It's lots of fun to bash an asinine statement from Microsoft such as this. However, how about we come up with a list of actual counterexamples? Which specific patches did they release in response to a real security problem that existed before the patch?
I'll start. KB832894 "fixed" the exploits which used the user:password in the URL to authenticate to websites. It was there long, long before the patch (years, in fact).
What other counterexamples do we have to show precisely how wrong Microsoft's statements are?
I've heard that the latest (or next?) version of MacOSX includes X support out of the box, but I could be wrong. Can anybody confirm? It either ships with it, or you install it simply. The download is at
http://www.apple.com/macosx/features/x11/download/
Works great, no muss, no fuss. I don't know if 10.3 has it installed by default, but it's a quick enough install.
Could we get McBride added to the set? Having Gates, McBride, RMS, ESR, Jobs, Linus, and EvilBill all in one set would be fun. Just to round it out maybe throw in Larry the Oracle guy.
It could be sold as a "battle set", give 'em little weapons to use and all that. I'd buy 'em (thinkgeek, you guys interested?).
#4 - VOOT-VUE FARM (HSP Nature Toys): plexiglass box to see vegetables grow
Just ordered one for my 5 year old. They sell a visible worm farm too but it looks like the same frame; we'll get our own worms once we kill off the veggies.
We've all dealt with bad tech support. Many of us have had to _be_ tech support in a bad environment. It's not fun for us, it's not fun for the customer, and it's hard to keep good people in that kind of an environment.
Rather than just whine about it, get yourself into a position to do something about it. I like digging into interesting calls, so I got a reputation for being kind of a Sherlock Holmes kind of character - the cool, interesting calls got conferenced to me. After a while, the "cool interesting calls" kept having the same questions over and over and over.
I made a webpage with the most frequent problems our users had, and easy tests to check for them, with links of what to do to fix them. One test, for instance, uses Javascript to display the user's system time in a window on the webpage. This actually checks 3 things - are we a "trusted site", do they have javascript enabled, and is their clock accurate (check that year, guys) - any of which being wrong will prevent the user from using our financial data site.
Make it easy - "Can you see the big red star? How about the small blue star?" First is served unencrypted, second has 128-bit or better encryption on it. If they can see one but not the other, "click here". If you can't see either, "click over here", that sort of thing.
The number of BS calls I got from the first & second-level folks has dropped dramatically since I set this up - every once in a while I add another test (it's up to 7 or 8 now), and it's used a lot.
Give the poor bastards in the call center the tools to fix it well _and_ quickly, and even the most pointy-haired of bosses should recognize that that's a good thing. Push it with a call-time reduction slant if they're that sort of boss, or if they actually give a spit about customers, use the customer-sat side of the argument. Or, you can just keep complaining about it...
Re:Today only, free access courtesy of Slashdot
on
Orwellian Tech Support
·
· Score: 4, Insightful
...and yet, there are people (myself included) who are at this time poking around some site called salon.com, which I was previously unaware of. They might even get a subscriber or ten out of this, who knows.
There's a lead industry?
And it has influence in washington?
Of course there's a lead industry. You're using a computer, and the components are soldered to the board with...lead. Get up from your desk to go take a drink, and unless your building is less than 5 years old, the pipes are held together with...lead. Get in your car, and the battery works because most of it's weight is... lead. Drive your car to the doctor to get an Xray, the apron they put over you to cover your "radiologically sensitive glands" is made of... lead. You go home & turn on the TV, which shields
you from radiation from the CRT with, guess what, lead. And so on, and on, and on.
Yes, there's a special interest group for the lead industry. Oddly enough, if they weren't standing up for that industry, we'd have government mandates imposed upon us which have no foundation in reality, like the ill-advised "rip out the asbestos floor tiles" craze in the 90's.
It's a case of a "special interest group" that you're not even aware of, that has a positive effect on your everyday life. Next time you hear someone whining about lobbyists and special interest groups, think for a bit just what the big picture might be.
As we know, Microsoft applications are consistantly attacked because of its large market share and the damaging effect that the security holes in it have.
You're partly right. Microsoft applications _are_ consistantly attacked. The reason you propose as a given is wrong, though; it's not about market share, it's about fundamental design flaws making Microsoft's products inherently insecure.
Open source is checked by many eyes for security and other problems; MS products are only inspected in that way when, ahem, the code is leaked. If you think that an open-source developer who submitted a security backdoor or similar bug wouldn't be noticed, then I would have to question your experience with open-source development is limited.
If its the same as or higher than the direct route, then this "breakthrough" isn't all that great.
The nice thing about figuring out what takes more energy than it produces, is to look at the market price of the consumed vs. the produced goods. The abstract thing called "money" has taken all of these factors into consideration, and the relative prices of the two reflect the inherent costs & values.
In other words, if corn can be profitably farmed, then by definition, it costs less to grow it than it's worth, and is a viable source.
Basically, you're using the corn as a gathering mechanism for solar energy, putting it into a transportable object with decent power density.
If the "waste" heat from this process could be used to warm the building it's supplying H2 for, then it's not really wasted, which could boost the effective efficiency as well.
I mentioned that yesterday and was called some sort of IP alarmist. THIS IS SERIOUS - if you now or in the future contribute your own IP to the open-source world, don't look at Microsoft's source code. You won't learn anything useful, and more importantly, you need to be able to truthfully say "I've never seen it, and specifically and intentionally avoided getting a copy of it or looking at it".
The odds of coming up with something vaguely similar to their stuff is high enough that it's not worth being accused of copying their work. The best defense against such an accusation is to have never seen their work.
If I were a tinfoil-hat kind of person, I'd wonder if this isn't some sort of SCO-ish related thing.
This is actually very good advice. There's probably not a lot of "Wow, that's a great way to do things" in there, and you certainly don't want to be in the position someday of sitting in a courtroom with a bunch of MS lawyers, explaining how even though you downloaded a copy of it, the work you produced since isn't derived from their IP.
It wouldn't be the first company to pull someting silly like that, after all...
Re:The're not up to what you think they're up to.
on
SCOoby Snacks
·
· Score: 2, Insightful
Where were all these businesses years ago when Linux started? Didn't Linux start pretty much underground, by a bunch of nerds and geeks? Who cares of any of the FUD sticks?
Y'know, it's all well and great to be an underground Linux hacker. I learned alot about it that way, but didn't start all that early (RedHat 4.something was my first). However, to roll over and let McBride and company (or more likely, the people pulling his strings) succeed in driving it underground don't do me a bit of good, or you a bit of good.
Linux won't go away, but if the doubts linger, I will continue to not be able to use it as much as I want to, and people like this AC who don't care as long as it doesn't affect them are not helping. It's a damn fine tool; not the best, perhaps, but I'm not willing to let some litigious bastard and people who are too cowardly to even put their names with their opinions deprive me of it.
If you want to keep using it, but aren't even willing to say who you are, then your opionion is worse than useless.
The're not up to what you think they're up to.
on
SCOoby Snacks
·
· Score: 4, Interesting
When the heck will SCO learn that they are fighting and already lose the game.
You think that their goal is to win a lawsuit. I disagree; I think their goal is to cast FUD on the GPL specifically, and open-source in general.
I mean they are sueing over Code similarities.... It's the Same thing as bill gates patent of binary Numbers (0,1) it's not going to happen.
Exactly. They're not stupid, they know that they have no case. Therefore, winning isn't their goal. Even if they lose, the FUD that they've spread is going to stick, even if it's just a little bit. I can't even propose linux-based projects because my employer (a fortune-50 insurance company) doesn't want the hassle. The FUD is working already.
IMO - I think they should just give up, and distribute what $ they have left, and go away from the world of computing.
If they just go away, the FUD sticks. If they get bought out, the FUD sticks. If they get shot down legally in no uncertain terms, some of the FUD will _still_ stick. Their goal isn't to win money, their goal is to try to destroy or cripple the Open Source Software community.
When one's enemies' actions are illogical, it makes sense to re-evaluate what that enemy's goals might be.
GE's software may suck. I don't know. I've never seen it. I am suspicious of people who attempt to hide their own negligence by blaming a third party.
I've seen it, and worked in software engineering at GE (not in Power Systems, though). Like any other place, you have some brain-deaded code monkeys and lots of good people. Sometimes a BCM is promoted to management, and you get crappy or nonexistant code reviews. Just like anywhere else.
It's interesting that GE has been touting Six Sigma as a way of insuring that this sort of thing can't happen, yet trying to apply statistical quality analysis to software development is inherently doomed; it's like trying to measure the color of the wind or the temperature of music; it's a measuring tool that doesn't work on the same anything as that which is trying to be measured. So, the six-sigma projects in software development tend to be very, very indirect measurements of anything useful, let alone code stability and quality.
It's a software bug, plain and simple, and it's got the GE Meatball plastered all over it; no point in trying to shift blame when they sold and controlled it.
I'm sorry, but when I tried to raise this question to people at different offices where I saw the recorders being used, they didn't even know what a WAV file was. And cared less.
Did you approach them from a techie standpoint, or from a cop standpoint? They understand "Yes, this print matches, but how do you prove it's the print from the scene". Draw the analogy to "Yes, this is a recording, but how do you prove it's the recording from the confession"? They understand documenting how (item) has been handled from (place in time) to (place in time). The method to verify digital data is a digital fingerprint, which us geeky types call a "checksum". If you explain it at the level that the *right* person can understand, you're fine. The cop on the street, yeah, they don't know or care if it's an.mp3 or a.wav or a.au file, and/or how you create the checksum, but they do understand the concept of preserving the integrity and chain of evidence.
If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.
And yet, with a simple md5 checksum or any other of dozens of other techniques, such a change is impossible to make undetectable. The chain of evidence would need to show that at time of recording the md5 checksum of the file was 258c2891488526d239077559ae4fabab, and that the md5 checksum of the current file is still the same. Show the chain is intact, you've got that part of it covered. Get some mathematician to explain to the sheep of the jury that these are better odds than DNA, hell, call it "Digital Fingerprint" or something, and get on with the case.
Demonstrate this, since they won't get it from the math guy, by taking an image, changing a single pixel, and recalculating the checksum showing that it changes entirely. Don't _tell_ them, _show_ them that if you change the digital information, the "Digital Fingerprint" changes drastically.
I met one once at an Open Source conference and when you ask him what he does he very plainly states "I'm a spammer".
I am a fairly mellow person, but boy, if I ran into one of these guys, I'd have a hard time not just taking a (physical) jab at them. I'm very sure I wouldn't (be able to | want to) stop myself from giving a very blunt verbal response.
Long ago, there was a cracker in Milwaukee (early 1980's) who made it to the cover of Time Magazine. I ran into him a few years later, and the only question I could come up with was "Why aren't you in jail?"
He wasn't amused. Onlookers were. I think that means I won that interaction, right?
Slashdot Mirror
It's lots of fun to bash an asinine statement from Microsoft such as this. However, how about we come up with a list of actual counterexamples? Which specific patches did they release in response to a real security problem that existed before the patch?
I'll start. KB832894 "fixed" the exploits which used the user:password in the URL to authenticate to websites. It was there long, long before the patch (years, in fact).
What other counterexamples do we have to show precisely how wrong Microsoft's statements are?
I've heard that the latest (or next?) version of MacOSX includes X support out of the box, but I could be wrong. Can anybody confirm?
/
Works great, no muss, no fuss. I don't know if 10.3 has it installed by default, but it's a quick enough install.
It either ships with it, or you install it simply. The download is at
http://www.apple.com/macosx/features/x11/download
I took the toys apart and would find the right value resistor that would top off the speaker volume
Wow, that's a lot more work than putting a piece of tape over the speaker grille.
Could we get McBride added to the set? Having Gates, McBride, RMS, ESR, Jobs, Linus, and EvilBill all in one set would be fun. Just to round it out maybe throw in Larry the Oracle guy. It could be sold as a "battle set", give 'em little weapons to use and all that. I'd buy 'em (thinkgeek, you guys interested?).
#4 - VOOT-VUE FARM (HSP Nature Toys): plexiglass box to see vegetables grow
Just ordered one for my 5 year old. They sell a visible worm farm too but it looks like the same frame; we'll get our own worms once we kill off the veggies.
We've all dealt with bad tech support. Many of us have had to _be_ tech support in a bad environment. It's not fun for us, it's not fun for the customer, and it's hard to keep good people in that kind of an environment.
Rather than just whine about it, get yourself into a position to do something about it. I like digging into interesting calls, so I got a reputation for being kind of a Sherlock Holmes kind of character - the cool, interesting calls got conferenced to me. After a while, the "cool interesting calls" kept having the same questions over and over and over.
I made a webpage with the most frequent problems our users had, and easy tests to check for them, with links of what to do to fix them. One test, for instance, uses Javascript to display the user's system time in a window on the webpage. This actually checks 3 things - are we a "trusted site", do they have javascript enabled, and is their clock accurate (check that year, guys) - any of which being wrong will prevent the user from using our financial data site.
Make it easy - "Can you see the big red star? How about the small blue star?" First is served unencrypted, second has 128-bit or better encryption on it. If they can see one but not the other, "click here". If you can't see either, "click over here", that sort of thing.
The number of BS calls I got from the first & second-level folks has dropped dramatically since I set this up - every once in a while I add another test (it's up to 7 or 8 now), and it's used a lot.
Give the poor bastards in the call center the tools to fix it well _and_ quickly, and even the most pointy-haired of bosses should recognize that that's a good thing. Push it with a call-time reduction slant if they're that sort of boss, or if they actually give a spit about customers, use the customer-sat side of the argument. Or, you can just keep complaining about it...
...and yet, there are people (myself included) who are at this time poking around some site called salon.com, which I was previously unaware of. They might even get a subscriber or ten out of this, who knows.
Now I start receiving spams that come with a nice big attached image
At least you have something to train your filters to recognize...
Can we start public exections of spammers now? Pretty please?
...and call their distro "Butthead Astronomer".
There's a lead industry? And it has influence in washington?
... lead. Drive your car to the doctor to get an Xray, the apron they put over you to cover your "radiologically sensitive glands" is made of ... lead. You go home & turn on the TV, which shields
you from radiation from the CRT with, guess what, lead. And so on, and on, and on.
Of course there's a lead industry. You're using a computer, and the components are soldered to the board with...lead. Get up from your desk to go take a drink, and unless your building is less than 5 years old, the pipes are held together with...lead. Get in your car, and the battery works because most of it's weight is
Yes, there's a special interest group for the lead industry. Oddly enough, if they weren't standing up for that industry, we'd have government mandates imposed upon us which have no foundation in reality, like the ill-advised "rip out the asbestos floor tiles" craze in the 90's.
It's a case of a "special interest group" that you're not even aware of, that has a positive effect on your everyday life. Next time you hear someone whining about lobbyists and special interest groups, think for a bit just what the big picture might be.
Um... Women don't have a Y chromosome.
Well...occasionally they do, if you know what I mean, and I think you do...
Wake me up when we get to Z-windows...
As we know, Microsoft applications are consistantly attacked because of its large market share and the damaging effect that the security holes in it have.
You're partly right. Microsoft applications _are_ consistantly attacked. The reason you propose as a given is wrong, though; it's not about market share, it's about fundamental design flaws making Microsoft's products inherently insecure.
Open source is checked by many eyes for security and other problems; MS products are only inspected in that way when, ahem, the code is leaked. If you think that an open-source developer who submitted a security backdoor or similar bug wouldn't be noticed, then I would have to question your experience with open-source development is limited.
If its the same as or higher than the direct route, then this "breakthrough" isn't all that great.
The nice thing about figuring out what takes more energy than it produces, is to look at the market price of the consumed vs. the produced goods. The abstract thing called "money" has taken all of these factors into consideration, and the relative prices of the two reflect the inherent costs & values.
In other words, if corn can be profitably farmed, then by definition, it costs less to grow it than it's worth, and is a viable source.
Basically, you're using the corn as a gathering mechanism for solar energy, putting it into a transportable object with decent power density.
If the "waste" heat from this process could be used to warm the building it's supplying H2 for, then it's not really wasted, which could boost the effective efficiency as well.
I mentioned that yesterday and was called some sort of IP alarmist. THIS IS SERIOUS - if you now or in the future contribute your own IP to the open-source world, don't look at Microsoft's source code. You won't learn anything useful, and more importantly, you need to be able to truthfully say "I've never seen it, and specifically and intentionally avoided getting a copy of it or looking at it".
The odds of coming up with something vaguely similar to their stuff is high enough that it's not worth being accused of copying their work. The best defense against such an accusation is to have never seen their work.
If I were a tinfoil-hat kind of person, I'd wonder if this isn't some sort of SCO-ish related thing.
This is actually very good advice. There's probably not a lot of "Wow, that's a great way to do things" in there, and you certainly don't want to be in the position someday of sitting in a courtroom with a bunch of MS lawyers, explaining how even though you downloaded a copy of it, the work you produced since isn't derived from their IP.
It wouldn't be the first company to pull someting silly like that, after all...
Where were all these businesses years ago when Linux started? Didn't Linux start pretty much underground, by a bunch of nerds and geeks? Who cares of any of the FUD sticks?
Y'know, it's all well and great to be an underground Linux hacker. I learned alot about it that way, but didn't start all that early (RedHat 4.something was my first). However, to roll over and let McBride and company (or more likely, the people pulling his strings) succeed in driving it underground don't do me a bit of good, or you a bit of good.
Linux won't go away, but if the doubts linger, I will continue to not be able to use it as much as I want to, and people like this AC who don't care as long as it doesn't affect them are not helping. It's a damn fine tool; not the best, perhaps, but I'm not willing to let some litigious bastard and people who are too cowardly to even put their names with their opinions deprive me of it.
If you want to keep using it, but aren't even willing to say who you are, then your opionion is worse than useless.
When the heck will SCO learn that they are fighting and already lose the game.
You think that their goal is to win a lawsuit. I disagree; I think their goal is to cast FUD on the GPL specifically, and open-source in general.
I mean they are sueing over Code similarities.... It's the Same thing as bill gates patent of binary Numbers (0,1) it's not going to happen.
Exactly. They're not stupid, they know that they have no case. Therefore, winning isn't their goal. Even if they lose, the FUD that they've spread is going to stick, even if it's just a little bit. I can't even propose linux-based projects because my employer (a fortune-50 insurance company) doesn't want the hassle. The FUD is working already.
IMO - I think they should just give up, and distribute what $ they have left, and go away from the world of computing.
If they just go away, the FUD sticks. If they get bought out, the FUD sticks. If they get shot down legally in no uncertain terms, some of the FUD will _still_ stick. Their goal isn't to win money, their goal is to try to destroy or cripple the Open Source Software community.
When one's enemies' actions are illogical, it makes sense to re-evaluate what that enemy's goals might be.
GE's software may suck. I don't know. I've never seen it. I am suspicious of people who attempt to hide their own negligence by blaming a third party.
I've seen it, and worked in software engineering at GE (not in Power Systems, though). Like any other place, you have some brain-deaded code monkeys and lots of good people. Sometimes a BCM is promoted to management, and you get crappy or nonexistant code reviews. Just like anywhere else.
It's interesting that GE has been touting Six Sigma as a way of insuring that this sort of thing can't happen, yet trying to apply statistical quality analysis to software development is inherently doomed; it's like trying to measure the color of the wind or the temperature of music; it's a measuring tool that doesn't work on the same anything as that which is trying to be measured. So, the six-sigma projects in software development tend to be very, very indirect measurements of anything useful, let alone code stability and quality.
It's a software bug, plain and simple, and it's got the GE Meatball plastered all over it; no point in trying to shift blame when they sold and controlled it.
I'm sorry, but when I tried to raise this question to people at different offices where I saw the recorders being used, they didn't even know what a WAV file was. And cared less.
.mp3 or a .wav or a .au file, and/or how you create the checksum, but they do understand the concept of preserving the integrity and chain of evidence.
Did you approach them from a techie standpoint, or from a cop standpoint? They understand "Yes, this print matches, but how do you prove it's the print from the scene". Draw the analogy to "Yes, this is a recording, but how do you prove it's the recording from the confession"? They understand documenting how (item) has been handled from (place in time) to (place in time). The method to verify digital data is a digital fingerprint, which us geeky types call a "checksum". If you explain it at the level that the *right* person can understand, you're fine. The cop on the street, yeah, they don't know or care if it's an
If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.
And yet, with a simple md5 checksum or any other of dozens of other techniques, such a change is impossible to make undetectable. The chain of evidence would need to show that at time of recording the md5 checksum of the file was 258c2891488526d239077559ae4fabab, and that the md5 checksum of the current file is still the same. Show the chain is intact, you've got that part of it covered. Get some mathematician to explain to the sheep of the jury that these are better odds than DNA, hell, call it "Digital Fingerprint" or something, and get on with the case.
Demonstrate this, since they won't get it from the math guy, by taking an image, changing a single pixel, and recalculating the checksum showing that it changes entirely. Don't _tell_ them, _show_ them that if you change the digital information, the "Digital Fingerprint" changes drastically.
Anyone want to buy a signed printout of this comment? Only $0.02!
Do you take PayPal?
Something tells me I'm going to be seeing a lot bigger firewall logs in the future, as this catches on.
I met one once at an Open Source conference and when you ask him what he does he very plainly states "I'm a spammer".
I am a fairly mellow person, but boy, if I ran into one of these guys, I'd have a hard time not just taking a (physical) jab at them. I'm very sure I wouldn't (be able to | want to) stop myself from giving a very blunt verbal response.
Long ago, there was a cracker in Milwaukee (early 1980's) who made it to the cover of Time Magazine. I ran into him a few years later, and the only question I could come up with was "Why aren't you in jail?"
He wasn't amused. Onlookers were. I think that means I won that interaction, right?
So, write something useful then. Easy problem to solve, isn't it.