It's called a password "salt", and many applications use them. It's much better to use a large random value stored in the clear than the username.
Microsoft, of course, is screwed by the need to provide backward compatibilitty, and does not salt the (MD4-based) NTLMv2 hash stored on Windows systems. They encrypt the whole hash database instead to prevent offline attacks, but this is ineffective as the decryption key is also "hidden" on the system's disk unless you want requrie a diskette/CD/floppy at boot that contains the decryption "syskey".
I think your concept of "fast" is very different from the average American driver. My pinko brother had a 1994 Metro. I drove it often, and it was damn near the slowest car on the road, even when new and in perfect tune. My Mom's Dodge Minivan accelerated and cornered better.
The Metro was also built like a tin can, and would probably have killed my bro in any accident with more than 30 mph closure. Driving a Metro on highways full of 18 wheel trucks and 5000 pound SUVs is pretty much suicide. Even a midsize sedan would probably roll right up over a Metro in an accident, crushing the driver.
"Nowhere in your rambling, incoherent response did you come close to anything that could be considered a rational thought. We are all dumber for having listened to it. I award you no points and may God have mercy on your soul."
And yes, not every speech is free here, and it's good that way.
And you don't see the terrible potential for abuse in limiting any speech? Who decides what speech is "Volksverhetzung" - the politicians of the moment? What safeguards are in place to prevent these laws from being used to silence political opposition of the non-Nazi variety?
Germany already has laws to restrict neo-Nazi propaganda and Nazi symbols are banned.
On Thursday, Germany's highest court upheld a ruling that a neo-Nazi rock band was a criminal organisation whose songs spread racial hatred.
My college German isn't robust enough to allow me to read and understand the actual criminal codes, so I am relying on the BBC's fact-checkers. But the above sounds like censorship run amuck to me, no matter how vile the victims of the censorship are.
I just re-verified with nmap 3.75 running on Ubuntu that all ICMP, plus TCP and UDP ports 1-9999 are closed by a Windows XP SP2 firewall running with the default settings.
Mr. Nailer, would care to defend your mis-informative post?
The SP2 'firewall' still lets in about 7 network ports by default, including those used for some of the major worms.
This is total, complete BS. By default, the XP firewall allows *no* incoming ports, even to the local subnet. I just confirmed this earlier today with a brand new XP SP2 install.
You maye have installed XP in a corporate or campus environment that had a group policy which allowed incoming ports for file sharing to the local subnet. Or maybe you choose to allow file and printer sharing to the local subnet by checking a few boxes in the GUI. But those settings are absolutely not the Windows XP SP2 default.
The only program that is allowed to listen for connections by default is Remote Assistance. But those ports are only opened if you actually start remote assistance and use it to ask for help. It is an application-triggered firewall rule. You can confirm this yourself by hitting the "Restore Defaults" on the Advanced tab of the firewall control panel.
By any reasonable measure, it's the majority of European nations that have free speech issues. You can't say the N-word - or even perform a certain arm gesture or draw a funny little symbol - at any time in Germany, for any reason. And you can't wear muslim headgear in a French public school. These are just a few examples.
Europeans seem to think that freedom of speech doesn't apply to whackos and minorities, while in the U.S. we mostly realize that absolute free speech - even for nut-jobs - is the only way to ensure free speech for all. This tradition has not significantly weakened in recent years, despite all the PATRIOT Act hysteria and Howard Stern's inane arguments about being "censored".
The majority of Americans - and most importantly the entire U.S. Supreme Court - feel and act the same way about free speech. I personnaly hate the Klan, but I will defend their right to spew what ever ignorant, spiteful, hateful rhetoric they wish.
Microsoft releases Cumulative updates, which supersede and consolidate several previous stand-alone patches, on a fairly regular basis. These are pretty much equivalent to Apple's point releases.
I recently installed a new XP system with SP2 integrated into the install, and after boot it only needed to download 5 patches. One of them was Cumulative update for IE May 2005 or something like that, and the others were non-IE patches. Only one reboot was required.
Assuming you installed the original release of XP (with the network disconnected until you turn on the firewall, of course), then downloaded XP SP2, then patches, you would only need two reboots... and a lot of bandwidth and time.
What MS should really be looking into is a sort of RSYNC-like download meachanism, so that only small file changes need to be transmitted. MS can host a current system image, and let the rsync-like alogirthm figure out how to get there from the workstation's current state. This would be a major boon to dial-up and slow DSL/cable users, and would get them their patches much more quickly. BITS is a good start, in that it is much less obtrusive to the user, but current SP and patches are extremely wasteful of bandwidth in that they include a whole copy of a 1 MB executable even if it only contains a 32-byte change to fix a security hole.
No, the real reason is that most of the $15,000 toilet seat money actually went into the "black projects" budget. That's how they built things like the F-117A and the B-2 stealh planes in secret, and keep them secret for so long. Even the DoD isn't stilly enough to have a budget line item reading:
January 1987...$2,300,000,000...secret plane factory in Nevada
The firewalls built into XP and 2003 have all the functionality you'll need; simply configure them so your machines can talk to each other, but they deny any other incoming connections.
For extra points you can administer the firewalls on all the machines from a central server using Group Policy.
It took us about 15 minutes to configure on- and off-network policies on all of our 150 XP SP2 workstations and laptops using Windows Group Policy. And all of the firewall policies available in XP SP2 are also available in Win2003 Server SP1.
I have yet to have anyone suggest a reason that is useful anyway. But that's just me, I personally think webmail should be abolished, and anyone who thinks of a Web Application should be shot.
I am obviously in the minority though.
Yes, you certainly are. If I tried to take away the ability for workers in my company to do useful work from anywhere with just about any PC, I'd be fired and reviled by hundreds of otherwise well-meaning folks.
X windows was not the answer to ubiquitous application mobility, client/server wasn't the answer, nor was Java or ActiveX. Web-based apps seem to be a big step in the right direction.
Dude, Microsoft is a software company. They could give fuck-all about hardware, so long as it is fast enough and has appropriate architecture for their software tasks.
It's not the processor that makes the G5 a Mac, rather it is MacOS that defines a Mac. It doesn't mean a thing that there's an Apple logo on the outside of the Xbox 360 development hardware. It just happens to be the cheapest platform available to run PowerPC code at high speed. Ponying up for a bunch of big IBM workstations to do the same task wouldn't be cost-effective.
Two words for windows users: Password Safe. Originally written by Counterpane, Schneier's company. Stick it on a USB pen, and carry it around with you. There are also similar Linux tools that can use the same 3DES-encrypted password database file.
Get a clue... it's not the kernel that has caused windows security problems. It's a bunch of user-space programs (IE, the messenger service, etc.) that have had all the holes. And because the majority of small-business and home users of windows run everything with root privileges, those holes have had serious consequences. But NTOSKRNL.EXE, HAL.DLL, etc. have had very few security (or even stability) problems.
The Windows NT kernel is actually quite robust. It was patterned after VMS and Mach architecturally. This micro-kernel style is a better way to build an OS than a monolithic kernel such as Linux or Unix System V that has the whole universe built in. Apple isn't stupid - they chose to use the Mach-based microkernel inherited from NeXT in OSX, rather than using a "traditional" monolithic Unix-style kernel.
The fact is, may clued-in organizations (like my employer) get loads of uptime from Windows, and don't have security problems because we spend money on people who know how to properly manage a Windows network. Running an all-Linux network properly would require the same investment. The software choice really doesn't matter that much - the people matter.
Re:Maybe some truth there
on
Gates on Google
·
· Score: 2, Interesting
Windows and Office are not subsidizing everything at MS. Exchange Server and SQL Server are certainly cash cows for Microsoft. They probably make more money with those two products than all revenues from all commercial Linux companies combined.
MySQL and PostgreSQL don't really compete with MS SQL (or Oracle or DB2) on features, ease-of-maintenance, scalability, or mind-share yet. And there's nothing in the open-source world that compares with Exchange (or Notes/Domino/WebSphere Portal) in terms of functionality and integration.
When/if the open-source world produces real competitors to Exchange and SQL Server, MS will really start to get scared. Ceeding a small portion of the file/print/web server space to Linux hasn't really made and impact in teh Redmond bottom line. But an "install and go" open-source alternative to MS SQL or Exchange would really hurt, since it would eliminate not only Exchange/SQL revenues, but a bunch of Windows Server revenues as well.
Finally, an open-source alternative with a robust desktop-management solution like Active Directory's Group Policy would make Linux servers a real choice for organizations. Right now, we control so much of our network through group policy (configuration, software installation, etc.) that switching to Linux servers without that functionality is a complete non-starter. Hacking a bunch of scripts together to configure machines and applications is not a cost-effective desktop managment strategy when compared to managing Windows Servers and desktops with Group Policy.
You greatly underestimate the stupidity of the average capitalist consumer.
So who gets to make decisions for the "stupid" consumer. You? You're enlightened enough to make buying decisions for everyone, right? You went to some Ivy-league school, so that means you're smart enough to spend everyone's money for them in an efficient and compassionate manner. Right?
Oh, wait... that's a lot of work for one guy. How about we get a bunch of other smart, enlightened people like you together, and form a society. We'll let the officials of this organization decide what consumers need, and what it should cost. That'll fix everything!
I think they tried something like this once before...
Slashdot Mirror
It's called a password "salt", and many applications use them. It's much better to use a large random value stored in the clear than the username.
Microsoft, of course, is screwed by the need to provide backward compatibilitty, and does not salt the (MD4-based) NTLMv2 hash stored on Windows systems. They encrypt the whole hash database instead to prevent offline attacks, but this is ineffective as the decryption key is also "hidden" on the system's disk unless you want requrie a diskette/CD/floppy at boot that contains the decryption "syskey".
Can you say Free Space Optics?
I think your concept of "fast" is very different from the average American driver. My pinko brother had a 1994 Metro. I drove it often, and it was damn near the slowest car on the road, even when new and in perfect tune. My Mom's Dodge Minivan accelerated and cornered better.
The Metro was also built like a tin can, and would probably have killed my bro in any accident with more than 30 mph closure. Driving a Metro on highways full of 18 wheel trucks and 5000 pound SUVs is pretty much suicide. Even a midsize sedan would probably roll right up over a Metro in an accident, crushing the driver.
You, sir, just made my friends list.
The Billy Madison quote is:
You were hoping for a +1 Funny mod with that one, weren't you?
I think repruhsent was hoping for a Funny mod. Which, of course, he didn't get. Zealots can rarely take a joke.
And you don't see the terrible potential for abuse in limiting any speech? Who decides what speech is "Volksverhetzung" - the politicians of the moment? What safeguards are in place to prevent these laws from being used to silence political opposition of the non-Nazi variety?
My college German isn't robust enough to allow me to read and understand the actual criminal codes, so I am relying on the BBC's fact-checkers. But the above sounds like censorship run amuck to me, no matter how vile the victims of the censorship are.
I just re-verified with nmap 3.75 running on Ubuntu that all ICMP, plus TCP and UDP ports 1-9999 are closed by a Windows XP SP2 firewall running with the default settings.
Mr. Nailer, would care to defend your mis-informative post?
This is total, complete BS. By default, the XP firewall allows *no* incoming ports, even to the local subnet. I just confirmed this earlier today with a brand new XP SP2 install.
You maye have installed XP in a corporate or campus environment that had a group policy which allowed incoming ports for file sharing to the local subnet. Or maybe you choose to allow file and printer sharing to the local subnet by checking a few boxes in the GUI. But those settings are absolutely not the Windows XP SP2 default.
The only program that is allowed to listen for connections by default is Remote Assistance. But those ports are only opened if you actually start remote assistance and use it to ask for help. It is an application-triggered firewall rule. You can confirm this yourself by hitting the "Restore Defaults" on the Advanced tab of the firewall control panel.
Microsoft releases Cumulative updates, which supersede and consolidate several previous stand-alone patches, on a fairly regular basis. These are pretty much equivalent to Apple's point releases.
I recently installed a new XP system with SP2 integrated into the install, and after boot it only needed to download 5 patches. One of them was Cumulative update for IE May 2005 or something like that, and the others were non-IE patches. Only one reboot was required.
Assuming you installed the original release of XP (with the network disconnected until you turn on the firewall, of course), then downloaded XP SP2, then patches, you would only need two reboots... and a lot of bandwidth and time.
What MS should really be looking into is a sort of RSYNC-like download meachanism, so that only small file changes need to be transmitted. MS can host a current system image, and let the rsync-like alogirthm figure out how to get there from the workstation's current state. This would be a major boon to dial-up and slow DSL/cable users, and would get them their patches much more quickly. BITS is a good start, in that it is much less obtrusive to the user, but current SP and patches are extremely wasteful of bandwidth in that they include a whole copy of a 1 MB executable even if it only contains a 32-byte change to fix a security hole.
Yeah, so he's from Texas. But at least he had better grades at Yale than John Kerry.
No, the real reason is that most of the $15,000 toilet seat money actually went into the "black projects" budget. That's how they built things like the F-117A and the B-2 stealh planes in secret, and keep them secret for so long. Even the DoD isn't stilly enough to have a budget line item reading:
The firewalls built into XP and 2003 have all the functionality you'll need; simply configure them so your machines can talk to each other, but they deny any other incoming connections.
For extra points you can administer the firewalls on all the machines from a central server using Group Policy.
It took us about 15 minutes to configure on- and off-network policies on all of our 150 XP SP2 workstations and laptops using Windows Group Policy. And all of the firewall policies available in XP SP2 are also available in Win2003 Server SP1.
Yes, you certainly are. If I tried to take away the ability for workers in my company to do useful work from anywhere with just about any PC, I'd be fired and reviled by hundreds of otherwise well-meaning folks.
X windows was not the answer to ubiquitous application mobility, client/server wasn't the answer, nor was Java or ActiveX. Web-based apps seem to be a big step in the right direction.
It will be included with apache in the next stable release of Debian.
Dude, Microsoft is a software company. They could give fuck-all about hardware, so long as it is fast enough and has appropriate architecture for their software tasks.
It's not the processor that makes the G5 a Mac, rather it is MacOS that defines a Mac. It doesn't mean a thing that there's an Apple logo on the outside of the Xbox 360 development hardware. It just happens to be the cheapest platform available to run PowerPC code at high speed. Ponying up for a bunch of big IBM workstations to do the same task wouldn't be cost-effective.
Two words for windows users: Password Safe. Originally written by Counterpane, Schneier's company. Stick it on a USB pen, and carry it around with you. There are also similar Linux tools that can use the same 3DES-encrypted password database file.
Dude, I was fishing for a +1 Funny mod, not making a political statement...
Dude, everyone knows that guns aren't at all dangerous. I mean, even swimming pools are more dangerous than guns.
Get a clue... it's not the kernel that has caused windows security problems. It's a bunch of user-space programs (IE, the messenger service, etc.) that have had all the holes. And because the majority of small-business and home users of windows run everything with root privileges, those holes have had serious consequences. But NTOSKRNL.EXE, HAL.DLL, etc. have had very few security (or even stability) problems.
The Windows NT kernel is actually quite robust. It was patterned after VMS and Mach architecturally. This micro-kernel style is a better way to build an OS than a monolithic kernel such as Linux or Unix System V that has the whole universe built in. Apple isn't stupid - they chose to use the Mach-based microkernel inherited from NeXT in OSX, rather than using a "traditional" monolithic Unix-style kernel.
The fact is, may clued-in organizations (like my employer) get loads of uptime from Windows, and don't have security problems because we spend money on people who know how to properly manage a Windows network. Running an all-Linux network properly would require the same investment. The software choice really doesn't matter that much - the people matter.
Windows and Office are not subsidizing everything at MS. Exchange Server and SQL Server are certainly cash cows for Microsoft. They probably make more money with those two products than all revenues from all commercial Linux companies combined.
MySQL and PostgreSQL don't really compete with MS SQL (or Oracle or DB2) on features, ease-of-maintenance, scalability, or mind-share yet. And there's nothing in the open-source world that compares with Exchange (or Notes/Domino/WebSphere Portal) in terms of functionality and integration.
When/if the open-source world produces real competitors to Exchange and SQL Server, MS will really start to get scared. Ceeding a small portion of the file/print/web server space to Linux hasn't really made and impact in teh Redmond bottom line. But an "install and go" open-source alternative to MS SQL or Exchange would really hurt, since it would eliminate not only Exchange/SQL revenues, but a bunch of Windows Server revenues as well.
Finally, an open-source alternative with a robust desktop-management solution like Active Directory's Group Policy would make Linux servers a real choice for organizations. Right now, we control so much of our network through group policy (configuration, software installation, etc.) that switching to Linux servers without that functionality is a complete non-starter. Hacking a bunch of scripts together to configure machines and applications is not a cost-effective desktop managment strategy when compared to managing Windows Servers and desktops with Group Policy.
So who gets to make decisions for the "stupid" consumer. You? You're enlightened enough to make buying decisions for everyone, right? You went to some Ivy-league school, so that means you're smart enough to spend everyone's money for them in an efficient and compassionate manner. Right?
Oh, wait... that's a lot of work for one guy. How about we get a bunch of other smart, enlightened people like you together, and form a society. We'll let the officials of this organization decide what consumers need, and what it should cost. That'll fix everything!
I think they tried something like this once before...