:::But at least McAfee allows you to manually update; I was unable to find anyway to do so with Norton. Which is find, since Norton is crap anyhow.:::
Norton has LiveUpdate. It collects a list of all updates that are applicable to your product (including AV defs), and then you can choose which ones to install.
This is only a simple statement of fact, however; please do not construe this in any way as a recommendation of NAV or any other consumer-grade rubbish that Symantec likes to peddle.
Intel had Hyperthreading tech built into the Netburst-cored processors from day one, and merely disabled it in the earlier Pentium 4 processors. And unless you had access to a microprocessor engineering facility nearby, it stayed off. I would assume they'll handle it the same way with their core logic chipsets from now, especially after mainboard manufacturers managed to enable the "soft-off" memory enhancement feature in the i865 chipset, effectively turning it into the more expensive i875 chipset (sans the integrated gigabit ethernet, of course, but that wasn't a huge selling point to home users for the most part anyway).
When lacking a video driver, WinXP loads the VGASave service, which provides full 2D drawing support (albeit without hardware acceleration) at 640x480, and it will automatically try to up the resolution to 800x600 on the first boot. (It asks if it's ok, and then it pops up one of those "Changed screen resolution, can you read this? / Yes button / No button" boxes.) It subsequently boots to 800x600 until a video driver is loaded that supports another resolution.
And while you can work the GUI at a lower resolution than 800x600, it isn't easy. By default, buttons and bars are bigger, which leaves less usable space. I think the 800x600 requirement is one of those that simply makes things easier for the 99% of end users who don't really know what an operating system is. Kind of like the memory requirements for Windows 95/98... you could boot 95 with less RAM than required, but it would be so incredibly slow as to be not worth the trouble.
I think this is done largely because some casual users assume that a "required" system should make the software optimally functional. While this does result in some bloating of the minimum system specs, it probably greatly reduces support headaches for people who will not understand that the commonly-provided list of recommended system specs is supplied over and above the list of required specs for a reason.
Perceptual characteristics vary widely among individuals.
Perceptual characteristics can change with experience, age, training, practice, use, whatever you want to call it... e.g., someone who once was unable to detect flickering on a particular monitor at 60 Hz will now notice it until the refresh rate is set to 75 Hz or greater. The variation isn't always massively important or even particularly noticeable most of the time, but it can be substantial in some cases (as in the well-documented phenomenon where blind people eventually acquire more acute auditory perception).
Anyone who says "the human eye can't detect framerate differences beyond xx Hz" knows exactly jack about sensation and perception.
And this is doubly true if the person has trouble understanding or explaining the difference between rendering framerate and display refresh rate.
Are you illiterate? Seems like it. In the context of security updates, you whine about the lack of support when your quote clearly indicates the continuation of security updates.
Re-read, please: Non-security hotfix support requires a paid contract to be purchased within 90 days of mainstream support ending.
I find the consistent inability to read and interpret plainly-written English by so-called linux zealots/gurus somewhat ironic. Don't they claim to be members of the more intelligent and insightful crowd?
As mentioned elsewhere, including in the document you quoted, Windows XP security support will be continued through 2011.
RF modulators are very cheap and can be quite small. Best Buy, Circuit City, RadioShack, et al sell them still, mostly for people who want to hook up DVD players to ancient coax-only TVs.
::: Another useful thing is that you can install over a damaged 98 installation to get a running machine with most of your settings and such intact. It's a bit crude, but it's a world easier than dealing with an NT install with a couple toasted files from a chkdsk and having to start from scratch because the installer removes everything and renames the profile on you.:/:::
In the case of WinXP (which is the only NT-based OS a regular home user would reasonably have), simply installing Windows to a different directory prevents the OS from screwing with the existing user data. Granted, you may have to figure out on your own that S1-2345-4576-2346-4567 is the name of little Suzy's profile directory, but it should all remain on the hard disk.
I believe this is also true of NT/2K since they wouldn't have to overwrite the SAM security hive in the Windows directory, but I'm not 100% sure of those OSes.
I could see (and agree with) the point about noticeablely slow app response times in 1998.
But now Joe Schmoe can get a 2.0+ GHz CPU with 256-512 MB of RAM with nearly 3 GB/s of usable memory bandwidth. Unless there are some really serious performance problems with a particular runtime environment, there is no reason for a Java app to run noticeably slower than an precompiled machine binary app in the language of your choice (barring serious number crunchers, of course... we're talking desktop apps here).
Processing capabilities have increased so much since the early 1990s that the overhead incurred by Java is negligible for newer systems. I think the biggest problem stemming from this initiative if it actually goes anywhere will be making sure that average users have a sufficiently up to date JRE.
Hell, my machine is slower than the latest and greatest speed demons, and I have no trouble with Java apps running slowly or consuming enough RAM/CPU/IO to make anything run slowly (except maybe when Azureus eats all of my bandwidth:) download cap implemented in 2.1.0.0 though).
IIRC, you can get the patches separately from their website anyway... SP2 is convenient because it rolls them up into one installation process and adds some functionality (especially to that lame-ass firewall), but you don't need SP2 to be current with regard to security fixes.
It listens on those ports. It only infects through 445. Block incoming on that port (which 99.9% of home users can do without problems), and you're safe.
For those who actually need that port for https... well, consider linux.:) Although, MS does have a workaround for it.
[2] Imagine your boss trying to explain to a customer that your company can't move ahead on project "x" because "Our router with the hacked firmware is acting up."
Give your manager some credit. Especially if he was promoted from sales or marketing. If he's halfway competent, that should read:
[2] Imagine your boss trying to explain to a customer that your company can't move ahead on project "x" because "Our cutting-edge internet solution has not delivered the turnkey operation we expected. We will either resolve the issue as quickly as possible or return to a more conventional solution. I'll keep you in the loop as the situation unfolds."
Unless they bundly the source code with the firmware, they have to provide source code to anyone who asks, for any of it, for three years.
They only have to provide you with the source for the version you received as a binary for a period of three years after distribution of said binary. They have no obligation to give you source for updates if they don't want to under the GPL.
Under the unspoken Let's Not Be A Dick About It agreement, they'd give you access to updates as well, but this agreement is not legally binding in most jurisdictions.
Words as index values was one way I thought might work. Another is to take common letter combinations.
Something like "the" = "?", so the word "they" compressed would be "?y" when saved in a mailbox and a search for "the" initiated by the user would run as a search for "?". Of course, there would have to be rules for overlapping letter combinations and such, but this would give the server the benefit of saving disk space without the overhead of decompressing everything for full searches.
I'd have no idea which character combinations are common enough to be useful aside from some easy ones like "the", " I ", "tion", and "ess". Maybe someone could develop a script and run a few novels through it... or pay for some cunning linguist.:)
Why not just render the search string into its compressed form or possible compressed forms?
Granted, some compression algorithms would not work well (or at all) with such a scheme, but that would only limit the possible algorithms or force them to custom design one.
Well, not that I'd recommend it for legal reasons, but...
...do you remember the scene in Full Metal Jacket where the guys in the barracks got towels with bars of soap twisted in them and restrained Private Pyle to his bed?...
I think the intention in the case is to shield the home users of MS software, not corporate networks. They are offing a couple of externally accessible services in the default configuration as well, which doesn't really affect good admins because they already have installation scripts to disable those services and a good firewall anyway... so again, this is more about the home users.
XP SP2 enables the native firewall by default, and also allows listening processes to temporarily open a port rather than requiring that you make a static rule to keep that port open. It's supposed to guard against malformed transmissions as well, but I'm not holding my breath on that count... I'm keeping a box with iptables + snort on the perimeter.:)
:::For him, defaults were always fine, as making changes would have required effort.:::
Then there's your real problem, it's not some luser in need of a bare-bottom session with the cluestick, it's the admin. Damn. He really should know better. *I* know better, and I've only done a little light admin work on the side when my undergrad workload allowed. Always setup the systems as though the user were going to do everything he can to bring down the entire network because worst case scenario, he will.
[rant mode] Lazy-ass incompetent admins like your colleague are the reason I have to spend about an entire week out of every month dealing with whining about why XXX isn't working. I hope your firewall has good blocks on outgoing communication or I may have to hunt down your coworker and get all Hannibal Lector on him. It's not that hard to implement reason security policies that negate 99% of the threats that are out there. If he won't even set up freaking antivirus software the right way, I fear to see your subnetting and logging/ids. I mean, damn, Symantec's corporate clients aren't the perfect software against which all other software must be judged, but they're pretty easy to configure properly... like 12 clicks on a manual install, nevermind if you've gotten a script or image for desktop software rebuilds. [/rant mode]
Sorry, I guess. Nothing personal, maybe you're even as annoyed by that twit as I am:), but the ignorance-from-laziness that I experience everyday has been overwhelming lately.
I think part of the problem is the way MS handles running processes under different credentials and system maintenance apps/system utilities.
In a *nix environment, you can access just about all of the system controls simply by entering the root password when prompted from gnome or kde. Apps that need to be run as root work when it's done regardless of whose userspace it sees "running in the background". In Windows environments, this isn't true. "Run as..." functionality will only work about 1/2 the time for apps that need administrator privileges, and non-admin accounts can't access the Control Panel with administrative credentials, so unless the user knows how to use the command line to accomplish their task it ain't gonna happen.
The user experience that drives Windows adoption has always been ease-of-use... and even now the automation of almost every conceivable task isn't enough for most users' tastes. Until security is easy, Windows PCs will be insecure. By easy, I mean a few clicks to setup (and the defaults all have to be secure) and utterly transparent to users once the security policies are enforced. This is (IMO) the main thing... go to a machine with a relatively fresh install of WinXP, and type "services.msc" into the "Run..." dialogue and just look at all of that shit. WTF? I could see maybe having terminal services running for telnet/ssh access, but UPnP, wireless zero config, remote clipbook viewer, and a thousand other useless "features" (like BITS... who the hell uses BITS for anything?).
Basically, lazy users are a fact of life for a commodity OS like Windows (this will be true even when something else finally comes along and unseats MS), so the OS needs to be secure by default and make it require technical literacy to reduce the security of the system rather than the other way around (which is how it is now... although XP SP2 is supposed to change this by enabling the firewall and autoupdates by default). It's a mix of bad user and stupid design decisions, and the stupid default configs are easier to fix than bad users. Hopefully, when CPUs with nx become widespread, the OS security defaults will be chosen taking that into account as well... wouldn't it be nice to essentially kill the buffer overflow exploit? Since this may break legacy apps, however, I'm not counting on it happening.
:::So yes, they're not required to give the source directly back to the people that they got it from, but they have to make it available to them, at least indirectly.:::
That's still a stretch. Either MythTV pays for a box and gets access to the code that way, or they have to rely on charity to see the changes to the source code. Whether the charity is on the part of the manufacturer or some random joe-schmoe buyer is irrelevant.
:::That being said, it's not clear that this company made any code improvements to MythTV, so it's not clear that they're obligated to so anything under the GPL other than to give their customers a copy of the original source code if they want it.
It doesn't matter whether or not they've changed one line of code. They are obligated to make their source available to whomever buys their product (and absolutely no one else) regardless of whether they've done any in-house work on it or not. While I agree it would certainly be very nice of them to share since they've gotten a lot of good work for free, the MythTV developers did not require them to do so (because the license they used for their software does not require licensees to do so).
There's a difference between CPUID (model number), hardware revision number, S-spec (roughly equivalent to a batch number), and serial number. Individual serial numbers are not accessible, and although I believe Intel's S-specs show up in the BIOS.
I believe that properly configured servers wouldn't accept.mail messages without a proper originating IP address for the server (easily checkable via reverse DNS... if the source IP doesn't match a server registered with a valid.mail TLD, the message gets dropped).
My point: the DMCA is obnoxious because it prohibits you from disabling trusted computing technologies if they are designed to protect copyrights.
I take it that you're agreeing, more or less.
Right now, I trust the trusted computing alliance about as far as I can throw them, and seeing as I'm 6' and only 165 lbs that ain't gonna be very far.
I wonder... if someone did some research into corporations who lobbied for the DMCA or paid pro-DMCA congressmen, how many TCA members would be on the list? Probably most... you know, if I had to guess.
Slashdot Mirror
:::But at least McAfee allows you to manually update; I was unable to find anyway to do so with Norton. Which is find, since Norton is crap anyhow.:::
Norton has LiveUpdate. It collects a list of all updates that are applicable to your product (including AV defs), and then you can choose which ones to install.
This is only a simple statement of fact, however; please do not construe this in any way as a recommendation of NAV or any other consumer-grade rubbish that Symantec likes to peddle.
Intel had Hyperthreading tech built into the Netburst-cored processors from day one, and merely disabled it in the earlier Pentium 4 processors. And unless you had access to a microprocessor engineering facility nearby, it stayed off. I would assume they'll handle it the same way with their core logic chipsets from now, especially after mainboard manufacturers managed to enable the "soft-off" memory enhancement feature in the i865 chipset, effectively turning it into the more expensive i875 chipset (sans the integrated gigabit ethernet, of course, but that wasn't a huge selling point to home users for the most part anyway).
When lacking a video driver, WinXP loads the VGASave service, which provides full 2D drawing support (albeit without hardware acceleration) at 640x480, and it will automatically try to up the resolution to 800x600 on the first boot. (It asks if it's ok, and then it pops up one of those "Changed screen resolution, can you read this? / Yes button / No button" boxes.) It subsequently boots to 800x600 until a video driver is loaded that supports another resolution.
And while you can work the GUI at a lower resolution than 800x600, it isn't easy. By default, buttons and bars are bigger, which leaves less usable space. I think the 800x600 requirement is one of those that simply makes things easier for the 99% of end users who don't really know what an operating system is. Kind of like the memory requirements for Windows 95/98... you could boot 95 with less RAM than required, but it would be so incredibly slow as to be not worth the trouble.
I think this is done largely because some casual users assume that a "required" system should make the software optimally functional. While this does result in some bloating of the minimum system specs, it probably greatly reduces support headaches for people who will not understand that the commonly-provided list of recommended system specs is supplied over and above the list of required specs for a reason.
Perceptual characteristics vary widely among individuals.
Perceptual characteristics can change with experience, age, training, practice, use, whatever you want to call it... e.g., someone who once was unable to detect flickering on a particular monitor at 60 Hz will now notice it until the refresh rate is set to 75 Hz or greater. The variation isn't always massively important or even particularly noticeable most of the time, but it can be substantial in some cases (as in the well-documented phenomenon where blind people eventually acquire more acute auditory perception).
Anyone who says "the human eye can't detect framerate differences beyond xx Hz" knows exactly jack about sensation and perception.
And this is doubly true if the person has trouble understanding or explaining the difference between rendering framerate and display refresh rate.
Are you illiterate? Seems like it. In the context of security updates, you whine about the lack of support when your quote clearly indicates the continuation of security updates.
Re-read, please: Non-security hotfix support requires a paid contract to be purchased within 90 days of mainstream support ending.
I find the consistent inability to read and interpret plainly-written English by so-called linux zealots/gurus somewhat ironic. Don't they claim to be members of the more intelligent and insightful crowd?
As mentioned elsewhere, including in the document you quoted, Windows XP security support will be continued through 2011.
rtfa, kthxbye
RF modulators are very cheap and can be quite small. Best Buy, Circuit City, RadioShack, et al sell them still, mostly for people who want to hook up DVD players to ancient coax-only TVs.
::: Another useful thing is that you can install over a damaged 98 installation to get a running machine with most of your settings and such intact. It's a bit crude, but it's a world easier than dealing with an NT install with a couple toasted files from a chkdsk and having to start from scratch because the installer removes everything and renames the profile on you. :/ :::
In the case of WinXP (which is the only NT-based OS a regular home user would reasonably have), simply installing Windows to a different directory prevents the OS from screwing with the existing user data. Granted, you may have to figure out on your own that S1-2345-4576-2346-4567 is the name of little Suzy's profile directory, but it should all remain on the hard disk.
I believe this is also true of NT/2K since they wouldn't have to overwrite the SAM security hive in the Windows directory, but I'm not 100% sure of those OSes.
I thought it was more like a p3 on steroids.:::
It's more like a hybrid P6/Netburst core.
Basically, it gets from Netburst:
What Netburst has that Pentium-M doesn't:
What is has that Netburst doesn't:
I'm not so sure about Netburst lacking micro-op fusion though.
[/obligatory Java GUI speed rant]
:) download cap implemented in 2.1.0.0 though).
I could see (and agree with) the point about noticeablely slow app response times in 1998.
But now Joe Schmoe can get a 2.0+ GHz CPU with 256-512 MB of RAM with nearly 3 GB/s of usable memory bandwidth. Unless there are some really serious performance problems with a particular runtime environment, there is no reason for a Java app to run noticeably slower than an precompiled machine binary app in the language of your choice (barring serious number crunchers, of course... we're talking desktop apps here).
Processing capabilities have increased so much since the early 1990s that the overhead incurred by Java is negligible for newer systems. I think the biggest problem stemming from this initiative if it actually goes anywhere will be making sure that average users have a sufficiently up to date JRE.
Hell, my machine is slower than the latest and greatest speed demons, and I have no trouble with Java apps running slowly or consuming enough RAM/CPU/IO to make anything run slowly (except maybe when Azureus eats all of my bandwidth
IIRC, you can get the patches separately from their website anyway... SP2 is convenient because it rolls them up into one installation process and adds some functionality (especially to that lame-ass firewall), but you don't need SP2 to be current with regard to security fixes.
It listens on those ports. It only infects through 445. Block incoming on that port (which 99.9% of home users can do without problems), and you're safe. For those who actually need that port for https... well, consider linux. :) Although, MS does have a workaround for it.
What lie? There is no lie. That's the beauty of buzz. You can fill the room with noise and yet convey nothing.
[2] Imagine your boss trying to explain to a customer that your company can't move ahead on project "x" because "Our router with the hacked firmware is acting up."
Give your manager some credit. Especially if he was promoted from sales or marketing. If he's halfway competent, that should read:
[2] Imagine your boss trying to explain to a customer that your company can't move ahead on project "x" because "Our cutting-edge internet solution has not delivered the turnkey operation we expected. We will either resolve the issue as quickly as possible or return to a more conventional solution. I'll keep you in the loop as the situation unfolds."
Unless they bundly the source code with the firmware, they have to provide source code to anyone who asks, for any of it, for three years.
They only have to provide you with the source for the version you received as a binary for a period of three years after distribution of said binary. They have no obligation to give you source for updates if they don't want to under the GPL.
Under the unspoken Let's Not Be A Dick About It agreement, they'd give you access to updates as well, but this agreement is not legally binding in most jurisdictions.
Words as index values was one way I thought might work. Another is to take common letter combinations.
:)
Something like "the" = "?", so the word "they" compressed would be "?y" when saved in a mailbox and a search for "the" initiated by the user would run as a search for "?". Of course, there would have to be rules for overlapping letter combinations and such, but this would give the server the benefit of saving disk space without the overhead of decompressing everything for full searches.
I'd have no idea which character combinations are common enough to be useful aside from some easy ones like "the", " I ", "tion", and "ess". Maybe someone could develop a script and run a few novels through it... or pay for some cunning linguist.
Why not just render the search string into its compressed form or possible compressed forms?
Granted, some compression algorithms would not work well (or at all) with such a scheme, but that would only limit the possible algorithms or force them to custom design one.
Well, not that I'd recommend it for legal reasons, but...
...do you remember the scene in Full Metal Jacket where the guys in the barracks got towels with bars of soap twisted in them and restrained Private Pyle to his bed?...
...yeah.
it is its own web
Yeah, no kidding? I could "be my own web" 15 years ago with 2 ethernet cards and a short cat5 cable.
Oh, wait. I get it. It's wireless. Let's just forget that this is a laptop sewn into a backpack along with a really big battery.
I think the intention in the case is to shield the home users of MS software, not corporate networks. They are offing a couple of externally accessible services in the default configuration as well, which doesn't really affect good admins because they already have installation scripts to disable those services and a good firewall anyway... so again, this is more about the home users.
:)
XP SP2 enables the native firewall by default, and also allows listening processes to temporarily open a port rather than requiring that you make a static rule to keep that port open. It's supposed to guard against malformed transmissions as well, but I'm not holding my breath on that count... I'm keeping a box with iptables + snort on the perimeter.
:::For him, defaults were always fine, as making changes would have required effort.:::
:), but the ignorance-from-laziness that I experience everyday has been overwhelming lately.
Then there's your real problem, it's not some luser in need of a bare-bottom session with the cluestick, it's the admin. Damn. He really should know better. *I* know better, and I've only done a little light admin work on the side when my undergrad workload allowed. Always setup the systems as though the user were going to do everything he can to bring down the entire network because worst case scenario, he will.
[rant mode]
Lazy-ass incompetent admins like your colleague are the reason I have to spend about an entire week out of every month dealing with whining about why XXX isn't working. I hope your firewall has good blocks on outgoing communication or I may have to hunt down your coworker and get all Hannibal Lector on him. It's not that hard to implement reason security policies that negate 99% of the threats that are out there. If he won't even set up freaking antivirus software the right way, I fear to see your subnetting and logging/ids. I mean, damn, Symantec's corporate clients aren't the perfect software against which all other software must be judged, but they're pretty easy to configure properly... like 12 clicks on a manual install, nevermind if you've gotten a script or image for desktop software rebuilds.
[/rant mode]
Sorry, I guess. Nothing personal, maybe you're even as annoyed by that twit as I am
I think part of the problem is the way MS handles running processes under different credentials and system maintenance apps/system utilities.
In a *nix environment, you can access just about all of the system controls simply by entering the root password when prompted from gnome or kde. Apps that need to be run as root work when it's done regardless of whose userspace it sees "running in the background". In Windows environments, this isn't true. "Run as..." functionality will only work about 1/2 the time for apps that need administrator privileges, and non-admin accounts can't access the Control Panel with administrative credentials, so unless the user knows how to use the command line to accomplish their task it ain't gonna happen.
The user experience that drives Windows adoption has always been ease-of-use... and even now the automation of almost every conceivable task isn't enough for most users' tastes. Until security is easy, Windows PCs will be insecure. By easy, I mean a few clicks to setup (and the defaults all have to be secure) and utterly transparent to users once the security policies are enforced. This is (IMO) the main thing... go to a machine with a relatively fresh install of WinXP, and type "services.msc" into the "Run..." dialogue and just look at all of that shit. WTF? I could see maybe having terminal services running for telnet/ssh access, but UPnP, wireless zero config, remote clipbook viewer, and a thousand other useless "features" (like BITS... who the hell uses BITS for anything?).
Basically, lazy users are a fact of life for a commodity OS like Windows (this will be true even when something else finally comes along and unseats MS), so the OS needs to be secure by default and make it require technical literacy to reduce the security of the system rather than the other way around (which is how it is now... although XP SP2 is supposed to change this by enabling the firewall and autoupdates by default). It's a mix of bad user and stupid design decisions, and the stupid default configs are easier to fix than bad users. Hopefully, when CPUs with nx become widespread, the OS security defaults will be chosen taking that into account as well... wouldn't it be nice to essentially kill the buffer overflow exploit? Since this may break legacy apps, however, I'm not counting on it happening.
:::So yes, they're not required to give the source directly back to the people that they got it from, but they have to make it available to them, at least indirectly.:::
:::That being said, it's not clear that this company made any code improvements to MythTV, so it's not clear that they're obligated to so anything under the GPL other than to give their customers a copy of the original source code if they want it.
That's still a stretch. Either MythTV pays for a box and gets access to the code that way, or they have to rely on charity to see the changes to the source code. Whether the charity is on the part of the manufacturer or some random joe-schmoe buyer is irrelevant.
It doesn't matter whether or not they've changed one line of code. They are obligated to make their source available to whomever buys their product (and absolutely no one else) regardless of whether they've done any in-house work on it or not. While I agree it would certainly be very nice of them to share since they've gotten a lot of good work for free, the MythTV developers did not require them to do so (because the license they used for their software does not require licensees to do so).
There's a difference between CPUID (model number), hardware revision number, S-spec (roughly equivalent to a batch number), and serial number. Individual serial numbers are not accessible, and although I believe Intel's S-specs show up in the BIOS.
I believe that properly configured servers wouldn't accept .mail messages without a proper originating IP address for the server (easily checkable via reverse DNS... if the source IP doesn't match a server registered with a valid .mail TLD, the message gets dropped).
My point: the DMCA is obnoxious because it prohibits you from disabling trusted computing technologies if they are designed to protect copyrights.
I take it that you're agreeing, more or less.
Right now, I trust the trusted computing alliance about as far as I can throw them, and seeing as I'm 6' and only 165 lbs that ain't gonna be very far.
I wonder... if someone did some research into corporations who lobbied for the DMCA or paid pro-DMCA congressmen, how many TCA members would be on the list? Probably most... you know, if I had to guess.