1. And this still doesn't represent a large portion of machines running XP.
So what? There's also plenty of people out there with unpatched named / openssh / apache / SSL libraries. I could care less. If people can't be troubled to patch known vulnerabilities, why would they expect any OS to be secure? SP2 in particular is free to download, and comes pre-installed on new copies of XP. Your network of Macs would be vulnerable too, if you left the WAP admin password set to "netgear". Think I'd have any sympathy?
There have been some major exploits, albeit not necessarily remote, that have still affected XP post-SP2.
Whoa there, cowboy. In your original post you went on and on about remote, self-propagating exploits and how MacOS 10 didn't have them due to port-blocking.
Now suddenly it's "albeit not necessarily remote"..? Of course they aren't remote, XP with SP2 blocks incoming connections by default. How is it that Apple gets credit for this but Microsoft doesn't?
sudden "awareness" of security does not change the basic premise of this article
Sure doesn't. And the basic premise of the article was, "Hey, go find an old, pre-SP2 copy of XP and don't bother downloading the free upgrade -- Windows is insecure!!!" This is news?
Even a completely unpatched Mac OS X 10.0.0 machine would not be vulnerable to any kind of remote attack, because no ports whatsoever are open to the outside world, and on most consumer Mac OS X systems, never will be.
Yes, and on Windows XP with Service Pack 2 installed, the firewall is also locked down from first boot until such time as you decide to open some ports up.
This is the version that's been shipping on new machines and sitting on store shelves for half a year now.
But these facts are a bit inconvenient and don't make for exciting headlines, so we'll run the test with SP1, which everyone knows had some juicy exploits.
The servers are split as follows: Asia, North America, Europe. There is no case where two people from the same continent will be unable to play with each other.
Oh, well, I suppose that solves everything.
What about guilds where half the members are in Europe and half are in North America? Some of these people have been playing MMOG's together since Ultima Online 6 years ago. Now they're being told they should stop grouping together "for their own good".I wonder why they're so pissed off?
"Part of the reason people steal music is... that the DRM stuff out there has not been that easy to use. We are going to continue to [make it] easier, easier, easier, easier, to use," he said.
I would like to know what he means by this. If he means "Easier to do the things you've always been able to do, like play your music in your car, bedroom, or at a friends house," then go Microsoft.
On the other hand, if he means "Easier for us to make you rent music and videos instead of buying them," then screw you Microsoft..
"My 12-year-old at home doesn't want to hear that he can't put all the music that he wants in all of the places that he would like it," he joked.
He should have added: "I guess he's pissed because he paid for the music, but our products won't let him play it."
I certainly haven't found that to be true. But even if you have to run it manually, let's keep it in perspective: 'apt-get' and 'make world' are not exactly hands-off procedures either.
It's frustrating to see people/companies/governments stung by things so simple to avoid, especially when one (me, IT people?) feels like the have the "answer" but no one is listening. (It could be Linux, BeOS, Apple, who knows.... it all depends really)
Or, it could be keeping your Windows box up-to-date with security patches which were released months or even years ago.
Why is it that when SSH or Linux has an exploit in the wild, everyone jumps in with "there's a patch out to fix it! Woot Open Source!!!"... But when an organization gets owned by Windows bugs which were fixed long ago, people on Slashdot blame Microsoft?
Even the original poster falls into this trap -- the JPEG buffer overrun was fixed days ago, but you can be sure that lots of people will get "owned" because they ignore the required fixes. These people are somehow going to properly configure Linux and keep it up-to-date? Please. If they switched to Linux their root password would be "".
You were right about the "simple to avoid", though.. Honestly, how difficult is it to let Automatic Updates keep your Windows box up-to-date? You don't even have to log in for it to work, for goodness sake.
Won't be long before we're all solving impossible encryption problems.
No. This flawed idea seems to have embedded itself in Slashdot. The thinking goes like this:
Step 1. Get a 1-bit quantum computer working
Step 2. Wire 1,024 of them together
Step 3. Break 1,024-bit encryption!
In reality, you now have the capability to solve 1,024 separate 1-bit problems. To solve a 1,024-bit problem, the electrons carrying each qubit need to be entangled with each other.
Keeping things in a state of quantum entanglement is extremely difficult. The most I've ever read about was 7 qubits entangled for less than a microsecond.
Note that as the number of entangled objects (particles or molecules) increases, the operation gets exponentially harder. As the time to complete an operation increases, it also gets exponentially harder. Quantum computing boosters won't tell you this, but it is not just a matter of getting a prototype working and then making it bigger.
we use I.E and if I type in a URL that doesn't work I get taken to msn search page, does that mean the server is down, doesn't exist or what?
Tools -> Internet Options -> Advanced -> Search from the Address bar -> "Do not search from the Address bar" -> thank you; drive through
Re:X in Windows?
on
The Power of X
·
· Score: 2, Interesting
Indeed I did. Most of the other people responding to the question did not, however.
The poster wasn't talking about "X Windows under Windows", that's been done by Cygwin and many others. Let's read the original comment again, shall we?
What I'd really like to see is some support for X type connections in the next version of windows... Not based on screen redraws like VNC
He's talking here about X-like connections, NOT X Windows. In other words, he'd like to see remote terminals based on drawing primitives. Current Remote Windows are based on screen redraws, as the poster mentioned. This is rather cumbersome, and completely impractical on less-than-stellar connections.
Re:X in Windows?
on
The Power of X
·
· Score: 2, Interesting
Already happening. Windows' new rendering engine, Avalon, is completely vector-based. Here's what one of its designers had to say:
Avalon will support remoting at a higher level than DirectX. When remoting we will not rasterize on the server machine but instead we will send higher level graphics instructions to the client machine and then call DirectX on the client machine.
This will enable us to send less data over the network as well as reducing the server load because all graphics operations will run on the client machine. We also will get higher performance and fidelity rendering and animations because we will not need to round trip data across the network for these operations since they will be retained on the client machine.
This isn't surprising -- once you have a completely declarative presentation system, remoting becomes a lot easier.
This is the real motivation behind.NET and XAML. What technologies has Microsoft been rolling out / pushing in the past couple years?
1..NET -- machine-portable pseudocode compiled to native on the fly; "everything Java should have been"
2. XAML -- vector graphics and advanced UI features in a markup language; "everything HTML / DHTML / XHTML should have been"
3. No-touch installs and least privilege environment
All of this is infrastructure which Microsoft needs to move to a server-hosted application model.
1. That's the formula you gave in your first reply. =P
2. I refuse to call a country more "productive" for having a lousy employment rate. Sure, if unemployment is 50%, the people with jobs will be more productive. They're scared of being unemployed. But calling a country more "productive" because more of its citizens are out of work seems ludicrous to me.
However, since you brought it up, we'll normalize to 100% employment:
In fact, advances in computer speed tend to favor people encrypting data, rather than those trying to decrypt it. For example, increasing CPU speed by a factor of four or five will generally allow you to use a key two or three times as large, and still get the same performance. However, it definitely won't let you crack a key twice as large.
Suppose your faster CPU inspires you to move from 128-bit keys to 256-bit. What happens to the guy trying to decrypt your message? He now has to work 68,056,473,384,187,692,692,674,921,486,354,000,000 times as long, even if he buys the 5x faster CPU. Ouch!
Re:Close, but misses the mark
on
Vive La Loafing!
·
· Score: 2, Informative
Slashdot Mirror
Now suddenly it's "albeit not necessarily remote"..? Of course they aren't remote, XP with SP2 blocks incoming connections by default. How is it that Apple gets credit for this but Microsoft doesn't?
Sure doesn't. And the basic premise of the article was, "Hey, go find an old, pre-SP2 copy of XP and don't bother downloading the free upgrade -- Windows is insecure!!!" This is news?This is the version that's been shipping on new machines and sitting on store shelves for half a year now.
But these facts are a bit inconvenient and don't make for exciting headlines, so we'll run the test with SP1, which everyone knows had some juicy exploits.
What about guilds where half the members are in Europe and half are in North America? Some of these people have been playing MMOG's together since Ultima Online 6 years ago. Now they're being told they should stop grouping together "for their own good".I wonder why they're so pissed off?
On the other hand, if he means "Easier for us to make you rent music and videos instead of buying them," then screw you Microsoft..
He should have added: "I guess he's pissed because he paid for the music, but our products won't let him play it."The patent was for aspects of the long filenames introduced with Win95. They were used in the "VFAT" filesystem and its successors.
I certainly haven't found that to be true. But even if you have to run it manually, let's keep it in perspective: 'apt-get' and 'make world' are not exactly hands-off procedures either.
Why is it that when SSH or Linux has an exploit in the wild, everyone jumps in with "there's a patch out to fix it! Woot Open Source!!!"... But when an organization gets owned by Windows bugs which were fixed long ago, people on Slashdot blame Microsoft?
Even the original poster falls into this trap -- the JPEG buffer overrun was fixed days ago, but you can be sure that lots of people will get "owned" because they ignore the required fixes. These people are somehow going to properly configure Linux and keep it up-to-date? Please. If they switched to Linux their root password would be "".
You were right about the "simple to avoid", though.. Honestly, how difficult is it to let Automatic Updates keep your Windows box up-to-date? You don't even have to log in for it to work, for goodness sake.
Step 1. Get a 1-bit quantum computer working
Step 2. Wire 1,024 of them together
Step 3. Break 1,024-bit encryption!
In reality, you now have the capability to solve 1,024 separate 1-bit problems. To solve a 1,024-bit problem, the electrons carrying each qubit need to be entangled with each other.
Keeping things in a state of quantum entanglement is extremely difficult. The most I've ever read about was 7 qubits entangled for less than a microsecond. Note that as the number of entangled objects (particles or molecules) increases, the operation gets exponentially harder. As the time to complete an operation increases, it also gets exponentially harder. Quantum computing boosters won't tell you this, but it is not just a matter of getting a prototype working and then making it bigger.
According to my Airline / English Dictionary, you're a bit off. I looked it up:
English: "Bend over, please."
Airline: "Good morning, how can I help you?"
we use I.E and if I type in a URL that doesn't work I get taken to msn search page, does that mean the server is down, doesn't exist or what?
Tools -> Internet Options -> Advanced -> Search from the Address bar -> "Do not search from the Address bar" -> thank you; drive through
Indeed I did. Most of the other people responding to the question did not, however.
The poster wasn't talking about "X Windows under Windows", that's been done by Cygwin and many others. Let's read the original comment again, shall we?
He's talking here about X-like connections, NOT X Windows. In other words, he'd like to see remote terminals based on drawing primitives. Current Remote Windows are based on screen redraws, as the poster mentioned. This is rather cumbersome, and completely impractical on less-than-stellar connections.Already happening. Windows' new rendering engine, Avalon, is completely vector-based. Here's what one of its designers had to say: This isn't surprising -- once you have a completely declarative presentation system, remoting becomes a lot easier.
1. .NET -- machine-portable pseudocode compiled to native on the fly; "everything Java should have been"
2. XAML -- vector graphics and advanced UI features in a markup language; "everything HTML / DHTML / XHTML should have been"
3. No-touch installs and least privilege environment
All of this is infrastructure which Microsoft needs to move to a server-hosted application model.
1. That's the formula you gave in your first reply. =P
2. I refuse to call a country more "productive" for having a lousy employment rate. Sure, if unemployment is 50%, the people with jobs will be more productive. They're scared of being unemployed. But calling a country more "productive" because more of its citizens are out of work seems ludicrous to me.
However, since you brought it up, we'll normalize to 100% employment:
USA: $21.60 / 93.8% emp = $23.03/hr
France: $18.93 / 90.4% emp = $20.94/hr
Germany: $19.09 / 89.3% emp = $21.38/hr
In fact, advances in computer speed tend to favor people encrypting data, rather than those trying to decrypt it. For example, increasing CPU speed by a factor of four or five will generally allow you to use a key two or three times as large, and still get the same performance. However, it definitely won't let you crack a key twice as large.
Suppose your faster CPU inspires you to move from 128-bit keys to 256-bit. What happens to the guy trying to decrypt your message? He now has to work 68,056,473,384,187,692,692,674,921,486,354,000,000 times as long, even if he buys the 5x faster CPU. Ouch!
USA: 1,792
France: 1,453
Germany: 1,446
Per-capita GDP divided by average hours worked per year:
USA: $38,700 / 1,792hr = $21.60/hr
France: $27,500 / 1,453hr = $18.93/hr
Germany: $27,600 / 1,446hr = $19.09/hr
No it isn't.
USA: Unemployment 6.2%, GDP per capita $37,800
France: Unemployment 9.6%, GDP per capita $27,500
Germany: Unemployment 10.7%, GDP per capita $27,600
Those numbers are from the CIA World Factbook. Obviously the details fluctuate, but you get the idea.
They've done a lot of thinking about how best to wean people off Admin rights. To read about it, go here:
MSDN
...we'd have a nation of mindless, workaholic zombies with few differences between one person and another.
John Ashcroft called. He wants to know when we can start putting this stuff in the water supply.