True, but what if each core could hyperthread? While one core hyperthread may get you a 10-20% increase in speed, depending on what you are doing, a dual core, hyperthreaded system may add 30-40% speed performance because you are more likely to have an open cycle for background processes at any given time.
Um, correct me if I am wrong (and I am pretty sure I am not), doesn't SUS use parts of IE? And as for copying the files from a workstattion.. um.. isn't IE part of file exploder? Don't forget the IE integrated help files once you install that patch (but who needs those stinking help files anyway..)
Hell, even the SMS client is tied to IE.
So, we simply elinate SUs, SMS, file copies.. MS update and direct downloads. Oh.. yeah.. have to remove file explorer too.
Yup.. secure as can be...
Well, I might fear this if it were not for the greed of the credit card companies themselves. Without a signature, they really have no recourse if you dispute it (EULA or not). Secondly, the CC comapnies MAKE money when you dispute the charge (chargeback). Ever wonder why it was so easy to get a charge taken off your bill? Well, the CC doesn't care. The company ends up paying the discount fee PLUS a chargeback. I think Valve hasn't though this through. Thousands of chargebacks could ruin the company.
I'm not sure this is a fair test. Under the DMCA, the ISP must take down the material within (I think) 72 hours to maintain immunity. The site owner can respond in 10 days to deny the charges and the ISP can put it back up with immunity.
Now I'm not saying that the DMCA is the correct way to do things, and I really don't condone the idea of handing out personal information without a court order, but this "test" doesn't tell us anything except that ISPs don't want to get into legal trouble. Surprise, surprise.
Since when is not waching an advertisement illegal? That seems a constitutional violation - No one has a right to FORCE me to watch/listen to anything.
What?! No more pee breaks in my favorite shows? How far does this extend? Do I have to stay home and watch ALL commercials for phear of being arrested?
Wasn't it just ruled that the DMCA only applied if you owned the copyright of the item you were protecting? In this case, even if we accept the idea that a person is supposed to own some text for the rest of their lives, plus some, in exlusion of an societal repayment, Google is not the party to do it.
However, I agree that, while it is not a "Security" hole, it should be conisidered a bug and fixed.
These people are as bad (or worse) as the people they claim to protect us from. While taking the moral high road to remove injustice is hard, it does not justify the kinds of actions these groups preach.
In college, I attended a very liberal-based school. It was unique and consisted of qualified students who were taken from high school before they graduated and placed into an accredited college.
In that aspect, many, including myself, didn't always understand the nuances of the propaganda they preached. One incident stuck in my head: A student had plastered "posters" all over campus that read "Oppress the oppressors". Having considered this for a second, I realized that this type of thinking only created a downward spiral as the oppressors become oppressed and the begins the cycle begins again.
For those not familiar, read the lyrics of "The Trees" by Rush.
"Now there's no more oak oppression,
For they passed a noble law,
And the trees are all kept equal
By hatchet, axe, and saw."
Software licensing came about in the early days because the issue of code being copyrightable was still up in the air. Now that code is copyrightable, I have always wondered how they can get their cake and eat it too. Either it is copyrightable, thus required to follow the fair use, or it is licensable and cannot be copyrighted. If the company wants to use a license to restrict the sale, then the DMCA should not apply.
If I recall correctly, AS400s are still supported. We can't say the same for Windows 3.11, 95, 98 or soon NT.
It would seem that some people MUST upgrade, just to communicate. You also need to consider that the AS400s NEVER had this many security holes or obvious flaws. But that couldn't be why banks and secure industries still use AS400s. Nope, they are just lazy and cheap.
"First they came for the Jews
and I did not speak out
because I was not a Jew.
Then they came for the Communists
and I did not speak out
because I was not a Communist.
Then they came for the trade unionists
and I did not speak out
because I was not a trade unionist.
Then they came for me
and there was no one left
to speak out for me."
-Pastor Martin Niemöller
"If you are not doing anything wrong, you don't have anything to fear" Except corrupt government officials, the fact that what I am doing now may not be "wrong" but the records could be used againts me if it ever does become "wrong". Hmm.. or perhaps the fear of the unneccesary data being collected wrong (hey, it's not that important, so we don't track it very well) getting all fubared and having me end up on a no-fly or terrorist list becuase some low-end government desk jockey can't be bothered to double-check data. I guess we don't have anything to fear. Oh, did I mention that it doesn't fix the issue in the first place, so I end up paying taxes to have myself tapped and get no benefit from it?
Anyone who thinks "If you aren't do anything wrong, you have nothing to fear" is either A) Living in some strnage world unknown to most B) Lying to themselves C) Working for the people who want the data D) simply has no clue. So, if I haven't done anything wrong, you don't need the data in the first place.
Ok, make it that you have a hard time driving behind or ahead of a non-porche, and add that most gas stations sell gas that only works in Porche, tack on that most aftermarket things like wiper blades and tires are designed for Porche and now look at your analogy again.
You also fail to note that the Price of the OS has gone UP, not down with less competition. From $50 when EVERYONE was pirating it,to over $200 for a copy when they have restrictions. Perhaps the overhead of the protection is casuing it to cost more? Gee, that doesn't sound like the 80's when Lotus had to pump up the price of the product to cover the costs of the copy protection while MS had none and turned a blind eye to everyone copying so it got into a larger market.
Now, let's go back to the Porche idea. Now your Porche rides more like an old VW bug as the versions advance, the price goes up and you have invested a small fortune in "luxery" Porche-only items like seats, and a steering wheel. Changing to a BMW would not only make that investment worthless, but you can't buy Porche gas. Hmmm.
Sure, you could, but since almost everyone sells gas for just the Mercedes and all the aftermarket luxeries only work on the Mercedes it would be hard. Now given that a Mercedes can "see" other Mercedes and avoids accidents, but ignores all others, which would you buy now? Try a better analogy.
The real key to this whole thing is which side of the equation is altered to make this trust work? If just the USB device is altered to have an ID, then it's not an issue since older versions of USB simply ignore the ID and the OS decides if that ID is trusted before allowing data transfer. This could still hurt Linux if the license is limited enough that Linux cannot do this trust as well, but not fatal.
The real fear is that the hardware does the trust on both sides, and that the OS does a trusted handshake, meaning that only the trusted OS can see the trusted USB device.
Simply having both side of the hardware equation do the handshake doesn't buy anything. Ok, hardware says I see the ID, so what? It's the refusal of the hardware to "share" the data with an "untrusted" OS that would be a real issue here.
As fearful as this sounds, I don't think that 3-way handshake would happen since it doesn't increase security and only serves to lockout competition. This would be a no-brainer anti-trust because there would be no other reason to do it.
Besides the cost and various other issues people brought up, there is a very real threat to the general security of the Internet here. If MS starts denying patches based on the suspected (since they will never be 100% sure) legitimacy of the OS in question, more and more machines will be un-patchable. Most people who "accidentally" end up with the pirated copies do so because they haven't a single clue how to install the OS, nor do they want to have one. That is why they got their neighbor/grandkid etc to install it. They will simply not get the updates, and these are the people who need the security updates the most.
How many machines still are not patched for CodeRed, despite having the ability to do so? Now you take that away from yet another populace and suddenly we have 20-25% of the windows users not patching. Danger!
Besides, I think this will only hurt them. I don't know how many "Microsoft Professionals" have "pirated" copies of the OS because they want to play with it but can't afford to buy a copy of every MS OS out there. Since MS cut back on helping the MS professionals with freebies and low costs purchases, let alone support, many have no choice. Either that or learn Linux .
With these "decision makers" frustrated with lack of MS support and now being viewed as the bad guy, many will make the switch and take their family and friends with them. The very factors that made Windows dominant, are lining up to topple it, and having been an NT admin for over 12 years now, I can't say I'm sorry to see it end.
The way I see it is that SCO can't win if they win! When they disclaim GPL, even if they win the suite against IBM, the GPL is invalid, thus they had no right to distribute their version of Linux... Talk about a self defeating argument!
For all the work MS is putting into this OS, there is not much that is new and worth upgrading for, even now! The only smart feature I can see is the XML database for files (do I really need stock quotes on my screen, taking up even more room?) Toss in a similar feature in Linux (and some disk encryption layer would be nice for mobile users) and you can beat MS to the punch.
Noting the Linux development timeline, if they started now, they would still have it out 2 years ahead of MS.
"Ballmer Says Commercial Software is Better Because Someone's Rear End is on the Line"
Whose would that be? Have you ever looked at the Windows license? They disclaim everything! You have more recourse with the open-source software. The only asses on the line are from the IT department when everything crashed from the lastest virus/bug/patch.
Not that I am trying to jump on the MS-bashing bandwagon, but these vulnerabilities take on new light when you consider MS is trying to get into the BIOS level ( http://www.geek.com/news/geeknews/2003Oct/gee20031 008022103.htm ) Soon we can expect even our hardware to be vulnerable.
What gets ms, is the dismissive attitude MS takes when announcing these flaws. True, these are out "before any known attacks", but if you look at the nature of them, they should all have been patched years ago. this is not the first time these services have had such vulnerabilities. The problem is that Ms patches the symptom, but doesn't address the nature of the vulnerability. Thus, every once in a while, someone figures out a way around the last patch and the cycle starts over. How long did the last RPC patch last?
Security should be about reinforcing the OS, not placing a sheet of playwood over the offending hole and hoping that no one notices the one next to it.
So, what happens when Verisigns gets its website hacked again? I would think that this would be a prime target for anyone who wnats to get attention. It's just a matter of time.....
Slashdot Mirror
Or: Internet (Safe Mode)
True, but what if each core could hyperthread? While one core hyperthread may get you a 10-20% increase in speed, depending on what you are doing, a dual core, hyperthreaded system may add 30-40% speed performance because you are more likely to have an open cycle for background processes at any given time.
Um, correct me if I am wrong (and I am pretty sure I am not), doesn't SUS use parts of IE? And as for copying the files from a workstattion.. um.. isn't IE part of file exploder? Don't forget the IE integrated help files once you install that patch (but who needs those stinking help files anyway..) Hell, even the SMS client is tied to IE. So, we simply elinate SUs, SMS, file copies.. MS update and direct downloads. Oh.. yeah.. have to remove file explorer too. Yup.. secure as can be...
As the RIAA has so many times... Wait.. or was that he MPAA... OR.. hell.. up until Diab[olic]old, has anyone been subjected to this part of the DMCA?
Wow.. Sounds like another company I know of.. Initial M and S.
Well, I might fear this if it were not for the greed of the credit card companies themselves. Without a signature, they really have no recourse if you dispute it (EULA or not). Secondly, the CC comapnies MAKE money when you dispute the charge (chargeback). Ever wonder why it was so easy to get a charge taken off your bill? Well, the CC doesn't care. The company ends up paying the discount fee PLUS a chargeback. I think Valve hasn't though this through. Thousands of chargebacks could ruin the company.
Ok, ignore my post. I hadn't read the entire study. By the short snippet, I assumed that they were US ISPs. Bah!
I'm not sure this is a fair test. Under the DMCA, the ISP must take down the material within (I think) 72 hours to maintain immunity. The site owner can respond in 10 days to deny the charges and the ISP can put it back up with immunity. Now I'm not saying that the DMCA is the correct way to do things, and I really don't condone the idea of handing out personal information without a court order, but this "test" doesn't tell us anything except that ISPs don't want to get into legal trouble. Surprise, surprise.
Since when is not waching an advertisement illegal? That seems a constitutional violation - No one has a right to FORCE me to watch/listen to anything.
What?! No more pee breaks in my favorite shows? How far does this extend? Do I have to stay home and watch ALL commercials for phear of being arrested?
Wasn't it just ruled that the DMCA only applied if you owned the copyright of the item you were protecting? In this case, even if we accept the idea that a person is supposed to own some text for the rest of their lives, plus some, in exlusion of an societal repayment, Google is not the party to do it. However, I agree that, while it is not a "Security" hole, it should be conisidered a bug and fixed.
Terrorist! You're un-american to even suggest that. Where is the FBI?!
These people are as bad (or worse) as the people they claim to protect us from. While taking the moral high road to remove injustice is hard, it does not justify the kinds of actions these groups preach. In college, I attended a very liberal-based school. It was unique and consisted of qualified students who were taken from high school before they graduated and placed into an accredited college. In that aspect, many, including myself, didn't always understand the nuances of the propaganda they preached. One incident stuck in my head: A student had plastered "posters" all over campus that read "Oppress the oppressors". Having considered this for a second, I realized that this type of thinking only created a downward spiral as the oppressors become oppressed and the begins the cycle begins again. For those not familiar, read the lyrics of "The Trees" by Rush. "Now there's no more oak oppression, For they passed a noble law, And the trees are all kept equal By hatchet, axe, and saw."
Software licensing came about in the early days because the issue of code being copyrightable was still up in the air. Now that code is copyrightable, I have always wondered how they can get their cake and eat it too. Either it is copyrightable, thus required to follow the fair use, or it is licensable and cannot be copyrighted. If the company wants to use a license to restrict the sale, then the DMCA should not apply.
If I recall correctly, AS400s are still supported. We can't say the same for Windows 3.11, 95, 98 or soon NT. It would seem that some people MUST upgrade, just to communicate. You also need to consider that the AS400s NEVER had this many security holes or obvious flaws. But that couldn't be why banks and secure industries still use AS400s. Nope, they are just lazy and cheap.
"First they came for the Jews and I did not speak out because I was not a Jew. Then they came for the Communists and I did not speak out because I was not a Communist. Then they came for the trade unionists and I did not speak out because I was not a trade unionist. Then they came for me and there was no one left to speak out for me." -Pastor Martin Niemöller
"If you are not doing anything wrong, you don't have anything to fear"
Except corrupt government officials, the fact that what I am doing now may not be "wrong" but the records could be used againts me if it ever does become "wrong". Hmm.. or perhaps the fear of the unneccesary data being collected wrong (hey, it's not that important, so we don't track it very well) getting all fubared and having me end up on a no-fly or terrorist list becuase some low-end government desk jockey can't be bothered to double-check data.
I guess we don't have anything to fear.
Oh, did I mention that it doesn't fix the issue in the first place, so I end up paying taxes to have myself tapped and get no benefit from it?
Anyone who thinks "If you aren't do anything wrong, you have nothing to fear" is either A) Living in some strnage world unknown to most B) Lying to themselves C) Working for the people who want the data D) simply has no clue.
So, if I haven't done anything wrong, you don't need the data in the first place.
Ok, make it that you have a hard time driving behind or ahead of a non-porche, and add that most gas stations sell gas that only works in Porche, tack on that most aftermarket things like wiper blades and tires are designed for Porche and now look at your analogy again. You also fail to note that the Price of the OS has gone UP, not down with less competition. From $50 when EVERYONE was pirating it,to over $200 for a copy when they have restrictions. Perhaps the overhead of the protection is casuing it to cost more? Gee, that doesn't sound like the 80's when Lotus had to pump up the price of the product to cover the costs of the copy protection while MS had none and turned a blind eye to everyone copying so it got into a larger market. Now, let's go back to the Porche idea. Now your Porche rides more like an old VW bug as the versions advance, the price goes up and you have invested a small fortune in "luxery" Porche-only items like seats, and a steering wheel. Changing to a BMW would not only make that investment worthless, but you can't buy Porche gas. Hmmm.
Sure, you could, but since almost everyone sells gas for just the Mercedes and all the aftermarket luxeries only work on the Mercedes it would be hard. Now given that a Mercedes can "see" other Mercedes and avoids accidents, but ignores all others, which would you buy now? Try a better analogy.
The real key to this whole thing is which side of the equation is altered to make this trust work? If just the USB device is altered to have an ID, then it's not an issue since older versions of USB simply ignore the ID and the OS decides if that ID is trusted before allowing data transfer. This could still hurt Linux if the license is limited enough that Linux cannot do this trust as well, but not fatal. The real fear is that the hardware does the trust on both sides, and that the OS does a trusted handshake, meaning that only the trusted OS can see the trusted USB device. Simply having both side of the hardware equation do the handshake doesn't buy anything. Ok, hardware says I see the ID, so what? It's the refusal of the hardware to "share" the data with an "untrusted" OS that would be a real issue here. As fearful as this sounds, I don't think that 3-way handshake would happen since it doesn't increase security and only serves to lockout competition. This would be a no-brainer anti-trust because there would be no other reason to do it.
Besides the cost and various other issues people brought up, there is a very real threat to the general security of the Internet here. If MS starts denying patches based on the suspected (since they will never be 100% sure) legitimacy of the OS in question, more and more machines will be un-patchable. Most people who "accidentally" end up with the pirated copies do so because they haven't a single clue how to install the OS, nor do they want to have one. That is why they got their neighbor/grandkid etc to install it. They will simply not get the updates, and these are the people who need the security updates the most. How many machines still are not patched for CodeRed, despite having the ability to do so? Now you take that away from yet another populace and suddenly we have 20-25% of the windows users not patching. Danger! Besides, I think this will only hurt them. I don't know how many "Microsoft Professionals" have "pirated" copies of the OS because they want to play with it but can't afford to buy a copy of every MS OS out there. Since MS cut back on helping the MS professionals with freebies and low costs purchases, let alone support, many have no choice. Either that or learn Linux . With these "decision makers" frustrated with lack of MS support and now being viewed as the bad guy, many will make the switch and take their family and friends with them. The very factors that made Windows dominant, are lining up to topple it, and having been an NT admin for over 12 years now, I can't say I'm sorry to see it end.
The way I see it is that SCO can't win if they win! When they disclaim GPL, even if they win the suite against IBM, the GPL is invalid, thus they had no right to distribute their version of Linux... Talk about a self defeating argument!
For all the work MS is putting into this OS, there is not much that is new and worth upgrading for, even now! The only smart feature I can see is the XML database for files (do I really need stock quotes on my screen, taking up even more room?) Toss in a similar feature in Linux (and some disk encryption layer would be nice for mobile users) and you can beat MS to the punch. Noting the Linux development timeline, if they started now, they would still have it out 2 years ahead of MS.
"Ballmer Says Commercial Software is Better Because Someone's Rear End is on the Line" Whose would that be? Have you ever looked at the Windows license? They disclaim everything! You have more recourse with the open-source software. The only asses on the line are from the IT department when everything crashed from the lastest virus/bug/patch.
Not that I am trying to jump on the MS-bashing bandwagon, but these vulnerabilities take on new light when you consider MS is trying to get into the BIOS level ( http://www.geek.com/news/geeknews/2003Oct/gee20031 008022103.htm ) Soon we can expect even our hardware to be vulnerable.
What gets ms, is the dismissive attitude MS takes when announcing these flaws. True, these are out "before any known attacks", but if you look at the nature of them, they should all have been patched years ago. this is not the first time these services have had such vulnerabilities. The problem is that Ms patches the symptom, but doesn't address the nature of the vulnerability. Thus, every once in a while, someone figures out a way around the last patch and the cycle starts over. How long did the last RPC patch last?
Security should be about reinforcing the OS, not placing a sheet of playwood over the offending hole and hoping that no one notices the one next to it.
So, what happens when Verisigns gets its website hacked again? I would think that this would be a prime target for anyone who wnats to get attention. It's just a matter of time.....