Each country has their own laws. This may come as a shock to some, but the US can't/shouldn't enforce our laws on other countries. Whether we have the right or duty to "free" other countries under dictatorial rule is another discussion that I won't comment on here. However, when the people of a country vote to have particular rules with regard to advertising or campaign contributions it's not our place to say whether they are right or wrong. Some would even argue that it would be better for the US to have publicly funded election campaigns and ban private contributions, and have equal time on the government licensed broadcast channels. However, there are laws that have go through review all the way to the SCOTUS that say otherwise. Who's to say that the US' laws trump Japan's laws, or which is "better?" I'd say the people in those two countries, and no one else.
You had me all the way until you brought politics into the discussion. You were talking about the behavior of lawyers and how they should be held up to certain ethical standards. Then you go off on some opinion about dismissing politically appointed attorneys which has nothing to do with the previous discussion. And the mention of federal contracts has no logical bearing on the discussion either, as federal contracts can not legally be awarded or appointed by executive privilege and instead are supposed to be awarded based on an entirely different basis (whether they are or not is a separate discussion).
If you drop the last paragraph of your post, then I totally agree with it. If you want to discuss the dismissal of politically appointed federal employees then change the subject and leave out all of the prior paragraphs, because the two have nothing to do with each other.
Can someone explain to me how a legal entity, such as a corporation holding certain copyrights, can extend that right to a non-legal entity such as a piece of DVD hardware? I can understand them extending a right to a company that makes DVD hardware, but to say that the DVD player itself has a legal right to decrypt the copyrighted work, but the owner of the copy of the work does not, just boggles the mind. How can a piece of hardware retain a right? Doesn't that right transfer to the owner of the DVD player upon purchase, if such a transfer mechanism were even legal in and of itself? If a physical piece of hardware can retain a legal right, then what about it's other inalienable rights?
Yea, something like that. How would you know that it was his lock on the suitcase, and that someone didn't intercept it and put on a lock that looked like his? There's a reason why we use asymmetric algorithms.
It has been predicted that quantum computing will make current computer security obsolete, cracking any current cryptography scheme
It didn't say it would make current computer security obsolete because it would crack any current symmetric algorithm, it said it would make it obsolete because it would crack any current cryptography scheme, all of which currently use asymmetric algorithms to exchange the symmetric keys used to encrypt the actual data. I don't know the original poster, but it is quite possible that they already knew about the symmetric / asymmetric algorithm angle and just didn't go into all the gory details because it was assumed that we'd know what s/he meant.
First, the two concepts "virtual machine" and "mandatory access control" are orthogonal. A virtual machine may choose to implement MAC (and the sandbox that Java applets are placed in is a MAC implementation), or it may choose any other security model (or none).
Hence my difficulty in classifying the type of access control. I don't know enough about the Java sandbox to say whether it is MAC or not, but I doubt it. MAC entails assigning a specific classification to each object, and clearances to subjects, and then comparing the clearance of the subject with the classification of the object. There are also different security models such as Bell-LaPadula, Biba, and Clark-Wilson, that have to do with subjects accessing objects of different security levels. If the Java sandbox implements only allowing a subject (the Java app) access to particular objects I suppose you could stretch the definition of MAC to fit that model, but MAC connotates a much more complex system that is usually only seen in military systems (or special implementations of Unix such as Trusted Solaris and SELinux).
Mandatory Access Control is simply a set of permissions that are independent of the identity of the user who owns a process. Unix and Windows permissions are all about the process UID, every decision about what the process should or should not be allowed to do comes down to a check of user-related information.
With MAC, the permissions are associated instead with the process and/or the data it's acting on. MAC as implemented by SELinux (and the XO security model, BTW) associates a set of permissions with each program. Program A is configured as being allowed to do X or Y but not Z, while program B is allowed to do Y or Z but not X.
This is an oversimplification. Any access control system can be described as "simply" checking permissions for a subject against permissions for an object. It's the relation between the two that makes the difference. For example, DAC systems check the identity of the subject against the ACL (list of access specified by the owner of the object) of the object. RBAC systems check the identity of the subject against the access rights assigned to the object by the owner or administrator. As opposed to DAC systems RBAC systems are generally focused on assigning access rights to objects based upon the subjects membership in a group that has a particular role, as opposed to assigning rights to a specific individual subject. MAC systems, as indicated earlier, are quite different in that the compare the classification of the object with the clearance of the subject. MAC systems also have the concept of "need to know" so that a subject with a particular clearance level, for instance someone with top secret clearance, does not necessarily get to access all top secret objects (and shouldn't!). So it's an oversimplification because all access control systems by definition have to compare the level of access granted to a subject for an object. These different models of access control don't necessarily match the specific implementations available in systems today. However, they do form a basis for comparing different means of access control.
Note that these permissions are orthogonal to UID-based permissions. Suppose a program has permission to read files from a given region of the file system, but the user account the program is running as does not have permission to read a given file within that region. The program can't read that file while running as that user.
Second, there's nothing in the Bifrost spec about virtual machines. It's not clear, but it looks to me like the Bifrost MAC is implemented at the OS layer, in spite of the fact that the Wired article talks about VMs.
No, it is most definitely not role-based -- role-based access is again based on user ID (via the roles associated with that UID at the moment). Actually, I think there are probably traditional user and group-based
To my knowledge SELinux implements MAC (Mandatory Access Control). That is not necessarily the same thing as a virtual machine per application. Pick up a book on the CISSP certification, which I AM going to get in April. There is a lot of information about different methods of access control. From reading the A, yes I RTFA, it doesn't sound like OLPC fits into any of the standard definitions (DAC, MAC, RBAC). It sounds closest to RBAC than the others, but it doesn't really fit that model either. I'd like to hear from other security professionals how they would categorize OLPC, but I think we would need more information first.
I call bull. What about that "echo cancellation" feature you find on all the popular web cam software? What about all the collaboration software out there that has echo cancellation? The basic premise is that if you don't use headphones and instead the computer speakers then the mic will pick up the sounds that the computer is transmitting from the other side, and you'll get an echo. Saying that it requires far too much computing power is incorrect. While it probably won't make it totally disappear, it will reduce the incoming signal from the mic to a level such that the voice processing feature on the computer won't be able to make out any of the commands. "totally alien waveform" right. Tell that to Sony and their noise cancellation headphones. If they can fit the technology in a headphone then a modern computer capable of running Vista certainly has enough horsepower.
This is all blown out of proportion, because the finding of another plaintext that generates the same hash will almost always be useless anyway. For example, a hash function, like MD5 or SHA1 (which are not encryption algorithms) may generate a hash code of 123456 for the plaintext:
This is a message from Me to You, send me some $$$!
If there was a weakness in the hash function you may be able to find another plaintext that generates the same hash code, for instance, the hash function may also return a code of 123456 for the plaintext:
fy87dsf5dkjsf75SI5sdfISAfd576fHFKhsudg6%&FDSHf5765 a
Sounds pretty useful doesn't it! I mean, OH My God! They are going to be able to like break into my online bank account now! Yea right. The "duplicate" plaintext that you may find for a given hash code most likely won't even be recognizable, and certainly wouldn't be in a form that would be useful. For instance, a duplicate plaintext with the same hashcode of a TCP/IP frame wouldn't likely even be in the proper format to be able to be decoded.
Kind of reminds you of Cisco's switch from their terminology for tag switching to the more common label switching, doesn't it? Check out the Cisco documentation. It's not a direct comparison, but it does "kind of" remind you.
If they don't charge any extra for the product with the new feature than they did for the product without the feature before it was available, then the value of the feature (in accounting terms, not necessarily the value you would place on it) is 0. So there would be no reason to charge existing customers for the new software. If, however, they are charging an extra $5 for the new product with the new feature than they did for the old product without the feature, then there's the rub.
I used to have the same attitude. That is until I took a CISSP CBK review course and learned the reasons why information security professionals insist on those types of policies. Since increasing my experience and knowledge of information security is my career goal (passed the CCIE Security written, didn't take the lab yet, probably will take the CISSP next quarter) I'm subscribed to a bunch of web zines on security topics. I used to have the opinion that most of the articles were from security "experts" that didn't have the technical expertise; from management know-nothings that received questionable certifications and were viewed in much the same manner as the pointy haired boss. Now I understand the reasons behind why it is necessary to have these policies and everything involved in assuring that information security is functioning as it is designed. However, I also understand that most companies that have these types of policies usually don't understand themselves the complete aspects of all domains. Financial institutions would probably be the exception, but I can tell you from experience that, despite HIPAA, healthcare institutions generally don't have a clue.
It was really an eye-opener for me, and I've been doing security for years. If you're interested in finding out the why behind some of these policies I'd suggest you pick up a CISSP book. It's a quite different approach and mind-set than the more technically oriented certifications such as the CCIE Security.
It is conceivable that an OS would have a "game" mode, where it only lets those critical processes to maintain stability of the OS are allowed to run, and the game. For all of the other processes it would look like the OS went to sleep, or suspend like with a laptop. Why there isn't this option already is beyond me. I guess no one ever thought of it before...
You're mostly right, but not about the no network connections. SQL Server Express defaults to no network connections, but you can easily enable TCP/IP connections.
As Anonymous said, it's his blog. If you want to make a statement or post a leading question then post it on a public forum like Slashdot, or on your own blog. He has no obligation to post any comments from anyone on his own blog. I don't know if this is the acceptable etiquette for blogs or not, but it makes sense to me. I don't have a blog, but if I did I wouldn't want it to be completely "open" where anyone can post anything they wanted. I'd want to maintain editorial control of the content.
You make some valid points, but I'll respond much like I did to another poster. The public school system is the lowest common denominator as far as education. If parents want a good education for their children they will either homeschool using a good curriculum (and not "unschool" like some so-called homeschoolers do) or pay for private education. It's my view that the public education system is the safety net that will ensure a minimum level of knowledge necessary for minimum wage jobs and the basic skills to live in today's society. It's not where you send your kids if you want them to be leaders, or a future Nobel prize recipient. I'm not saying that there are not leaders or Nobel prize recipients who attended public school. Keep in mind that public education in America didn't actually exist for a long period of time, and we are now seeing its collapse. I'll refrain from any personal attacks.
Well, to be honest I question the whole involvement of the Federal government in education. Since I don't believe that you can get good results with a national education system I tend to view public education as the lowest common denominator. If parents want better education for their children they can either make the personal sacrifice necessary to homeschool or pay for private education. (I personally believe that we should have vouchers but that's a whole 'nother argument that I won't get into). My parents, who were not rich by any measurement and if anything were on the lower end of middle class, did what was necessary to send all 9 of their kids to private school because they thought it was better. I find it hard to feel sorry for children of today who's parents spend more time worrying about their fantasy football ranking than their child's education.
This isn't plumbing, and it isn't a threat to WiFi. At 10 meters as the maximum distance, and 3 meters the desired distance, you'd have to have an AP every few feet just to get proper roaming and coverage. It would fit in better as a replacement for Bluetooth and "personal" devices, such as cell phone connectivity to laptops, wireless mice, headsets, etc. Of course I haven't RTFA, but with a summary that lists the distances indicated anyone can pretty much tell this isn't a WiFi replacement.
I never did understand the reason people use "teaching to the test" as a reason against uniform testing. Either the students know the material or they do not. And I'm not sure why teachers can't make the experience of learning the material that is on the tests interesting. I suspect it is because teachers resent being held to account and told exactly what their curriculum must include (not that they couldn't ADD any other materials they wanted to). Or, the fact that they were not teaching the basics to everyone from the beginning and letting certain students slip behind and only paying attention to the "curious" students. This ultimately results in problems for the whole class when all of a sudden they are holding Johnny and Jim Bob to the same standards as everyone else. Since teachers are "graded" on the overall performance of their students they now must give Johnny and Jim Bob that extra effort, reducing time spent with the curious students and making those students life boring (just teachning to the test).
In my opinion it is all the fault of the public school teachers and their unions. If they were teaching the BASICS to EVERYONE in the first place then Johnny and Jim Bob would have no problem passing those standardized tests, the teachers wouldn't need to spend extra time with them, and could still make their instructions interesting for everyone.
Of course my perspective comes from being taught in private Catholic schools until the College years, and at least in my case our teachers blew away the public school teachers in the area. They made things interesting and they would actually fail students who didn't pass our tests. Granted that may be the exception even in private schools, and our tests were not standardized like now, but since we were learning at such a high level above the same grade in public school I can't come to any other conclusions.
Right on the first page of TFA it says that it is HDCP compliant, so you need the latest HDTV "set" in order to run it. So it's not like there was much of a chance of me purchasing one of these in the first place, but I'm not going to buy a DRM crippled product.
Hmm, by your own calculations it takes 20x raw performance gain in order to get 2-3x perceived performance gain. So, with the Wii only 1/8th the raw performance of the PS3 it's interesting that the PS3 won't even be 2x the perceived performance of the Wii, yet cost 3x the money. Not to mention that you'd need a HD setup in order to realize that less than double performance gain, so you are talking a heck of a lot more than 3x the money. Just doesn't sound worth it to me.
He's replied already that you can get almost any program to work without administrative rights if you tweak registry keys and file/folder permissions. The point is that you have to do that; the programs do not work without administrative rights out of the box using a standard install procedure.
Slashdot Mirror
Each country has their own laws. This may come as a shock to some, but the US can't/shouldn't enforce our laws on other countries. Whether we have the right or duty to "free" other countries under dictatorial rule is another discussion that I won't comment on here. However, when the people of a country vote to have particular rules with regard to advertising or campaign contributions it's not our place to say whether they are right or wrong. Some would even argue that it would be better for the US to have publicly funded election campaigns and ban private contributions, and have equal time on the government licensed broadcast channels. However, there are laws that have go through review all the way to the SCOTUS that say otherwise. Who's to say that the US' laws trump Japan's laws, or which is "better?" I'd say the people in those two countries, and no one else.
You had me all the way until you brought politics into the discussion. You were talking about the behavior of lawyers and how they should be held up to certain ethical standards. Then you go off on some opinion about dismissing politically appointed attorneys which has nothing to do with the previous discussion. And the mention of federal contracts has no logical bearing on the discussion either, as federal contracts can not legally be awarded or appointed by executive privilege and instead are supposed to be awarded based on an entirely different basis (whether they are or not is a separate discussion).
If you drop the last paragraph of your post, then I totally agree with it. If you want to discuss the dismissal of politically appointed federal employees then change the subject and leave out all of the prior paragraphs, because the two have nothing to do with each other.
Can someone explain to me how a legal entity, such as a corporation holding certain copyrights, can extend that right to a non-legal entity such as a piece of DVD hardware? I can understand them extending a right to a company that makes DVD hardware, but to say that the DVD player itself has a legal right to decrypt the copyrighted work, but the owner of the copy of the work does not, just boggles the mind. How can a piece of hardware retain a right? Doesn't that right transfer to the owner of the DVD player upon purchase, if such a transfer mechanism were even legal in and of itself? If a physical piece of hardware can retain a legal right, then what about it's other inalienable rights?
Yea, something like that. How would you know that it was his lock on the suitcase, and that someone didn't intercept it and put on a lock that looked like his? There's a reason why we use asymmetric algorithms.
It didn't say it would make current computer security obsolete because it would crack any current symmetric algorithm, it said it would make it obsolete because it would crack any current cryptography scheme, all of which currently use asymmetric algorithms to exchange the symmetric keys used to encrypt the actual data. I don't know the original poster, but it is quite possible that they already knew about the symmetric / asymmetric algorithm angle and just didn't go into all the gory details because it was assumed that we'd know what s/he meant.
Hence my difficulty in classifying the type of access control. I don't know enough about the Java sandbox to say whether it is MAC or not, but I doubt it. MAC entails assigning a specific classification to each object, and clearances to subjects, and then comparing the clearance of the subject with the classification of the object. There are also different security models such as Bell-LaPadula, Biba, and Clark-Wilson, that have to do with subjects accessing objects of different security levels. If the Java sandbox implements only allowing a subject (the Java app) access to particular objects I suppose you could stretch the definition of MAC to fit that model, but MAC connotates a much more complex system that is usually only seen in military systems (or special implementations of Unix such as Trusted Solaris and SELinux).
This is an oversimplification. Any access control system can be described as "simply" checking permissions for a subject against permissions for an object. It's the relation between the two that makes the difference. For example, DAC systems check the identity of the subject against the ACL (list of access specified by the owner of the object) of the object. RBAC systems check the identity of the subject against the access rights assigned to the object by the owner or administrator. As opposed to DAC systems RBAC systems are generally focused on assigning access rights to objects based upon the subjects membership in a group that has a particular role, as opposed to assigning rights to a specific individual subject. MAC systems, as indicated earlier, are quite different in that the compare the classification of the object with the clearance of the subject. MAC systems also have the concept of "need to know" so that a subject with a particular clearance level, for instance someone with top secret clearance, does not necessarily get to access all top secret objects (and shouldn't!). So it's an oversimplification because all access control systems by definition have to compare the level of access granted to a subject for an object. These different models of access control don't necessarily match the specific implementations available in systems today. However, they do form a basis for comparing different means of access control.
To my knowledge SELinux implements MAC (Mandatory Access Control). That is not necessarily the same thing as a virtual machine per application. Pick up a book on the CISSP certification, which I AM going to get in April. There is a lot of information about different methods of access control. From reading the A, yes I RTFA, it doesn't sound like OLPC fits into any of the standard definitions (DAC, MAC, RBAC). It sounds closest to RBAC than the others, but it doesn't really fit that model either. I'd like to hear from other security professionals how they would categorize OLPC, but I think we would need more information first.
I call bull. What about that "echo cancellation" feature you find on all the popular web cam software? What about all the collaboration software out there that has echo cancellation? The basic premise is that if you don't use headphones and instead the computer speakers then the mic will pick up the sounds that the computer is transmitting from the other side, and you'll get an echo. Saying that it requires far too much computing power is incorrect. While it probably won't make it totally disappear, it will reduce the incoming signal from the mic to a level such that the voice processing feature on the computer won't be able to make out any of the commands. "totally alien waveform" right. Tell that to Sony and their noise cancellation headphones. If they can fit the technology in a headphone then a modern computer capable of running Vista certainly has enough horsepower.
This is all blown out of proportion, because the finding of another plaintext that generates the same hash will almost always be useless anyway. For example, a hash function, like MD5 or SHA1 (which are not encryption algorithms) may generate a hash code of 123456 for the plaintext:
5 a
This is a message from Me to You, send me some $$$!
If there was a weakness in the hash function you may be able to find another plaintext that generates the same hash code, for instance, the hash function may also return a code of 123456 for the plaintext:
fy87dsf5dkjsf75SI5sdfISAfd576fHFKhsudg6%&FDSHf576
Sounds pretty useful doesn't it! I mean, OH My God! They are going to be able to like break into my online bank account now! Yea right. The "duplicate" plaintext that you may find for a given hash code most likely won't even be recognizable, and certainly wouldn't be in a form that would be useful. For instance, a duplicate plaintext with the same hashcode of a TCP/IP frame wouldn't likely even be in the proper format to be able to be decoded.
Think about it.
Kind of reminds you of Cisco's switch from their terminology for tag switching to the more common label switching, doesn't it? Check out the Cisco documentation. It's not a direct comparison, but it does "kind of" remind you.
Don't you mean AT&T? Why would Verizon run fiber to your home in CA?
If they don't charge any extra for the product with the new feature than they did for the product without the feature before it was available, then the value of the feature (in accounting terms, not necessarily the value you would place on it) is 0. So there would be no reason to charge existing customers for the new software. If, however, they are charging an extra $5 for the new product with the new feature than they did for the old product without the feature, then there's the rub.
I used to have the same attitude. That is until I took a CISSP CBK review course and learned the reasons why information security professionals insist on those types of policies. Since increasing my experience and knowledge of information security is my career goal (passed the CCIE Security written, didn't take the lab yet, probably will take the CISSP next quarter) I'm subscribed to a bunch of web zines on security topics. I used to have the opinion that most of the articles were from security "experts" that didn't have the technical expertise; from management know-nothings that received questionable certifications and were viewed in much the same manner as the pointy haired boss. Now I understand the reasons behind why it is necessary to have these policies and everything involved in assuring that information security is functioning as it is designed. However, I also understand that most companies that have these types of policies usually don't understand themselves the complete aspects of all domains. Financial institutions would probably be the exception, but I can tell you from experience that, despite HIPAA, healthcare institutions generally don't have a clue.
It was really an eye-opener for me, and I've been doing security for years. If you're interested in finding out the why behind some of these policies I'd suggest you pick up a CISSP book. It's a quite different approach and mind-set than the more technically oriented certifications such as the CCIE Security.
It is conceivable that an OS would have a "game" mode, where it only lets those critical processes to maintain stability of the OS are allowed to run, and the game. For all of the other processes it would look like the OS went to sleep, or suspend like with a laptop. Why there isn't this option already is beyond me. I guess no one ever thought of it before...
You're mostly right, but not about the no network connections. SQL Server Express defaults to no network connections, but you can easily enable TCP/IP connections.
As Anonymous said, it's his blog. If you want to make a statement or post a leading question then post it on a public forum like Slashdot, or on your own blog. He has no obligation to post any comments from anyone on his own blog. I don't know if this is the acceptable etiquette for blogs or not, but it makes sense to me. I don't have a blog, but if I did I wouldn't want it to be completely "open" where anyone can post anything they wanted. I'd want to maintain editorial control of the content.
What if you're an Internet addicted alcoholic?
You make some valid points, but I'll respond much like I did to another poster. The public school system is the lowest common denominator as far as education. If parents want a good education for their children they will either homeschool using a good curriculum (and not "unschool" like some so-called homeschoolers do) or pay for private education. It's my view that the public education system is the safety net that will ensure a minimum level of knowledge necessary for minimum wage jobs and the basic skills to live in today's society. It's not where you send your kids if you want them to be leaders, or a future Nobel prize recipient. I'm not saying that there are not leaders or Nobel prize recipients who attended public school. Keep in mind that public education in America didn't actually exist for a long period of time, and we are now seeing its collapse. I'll refrain from any personal attacks.
Well, to be honest I question the whole involvement of the Federal government in education. Since I don't believe that you can get good results with a national education system I tend to view public education as the lowest common denominator. If parents want better education for their children they can either make the personal sacrifice necessary to homeschool or pay for private education. (I personally believe that we should have vouchers but that's a whole 'nother argument that I won't get into). My parents, who were not rich by any measurement and if anything were on the lower end of middle class, did what was necessary to send all 9 of their kids to private school because they thought it was better. I find it hard to feel sorry for children of today who's parents spend more time worrying about their fantasy football ranking than their child's education.
This isn't plumbing, and it isn't a threat to WiFi. At 10 meters as the maximum distance, and 3 meters the desired distance, you'd have to have an AP every few feet just to get proper roaming and coverage. It would fit in better as a replacement for Bluetooth and "personal" devices, such as cell phone connectivity to laptops, wireless mice, headsets, etc. Of course I haven't RTFA, but with a summary that lists the distances indicated anyone can pretty much tell this isn't a WiFi replacement.
I never did understand the reason people use "teaching to the test" as a reason against uniform testing. Either the students know the material or they do not. And I'm not sure why teachers can't make the experience of learning the material that is on the tests interesting. I suspect it is because teachers resent being held to account and told exactly what their curriculum must include (not that they couldn't ADD any other materials they wanted to). Or, the fact that they were not teaching the basics to everyone from the beginning and letting certain students slip behind and only paying attention to the "curious" students. This ultimately results in problems for the whole class when all of a sudden they are holding Johnny and Jim Bob to the same standards as everyone else. Since teachers are "graded" on the overall performance of their students they now must give Johnny and Jim Bob that extra effort, reducing time spent with the curious students and making those students life boring (just teachning to the test).
In my opinion it is all the fault of the public school teachers and their unions. If they were teaching the BASICS to EVERYONE in the first place then Johnny and Jim Bob would have no problem passing those standardized tests, the teachers wouldn't need to spend extra time with them, and could still make their instructions interesting for everyone.
Of course my perspective comes from being taught in private Catholic schools until the College years, and at least in my case our teachers blew away the public school teachers in the area. They made things interesting and they would actually fail students who didn't pass our tests. Granted that may be the exception even in private schools, and our tests were not standardized like now, but since we were learning at such a high level above the same grade in public school I can't come to any other conclusions.
Right on the first page of TFA it says that it is HDCP compliant, so you need the latest HDTV "set" in order to run it. So it's not like there was much of a chance of me purchasing one of these in the first place, but I'm not going to buy a DRM crippled product.
Hmm, by your own calculations it takes 20x raw performance gain in order to get 2-3x perceived performance gain. So, with the Wii only 1/8th the raw performance of the PS3 it's interesting that the PS3 won't even be 2x the perceived performance of the Wii, yet cost 3x the money. Not to mention that you'd need a HD setup in order to realize that less than double performance gain, so you are talking a heck of a lot more than 3x the money. Just doesn't sound worth it to me.
He's replied already that you can get almost any program to work without administrative rights if you tweak registry keys and file/folder permissions. The point is that you have to do that; the programs do not work without administrative rights out of the box using a standard install procedure.
I "box" doesn't have administrative rights, a user does. So I'm not sure what you are talking about.