:::Seriously. People lose water, electricity, cable TV, etc, all the time. They don't all suddenly die. What exactly do you propose the government does when the internet goes down? Send in FEMA?:::
My point is that this service has reached a saturation level in this society such that it must have reasonably high availability and be reasonably priced in order for society to continue functioning normally.
Essentially, it is another piece of infrastructure that we have become dependent on. Yes, I can live with internet access for a week. I did when I moved because the sole local provider has its head up its rear. However, businesses and other entities will have problems functioning at their normal levels if the internet becomes unavailable or less suitable for their normal uses for a prolonged period of time. In the case of potable water, it is simple to predict what problems will arise if availability is reduced or eliminated. What effects can we expect if the effective capacity of the internet shrinks? You know as well as I do that there are many critical systems on the internet, and if the problem gets bad enough some of them will become unusable. How much spare capacity do we have to cover the overhead associated with routing around peerage points that are disconnected for no good reason (good as in technically sound basis for doing so).
This is the issue that concerns me: While the internet is designed to handle failures and remain operable, how many failure points or shutdowns will it take before the internet in this country is unable to meet the demands required by our infrastructure? I've read nothing anywhere that attempts to address this question. While this single cancelled peerage isn't enough (as proven by the fact that I'm responding to your post), I would rather know how much "give" the system has and impose clear regulations so that corporate hissy fits like this don't push things too far. Perhaps this one cancellation is virtually trivial. My concern is the possibility of a larger spate of peerage cancellations causing problems. The internet is as crucial as telephone service to keeping things running smoothly in the US. We have oversight and regulation of the telecommunications industry along with several other services that have been deemed critical to either personal health and safety or to the national interest. I believe the internet has become so integrated into the personal, business, and political spheres that it may need similar treatment.
The point would be to ensure that the system which is supposed to resistant being broken will not only remain functional but will also always be functional enough to support essential infrastructure. Perhaps my off-the-cuff examples of what is essential and what is not were not perfect, and I'm sure either one of us could provide better ones with a bit of thought. Refuting a specific example as being flawed does not, however, address the general concern. How much of this sort of bedwetting behavior can we allow from ISPs before the consequences become bad for a society that is becoming increasingly reliant on the internet?
In places that do not constitute a major conjunction of backbone connections, a Tier 1 provider becoming a bit of a rogue would have a more noticeable effect on its downstream customers. Additionally, if too many providers pulled this kind of stunt, the resulting inefficiency from rerouting packets in an end run around the broken link could lead to the entire net being bogged down in a manner similar to what happened when Nimda, Blaster, or Sasser+Welchia hit.
As seen on any network, a sufficient degree of inefficiency will result in DoS. How many peerage agreements would have to be cancelled for this to happen? While I freely admit I couldn't compute a number for an effective local DoS vs regional Dos vs global DoS, I would still be extremely interested in making sure it won't happen.
For something as essential to the nation as internet service, maybe it's time to consider implementing regulations similar to what electric, water, gas, and telecommunication companies have.
If my grandma can't check her email for a day, I don't really care that much. If my doctor is consulting with a cardiac specialist over using VoIP (V being either voice or video) concerning an acute health problem then I have a much larger problem with outages. As long as we have important economic or healthcare services running over the internet--which is the foreseeable future--this sort of thing needs to either be avoided or have a pre-planned workaround.
I guess this explains some of the unresponsive hosts I came across today. And here I was thinking it must be Bob's Worm of the Week.
:::Shouldnt you have a false (T-Bar) ceiling, pump cold air into that, preasure plus gravity pushed the cold air down the rack, and you then suck the (now hot) air out the raised floor?:::
No.
Hot air rises out of the topside ventilation ducts when it is "pushed" upward by the heavier, colder air below. The airflow is simpler that way. You can then cool the air and return it to the lower level elsewhere.
It's a closed loop with servers making the air rise on one side (by heating it) and AC making it fall on the other side (by cooling it). The cooling scheme is one massive convection current.
There were five lifeguards on duty. This system alerted them to an immobile person resting on the bottom of a 12.5-foot-deep pool. Underneath all of the swimmers, splashers, and divers, it would have been difficult to even notice the girl in less than a few minutes (and this is according to the lifeguard who performed the rescue).
The whole incident took less than a minute and half because the system alerted the lifeguards in a handful of seconds. You only have a matter of minutes to rescue an incapacitated swimmer before lack of oxygen puts them at risk for brain damage or death.
A hash function will, by definition, have collisions. Good hash functions have fewer collisions and make it extremely difficult to compute collisions from a known hash value (and therefore prevent an attacker from creating an arbitrary false message with the same hash as an original message).
All modern hash algorithms succeed at the last criteria; the first, criteria, however is much more difficult to assess fully, and it is therefore one of the things that is found out over time as the algorithm is tested.
:::I realize driver issues would cause Apple some grief, but I think it'd be worth it to create the ultimate wedge to get people to switch.:::
They could mitigate that problem by including excellent generic drivers for NICs and being able to load drivers on the fly from their website by having the OS transmit the PnP ID of the unknown devices. Of course, I wouldn't care to speculate on the bandwidth requirements of such a scheme. I must admit that it would take some uber skills to pull off.
Actually, if they could make something like this work seamlessly, that would be sufficient grounds to consider switching right off the bat.:)
:::Do you also call the cops when you see LordOfTheRings.divx? If the file contained a rip of the movie, that is evidence of a felony offense. By making a copy, you may also be committing a felony. At the very least you may be an accomplice to the crime. Would you turn people in more frequently if the MPAA paid a bounty?:::
In that situation, you are required by law to report the incident. Anyone who sees or suspects any activity related to child abuse (and child pornography does count for these purposes) *must* report it to law enforcement officials. This applies to everyone working in an official capacity at their place of employment. Even doctors and nurses, who have the most restrictive privacy guidelines, must report this information. The only possible exception is someone who is a lawyer, and that would only apply to clients who are protected by attorney-client privilege, and even then I'm not sure how it would work... I'm not aware of any cases involving this specific situation.
Long story short: no matter how he came across it, he was obligated to report it once he did. If the actual discovery occurred as a result of violating someone's privacy, then that can be handled separately as a civil matter between his employer (the "responsible" agent) and the client. With the combination of jury sentiment and the dirty hands doctrine, however, I rather doubt there would be any recourse for the computer owner.
::: Apple's OS's do not require a pre-existing installation, or a "qualifying product" to begin installation.:::
Let's try the reading comprehension again. As I said before, all computers capable of running OS X already had a version of MacOS installed on them. This is because OS X only runs on Macs, and all Macs come with MacOS preinstalled. Is this clear so far? Good. Next step...
Since you already have an OS license, it doesn't matter if Apple sells a "full" or "upgrade" version. It amounts to the same thing for both Apple and Microsoft once you have the system up and running: The initial OS was part of the initial purchase price, and after that you're adding a new version. Under MS's scheme, consumers pay an added fee initially for the software because they are not eligible for the "upgrade" price savings. In both cases, however, it is still effectively an upgrade because you have a preexisting OS license in use on the machine.
:::Upgrades require a pre-existing installation, often of a specific version. And if you are Microsoft, your definition of "upgrade" includes simply proving ownership of a previous version.:::Upgrades do not require a pre-existing installation... you say as much in your next sentence (you can install an XP upgrade version onto a blank HD if you have a CD from Win98 or ME--even a burned "backup" copy will work). You do need a preexisting OS license according to the terms of MS's upgrade software, and OEM machines come with one off the shelf so this isn't an issue.
Back to the main point: Using the term "upgrade" is ambiguous since you can do either a clean install with both OS X and Windows XP from the discs you purchase.
And one last point that Apple fans might not appreciate: upgrading the OS on a Mac = $129. Upgrading the OS on a PC = $99. Disclaimer: both of those prices are MSRP, and there may be better offers online. MS is actually cheaper. You could argue that OS X is still the better value, but if you're going to go that route then Mandrake and Gentoo start looking attractive as pretty, convenient, and easy-to-maintain OSes for x86 hardware (I wouldn't know what to suggest as a viable alternative for G4/PPC CPUs, so I'll leave that open). I'd probably stick with recommending Mandrake for Windows switchers until Gentoo finishes their GUI installer though.
And, likewise, to say that "having an influence on the foundation" and "being the foundation" are the same thing is equally nonsense. And regardless of whether you've ever made such a claim, many Christians do.
When people see you're Christian, they'll react to you as they would to a "typical" Christian until they see you as being different from their perceived norm. That's the way human cognition works. Accept it or be annoyed by it until you die... it's your choice, really.
:::If you'll note, I was responding to a question about what the EU could do if Microsoft pulled completely out of the EU - and my solution is a perfectly valid governmental response to what would be a stupid childish gesture on Microsoft's part. I wasn't talking about a complete ban on all forms of intellectual property.:::
You propose they would ignore the copyrights (which are valid) on one corporations products simply because it is a monopoly? This is contrary to international law, and as they've often lambasted the US for ignoring ot toeing around it I don't see it happening.
:::Only a small group of people within the EU legislative body keep trying to get patents passed, even against the wishes of the more populist legislative bodies & the general populace.:::
Once it's passed, a law is a law. How many fans of the PATRIOT Act do you know? How many foes? Can the FBI, CIA, et al. still use the powers outlined in the Act? Yes, they can.
The populist sentiment only matters insofar as it is enforced by police, courts, Senate/Parliament, and military.
...or you could just tell him to install from the Win98 CD as normal and then insert the Win95 disc when prompted (which will occur after the installer fails to locate and existing 3.1 or 95 installation on the HDD).
And you could still point him to Mozilla and OpenOffice.
First, the list prices are not in the $200-$300 range. Maybe the first Windows license would be in that price range, but after that you would be looking at upgrades rather than full licenses. The upgrade version of Windows XP Home is $99 MSRP, and can be found cheaper online. The OEM full version of XP Pro can be bought at newegg.com for less than $150.
Second, half of those are not paid upgrades. For instance, you could download an update bundle or request a CD from Microsoft (at no charge aside from shipping) to update your Win98 install to 98SE. That takes $200-$300 off your inflated pricing.
And who in their right mind would upgrade to both Win ME and Win 2000? Why are these both on the list... it should be one or the other, not both.
A more realistic representation would be:
Win 95
Win 98/Win 98 SE
Win ME/2000 or Win XP
I see three realistic purchases in that time frame. Now for a real comparison, how many of those OS X point releases would be realistic purchases? Was 10.0.1 good enough to merit $129 over the initial release? What about the upgrade from 10.0.1 to 10.0.2? I'm not saying that Microsoft would come out ahead in a comparison with Apple, and the purpose of this is to point that you're not representing the situation in a reasonable way. I'm not sure what would be a reasonable upgrade path for Mac users because I've never been one aside from a few stints in school where the lab machines I needed to use were all Macs. Being more accurate in portraying the situation will lead to more acceptance of your views. Anyone serious about computers would notice how obviously you misrepresent the upgrade paths on the Windows side of the comparison, and that makes your argument look bad even if you happen to be on the mark when everything is laid out and tallied up.
:::Oh that's easy - the EU could simply declare that, in the EU, all Microsoft products & patches past, present & future are automatically public domain - and that it is perfectly legal for EU hackers or companies to bypass any Microsoft Product Activation schemes.:::
Stupid, childish, knee-jerk, anti-MS response...
Copyrights are governed internationally by the terms of the Berne Convention, which the European Union member states have signed (the vast majority of them, anyway).
Beyond the rather plain legal restrictions on such an act, it would ignite a rather nasty trade dispute between the United States and the European Union. Things get nasty once we start down that road. Are you willing to lose your job and the roof over your head just to see Microsoft knocked down a peg or two? What else do you imagine would be the likely outcome of the course of action you propose?
:::if the society enforcing those IP laws decides not to go along, then you're pretty much SOL.:::
You're talking about the same society that has now twice nearly passed laws establishing software patents. They are far from dismissing intellectual property. While the US is going overboard, a society with no rules for copyright or IP whatsoever isn't remotely tenable without some sort of social revolution to support the rather drastic change in attitudes necessary to support it.
:::Windows XP makes this rather harder than it was in Win9x, because it has filesystem permissions, so that if you don't log in you may not be able to access various files:::
One small detail: USB drivers currently run with system privileges, which is actually a small step up from administrator privileges on a Windows box. Anyone using the exploit described in the article would have no trouble whatsoever with file permissions on the local machine.
Accessing remote resources would be a different story, of course, although it shouldn't be too difficult to sniff some traffic once you compromised the first box.
The northbridge is nowhere near being the biggest bottleneck in a modern PC. AMD's design reduces latency substantially, which results in slightly improved bandwidth.
For newer games, graphics processing is the performance bottleneck. For scientific work, it is generally either memory bandwidth or execution resources on the CPU. For servers, it is generally memory bandwidth and/or I/O bandwidth from the hard disks.
Integrating the northbridge onto the CPU die does net a modest performance boost, but it does little to affect performance in most usage scenarios.
if you don't think a "naked" xp box will become infested quickly that's your perogitive. hopefully you aren't in any sort of IT support position where others will suffer from your delusions and lack of real world experience.
If you think disabling the firewall on an XP box doesn't make the great-grandparent's "test run" completely illegitmate, you're the one who needs to wake up. Intentionally disabling a security feature and then crying to slashdot when the box gets owned is one step shy of mental retardation and/or blatant karma whoring.
Why on earth would anyone ever disable a firewall? Did that small detail fly over your head? I could understand forwarding a few ports to Apache or IIS or whatever, but opening ports 135-139 to the entire world is probably the single stupidest configuration error I can think of off the top of my head.
In this case, stupidity of user > stupidity of MS.
The first portion of your income is taxed either at a reduced rate or not at all, which effectively eliminates the taxes on your "expenses", leaving the highest levels of taxation on your "profits".
Although you can (and do) choose to look at it another way.
:::Partly psychological, yes, but you also have the advantage of simply leaving out "risky" components until you can get everything up to date.:::
This is also true of Windows. You have the same three options with auxilary Windows services as you do with *nix daemons. You can disable it (at command line, type "services.msc" for the management console), you can uninstall it from the system (the IIS service, for example), or you can manually remove it (at command line, type "sc servicename/delete"... caveat: I do not know if XP Home supports this, as there is some command-line functionality that is missing compared to Professional).
At any rate, the point is that granular controls do now exist on the Windows platform. While this doesn't address the subpar firewall, it is quite easy to factor the cost of a third-party application into the TCO (which is $0 for consumer-grade software, as ZoneAlarm is generally sufficient, and Kerio Personal Firewall is very good). This necessitates more involvement on the part of the user, but given the preventive maintenance required for other machines, it does not seem entirely unreasonable.
:::This is completely true, I've had to build a firewall specificially for rebuilds as our PCs get infected by other machines on our own network within a few minutes of power up.:::
I'm don't know who's ultimately in charge of that network, but his job should belong to someone else. There's subpar administration, piss-poor administration, and then there's whatever the hell he's doing. If he has the expertise under him to isolate a subnet for software rebuilding and updating, he should be able to neutralize the problem in the first place. As a matter of fact, doing so might eliminate most of the time spent on software rebuilds... just a thought.
:::I think you're missing the point - if I don't apply updates to a machine for 2 months I don't expect it to suddenly be *that* vulnerable to attack, and what's worse is that MS are saying that's to be expected.:::
Perhaps you're forgetting that you're talking about an OS that comes without any type of firewall enabled. When the testing method effectively limits the machine's exposure to only remote infection vectors and only one OS of the bunch has numerous services accessible by machines outside of its own subnet, it should be quite obvious what the results will be.
I agree with the grandparent. XP SP2 has been out for months, it is installed without any fuss if automatic updates are enabled (or if the user manually visits the Windows update site), it is incorporated into all presently-sold Windows installation CDs, it's preinstalled on all new OEM machines, and Microsoft will send in on CD to anyone for no charge. At this point, not having SP2 installed is a user error, especially after the splash Blaster, Welchia, Sasser, etc caused... even the regular news media was preaching the basics: firewall, updates, antivirus.
Connecting a Windows box without updates to the internet is the same kind of ignorance as driving a car around for 20,000 miles without changing the oil... anyone who knows anything about the machine in question can tell you three things: you shouldn't do it, bad things will happen if you do, and it is easy to avoid those particular problems. Spyware is obnoxious and virtually impossible for regular users to avoid at this point, but viruses and particular worms should not be nearly as rampant as they are, especially when there are so many ways to neutralize or mitigate the risks.
To sum it up: When the exploit exists due to human stupidity or ignorance, there is no patch.
My response might make more sense if you view the LAN party as the hostile network, as was my intention.
For starters, I would disable file shares, by either disabling the services used to support filesharing or unbinding the MS file and print sharing protocols from the network adapters. Assuming your firewall was properly configured for use with Samba on your home network, it will be letting in all sorts of nasties when you hook the machine up on the network at the LAN party, so it will probably need to be configured with separate Home and LAN_party profiles if it hasn't been already.
Those are just the off-the-top-of-my-head suggestions. If there are some really clever malware apps on that network, extra steps may be desirable, but simple changes to Windows services, protocol bindings, and firewall settings will probably block out most of the crap that's floating around the network. And each of these changes should take less than a minute to make (although I admit it may take a few minutes to initially set up the more-secure firewall profile depending on the software you use).
Transplanting a box from your home network to an unknown subnet without making any changes whatsoever for additional security is just asking for trouble, regardless of OS.
:::The scientific method depends upon experiments that can be repeated by other researchers. You can't base a theory on results that don't correlate with the inputs.:::
At the heart of scientific investigation is the notion that random variances cancel each other out when there are sufficient samples. While this approach would require a new computing paradigm in order to be usable, there is already one algorithm that uses randomness to yield deterministic results--the Monte Carlo method.
This approach is obviously nascient and untenable on any hardware in production (and probably untenable on even hardware that is presently being designed), but that does not mean that it is incapable of producing useful results. Although with the jump that other "new" models such as chaos computing and quantum computing have on it, I suspect one or the other of those would come to fruition long before this (and I also wonder how similar the underlying theory would be as compared to either of these... it does seem like the subject of uncertainty hedges in on both areas). Hell, those computing models even have portions of their fundamental computation mechanisms working.
I honestly don't know how seriously to take this whole idea. It's either an earth-shaker or a still-born, and there's not an easy way to tell which without putting forth a monumental development effort. To me, the real question is: is this worth investigating right now? With the progress made in other computing models, I'm not sure it's worth diverting the R&D resources.
For this sort of idea to be successful at the hardware level, we would have to make a fundamental change in the way we view the general-purpose processor.
Right now, at the level of assembly or microcode, it's a deterministic machine that takes known, valid, and limited combinations of inputs and produces outputs that are (or should be) entirely replicable from one piece of hardware to the next.
Leveraging the an inherent uncertainty would require that the underlying algorithms account for its existence. At most, present silicon designs acknowledge that "errors" occur and attempt to either catch or correct the errors in flight. Uncertainty has no such things as errors--only variance.
In order for this approach to be truly successful, the fundamental method of teaching flow control to undergraduate programmers will have to change from something resembling a flow chart (hey, it's how I was taught) to something resembling a Monte Carlo analysis. I couldn't even begin to imagine how we would have to reconceive or reimplement some types of data structures... for instance, looking up anything in an array by its index number certainly becomes an interesting proposition in the proposed environment. Something as useful and fundamental as sequential reads becomes impossible in such an "uncertain" environment, unless you have a specified "certain" region of the CPU that processes code similar to the ways that existing ISAs do.
:::On the other hand my game machine is a P4 3.2Ghz, 1Gig Ram on an Abit IT7-MAX2 and running WinXP that I need to rebuild nearly every time I finish the current LAN Party due to a buggy OS.:::
I know this is slashdot, and I know that Windows is far from perfect, but if this is true and not kind of linux-humping exaggeration then I can only say that you need to configure the OS in a more appropriate manner before you plop it onto a potentially-hostile network.
Slashdot Mirror
:::Seriously. People lose water, electricity, cable TV, etc, all the time. They don't all suddenly die. What exactly do you propose the government does when the internet goes down? Send in FEMA?:::
My point is that this service has reached a saturation level in this society such that it must have reasonably high availability and be reasonably priced in order for society to continue functioning normally.
Essentially, it is another piece of infrastructure that we have become dependent on. Yes, I can live with internet access for a week. I did when I moved because the sole local provider has its head up its rear. However, businesses and other entities will have problems functioning at their normal levels if the internet becomes unavailable or less suitable for their normal uses for a prolonged period of time. In the case of potable water, it is simple to predict what problems will arise if availability is reduced or eliminated. What effects can we expect if the effective capacity of the internet shrinks? You know as well as I do that there are many critical systems on the internet, and if the problem gets bad enough some of them will become unusable. How much spare capacity do we have to cover the overhead associated with routing around peerage points that are disconnected for no good reason (good as in technically sound basis for doing so).
This is the issue that concerns me: While the internet is designed to handle failures and remain operable, how many failure points or shutdowns will it take before the internet in this country is unable to meet the demands required by our infrastructure? I've read nothing anywhere that attempts to address this question. While this single cancelled peerage isn't enough (as proven by the fact that I'm responding to your post), I would rather know how much "give" the system has and impose clear regulations so that corporate hissy fits like this don't push things too far. Perhaps this one cancellation is virtually trivial. My concern is the possibility of a larger spate of peerage cancellations causing problems. The internet is as crucial as telephone service to keeping things running smoothly in the US. We have oversight and regulation of the telecommunications industry along with several other services that have been deemed critical to either personal health and safety or to the national interest. I believe the internet has become so integrated into the personal, business, and political spheres that it may need similar treatment.
The point would be to ensure that the system which is supposed to resistant being broken will not only remain functional but will also always be functional enough to support essential infrastructure. Perhaps my off-the-cuff examples of what is essential and what is not were not perfect, and I'm sure either one of us could provide better ones with a bit of thought. Refuting a specific example as being flawed does not, however, address the general concern. How much of this sort of bedwetting behavior can we allow from ISPs before the consequences become bad for a society that is becoming increasingly reliant on the internet?
In places that do not constitute a major conjunction of backbone connections, a Tier 1 provider becoming a bit of a rogue would have a more noticeable effect on its downstream customers. Additionally, if too many providers pulled this kind of stunt, the resulting inefficiency from rerouting packets in an end run around the broken link could lead to the entire net being bogged down in a manner similar to what happened when Nimda, Blaster, or Sasser+Welchia hit.
As seen on any network, a sufficient degree of inefficiency will result in DoS. How many peerage agreements would have to be cancelled for this to happen? While I freely admit I couldn't compute a number for an effective local DoS vs regional Dos vs global DoS, I would still be extremely interested in making sure it won't happen.
For something as essential to the nation as internet service, maybe it's time to consider implementing regulations similar to what electric, water, gas, and telecommunication companies have.
If my grandma can't check her email for a day, I don't really care that much. If my doctor is consulting with a cardiac specialist over using VoIP (V being either voice or video) concerning an acute health problem then I have a much larger problem with outages. As long as we have important economic or healthcare services running over the internet--which is the foreseeable future--this sort of thing needs to either be avoided or have a pre-planned workaround.
I guess this explains some of the unresponsive hosts I came across today. And here I was thinking it must be Bob's Worm of the Week.
:::Shouldnt you have a false (T-Bar) ceiling, pump cold air into that, preasure plus gravity pushed the cold air down the rack, and you then suck the (now hot) air out the raised floor?:::
No.
Hot air rises out of the topside ventilation ducts when it is "pushed" upward by the heavier, colder air below. The airflow is simpler that way. You can then cool the air and return it to the lower level elsewhere.
It's a closed loop with servers making the air rise on one side (by heating it) and AC making it fall on the other side (by cooling it). The cooling scheme is one massive convection current.
RTFA:
There were five lifeguards on duty. This system alerted them to an immobile person resting on the bottom of a 12.5-foot-deep pool. Underneath all of the swimmers, splashers, and divers, it would have been difficult to even notice the girl in less than a few minutes (and this is according to the lifeguard who performed the rescue).
The whole incident took less than a minute and half because the system alerted the lifeguards in a handful of seconds. You only have a matter of minutes to rescue an incapacitated swimmer before lack of oxygen puts them at risk for brain damage or death.
A hash function will, by definition, have collisions. Good hash functions have fewer collisions and make it extremely difficult to compute collisions from a known hash value (and therefore prevent an attacker from creating an arbitrary false message with the same hash as an original message).
All modern hash algorithms succeed at the last criteria; the first, criteria, however is much more difficult to assess fully, and it is therefore one of the things that is found out over time as the algorithm is tested.
:::I realize driver issues would cause Apple some grief, but I think it'd be worth it to create the ultimate wedge to get people to switch.:::
:)
They could mitigate that problem by including excellent generic drivers for NICs and being able to load drivers on the fly from their website by having the OS transmit the PnP ID of the unknown devices. Of course, I wouldn't care to speculate on the bandwidth requirements of such a scheme. I must admit that it would take some uber skills to pull off.
Actually, if they could make something like this work seamlessly, that would be sufficient grounds to consider switching right off the bat.
:::Do you also call the cops when you see LordOfTheRings.divx? If the file contained a rip of the movie, that is evidence of a felony offense. By making a copy, you may also be committing a felony. At the very least you may be an accomplice to the crime. Would you turn people in more frequently if the MPAA paid a bounty?:::
In that situation, you are required by law to report the incident. Anyone who sees or suspects any activity related to child abuse (and child pornography does count for these purposes) *must* report it to law enforcement officials. This applies to everyone working in an official capacity at their place of employment. Even doctors and nurses, who have the most restrictive privacy guidelines, must report this information. The only possible exception is someone who is a lawyer, and that would only apply to clients who are protected by attorney-client privilege, and even then I'm not sure how it would work... I'm not aware of any cases involving this specific situation.
Long story short: no matter how he came across it, he was obligated to report it once he did. If the actual discovery occurred as a result of violating someone's privacy, then that can be handled separately as a civil matter between his employer (the "responsible" agent) and the client. With the combination of jury sentiment and the dirty hands doctrine, however, I rather doubt there would be any recourse for the computer owner.
::: Apple's OS's do not require a pre-existing installation, or a "qualifying product" to begin installation.:::
:::Upgrades require a pre-existing installation, often of a specific version. And if you are Microsoft, your definition of "upgrade" includes simply proving ownership of a previous version.:::Upgrades do not require a pre-existing installation... you say as much in your next sentence (you can install an XP upgrade version onto a blank HD if you have a CD from Win98 or ME--even a burned "backup" copy will work). You do need a preexisting OS license according to the terms of MS's upgrade software, and OEM machines come with one off the shelf so this isn't an issue.
Let's try the reading comprehension again. As I said before, all computers capable of running OS X already had a version of MacOS installed on them. This is because OS X only runs on Macs, and all Macs come with MacOS preinstalled. Is this clear so far? Good. Next step...
Since you already have an OS license, it doesn't matter if Apple sells a "full" or "upgrade" version. It amounts to the same thing for both Apple and Microsoft once you have the system up and running: The initial OS was part of the initial purchase price, and after that you're adding a new version. Under MS's scheme, consumers pay an added fee initially for the software because they are not eligible for the "upgrade" price savings. In both cases, however, it is still effectively an upgrade because you have a preexisting OS license in use on the machine.
Back to the main point: Using the term "upgrade" is ambiguous since you can do either a clean install with both OS X and Windows XP from the discs you purchase.
And one last point that Apple fans might not appreciate: upgrading the OS on a Mac = $129. Upgrading the OS on a PC = $99. Disclaimer: both of those prices are MSRP, and there may be better offers online. MS is actually cheaper. You could argue that OS X is still the better value, but if you're going to go that route then Mandrake and Gentoo start looking attractive as pretty, convenient, and easy-to-maintain OSes for x86 hardware (I wouldn't know what to suggest as a viable alternative for G4/PPC CPUs, so I'll leave that open). I'd probably stick with recommending Mandrake for Windows switchers until Gentoo finishes their GUI installer though.
And, likewise, to say that "having an influence on the foundation" and "being the foundation" are the same thing is equally nonsense. And regardless of whether you've ever made such a claim, many Christians do.
When people see you're Christian, they'll react to you as they would to a "typical" Christian until they see you as being different from their perceived norm. That's the way human cognition works. Accept it or be annoyed by it until you die... it's your choice, really.
:::If you'll note, I was responding to a question about what the EU could do if Microsoft pulled completely out of the EU - and my solution is a perfectly valid governmental response to what would be a stupid childish gesture on Microsoft's part. I wasn't talking about a complete ban on all forms of intellectual property.:::
:::Only a small group of people within the EU legislative body keep trying to get patents passed, even against the wishes of the more populist legislative bodies & the general populace.:::
You propose they would ignore the copyrights (which are valid) on one corporations products simply because it is a monopoly? This is contrary to international law, and as they've often lambasted the US for ignoring ot toeing around it I don't see it happening.
Once it's passed, a law is a law. How many fans of the PATRIOT Act do you know? How many foes? Can the FBI, CIA, et al. still use the powers outlined in the Act? Yes, they can.
The populist sentiment only matters insofar as it is enforced by police, courts, Senate/Parliament, and military.
...or you could just tell him to install from the Win98 CD as normal and then insert the Win95 disc when prompted (which will occur after the installer fails to locate and existing 3.1 or 95 installation on the HDD). And you could still point him to Mozilla and OpenOffice.
First, the list prices are not in the $200-$300 range. Maybe the first Windows license would be in that price range, but after that you would be looking at upgrades rather than full licenses. The upgrade version of Windows XP Home is $99 MSRP, and can be found cheaper online. The OEM full version of XP Pro can be bought at newegg.com for less than $150.
Second, half of those are not paid upgrades. For instance, you could download an update bundle or request a CD from Microsoft (at no charge aside from shipping) to update your Win98 install to 98SE. That takes $200-$300 off your inflated pricing.
And who in their right mind would upgrade to both Win ME and Win 2000? Why are these both on the list... it should be one or the other, not both.
A more realistic representation would be:
I see three realistic purchases in that time frame. Now for a real comparison, how many of those OS X point releases would be realistic purchases? Was 10.0.1 good enough to merit $129 over the initial release? What about the upgrade from 10.0.1 to 10.0.2? I'm not saying that Microsoft would come out ahead in a comparison with Apple, and the purpose of this is to point that you're not representing the situation in a reasonable way. I'm not sure what would be a reasonable upgrade path for Mac users because I've never been one aside from a few stints in school where the lab machines I needed to use were all Macs. Being more accurate in portraying the situation will lead to more acceptance of your views. Anyone serious about computers would notice how obviously you misrepresent the upgrade paths on the Windows side of the comparison, and that makes your argument look bad even if you happen to be on the mark when everything is laid out and tallied up.
:::Oh that's easy - the EU could simply declare that, in the EU, all Microsoft products & patches past, present & future are automatically public domain - and that it is perfectly legal for EU hackers or companies to bypass any Microsoft Product Activation schemes.:::
:::if the society enforcing those IP laws decides not to go along, then you're pretty much SOL.:::
Stupid, childish, knee-jerk, anti-MS response...
Copyrights are governed internationally by the terms of the Berne Convention, which the European Union member states have signed (the vast majority of them, anyway).
Beyond the rather plain legal restrictions on such an act, it would ignite a rather nasty trade dispute between the United States and the European Union. Things get nasty once we start down that road. Are you willing to lose your job and the roof over your head just to see Microsoft knocked down a peg or two? What else do you imagine would be the likely outcome of the course of action you propose?
You're talking about the same society that has now twice nearly passed laws establishing software patents. They are far from dismissing intellectual property. While the US is going overboard, a society with no rules for copyright or IP whatsoever isn't remotely tenable without some sort of social revolution to support the rather drastic change in attitudes necessary to support it.
:::Windows XP makes this rather harder than it was in Win9x, because it has filesystem permissions, so that if you don't log in you may not be able to access various files:::
One small detail: USB drivers currently run with system privileges, which is actually a small step up from administrator privileges on a Windows box. Anyone using the exploit described in the article would have no trouble whatsoever with file permissions on the local machine.
Accessing remote resources would be a different story, of course, although it shouldn't be too difficult to sniff some traffic once you compromised the first box.
The northbridge is nowhere near being the biggest bottleneck in a modern PC. AMD's design reduces latency substantially, which results in slightly improved bandwidth.
For newer games, graphics processing is the performance bottleneck. For scientific work, it is generally either memory bandwidth or execution resources on the CPU. For servers, it is generally memory bandwidth and/or I/O bandwidth from the hard disks.
Integrating the northbridge onto the CPU die does net a modest performance boost, but it does little to affect performance in most usage scenarios.
if you don't think a "naked" xp box will become infested quickly that's your perogitive. hopefully you aren't in any sort of IT support position where others will suffer from your delusions and lack of real world experience.
If you think disabling the firewall on an XP box doesn't make the great-grandparent's "test run" completely illegitmate, you're the one who needs to wake up. Intentionally disabling a security feature and then crying to slashdot when the box gets owned is one step shy of mental retardation and/or blatant karma whoring.
Why on earth would anyone ever disable a firewall? Did that small detail fly over your head? I could understand forwarding a few ports to Apache or IIS or whatever, but opening ports 135-139 to the entire world is probably the single stupidest configuration error I can think of off the top of my head.
In this case, stupidity of user > stupidity of MS.
The first portion of your income is taxed either at a reduced rate or not at all, which effectively eliminates the taxes on your "expenses", leaving the highest levels of taxation on your "profits".
Although you can (and do) choose to look at it another way.
:::Partly psychological, yes, but you also have the advantage of simply leaving out "risky" components until you can get everything up to date.:::
/delete"... caveat: I do not know if XP Home supports this, as there is some command-line functionality that is missing compared to Professional).
This is also true of Windows. You have the same three options with auxilary Windows services as you do with *nix daemons. You can disable it (at command line, type "services.msc" for the management console), you can uninstall it from the system (the IIS service, for example), or you can manually remove it (at command line, type "sc servicename
At any rate, the point is that granular controls do now exist on the Windows platform. While this doesn't address the subpar firewall, it is quite easy to factor the cost of a third-party application into the TCO (which is $0 for consumer-grade software, as ZoneAlarm is generally sufficient, and Kerio Personal Firewall is very good). This necessitates more involvement on the part of the user, but given the preventive maintenance required for other machines, it does not seem entirely unreasonable.
:::This is completely true, I've had to build a firewall specificially for rebuilds as our PCs get infected by other machines on our own network within a few minutes of power up.:::
I'm don't know who's ultimately in charge of that network, but his job should belong to someone else. There's subpar administration, piss-poor administration, and then there's whatever the hell he's doing. If he has the expertise under him to isolate a subnet for software rebuilding and updating, he should be able to neutralize the problem in the first place. As a matter of fact, doing so might eliminate most of the time spent on software rebuilds... just a thought.
:::I think you're missing the point - if I don't apply updates to a machine for 2 months I don't expect it to suddenly be *that* vulnerable to attack, and what's worse is that MS are saying that's to be expected.:::
Perhaps you're forgetting that you're talking about an OS that comes without any type of firewall enabled. When the testing method effectively limits the machine's exposure to only remote infection vectors and only one OS of the bunch has numerous services accessible by machines outside of its own subnet, it should be quite obvious what the results will be.
I agree with the grandparent. XP SP2 has been out for months, it is installed without any fuss if automatic updates are enabled (or if the user manually visits the Windows update site), it is incorporated into all presently-sold Windows installation CDs, it's preinstalled on all new OEM machines, and Microsoft will send in on CD to anyone for no charge. At this point, not having SP2 installed is a user error, especially after the splash Blaster, Welchia, Sasser, etc caused... even the regular news media was preaching the basics: firewall, updates, antivirus.
Connecting a Windows box without updates to the internet is the same kind of ignorance as driving a car around for 20,000 miles without changing the oil... anyone who knows anything about the machine in question can tell you three things: you shouldn't do it, bad things will happen if you do, and it is easy to avoid those particular problems. Spyware is obnoxious and virtually impossible for regular users to avoid at this point, but viruses and particular worms should not be nearly as rampant as they are, especially when there are so many ways to neutralize or mitigate the risks.
To sum it up: When the exploit exists due to human stupidity or ignorance, there is no patch.
My response might make more sense if you view the LAN party as the hostile network, as was my intention.
For starters, I would disable file shares, by either disabling the services used to support filesharing or unbinding the MS file and print sharing protocols from the network adapters. Assuming your firewall was properly configured for use with Samba on your home network, it will be letting in all sorts of nasties when you hook the machine up on the network at the LAN party, so it will probably need to be configured with separate Home and LAN_party profiles if it hasn't been already.
Those are just the off-the-top-of-my-head suggestions. If there are some really clever malware apps on that network, extra steps may be desirable, but simple changes to Windows services, protocol bindings, and firewall settings will probably block out most of the crap that's floating around the network. And each of these changes should take less than a minute to make (although I admit it may take a few minutes to initially set up the more-secure firewall profile depending on the software you use).
Transplanting a box from your home network to an unknown subnet without making any changes whatsoever for additional security is just asking for trouble, regardless of OS.
:::The scientific method depends upon experiments that can be repeated by other researchers. You can't base a theory on results that don't correlate with the inputs.:::
At the heart of scientific investigation is the notion that random variances cancel each other out when there are sufficient samples. While this approach would require a new computing paradigm in order to be usable, there is already one algorithm that uses randomness to yield deterministic results--the Monte Carlo method.
This approach is obviously nascient and untenable on any hardware in production (and probably untenable on even hardware that is presently being designed), but that does not mean that it is incapable of producing useful results. Although with the jump that other "new" models such as chaos computing and quantum computing have on it, I suspect one or the other of those would come to fruition long before this (and I also wonder how similar the underlying theory would be as compared to either of these... it does seem like the subject of uncertainty hedges in on both areas). Hell, those computing models even have portions of their fundamental computation mechanisms working.
I honestly don't know how seriously to take this whole idea. It's either an earth-shaker or a still-born, and there's not an easy way to tell which without putting forth a monumental development effort. To me, the real question is: is this worth investigating right now? With the progress made in other computing models, I'm not sure it's worth diverting the R&D resources.
For this sort of idea to be successful at the hardware level, we would have to make a fundamental change in the way we view the general-purpose processor.
Right now, at the level of assembly or microcode, it's a deterministic machine that takes known, valid, and limited combinations of inputs and produces outputs that are (or should be) entirely replicable from one piece of hardware to the next.
Leveraging the an inherent uncertainty would require that the underlying algorithms account for its existence. At most, present silicon designs acknowledge that "errors" occur and attempt to either catch or correct the errors in flight. Uncertainty has no such things as errors--only variance.
In order for this approach to be truly successful, the fundamental method of teaching flow control to undergraduate programmers will have to change from something resembling a flow chart (hey, it's how I was taught) to something resembling a Monte Carlo analysis. I couldn't even begin to imagine how we would have to reconceive or reimplement some types of data structures... for instance, looking up anything in an array by its index number certainly becomes an interesting proposition in the proposed environment. Something as useful and fundamental as sequential reads becomes impossible in such an "uncertain" environment, unless you have a specified "certain" region of the CPU that processes code similar to the ways that existing ISAs do.
:::On the other hand my game machine is a P4 3.2Ghz, 1Gig Ram on an Abit IT7-MAX2 and running WinXP that I need to rebuild nearly every time I finish the current LAN Party due to a buggy OS.:::
I know this is slashdot, and I know that Windows is far from perfect, but if this is true and not kind of linux-humping exaggeration then I can only say that you need to configure the OS in a more appropriate manner before you plop it onto a potentially-hostile network.