Umm, those large corporate customers that wanted patch Tuesday, so they can test their huge suite of in-house-developed apps against all the patches at once *DO* have machines running WSUS.
Testing is a huge issue. Rolling out the patches isn't. If the testing takes 2 weeks, and MS releases a new patch every other day for 10 days, they don't want to suddenly have 10-weeks worth of testing in the pipeline. They want to do it all at once.
Reality check:
Often hackers do come out with new novel exploits for unknown (to the public) bugs. Most often these days, when a new bug is found either by MS or a responsible security hacker (who tells MS about it and gives them a reasonable amount of time to create/test a patch before releasing details to the public), the hackers leap on the new patch, do a diff on the system between a newly patched and unpatched system, and reverse-engineer a bug to expoit unpatched machines. They then release the exploit to that vulnerablity, and make bot-nets out of unpatched boxes.
By releasing patches as each becomes available, you create that huge ugly pipeline for the corporate folks to deal with, so if they want to wait on testing until a few patches accumulate, some of those exploits have now been released way way before testing gets done (or even started), and their machines get nailed. By releasing them monthly, you narrow down that time-window of exploitable machines to two-weeks or less for that company.
And if an in-the-wild exploit is found for something, MS does often release an out-of-cycle patch, so that folks can patch as soon as the patch is available.
You always wondered? You must be fairly new to IT. MS switched to that format well within the past 10 years. I think it was around 5 years ago. Before that they released them as each was finished.
As for why they do them that way now, their large corporate customers asked them to. In large corporate settings there are often lots and lots of in-house-developed applications the company runs. Each time a new patch comes out, the IT dept must go through a lengthy (sometimes several weeks) process of testing the new patch, on test beds of the various models/configurations of computers the company uses, to make sure it doesn't break any of those apps, or any other purchased applications. They often run into many bugs/conflicts that MS doesn't in their testing.
If MS comes out with a patch, the company starts testing it out, then 3 days later MS comes out with another patch, the big corp now has multiple cycles of testing trying to go on at the same time, using up tons of IT resources, backing things up in the pipeline. If their testing cycle is 2 weeks, and MS releases 6 patches during those two weeks, the pipeline is now filled up with 12 weeks worth of throughput. Not fun.
If, on the other hand, MS releases on a regularly scheduled day each month, the company can easily run their test suite just a single time, freeing up IT resources, and also letting them plan for the patches/testing, rather than being surprised and having to pull folks off of other projects to work on testing if MS suddenly goes on a streak of releasing several patches in a row.
Putting human brain genes in chimps, this is how it all starts. A thousand years from now some astronaut returning to earth is going to be saying "Get your hands off me, you damn dirty ape!"
But you don't want to tell me that a box running ssh and nothing more and nothing less makes any sense to run, do you ?
I do it all the time. I've got lots of firewalls running that only have SSH running, and no other external services.
If I do want another service going, I'll start it myself, because when I install the machine, it has no way of knowing if I want to run a web/smtp/imap/pop/ntp/ftp/samba/nfs/tomcat/dhcp/dn s/yadda/yadda/yadda server, and so cranking any or all of those up just in case I want them is rather silly.
SSH is useless? Not to anyone I know who runs UNIX. Maybe if all you use is windows I can see it as 'useless' to you, but then, those folks wouldn't be running OpenBSD in the first place.
And if the data is that important then a suitable RAIDed disk array will sort things out.
The topic here is backups, not RAID.
Say it again with me everyone "RAID IS NOT A BACKUP"
RAID increases-uptime by decreasing/eliminating the downtimes needed to do restores when an individual drive bites it. It is *NOT* a backup.
RAID does not save you if someone accidentally deletes a needed file. RAID does not save you if your machine gets nailed by a virus/upatched-exploit. RAID does not save you if the drive power supply fries taking out attached hardware. RAID does not save you if a bugler steals your machine. RAID IS NOT A BACKUP.
I see the use in databases, but not in general filesystem usage. There is a big difference between a single database value and an entire file, which could be a database itself.
A filesystem *is* a type of database. I'll let you draw the lines...
Besides, if this is an "advanced" permission, why isn't it in the "advanced" file security settings where it is less likely to be selected by accident?
By 'advanced' I meant advanced as compared to you. You don't see the need for that permission, whereas some folks need it. Many folks don't see any need at all for any type of permissions, so they would consider all of them 'advanced' and might wonder why they aren't all under the advanced tab where they don't have to look at them.
Yes, I've come across that exact scenario before, and as a user it seems kinda stupid. I can open up a shared word doc, delete everything inside, and re-save it, but I can't be trusted to just delete the file outright. Brilliant.
The same type of things are in databases. Permissions are to select, insert, update, and delete. You might have permissions to modify, but not delete a value. Sure you can set it's value to zero, but you can't remove the existence of that data. That might not seem important at all to you, but it can be very very important to other people doing more complicated tasks than yourself. Just because you don't see the use, doesn't mean there isn't one for more advanced users.
return the troll back to you. I simply don't care for whom something is easier or more difficult. I care for results. And it seems when it comes to security the results for the oh so more flexible Windoze ACLs are not so good compared with the ancient unix ugo system.
And security results for UNIX systems are still less than that of VMS, which is where ACLs came from.
Btw. when we talk here about the shortcomings of the UAC we talk here about home users,
You mean when YOU talk about the shortcomings of UAC. 'We' in this thread, were talking talking ACLS vs UNIX permissions in regards to the file system, and not any specifics of home vs power user.
Ah, no, the biggest issue is NOT the filesystem. Vista uses NTFS, not FAT. NTFS uses ACLs, the brilliant part of VMS that Cutler rewrote for NT. Much easier to customize/detail permissions in than the typical UNIX owner/group/world.
The 'balls' were simply drops of liquid mercury. They acted as 'ball's within the toy, except they were cooler as they squished when the banged into a wall inside a maze, etc. As I said, the toys were not air tight by any means, we used to angle them so the 'ball' of liquid mercury would drop into our hands. The mercury lasted years and years without evaporating away.
It's actually well recognized that that tiny vapor pressure is readily stopped by an oxide layer at the surface.
Liquid Mercury does *not* vaporize quickly at room temperature. When I was a kid, in the olden days, they used to make toys with liquid mercury balls in them, that weren't sealed well at all (some of us liked to play with it in our hands). The mercury lasted for years in those toys. It doesn't vaporize quickly at all.
So you are saying Europeans don't care about honesty and integrity? Good to know.
Actually, I believe others from Europe probably understand perfectly. It just says something about you.
Her job was to judge people for admission on their academic resume, while she was lying about her own. The top tech school in the country couldn't really have that.
Mites and fungi have been the prime suspects in this for well over a year now. One group in the past couple weeks who hypothesized it was cell phones, you read an article on that story since it was sensationalized, and that's all you've ever bothered to look at in the topic. So basically you are totally ignorant of what the status and consensus of research in the field is, and so you lost faith in scientists and researchers based on a hyped article by 1 group in the news. I think this says a lot more about you than it does about scientists.
Then why don't you do just that? Every employer I've ever worked for has had the option of not taking/paying for the companies health insurance, in case you get a better deal through your spouses employer, etc. Why not just opt out and quite bitching then? Of course, if you do come down with something nasty, you are going to be well and truly screwed, but that's your choice.
Agreed. Much like the recording/movie industries as well as newspapers, etc, scientific journals for the most part haven't adapted to new technology. I think the exception is in physics. Those folks have moved to to a mainly online system much faster than the rest of the scientific community. I expect eventually the rest of us will catch up, but it may take a while.
If the price difference between Kodak and the remanufacturers isn't that big, who is going to risk f'ing up their printer prints with garbage remanufactured crap when for a very small bit more they could get guaranteed good OEM ink? I know I wouldn't. It's the huge disparity in pricing right now that drives people to take the risk.
Oh well, if it's only half a trillion it's chump change then.
And you mean fighting in the middle of a civil war, not terrorism. There were no terrorists in Iraq until we took out the old regime.
Oh, and btw, you must be using Republican accounting numbers. Once you add in all the misc expenses such as projected future bills from caring for the tens of thousands of wounded American soldiers for the next forty years, etc, the total bill goes easily over a full trillion.
If that is your belief, then you are free to lobby your congressman not to fund it, just as the other guy is free to lobby his *to* fund it.
Yes there are government incentives to develop orphan drugs, but they are relatively small compared to the expense/risk of development. That's one of the reasons you see so few developed.
Think of the effort we could be putting forth on research to cure cancer if we spent the money on it we are spending on the war in Iraq. There's something to lobby your congressman about. That Trillion dollars could have funded 30+ years worth of total NIH funding (that goes toward many many things other than just cancer research)at it's current rate.
Ok, I'm going to be silly and feed the anonymous troll...
Mostly, I agree with you; but, there are cases where the "tinfoil hat" IS the business decision that the twelve-year-old can grasp:
"Cure vs treatment". The profit motive (by itself) would far rather sell a treatment than a cure.
So they are hiding the cures because they want to sell a treatment? Who is hiding it? Who discovered it that has that motive? As I said before, NIH dollars fund the most basic research which leads to new biology/drugs. Pharma does a little of that, but most of their dollars go into the clinical trials. So the academic researcher working for NIH funds has *ZERO* motive to hide the cure. *ZERO*.
So your tin-foil-hat theory rests on the key discovery being made by smaller amount of primary research being done in Pharma companies. Who do you think does the research, runs the bench experiments, crunches the numbers in those Pharma companies? Is it the high-end management who stands to make a killing from corporate profits? No. It's done be Ph.D. scientists and lab techs. A decent sized group of them.
Do you honestly think someone lab tech with a B.S. biology degree is going to be paid enough money to shut up about some great disease cure that is found by their group?
How about the Ph.D.'s in the group? Earning a Ph.D. is a long long haul. Most folks doing that are pretty smart and could have made much more money going to business school if making money was their number one priority. Most scientists care about knowledge, care about cures, and yes, like the prestige and recognition for making a major discovery. How likely is it they are going to keep a disease cure secret so the top management can get big bonuses? Not very freaking likely.
Even if some would do it, all it would take is one in the group to leak it. Keeping secrets in groups just doesn't work very well. Now stop to think what if a friend/family-member/loved-one of a member group has the disease? Not that unlikely with any decent sized lab group. Still think they are going to keep a cure secret? Please.
But as an example, consider the minor ailment athlete's foot. It's a huge industry. It's a fungus. It's absolutely not impossible to get rid of. But you will get marketed treatments, not cures (it'll cure the fungus on your foot, but you'll quickly get reinfected from your shoes, socks, shower, and so on; and they don't ever try to sell you anything to fix the problem once and for all. Doing so would be a poor business decision.) People don't have it in Japan, hence, no huge stinky-foot industry either. From a business point of view this is just lost profits!
Umm, Bullshit. Where do you tinfoil hat nutters come up with this stuff. Yes, they get athlete's foot in Japan. Need me to google for you? http://www.japancorp.net/Article.Asp?Art_ID=12391 Now, if you want to claim Japan has a lower incidence, I might believe you because I've never bothered to look up the statistics. However if that is in fact the case, that might be due to a more rigorous cleaning of public pools/showers, (places where it is most likely to be transmitted) in Japan than in the states. Not some secret cure that the American pharm companies are hiding from us.
Anti-bacterial drugs are relatively easy to make because you can often simply target the cell wall. Fungi are eukaryotes, like humans, and don't have a cell wall. One of the problems that comes along with that is that drugs that damage fungus, also tend to damage humans. Lamisil is a drug you often see marketed on TV. Take enough of it and it is absolutely guaranteed to cure your Athlete's foot. The cure is not hidden from you at all. The problem is it may well also kill your liver before all the athlete's foot is gone. Fungi are hard to kill without killing human cells. Ask any researcher who has had to deal with fungus in their tissue culture.
Slashdot Mirror
Which reduces the time needed to test patches before rolling them out, how?
The corporate folks that wanted patch tuesday already have WSUS servers. That's not the issue.
Umm, those large corporate customers that wanted patch Tuesday, so they can test their huge suite of in-house-developed apps against all the patches at once *DO* have machines running WSUS.
Testing is a huge issue. Rolling out the patches isn't. If the testing takes 2 weeks, and MS releases a new patch every other day for 10 days, they don't want to suddenly have 10-weeks worth of testing in the pipeline. They want to do it all at once.
Reality check:
Often hackers do come out with new novel exploits for unknown (to the public) bugs. Most often these days, when a new bug is found either by MS or a responsible security hacker (who tells MS about it and gives them a reasonable amount of time to create/test a patch before releasing details to the public), the hackers leap on the new patch, do a diff on the system between a newly patched and unpatched system, and reverse-engineer a bug to expoit unpatched machines. They then release the exploit to that vulnerablity, and make bot-nets out of unpatched boxes.
By releasing patches as each becomes available, you create that huge ugly pipeline for the corporate folks to deal with, so if they want to wait on testing until a few patches accumulate, some of those exploits have now been released way way before testing gets done (or even started), and their machines get nailed. By releasing them monthly, you narrow down that time-window of exploitable machines to two-weeks or less for that company.
And if an in-the-wild exploit is found for something, MS does often release an out-of-cycle patch, so that folks can patch as soon as the patch is available.
In short, having WSUS available is NOT the issue.
You always wondered? You must be fairly new to IT. MS switched to that format well within the past 10 years. I think it was around 5 years ago. Before that they released them as each was finished.
As for why they do them that way now, their large corporate customers asked them to. In large corporate settings there are often lots and lots of in-house-developed applications the company runs. Each time a new patch comes out, the IT dept must go through a lengthy (sometimes several weeks) process of testing the new patch, on test beds of the various models/configurations of computers the company uses, to make sure it doesn't break any of those apps, or any other purchased applications. They often run into many bugs/conflicts that MS doesn't in their testing.
If MS comes out with a patch, the company starts testing it out, then 3 days later MS comes out with another patch, the big corp now has multiple cycles of testing trying to go on at the same time, using up tons of IT resources, backing things up in the pipeline. If their testing cycle is 2 weeks, and MS releases 6 patches during those two weeks, the pipeline is now filled up with 12 weeks worth of throughput. Not fun.
If, on the other hand, MS releases on a regularly scheduled day each month, the company can easily run their test suite just a single time, freeing up IT resources, and also letting them plan for the patches/testing, rather than being surprised and having to pull folks off of other projects to work on testing if MS suddenly goes on a streak of releasing several patches in a row.
Putting human brain genes in chimps, this is how it all starts. A thousand years from now some astronaut returning to earth is going to be saying "Get your hands off me, you damn dirty ape!"
But you don't want to tell me that a box running ssh and nothing more and nothing less makes any sense to run, do you ?
n s/yadda/yadda/yadda server, and so cranking any or all of those up just in case I want them is rather silly.
I do it all the time. I've got lots of firewalls running that only have SSH running, and no other external services.
If I do want another service going, I'll start it myself, because when I install the machine, it has no way of knowing if I want to run a web/smtp/imap/pop/ntp/ftp/samba/nfs/tomcat/dhcp/d
SSH is useless? Not to anyone I know who runs UNIX. Maybe if all you use is windows I can see it as 'useless' to you, but then, those folks wouldn't be running OpenBSD in the first place.
Embarrassing? Why? Because they don't run a bunch of unneeded services off the bat like some other OS's do/have-done-in-the-past?
And if the data is that important then a suitable RAIDed disk array will sort things out.
The topic here is backups, not RAID.
Say it again with me everyone "RAID IS NOT A BACKUP"
RAID increases-uptime by decreasing/eliminating the downtimes needed to do restores when an individual drive bites it. It is *NOT* a backup.
RAID does not save you if someone accidentally deletes a needed file.
RAID does not save you if your machine gets nailed by a virus/upatched-exploit.
RAID does not save you if the drive power supply fries taking out attached hardware.
RAID does not save you if a bugler steals your machine.
RAID IS NOT A BACKUP.
Spare me the 'my nick makes me a god' crap. NTFS isn't a filesystem or securable eh? Talk about trolls, you make a fine one.
I see the use in databases, but not in general filesystem usage. There is a big difference between a single database value and an entire file, which could be a database itself.
A filesystem *is* a type of database. I'll let you draw the lines...
Besides, if this is an "advanced" permission, why isn't it in the "advanced" file security settings where it is less likely to be selected by accident?
By 'advanced' I meant advanced as compared to you. You don't see the need for that permission, whereas some folks need it. Many folks don't see any need at all for any type of permissions, so they would consider all of them 'advanced' and might wonder why they aren't all under the advanced tab where they don't have to look at them.
Yes, I've come across that exact scenario before, and as a user it seems kinda stupid. I can open up a shared word doc, delete everything inside, and re-save it, but I can't be trusted to just delete the file outright. Brilliant.
The same type of things are in databases. Permissions are to select, insert, update, and delete. You might have permissions to modify, but not delete a value. Sure you can set it's value to zero, but you can't remove the existence of that data. That might not seem important at all to you, but it can be very very important to other people doing more complicated tasks than yourself. Just because you don't see the use, doesn't mean there isn't one for more advanced users.
return the troll back to you. I simply don't care for whom something is easier or more difficult. I care for results. And it seems when it comes to security the results for the oh so more flexible Windoze ACLs are not so good compared with the ancient unix ugo system.
And security results for UNIX systems are still less than that of VMS, which is where ACLs came from.
Btw. when we talk here about the shortcomings of the UAC we talk here about home users,
You mean when YOU talk about the shortcomings of UAC. 'We' in this thread, were talking talking ACLS vs UNIX permissions in regards to the file system, and not any specifics of home vs power user.
Because what is easy for developers and what is easy for users are two entirely different things. Nice try at a troll though.
Ah, no, the biggest issue is NOT the filesystem. Vista uses NTFS, not FAT. NTFS uses ACLs, the brilliant part of VMS that Cutler rewrote for NT. Much easier to customize/detail permissions in than the typical UNIX owner/group/world.
The 'balls' were simply drops of liquid mercury. They acted as 'ball's within the toy, except they were cooler as they squished when the banged into a wall inside a maze, etc. As I said, the toys were not air tight by any means, we used to angle them so the 'ball' of liquid mercury would drop into our hands. The mercury lasted years and years without evaporating away.
It's actually well recognized that that tiny vapor pressure is readily stopped by an oxide layer at the surface.
Liquid Mercury does *not* vaporize quickly at room temperature. When I was a kid, in the olden days, they used to make toys with liquid mercury balls in them, that weren't sealed well at all (some of us liked to play with it in our hands). The mercury lasted for years in those toys. It doesn't vaporize quickly at all.
It was no troll. No one here (except folks from MIT) have heard of her before either.
You said you might have a relaxed attitude about it (her lying) because you were from Europe. Back pedal away though if it makes you feel better.
So you are saying Europeans don't care about honesty and integrity? Good to know.
Actually, I believe others from Europe probably understand perfectly. It just says something about you.
Her job was to judge people for admission on their academic resume, while she was lying about her own. The top tech school in the country couldn't really have that.
Mites and fungi have been the prime suspects in this for well over a year now. One group in the past couple weeks who hypothesized it was cell phones, you read an article on that story since it was sensationalized, and that's all you've ever bothered to look at in the topic. So basically you are totally ignorant of what the status and consensus of research in the field is, and so you lost faith in scientists and researchers based on a hyped article by 1 group in the news. I think this says a lot more about you than it does about scientists.
Then why don't you do just that? Every employer I've ever worked for has had the option of not taking/paying for the companies health insurance, in case you get a better deal through your spouses employer, etc. Why not just opt out and quite bitching then? Of course, if you do come down with something nasty, you are going to be well and truly screwed, but that's your choice.
Agreed. Much like the recording/movie industries as well as newspapers, etc, scientific journals for the most part haven't adapted to new technology. I think the exception is in physics. Those folks have moved to to a mainly online system much faster than the rest of the scientific community. I expect eventually the rest of us will catch up, but it may take a while.
If the price difference between Kodak and the remanufacturers isn't that big, who is going to risk f'ing up their printer prints with garbage remanufactured crap when for a very small bit more they could get guaranteed good OEM ink? I know I wouldn't. It's the huge disparity in pricing right now that drives people to take the risk.
Oh well, if it's only half a trillion it's chump change then.
And you mean fighting in the middle of a civil war, not terrorism. There were no terrorists in Iraq until we took out the old regime.
Oh, and btw, you must be using Republican accounting numbers. Once you add in all the misc expenses such as projected future bills from caring for the tens of thousands of wounded American soldiers for the next forty years, etc, the total bill goes easily over a full trillion.
If that is your belief, then you are free to lobby your congressman not to fund it, just as the other guy is free to lobby his *to* fund it.
Yes there are government incentives to develop orphan drugs, but they are relatively small compared to the expense/risk of development. That's one of the reasons you see so few developed.
Think of the effort we could be putting forth on research to cure cancer if we spent the money on it we are spending on the war in Iraq. There's something to lobby your congressman about. That Trillion dollars could have funded 30+ years worth of total NIH funding (that goes toward many many things other than just cancer research)at it's current rate.
Ok, I'm going to be silly and feed the anonymous troll...
Mostly, I agree with you; but, there are cases where the "tinfoil hat" IS the business decision that the twelve-year-old can grasp:
"Cure vs treatment". The profit motive (by itself) would far rather sell a treatment than a cure.
So they are hiding the cures because they want to sell a treatment? Who is hiding it? Who discovered it that has that motive? As I said before, NIH dollars fund the most basic research which leads to new biology/drugs. Pharma does a little of that, but most of their dollars go into the clinical trials. So the academic researcher working for NIH funds has *ZERO* motive to hide the cure. *ZERO*.
So your tin-foil-hat theory rests on the key discovery being made by smaller amount of primary research being done in Pharma companies. Who do you think does the research, runs the bench experiments, crunches the numbers in those Pharma companies? Is it the high-end management who stands to make a killing from corporate profits? No. It's done be Ph.D. scientists and lab techs. A decent sized group of them.
Do you honestly think someone lab tech with a B.S. biology degree is going to be paid enough money to shut up about some great disease cure that is found by their group?
How about the Ph.D.'s in the group? Earning a Ph.D. is a long long haul. Most folks doing that are pretty smart and could have made much more money going to business school if making money was their number one priority. Most scientists care about knowledge, care about cures, and yes, like the prestige and recognition for making a major discovery. How likely is it they are going to keep a disease cure secret so the top management can get big bonuses? Not very freaking likely.
Even if some would do it, all it would take is one in the group to leak it. Keeping secrets in groups just doesn't work very well. Now stop to think what if a friend/family-member/loved-one of a member group has the disease? Not that unlikely with any decent sized lab group. Still think they are going to keep a cure secret? Please.
But as an example, consider the minor ailment athlete's foot. It's a huge industry. It's a fungus. It's absolutely not impossible to get rid of. But you will get marketed treatments, not cures (it'll cure the fungus on your foot, but you'll quickly get reinfected from your shoes, socks, shower, and so on; and they don't ever try to sell you anything to fix the problem once and for all. Doing so would be a poor business decision.) People don't have it in Japan, hence, no huge stinky-foot industry either. From a business point of view this is just lost profits!
Umm, Bullshit. Where do you tinfoil hat nutters come up with this stuff. Yes, they get athlete's foot in Japan. Need me to google for you? http://www.japancorp.net/Article.Asp?Art_ID=12391 Now, if you want to claim Japan has a lower incidence, I might believe you because I've never bothered to look up the statistics. However if that is in fact the case, that might be due to a more rigorous cleaning of public pools/showers, (places where it is most likely to be transmitted) in Japan than in the states. Not some secret cure that the American pharm companies are hiding from us.
Anti-bacterial drugs are relatively easy to make because you can often simply target the cell wall. Fungi are eukaryotes, like humans, and don't have a cell wall. One of the problems that comes along with that is that drugs that damage fungus, also tend to damage humans. Lamisil is a drug you often see marketed on TV. Take enough of it and it is absolutely guaranteed to cure your Athlete's foot. The cure is not hidden from you at all. The problem is it may well also kill your liver before all the athlete's foot is gone. Fungi are hard to kill without killing human cells. Ask any researcher who has had to deal with fungus in their tissue culture.