE TO VACCINATE THEIR CHILDREN ARE MAKING THE WORLD LESS SAFE FOR EVERYONE ELSE. They're the selfish bastards...
I.E. if someone else was to get sick via a non-vaccinated person then in theory they were also NOT vaccinated. Hence they only people suffering would be those who chose not to get the shot.
You're a fucking idiot. You don't understand "herd immunity". Infants can't be vaccinated immediately, but they're susceptible to disease. Some people have health problems that prevent them from being vaccinated. Sometimes the vaccines just don't work. When the vast majority of people (the "herd") are vaccinated then enough immunity exists to prevent the disease from gaining a foothold and spreading. As soon as there are enough people who aren't vaccinated herd immunity breaks down and the world becomes unsafe for infants, those who cannot be vaccinated, or the unlucky few who the vaccine doesn't work on. If my child died as a result of a preventable disease that they contracted while too young to be vaccinated and I found out they were infected by an the child of an anti-vax nutjob I think I'd have little choice but to kill the anti-vax parents. I'm quite sure I'd have a hard time staying my hand. People who are that anti-social and selfish don't deserve to live.
Reminds me of the short-lived Critical Update Notification Tool Microsoft released back in the early 2000's. (Yeah-- they really named it that, though they _quickly_ backpedaled on the name...)
There's some precedent for this in telephony. I've photographed a couple of old Cincinnati Bell central offices in residential neighborhoods in Cincinnati. They were built to match the architecture and landscaping of the houses around them. If you're not looking for them it's easy to mistake them for plain old houses.
I can't tell you about that funny Mac stuff... (thought the idea that a binary is specific to a specific OS release is really, really funny to me as a Windows user).
I didn't compile their app at all. I just found the "location.db" SQLite database on my phone, copied it over to my PC, and dumped it with an SQLite browser. I looked at the source of TFA's app to figure out what the timestamp epoch date was, but other than that I didn't use their app for anything.
Yep-- I resemble that remark.
I just dumped the file from my iPhone and imported it into a Google map. I had to check out the source code to the tool at TFA to figure out that the dates are based on an epoch of 2001-01-01 and not the usual Unix epoch date.
I'm looking forward to using this feature to help me track my location. Since the phone is already doing this "for free" it's not going to "cost" me any more battery power to use this log. It's not as accurate as GPS, but it's accurate enough for my needs.
Once I've got a cron job setup to offload the file from my (jailbroken) iPhone 3GS to a box on my network I'll work out how to wipe the file on the device after each upload (so that the device isn't carrying around weeks or months of my position data).
Without "trusted" hardware the user will always be able to override software "protections" designed to prevent arbitrary code execution. This is just another "leapfrog" in this arms race. Give me "trusted computing" where I control the keys and decide what software is "trusted" and I'd be fine w/ it. Otherwise, I'll take the current situation on personal computers because, at least, I can run arbitrary software. ("Don't turn my PC into an iPhone, bro!")
It's worse than that. The idea is to introduce pervasive and potentially legally-mandated "trusted computing".
NAP / NAC without trusted computing platforms on the client nodes is a stupid, pointless idea. Unless the client can be trusted not to lie about its "health status" there's no guarantee that the client isn't simply infected with something that's smart enough to hide from "health scans".
It seems like most everybody doesn't understand (or notice footnote 14 on page 5) that, in order for this to work, all the subject devices must have trusted processing capability. That means "TPM" chips, signed OS kernels / hypervisors, and the inability to run untrusted root-level code. Take a second to laugh at the idea that anyone will be able to introduce a bug-free hypervisor / TPM environment that can't run unsigned and untrusted code. After you're done laughing at that I'd recommend being angered at the notion of such a thing, since it will effectively eliminate control of the devices owned by consumers.. turning every device with a "clean bill of health" into a walled-garden appliance. As long as consumers own and control their general purpose devices there will never be a way to do what this paper describes. Frankly, I'm alright with that. We'd do a lot better to just assume that every device is untrusted and act accordingly.
How did you make sure that none of your entrants subconsciously copied an existing work that they had heard 10 years ago on the radio? (See Bright Tunes Music v. Harrisongs Music, the "My Sweet Lord" case.) If you required all artists to warrant that they had done this checking themselves, what method did you suggest that they use?
I don't run the site, so I don't see it as my problem. Believe me, I'm as angry and frustrated by the silliness in the U.S. "intellectual property" law as you appear to be. It's a, pardon the vulgarity, dumb fucking pain. I write songs occasionally for the site, release them as public domain, and don't particularly care to get in a fight w/ anybody 'bout the intellectual property concerns. Something's gotta give, w/ respect to intellectual property and the way that things work in this "Internet age". I think we're in line for a copyright-fundend police state, destruction of the Internet as we know it, and ubiquitous prohibition of free expression. I hate it, but I can't really do much of anything about it.
We used Bittorrent to host some of the larger Songfight weeks. (Songfight is a semi-weekly music competition where artists / bands / etc compose a song based on a title chosen by the "Fightmaster". The following week, all the compositions are posted and voted-on.) Bittorrent was never used as the primary means of distribution for the songs, but in weeks that the 'fight was 100MB+ it was nice to have a torrent available.
I'm a contractor that's been with a fairly small district (2500 student enrollment) for about eight (8) years. I'm a self-employeed contractor, and work with a mix of educational, governmental, and private-industry Customers.
At my districg, I manage ten (10) servers (Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, and a couple different flavours of Fedora Linux), and a mostly Cisco Systems branded Ethernet infrastructure. I've got about five-hundred (500) Windows XP Professional-based PC's, and about eight-hundred (800) Windows 98SE-based PC's. Our network infrastructure is all Ethernet based, with gigabit-Ethernet based fiber links between our buildings, and 10/100 switched Ethernet inside the buildings. Besides running basic "File 'n Print" services, Microsoft Exchange 2003-based email, and providing access to the Internet, our LAN/WAN also supports about three-hundred Cisco IP phones. Our Internet access comes over three (3) bonded T1 lines. Major applications include our telephone system (Cisco CallManager and Unity), email, file 'n print sharing, gradebook (Pinnacle Excelsior... *blech*), student management (a AS/400-based application), and a host of small "boutique" apps (library automation, planning for "special needs" students, cafeteria POS, various student assessment systems).
I've been with this district since they deployed their first networked PC, and I've managed the entire infrastructure since the beginning. I brought us thru the Windows NT 4.0 and Exchange 5.5 days to where we are today. I don't handle PC problems (we have a combination of in-house and contracted support for broken PC's), but I handle any communcations / networking issues, management of the Active Directory installation, and provide general planning, design, and guidance.
We use a Linux-based disk imaging system that I put together for imaging our PC's via either CD-ROM based imaging or multicast network imaging. _ALL_ user data is stored on servers and PC's are re-imaged as a first response to PC issues. This fixes the majority of reported issues, and our lowest-level response staff are trained in these activities. I've eschewed what I consider silliness with programs like "Deep Freeze" or "Fortres", and use "System Policies" for my Windows 9X PC's and Group Policy for my Windows XP PC's, along with judicious use of re-imaging when necessary. (It takes around 15 minutes to re-image a Windows 98 PC and 25 minutes to re-image a Windows XP PC.) PC's (or, at least, their software environments) are disposable.
Overall, I'm pleased with how well things work. My duties are an approximately 20% full-time equivalent. Over our entire technical staff, we have approximately 2 full-time equivalents managing the network, phones, servers, PC's, and applications. It's split over six (6) people, including myself, and works out really well. We do most of our communcation via email, and I may go several weeks w/o seeing any of the other staff face-to-face.
The things that have helped most include:
How'd you distribute it across Active directory?
I think you're asking about how I used Group Policy to roll this patch to clients. I built an MSI of the patch with a couple Custom Actions to take care of the installation and removal of the registry entry for the patch. Then I assigned it to all the client PC's in the enterprise w/ a GPO.
Will Windows Update be able to overwrite the unofficial patch when the official one is released? Does WU do a hash check of some sort to verify if the files that is is replacing are versions that it is allowed to replace?
The unofficial patch doesn't modify Windows files on disk, it patches the offending code in memory. The official patch will actually be a modification to Windows.
Some people might want to consider the unofficial patch - personally, I wouldn't let it anywhere near the network of 3000+ machines. If something goes wrong, that a lot of cleaning up to do, and Microsoft will not be interested in helping.
I rolled the MSI-based version of this patch to around 1,500 client PC's this morning. The MSI cleanly uninstalls and has been tested on the US versions of W2K Server SP4, W2K Pro SP4, WXP Pro Gold, WXP Pro SP1, WXP Pro SP2, W2K3 Gold, and W2K3 SP1.
Of course, I'm a bit biased, as I'm the guy that spent most of the weekend writing the Custom Action code for the MSI file that SANS is distributing now. Full source for the MSI is available here.
E-mail WON'T CUT IT. They KNOW that e-mail takes no effort, compared to sending an actual physical letter.
I've always been interested in this logic. It's simply asinie to think that the value of a constituent's opinion varies in proportion to the amount of difficulty one has to undergo to have their opinion heard. We should be electing representatives who have a more rational mentality.
(Why do I bother anyway? Representative democracy in the United States is all shot to hell. Nobody pursues positions of leadership anymore out of the desire to do their civic duty... it's all "career politicians" fucktards. Meanwhile, the public is completely brainwashed to believe that this is how things have to be... *sigh*)
The discussion threads for this article are killing me! You silly little Windows users w/ your cadres of anti-"spyware" programs, your bordering-on-mythos secondhand, thirdhand, and forthhand instructions on how to remove these unwanted programs, and your fun little superstitions-- you're hilarious!
I run Windows 2000 Profesional on a couple of my boxes, but I don't have a "spyware" problem. It baffles me that anybody else does, at least with any of the NT-based Windows OS's.
Is it really all that hard?
The most hilarious things are the myths and superstitions. I liked the dude who suggested you should "unplug" the computer after removing "malware", because "Some malware will try reinsert registry keys at shutdown". That's suitably vague, and dangerous! Instead of just explaining WinLogon Notification Packages (the way that most of this unwanted software handles re-populating the registry with its references on shutdown) and how to disable them, the author just suggests you risk trashing your filesystem! It highlights the fact that most of you little Windows puppies don't have any idea how the OS works.
I'd clean a contaminated PC up by putting the contaiminated hard disk into a clean Windows PC, accesing the registry hives of the contaminated PC, and cleaning up its filesystem and registry carefully. Then you don't have to muck around with hostile programs detecting that you're excising them and trying to put themselves back. Don't have a second PC to do that on? Get a second hard disk drive, pull the contaminated one, install a clean OS on the new drive, then strap in the contaminated drive and clean away? (Don't boot the contaminated disk, though, or you get to start all over again.) Can't afford that? Use some rigged bootable CD thingamagig and take your chances... Sucks to be you.
The trick of using NTFS ACL's to deny the unwanted software access to its own files is cute, but the authors of this software are already working around that. They usually have SYSTEM privileges-- they don't need to worry about ACL's if they don't want to. In general, the days of troubleshooting contaminated PC's while booted in the contaminated environment are fast drawing to a close.
This is the state of the art in our industry... Sheesh. I'm so proud to work in IT.
Now someone comes along and says "we need the program to do X + Y". You stop, you think, and say "well, I can add in the Y functions HERE. It may may not be perfect, but there is no budget or time to refactor the entire system to do X + Y" Then along comes someone who wants to add Z. Again, the process is "We need it next week, and for N dollars"
Keep doing this for 20 years, and sometimes 100s of releases, and what you find is you have things that make NO sense, but WORK
You're an apologist for poor software engineering practices. Think about what a civil engineer would do when working on a public works project, with respect to safety. Software developers should be doing that with respect to maintainability. The fact that the "legacy systems" designation even exists is proof enough that adopting better software engineering practices and implementing lifecycle processes for software would result in a better end result for all involved.
The problem may start w/ "the suits" wanting the application to "do X", but it ends with the developers who give it to them w/o thinking about the consequences.
*sigh* I suppose it is human nature to steal from the future to bankroll today...
But the environment in which the software operates changes, and that change is analagous to weather corroding a pieces of physical equipment. Every time the OS gets a patch, the filesystem changes, a shared library is upgraded, the underlying hardware changes, there's a chance of triggering a failure in the software.
It's rather sad, to me, that we design these wonderful machines that can perform logical operations in great quantities with a high degree of repeatability and low occurance of failure, then create a culture around them that encourages sloppiness, and ultimately introduces a large measure of uncertainty into the operation of these machines. I am baffled at the perverse desire-- nay need-- that people seem to have to make software suffer from entropy.
The only "decay" in software should happen as a result of changing business requirements. There's no reason that, provided the business requirements don't change, that a well designed and properly implemented piece of software should not be usable in perpetuity. There may be changes in the underlying hardware and operating system software, but provided that the application is sufficiently abstracted from the underlying platform (or, provided that an emulation-layer for the original platform can be constructed) there's no reason other than changing business requirements for software to be "thrown away".
Let's put this a different way: How does a patch to the underlying operating system cause an application to fail? If the patch changes the behaviour of the underlying operating system in such a manner as to return unexepected values to the application, the patch is the cause of the failure. A flawed patch doesn't make an application "age" or "decay"-- it's simply a flawed patch. An application has to make assumptions about the underlying operating system. These assumptions are based on the API documentation-- the contact between the operating system and the application. When the OS violates the terms of the contract, that doesn't mean the application "decayed"-- it means some moron who coded the operating system patch messed up, and the operating system manufacturer/maintainer didn't perform good regression testing.
We should be designing software systems with 10 to 20 year usability goals. It would do a lot for the frustration level that the "suits" have with IT if we stopped being proponents of hugely expensive but "throwaway" systems, and started designing systems with an eye for longevity.