That sounds like and good incentive to encourage people to try out linux, but does that truly reflect the cost of XP? Is XP even worth 8GB of solid state memory?
And wait until people figure out how easy it is in a Eee PC with Linux to NFS mount a drive to their older PCs running Linux with new 500GB drives.
mount 192.168.1.10:/home/movies/movies cp/home/movies/hackers.mp4/movies
And if the newer 32GB USB drives are not enough as an adjunct, Seagate has even bigger portable drives. These are like portable DVD players, music juke boxes and PCs all in one.
Your shop may be small enough to avoid attention, but allowing users to install their own software could put a company in hot water fast.
While this is true, your average I/T department is powerless and in shambles. I/T departments as we know it are gone or going. Many business are not want to properly fund it any more.
That being said, I know your point. Users will buy one copy of MS-Office and next thing you know 25 users will be using the same key/license. Then they will kick I/T some more and blame them when they get caught.
BTW, I am not against this, just hoping management puts the blame where it belongs.
Smart people with better options leave. wow who would have thought that would happen. next on slashdot, all about how water is wet.
Not necessarily do all smart people leave but granted many do. If you know it is coming, why not stay and get the severance package? Then get a job elsewhere? Seriously, executives do it all the time. Why should not the line and file technical grunt do it?
How is the sale of a Canadian company to US interests ever a net benefit for Canada? I've lost track of the companies that used to be Canadian owned, even a part of Canada's national identity (Tim Hortons), that have been sold off to make a penny.
Gets them off the government dole. Gets them out of the taxpayers pockets.
The Parent is, in fact, insightful. If you refute RIAA and their minions' claim that they should be allowed to (and is able to) pick out illegal file sharers based on IP address, you can't turn around and use IP address evidence to prove that MediaSentry defied the court order.
I think you can. If you see a TCP IP session going from one IP to another. You can assume which network originated it because of routing. You can in fact be pretty sure the network was the source, just not which person/PC it came from. Only that someone had access.
For example, if I was a student, evil one at that. I could scan out the IPs on the network. MS-Windows being noisy, just listen, get the MAC addresses. When I can't ping them, I change my MAC to theirs and join the network with their IP, in fact masquerading as them. Download the stuff. Then disconnect. RIAA comes and gets the wrong person.
You must catch them in the act to be sure. As I could also break into their PC, drop of say 50 tunes, or turn their system into a proxy.
And these pranks at any school I know, do happen.
Now you can prove the network, but not who did it. You know which network someone was using.
The same can be said about MediaSentry. If it came from their network, you can verify that, but cannot tell which PC/person inside did it.
How many power supplies are required? Does it come with a 12 KV step-down transformer and 220V three-phase power hookup? Can I heat the basement with it?
Funny yes. Has some truth, definitely. The watts that go into some of these GPUs is more than the processor, or so it seems.
Me, I am opting for the ones without fans, they are quieter and less to go wrong.
With centralized control, all of those are simple. Once you start allowing users to choose what to run, how to configure it and so forth, all of those become major issues.
Your point is very true.
But if your like an organization I just worked for, cutting "IT" costs is more important than overall "Organization" costs. Not even getting into costs of availability and service levels.
But in a weird sort of way, I can see this trend towards more responsibility to the user. It makes sense.
We should run our I/T departments as profit or break even centers, charging for the OS reloads from spyware and mitigation. We should charge departments a per seat cost of internet access. Excessive bandwidth users get surcharges. Your user IDs and password changes should be on a charge back basis. That way the department manager is motivated to address the issues or it will cost them. PCs and software, charged back or they can't load it. When a department refuses to pay for a service, you turn off the service. Easy to do and would go a long way to make I/T a better place to work.
There is a huge advantage to this too. The business units will have their real costs reflected back to their budget line. Many business units look profitable on paper as they do not reflect their real costs of operation. I have been in both such environments, and charge back environments works well as it also factors in service, no pay no services. And stops the mindless squeeze and organizational issues with it.
It is also why I like outsourcing and consulting in this business. Most companies don't have the executive leadership for I/T and technology, they shouldn't even try.
Sooner or later this will be printed in CIO mag or the latest thrust.
Canadian barley is well under $1.00 CDN bushel. And a bushel makes a lot of beer.
Are you sure it isn't taxes? In Canada at 75% of the cost of a beer is pure taxes. Sort of a situation where starve the farmer but line the pockets of government.
The inevitable result is a race to the bottom. Buyers will reason they might was well buy cheap, because they at least know they're saving money, rather then paying for quality and likely not getting it.I cheat. I ask the storage administrators I know. One place I know is really good, they see drives from everywhere. You get a feeling on which drives are better than others. About 5-7 years ago one manufacturer really messed up, gaining a nickname "death....". I still don't buy them today. Another I stopped buying went out of business years ago.
But I would include all CxO positions, CEO, CIO, CTO, CFO and even senior VPs. It is a big plutocratic aristocratic type of club. And when their reputations go south, they get to sit on boards of directors.
We'll only start deploying Vista when Microsoft gives us clarity on the Win7 timeline, or when we conclude that Vista support will be less expensive than XP to support, or when we feel that we need to start converting to meet Microsoft's XP retirement plans.
Or if you get tired of waiting and delays. Try Linux...seriously. If you hate RedHat, try SUSE or Ubuntu, they actually do work together. Runs so of nice on these new machines you thing you had a cray at your fingertips. OpenOffice can do 99% of anything M$-Office can do, just that OO does it cheaper.
If Microsoft adopted the above ideas, I'm sure. I would LIKE to buy a copy. "Windows X. Compatible with everything".
Microsoft isn't going to adopt the above ideas until they have to for survival. They make too much money on lock'n'load their coffers. (so far)
But then on the other hand, M$ could just grab a SUSE, RedHat or other distro and call it MSXL-Windows and they go. It would address every concern you have and they know their MS-Windows code base is mess. And I suspect someday they will.
Hey, this is about making Bill even richer, milk the momentum for as much as you can. Who is kidding who. Milk the MS-Windows sources repackage them until people jump. Then MS will jump to Linux or perhaps buy SCO for the USL license when it is time to rebuild Microsoft.
Linux isn't Windows. Some of the shit you're used to on Windows isn't going to work under Linux. If you can't deal with that, stop complaining and just use Windows.
He does however show that many users are inflexible. And it is mostly perception based. If a XP user thinks they don't have to learn and gets Vista, they be in for a big surprise. I figure XP to Vista and XP to Linux is about the same, in fact, some Linux distros seem to be cleaner and easier to find menus.
And I know of no business related task that the likes of Vista can do that Linux cannot, absolutely none.
What I see driving the costs are corporate cutbacks. Oh yea, we haven't seen the articles in a big way but corporate north America is in a recession and chopping where they can. They are looking at the $1000+ software for the desktop and are just rubbing their hands for the savings.
they will release it, but it will just be a repackaged version of xp. They probably want to switch back to it without anyone really knowing. It like the "new coke"
Brilliant actually. Lets see, you buy a PC at Best Buy and can only get Vista on it. So you go to another shop, and buy a copy of XP and install it. So far a double dip.
Now, next year you shell out more cash and will want to upgrade to Win7. The triple dip, Brilliant.
We already run this way at where I work. We're a small place and there's no in-house IT department. If one of us in development needs more ram or a new harddrive, the procedure is to go buy it and install it yourself and give management the bill. Nearly everyone is savvy enough to handle this on their own, and if you aren't its easy enough to ask someone to help you.
You my friend are working for an enlightened organization. If more companies adopted this they would save trillions. I/T today now has become butt kissers to the inept and dysfunctional of an organization. They load spyware, bots and crap on their PC and blame I/T in fits of irrational rage. They treat their PCs worse than their dogs, often ignored and abused, I/T treatment is worse. They watch porn during the day, while managing other people and bitch because bandwidth isn't enough. Managers ignore the pleas from I/T, cut the crap and do business. Managers fail to deal with the issues on their own employees are doing and keep on pissing on I/T for bad employees. Maybe they too are just too stupid to know?
Time to cut the employees on their own. Like car mechanics, give them a $1000/year to buy their own tools and maintain them. Thus they may take care of them and realize the CD/DVD player is not a coffee cup holder. At the network switch, when they get puss infected with the Trojan of the day, cut their MAC address of and cite, "You are endangering the company and are cut off until you fix your PC. We suggest you reinstall and add AV and good practices as well as patch up. This will help us in enabling your PC to again communicate. A report has been sent to you manager, and their manager on your activities abuse in the system. It has also been added to your personnel file for the annual review".
Oh if management only knew the crap that specific people do...I/T systems have the dope. Management has their head stuck up their asses for not using it. Yet beat people up on the production floor for 10 cents an hour while the boss watches porn.
If you are a CEO, and you want to know who to lay off that isn't adding value, look at you companies firewall logs and proxy servers. They have nice lists of the people that have too much time and mischief on their minds to be valued employees. Warning though, you many find the CFO or the CIO watching the competitors stock more than your own.
I work for a dysfunctional company, just waiting for the severance, perhaps 2 months away from asking my best friend and my boss to lay me off. I hope to do better next time.
Forget about the ISO. Send your emails to your antitrust authority instead. I doubt the US will do anything, but the EU might.
If the anti-trust people wanted to do anything, they would have done it a long time ago. Now I am not normally a conspirator type, but MS smacks of it like dripping wet.
My suspicions is Microsoft is allowed to bypass anti trust by the US government goes back in time to NSAKey. The government deliberately overlooks and actually endorses Microsoft's monopoly in the in as so long as it provides the US intelligence community the back doors to your desktop and servers. Think, you register your computer, the CPU ID and OS keys go out, they evn know where you traveled and when! Microsoft is not alone in this, Sun and IBM also have call home features. It would not be too hard to say if customer 23BCD-3WEK-FU---... called in for updates to slip in a back door. Maybe that is why MS even wants the AV business, to make sure it's tools don't get filtered.
Now they put out MOOXML, with enough ambiguity they have a proprietary standard trying to make if difficult for vetted software to compete....
To me, MOOXLM is like RS422, no one used it. And I don't expect the US government to enforce their anti-trust laws with Microsoft. Bundling is condoned as long as it is MS.
As for me, I will never, as long as I live, purchase any product manufactured by Rambus or any of its subsidiaries, and as soon as the dust settles and the industry has time to move to a Rambus-patent-free memory technology, that permanent blacklisting will be expanded to any products that license any technology from Rambus or any of its subsidiaries.
Lets hope this is April fools day joke.
In any case, pretty easy to avoid Rambus memory products, too expensive and incompatible with the systems I like. Will join you in the black list commitment. Or at least until I can get 16GB stick for $25. That is, if Rambus decides to produce anything.
I don't see how a script kiddy running 0day exploits on a box is in any way related to the total end point security, or security of the OS. Seems all he did was take inventory of the box -- realize flash was vulnerable and exploited it. Could've happened to any OS -- Ubuntu included -- that provides its end users with insecure software. Seems like trivial marketing fluff -- setup to spur stupid religious wars.
While you are correct, it could have happened to any box...ponder this thought.
I guess Vista's process separation isn't so separate after all. Maybe on Ubuntu process separation did work. Trouble is if you try to go out of process bounds in Linux, you will get an exception and the OS will terminate the process.
In Vista, they must have found a way to get out of the flash process space, into the OS without the Cancel/Allow Continue/Cancel prompts to control the box. Then they have the systems. Remember, they have to do more than just crash or execute a few bytes, they must pwn the system.
Looks like Vista has similar holes to it's predecessors. Go figure.
I realise Slashdot is as anti-Microsoft as they come, but it's still surprising to see the same FUD about IE still being spewed 10+ years after it was shown to be false.
Oh MS one, then how did they bypass Cancel/Allow or Continue/Cancel?
What's the betting that the Linux and MacOS versions of Flash are also vulnerable to this 0day?
I don't know the details, when released there will be some good write ups on this.
But the flash player might be vulnerable in all 3 is definitely possible. The difference though is in how UNIX/linux would have a clear process separation between the flash process, the user application and the operating system which in MS-Windows is not so. It could be as simple as the browser too, say chrooting the flash player - so what if you crash it or break into nothing. You need to Pwn20wn it.
In any case, they found a way to avoid Cancel/Allow and Pwn20wn they went.
First, given the popularity of some of their chip sets, this probably isn't bad. Quite a few systems out there with the 6100 and 6150 UMA chipsets. And what about the other 71.2 %
Could be the UMA in Vista is unstable? I am using a 8500 GT and I haven't crashed once. No UMA in use though. I question those running UMA for Video on Vista, Vista needs a beefy video.
I do have slow disks, slow network I/O and slow... but no video issues. And the best part is that it also works with Linux/Solaris. (8500GT).
And the other 95% use OOXML, in that case, OpenDocument is a total waste of time.
I believe those numbers are optimistic. Most home users I know are using OpenOffice and saving ODF at home. It might be because I help them install it. At work, we now have been allowed to use it. And enough commitment to ODF that it will survive and if MS pushes MOOXML down peoples throats, might go with ODF. Why get caught into lock in and associated vender quirks if you do not need to?
But this editor is a whacko and aught to removed for editing for ODF and work for his real employer, Microsoft.
So, it looks like the old "We don't have to interoperate" arrogance is still going strong at Microsoft. Let's see if they still think that way in another ten years.
Then I guess our decision to use VMWare is going to be a good one.
Now that we decided Mercury is no longer so green, lets move on to LEDs.
LEDs, one way to make them is with arsenic. Now one diode of arsenic is nothing, put billions in the dump, let the plastics rot a bit and...
Now before we jump in this time like a mad heard of bison off a cliff, and almost ban previous source of like like Canada was almost going to do, lets think about the whole life cycle of the light source...and the end outcome before we leap.
This isn't to say I am against LEDs, I think if we look at it seriously, without the mindless green hype, lets settle on a technology that is really environmental friendly and economical.
That's why the ol' security maxim of basing authentication on "something you have and something you know." a.k.a. multi-factor authentication. It's a lot harder to social engineer something they have away from someone.
Makes me wonder too, with cheap card readers, the something you have is like a car key. And yet, trying to get it in use is hard. It is like management wants the unnecessary risk. Or perhaps it is no one has the guts to tell the users this is how we do it.
Getting push back too with new portables. $9 extra and you can have whole drive encryption for the HR people carting around out SSNs. "But they do not want to change!", but I wonder if management even asked them too.
I know know why Pearl Harbors have to occur. But management will not see it that way, they will look for goats to sacrifice.
Slashdot Mirror
That sounds like and good incentive to encourage people to try out linux, but does that truly reflect the cost of XP? Is XP even worth 8GB of solid state memory?
And wait until people figure out how easy it is in a Eee PC with Linux to NFS mount a drive to their older PCs running Linux with new 500GB drives.
mount 192.168.1.10:/home/movies /movies /home/movies/hackers.mp4 /movies
cp
And if the newer 32GB USB drives are not enough as an adjunct, Seagate has even bigger portable drives. These are like portable DVD players, music juke boxes and PCs all in one.
Your shop may be small enough to avoid attention, but allowing users to install their own software could put a company in hot water fast.
While this is true, your average I/T department is powerless and in shambles. I/T departments as we know it are gone or going. Many business are not want to properly fund it any more.
That being said, I know your point. Users will buy one copy of MS-Office and next thing you know 25 users will be using the same key/license. Then they will kick I/T some more and blame them when they get caught.
BTW, I am not against this, just hoping management puts the blame where it belongs.
Smart people with better options leave. wow who would have thought that would happen. next on slashdot, all about how water is wet.
Not necessarily do all smart people leave but granted many do. If you know it is coming, why not stay and get the severance package? Then get a job elsewhere? Seriously, executives do it all the time. Why should not the line and file technical grunt do it?
Gets them off the government dole. Gets them out of the taxpayers pockets.
The Parent is, in fact, insightful. If you refute RIAA and their minions' claim that they should be allowed to (and is able to) pick out illegal file sharers based on IP address, you can't turn around and use IP address evidence to prove that MediaSentry defied the court order.
I think you can. If you see a TCP IP session going from one IP to another. You can assume which network originated it because of routing. You can in fact be pretty sure the network was the source, just not which person/PC it came from. Only that someone had access.
For example, if I was a student, evil one at that. I could scan out the IPs on the network. MS-Windows being noisy, just listen, get the MAC addresses. When I can't ping them, I change my MAC to theirs and join the network with their IP, in fact masquerading as them. Download the stuff. Then disconnect. RIAA comes and gets the wrong person.
You must catch them in the act to be sure. As I could also break into their PC, drop of say 50 tunes, or turn their system into a proxy.
And these pranks at any school I know, do happen.
Now you can prove the network, but not who did it. You know which network someone was using.
The same can be said about MediaSentry. If it came from their network, you can verify that, but cannot tell which PC/person inside did it.
How many power supplies are required? Does it come with a 12 KV step-down transformer and 220V three-phase power hookup? Can I heat the basement with it?
Funny yes. Has some truth, definitely. The watts that go into some of these GPUs is more than the processor, or so it seems.
Me, I am opting for the ones without fans, they are quieter and less to go wrong.
With centralized control, all of those are simple. Once you start allowing users to choose what to run, how to configure it and so forth, all of those become major issues.
Your point is very true.
But if your like an organization I just worked for, cutting "IT" costs is more important than overall "Organization" costs. Not even getting into costs of availability and service levels.
But in a weird sort of way, I can see this trend towards more responsibility to the user. It makes sense.
We should run our I/T departments as profit or break even centers, charging for the OS reloads from spyware and mitigation. We should charge departments a per seat cost of internet access. Excessive bandwidth users get surcharges. Your user IDs and password changes should be on a charge back basis. That way the department manager is motivated to address the issues or it will cost them. PCs and software, charged back or they can't load it. When a department refuses to pay for a service, you turn off the service. Easy to do and would go a long way to make I/T a better place to work.
There is a huge advantage to this too. The business units will have their real costs reflected back to their budget line. Many business units look profitable on paper as they do not reflect their real costs of operation. I have been in both such environments, and charge back environments works well as it also factors in service, no pay no services. And stops the mindless squeeze and organizational issues with it.
It is also why I like outsourcing and consulting in this business. Most companies don't have the executive leadership for I/T and technology, they shouldn't even try.
Sooner or later this will be printed in CIO mag or the latest thrust.
Canadian barley is well under $1.00 CDN bushel. And a bushel makes a lot of beer.
Are you sure it isn't taxes? In Canada at 75% of the cost of a beer is pure taxes. Sort of a situation where starve the farmer but line the pockets of government.
The inevitable result is a race to the bottom. Buyers will reason they might was well buy cheap, because they at least know they're saving money, rather then paying for quality and likely not getting it. I cheat. I ask the storage administrators I know. One place I know is really good, they see drives from everywhere. You get a feeling on which drives are better than others. About 5-7 years ago one manufacturer really messed up, gaining a nickname "death....". I still don't buy them today. Another I stopped buying went out of business years ago.
I know google collects these stats but getting the inside on it is tough. But here is a glimpse of what they have.
Heh... I guess I'm more cynical or something.
No, not cynical. Perhaps realistic.
But I would include all CxO positions, CEO, CIO, CTO, CFO and even senior VPs. It is a big plutocratic aristocratic type of club. And when their reputations go south, they get to sit on boards of directors.
We'll only start deploying Vista when Microsoft gives us clarity on the Win7 timeline, or when we conclude that Vista support will be less expensive than XP to support, or when we feel that we need to start converting to meet Microsoft's XP retirement plans.
Or if you get tired of waiting and delays. Try Linux...seriously. If you hate RedHat, try SUSE or Ubuntu, they actually do work together. Runs so of nice on these new machines you thing you had a cray at your fingertips. OpenOffice can do 99% of anything M$-Office can do, just that OO does it cheaper.
Microsoft isn't going to adopt the above ideas until they have to for survival. They make too much money on lock'n'load their coffers. (so far)
But then on the other hand, M$ could just grab a SUSE, RedHat or other distro and call it MSXL-Windows and they go. It would address every concern you have and they know their MS-Windows code base is mess. And I suspect someday they will.
Hey, this is about making Bill even richer, milk the momentum for as much as you can. Who is kidding who. Milk the MS-Windows sources repackage them until people jump. Then MS will jump to Linux or perhaps buy SCO for the USL license when it is time to rebuild Microsoft.
He does however show that many users are inflexible. And it is mostly perception based. If a XP user thinks they don't have to learn and gets Vista, they be in for a big surprise. I figure XP to Vista and XP to Linux is about the same, in fact, some Linux distros seem to be cleaner and easier to find menus.
And I know of no business related task that the likes of Vista can do that Linux cannot, absolutely none.
What I see driving the costs are corporate cutbacks. Oh yea, we haven't seen the articles in a big way but corporate north America is in a recession and chopping where they can. They are looking at the $1000+ software for the desktop and are just rubbing their hands for the savings.
they will release it, but it will just be a repackaged version of xp. They probably want to switch back to it without anyone really knowing. It like the "new coke"
Brilliant actually. Lets see, you buy a PC at Best Buy and can only get Vista on it. So you go to another shop, and buy a copy of XP and install it. So far a double dip.
Now, next year you shell out more cash and will want to upgrade to Win7. The triple dip, Brilliant.
We already run this way at where I work. We're a small place and there's no in-house IT department. If one of us in development needs more ram or a new harddrive, the procedure is to go buy it and install it yourself and give management the bill. Nearly everyone is savvy enough to handle this on their own, and if you aren't its easy enough to ask someone to help you.
You my friend are working for an enlightened organization. If more companies adopted this they would save trillions. I/T today now has become butt kissers to the inept and dysfunctional of an organization. They load spyware, bots and crap on their PC and blame I/T in fits of irrational rage. They treat their PCs worse than their dogs, often ignored and abused, I/T treatment is worse. They watch porn during the day, while managing other people and bitch because bandwidth isn't enough. Managers ignore the pleas from I/T, cut the crap and do business. Managers fail to deal with the issues on their own employees are doing and keep on pissing on I/T for bad employees. Maybe they too are just too stupid to know?
Time to cut the employees on their own. Like car mechanics, give them a $1000/year to buy their own tools and maintain them. Thus they may take care of them and realize the CD/DVD player is not a coffee cup holder. At the network switch, when they get puss infected with the Trojan of the day, cut their MAC address of and cite, "You are endangering the company and are cut off until you fix your PC. We suggest you reinstall and add AV and good practices as well as patch up. This will help us in enabling your PC to again communicate. A report has been sent to you manager, and their manager on your activities abuse in the system. It has also been added to your personnel file for the annual review".
Oh if management only knew the crap that specific people do...I/T systems have the dope. Management has their head stuck up their asses for not using it. Yet beat people up on the production floor for 10 cents an hour while the boss watches porn.
If you are a CEO, and you want to know who to lay off that isn't adding value, look at you companies firewall logs and proxy servers. They have nice lists of the people that have too much time and mischief on their minds to be valued employees. Warning though, you many find the CFO or the CIO watching the competitors stock more than your own.
I work for a dysfunctional company, just waiting for the severance, perhaps 2 months away from asking my best friend and my boss to lay me off. I hope to do better next time.
Forget about the ISO. Send your emails to your antitrust authority instead. I doubt the US will do anything, but the EU might.
If the anti-trust people wanted to do anything, they would have done it a long time ago. Now I am not normally a conspirator type, but MS smacks of it like dripping wet.
My suspicions is Microsoft is allowed to bypass anti trust by the US government goes back in time to NSAKey. The government deliberately overlooks and actually endorses Microsoft's monopoly in the in as so long as it provides the US intelligence community the back doors to your desktop and servers. Think, you register your computer, the CPU ID and OS keys go out, they evn know where you traveled and when! Microsoft is not alone in this, Sun and IBM also have call home features. It would not be too hard to say if customer 23BCD-3WEK-FU---... called in for updates to slip in a back door. Maybe that is why MS even wants the AV business, to make sure it's tools don't get filtered.
Now they put out MOOXML, with enough ambiguity they have a proprietary standard trying to make if difficult for vetted software to compete....
To me, MOOXLM is like RS422, no one used it. And I don't expect the US government to enforce their anti-trust laws with Microsoft. Bundling is condoned as long as it is MS.
As for me, I will never, as long as I live, purchase any product manufactured by Rambus or any of its subsidiaries, and as soon as the dust settles and the industry has time to move to a Rambus-patent-free memory technology, that permanent blacklisting will be expanded to any products that license any technology from Rambus or any of its subsidiaries.
Lets hope this is April fools day joke.
In any case, pretty easy to avoid Rambus memory products, too expensive and incompatible with the systems I like. Will join you in the black list commitment. Or at least until I can get 16GB stick for $25. That is, if Rambus decides to produce anything.
I don't see how a script kiddy running 0day exploits on a box is in any way related to the total end point security, or security of the OS. Seems all he did was take inventory of the box -- realize flash was vulnerable and exploited it. Could've happened to any OS -- Ubuntu included -- that provides its end users with insecure software. Seems like trivial marketing fluff -- setup to spur stupid religious wars.
While you are correct, it could have happened to any box...ponder this thought.
I guess Vista's process separation isn't so separate after all. Maybe on Ubuntu process separation did work. Trouble is if you try to go out of process bounds in Linux, you will get an exception and the OS will terminate the process.
In Vista, they must have found a way to get out of the flash process space, into the OS without the Cancel/Allow Continue/Cancel prompts to control the box. Then they have the systems. Remember, they have to do more than just crash or execute a few bytes, they must pwn the system.
Looks like Vista has similar holes to it's predecessors. Go figure.
I realise Slashdot is as anti-Microsoft as they come, but it's still surprising to see the same FUD about IE still being spewed 10+ years after it was shown to be false.
Oh MS one, then how did they bypass Cancel/Allow or Continue/Cancel?
What's the betting that the Linux and MacOS versions of Flash are also vulnerable to this 0day?
I don't know the details, when released there will be some good write ups on this.
But the flash player might be vulnerable in all 3 is definitely possible. The difference though is in how UNIX/linux would have a clear process separation between the flash process, the user application and the operating system which in MS-Windows is not so. It could be as simple as the browser too, say chrooting the flash player - so what if you crash it or break into nothing. You need to Pwn20wn it.
In any case, they found a way to avoid Cancel/Allow and Pwn20wn they went.
First, given the popularity of some of their chip sets, this probably isn't bad. Quite a few systems out there with the 6100 and 6150 UMA chipsets. And what about the other 71.2 %
Could be the UMA in Vista is unstable? I am using a 8500 GT and I haven't crashed once. No UMA in use though. I question those running UMA for Video on Vista, Vista needs a beefy video.
I do have slow disks, slow network I/O and slow... but no video issues. And the best part is that it also works with Linux/Solaris. (8500GT).
And the other 95% use OOXML, in that case, OpenDocument is a total waste of time.
I believe those numbers are optimistic. Most home users I know are using OpenOffice and saving ODF at home. It might be because I help them install it. At work, we now have been allowed to use it. And enough commitment to ODF that it will survive and if MS pushes MOOXML down peoples throats, might go with ODF. Why get caught into lock in and associated vender quirks if you do not need to?
But this editor is a whacko and aught to removed for editing for ODF and work for his real employer, Microsoft.
ODF is not a waste of time.
So, it looks like the old "We don't have to interoperate" arrogance is still going strong at Microsoft. Let's see if they still think that way in another ten years.
Then I guess our decision to use VMWare is going to be a good one.
Now that we decided Mercury is no longer so green, lets move on to LEDs.
LEDs, one way to make them is with arsenic. Now one diode of arsenic is nothing, put billions in the dump, let the plastics rot a bit and...
Now before we jump in this time like a mad heard of bison off a cliff, and almost ban previous source of like like Canada was almost going to do, lets think about the whole life cycle of the light source...and the end outcome before we leap.
This isn't to say I am against LEDs, I think if we look at it seriously, without the mindless green hype, lets settle on a technology that is really environmental friendly and economical.
That's why the ol' security maxim of basing authentication on "something you have and something you know." a.k.a. multi-factor authentication. It's a lot harder to social engineer something they have away from someone.
Makes me wonder too, with cheap card readers, the something you have is like a car key. And yet, trying to get it in use is hard. It is like management wants the unnecessary risk. Or perhaps it is no one has the guts to tell the users this is how we do it.
Getting push back too with new portables. $9 extra and you can have whole drive encryption for the HR people carting around out SSNs. "But they do not want to change!", but I wonder if management even asked them too.
I know know why Pearl Harbors have to occur. But management will not see it that way, they will look for goats to sacrifice.