"Steve Ballmer would never go for it. Approach him with a microchip gun and he'd throw a chair at you. And then bury you. In chairs. He's done it before and he'll do it again."
> Well, Win2K = NT 5.0 and WinXP = NT 5.1, released only a year and a half later, so what were you expecting?
A major revision anytime in the last five (maybe six?) years.
> OK, this I don't get. What is wrong with the XP SP2 firewall? > It's trivially easy for any malware that wants to send data outbound to do so using a method that could not possibly be distinguished from legitimate traffic.
Portscan a default SP2 install, portscan a default Fedora install. Note how many worms run on the ports mentioned.
Like anything, it doesn't 100% stop anyone, but outbound filtering does add more steps for someone trying to break in to work around, and does have a practical benefit. I've known people alerted to stuff on their Windows boxes by ZAs outbound dialogs.
Oh yeah, an Run As doesn't work properly with nearly any thind party app. Grr!
And yeah, spyware got more popular in the last few years, so you need antispyware tools now too.
> Funnily enough, I've never had a problem with it. And I've never needed a tool to get rid of it off other people's systems, either. > As long as you don't go around installing random software from unknown sources, you won't have a problem.
Are you saying a lot of the popular Windows apps from well known sources don't contain spyware? What about Kazaa? Hell, what about RealPlayer?
> Of course, Linux users don't do this, because unknown sources don't tend to have a Linux version of their software available, so it isn't really an issue there, either.
Yeah, but the Linux versions of things - P2P, VOIP apps, etc, which often don't have a Windows version, and don't have spyware in their Linux version.
> Everything you list is trivially easy to find, completely free and doesn't require reboots to install under Windows these days.
Unless somethings changed since I last used Windows (around SP2, because I was interested to see what was up in Windows land), I simply don't believe you. Sure, I haven't installed, say, Office LatestVersion, but Office 2000 and Office XP require a reboot, why wouldn't the most recent ver? Likewise helping out the Windows using neighbors even crappy iPod addons require reboots, again on XP. Sorry, but I don't believe you.
> There's even useful shit like strace in the OS.
Similar tools are available for windows as parts of the various SDKs, or for independent download.
Indeed, they're not avaiable in the OS and they're an expensive download.
> The rationale for not including it is that it's useless to anyone who isn't a developer, which seems sensible to me.
I disagree. I'm not a developer by any stretch of the imagination and I've discovered problems with both software and my system with these tools. They're small, not hard to understand for administrators (no harder than say, regedit) and an invaluable aid to troubleshooting. A lot of the things I've found with strace (what, Sophos always wants US English installed?) I would not have found without. If I was using Windows, I'd either pay a lot of money for an equivalent tool (and it may not end up being useful to me - like strace doesn't always fix every problem) or throw my hands up in disgust.
> Linux installs are often intimidating to new users, because they get to the software selection screen and see all the packages that are included, and have no idea how to choose what they need and what they don't need.
Kinda, but it depends on your distro, they're aimed at different audiences. Fedora just installs a default set of software, or lets the user pick from about 10-15 groups of packages with simple names (or individual packages if they want). I see no reason why Windows couldn't do the same.
> Re: Windows: (but without asking what they want) IIRC, you can customize what's installed by default in Windows too.
Honestly, how much effort does it take to download a 300k setup.exe for Cygwin.
You missed the point. I'm not complaining about the effort to download and install one thing, I'm complaining about downloading and installing 25 things, many of which require reboots (Cygwin IIRC thankfully doesn't). Is this not a legitamite complaint?
> You seem to not even know about UnxUtils, which happens to contain a native win32 port of wget and many other utils.
Dude, I've known about tools like Cygwin and Interix for years, prolly since before Unxutils existed. The point I'm making above is, what comes with the OS?
> I remember Evolution in 1998 too, what a piece of crap that was. It sure was pretty, but it really liked to hose the system. I used Evo later than 1998 - around 2000 was when it became my main mail client. It was quite usable for me by then.
Yeah, there's benefits of PC games, I don't dispute that. But there's benefits of consoles too - having games that work on your more-than-two-years-old system is one.
I used to get really exited about Windows. Betas of Windows 98 and NT 4 at home, Systernals tools, things like TweakUI, an NT 4 era MCSE, caring about the differences between Windows 95 OSR2 and OSR1, etc.
I kinda stopped being interested shortly after Windows 2000. What happened? Well nothing. Before Windows 2000, you had Windows 98, which was unstable, and Windows NT 4, which was a bastard to use (in particular, it had no Plug and Play support).
Then there was Windows 2000, and it was more stable and still easy to use. Windows XP could hav been a Windows 2000 service pack. A better themable UI, a minor IE update, some utilities to do things like registry snapshots that were useful, but always available as cheap third party tools. No big deal. XP SP 2 was the same, except the firewall was so bad you still needed a third party firewall. And yeah, spyware got more popular in the last few years, so you need antispyware tools now too.
There have been no significant improvements since Windows 2000. Meanwhile, about 1998, I saw a screenshot of Enlightenment. I wanted Enlightenment. Linux came with the bargain. Linux was tweakable to my hearts content. And also really difficult. And I'd use it for a little while,. then mess it up or find something I couldn't do, then go back to Windows.
The thing is, Linux seemed to be improving. Things that seemed to buy me about Linux were bugging other people too. I went from Red Hat 5.2 to Mandrake, which had a nicer GUI, KDE. Then Red Hat 6 came out, and it had KDE plus a simpler GUI installer. Woo. And tools to notice new hardware and configure it. And I started learning about Linux, cause it was nice and tweakable and interesting.
After a while, I'd want to do something in Linux I couldn't do in Windows. First it was pull down sequences of files using wget. In Windows you'd need to fetch and install some trialware crap to do that, and Linux came with the tool. Then it was use Evolution. Then I found smssend, which was cool as hell. Meanwhile, Gnome got quite decent, so I switched to that. These days, Windows has...what? A crap web browser, an IM that only does MSN (Linux does AOL, ICQ, Yahoo, and Jabber, aka Google), a crap mail client (compared to Evolution - check hotwayd if you need to check Hotmail), OpenOffice 2 (yeah, I think OO 1 was crap too) a good firewall out of the box, no spyware hassles, and the ability to install and upgrade my apps/hardware without rebooting for every single one, over and over again. Sure, you could install all this stuff in Windows, but you have to find it and pay for it and reboot and reboot and reboot. If Linux fucks up, all the config files are documented and I can fix it. There's even useful shit like strace in the OS. If Windows fucks up, most of the registry isn't documented and Systernals tools are expensive as hell.
Meanwhile, I and my Linux buddies had finished Grand Theft Auto on the PS2 while most of my remaining Windows using mates were waiting for it to be released.
There's a pretty good chance he will discuss using Services for Unix to get name service from to Active Directory.
Great. But what about authentication? He has two options:
* Use LDAP authentication. This is not what Windows does, as it loses all the single sign on benefits of Kerberos (with LDAP, your initial login will not give you a credential you can use to check your mail, authenticate and map to an NFS export, pull stuff out of SVN, etc, with Kerberos it will). If Matt uses LDAP he's showing you how to do a half assed job of being an Active Directory client.
* Use Kerberos authentication. This involves using MIT Kerberos 1.3 (or backports to older versions like Red Hat offer for their older RHEL releases), that's been created after 5 years of engineering following Microsoft's implementation of proposed (ie, non) standard Kerberos extensions like Kerberos over TCP, and Microsoft specific encryption types. If Matt uses Kerberos for authentication, using MIT Kerberos, he's showing you how to be a proper AD client, and get single sign on, despite Microsoft.
* If he uses it as a sales pitch to push some other AD client, he's proving that Microsoft clearly care more about money (licensing documentation for proprietary protocols) than interoperability.
Why not ask a Unix vendor to give this talk? Red Hat, or Novell, or Sun can all provide ways to interoperate with Windows, in most cases using Open Source tools, without the Microsoft agenda.
Matt, if you're reading this, my email is mmaccanaATredhat.com. I am not speaking for my employer in this post.
> Yes, and so do the trade organizations I just mentioned. Professional editors -- at least in the United States (so sorry to have offended your culture)
Cool. Got a link?
Did I say you offended my culture? I simply suggested it's better not assume everyone works in one country. I'm not offended, you just assumed something about your audience your shouldn't have.
> It's a generally held standard of professional practice that is our responsibility to serve our readers, not advertisers.
Part of a good editors responsibilities should be serving both his audience and his advertisers. They are both the magazines customers. That's the way the business works.
Does this mean letting advertisers influence the content of the magazine? No, they're not directly part of their decision making process. Something you keep failing to understand. Neither are readers. It's a balance between what the readers desire - a advertisement-free publication for no cost that's five hundred pages a month - and the advertisers, who'd ideally want to control the actual contents of the articles. Neither will get what they want. There is no deception involved.
Oh wait, you didn't say it was deceptive. If there's no deception, where is the ethical concern? You seem confused about this. How coudl there be an ethical concern without deception?
Oh wait... it just means these magazine are 'catalogs'? It seems you have a problem distinguishing catering to the advertisers and letting them influence what's said inside editorial content. A well run business does the former, but not the latter, which distinguishes it from a catalog.
Apple (and various other multimedia companies) might buy a double page spread that month, but the journalist writing the article won't know, and is perfectly free to write a damning review of the latest iPod. If it get edited to death by a sub working behind the scenes for a vendor, that's a problem. But most of the time it isn't, thanks to ethical standards.
Perhaps publications in the US can use their larger readership to ignore the realities of their smaller [circa 100,000 audited subscriber] equivalents and make the idyllic 500 page ad-less magazine you want. But from what I've heard, IDG doesn't operate any differently to any other mag locally, and I don't really thin kthe US would be different. I don't believe any high level (non sctional) editor doesn't involve himself with sales. Feel free to try and convince me, or not. I don't care.
>> Also, could you provide a link that says you are an editor, rather than one that says you're a columnist? > Again, a simple click would have revealed
Er, no. One click would have revealed you're a columnist. Clicks again...yep, Infoworld Columnist Neil McAllister. Perhaps if you label a link saying you are an editor, it should be to a page that says you are an editor? As someone trying to understand what you're telling me, why are you making me do the work? Why should the burden of proof about your background be on me? It's your opinion, back it up yourself. I can't be bothered clicking.
Also, could you provide a link that says you are an editor, rather than one that says you're a columnist?
And mark up the text for those links in a less deceptive fashion? Perhaps you could read some Australian editorial ethics guidelines. Oh, ait, simply glancingg at your screen indicates we're from different countries. I don't even need to do an exhaustive background check!
I've worked with editors from Australian Consolidated Press, Fairfax, NineMSN, Haymarket Media, and Next, and edited for Next.
I wouldn't have been inclined to discover your real identity and then hunt down infomation about your background as you've already demonstrated a lack of experience in the area. How long have you been an editor for?
So you think it is unethical to plan the content of a publications based around products advertisers have to sell? Why? How is that deceptive? And why do you think all magazines come from America?
Do you think Infoworld should have more articles reviewing electric guitars? Or do you disagree, and therefore demonstrate a rather obvious problem with your reading and comprehension skills?
>> The magazine's value is to link consumers with advertisers, hopefully by content relevant to both.
> Relevant to both? Not really. An advertiser is in the business of selling something. It's not in the business of reading magazines.sn't need to get anything out of the content of the magazine.
Er, really. Relevant to both. You don't seem to have had experience in the industry (no problem, I probably don't have experience in various things you do) but call up an editor of any major magazine and ask them if they son't set out to create content relevant to the advertiser.
If I want to sell advertising to Apple, Olympus, and Creative, I brief journos on an Audio feature, and get my sales guys to call these companes and pitch ads. This month the mag is being targetted specifically to their audience: people interested in mp3 players, so they should buy an ad. The ads are sprinkled around the same section of the magazine.
Hence, the feature is relevant to both advertisers and readers. There's exceptions, but the fewer of them there are the healthier the bottom line of the magazine is.
Most magazines are funded by ads. The cover price covers paying contributors, artists, printers and distribution networks. The magazine's value is to link consumers with advertisers, hopefully by content relevant to both.
> Very good point he makes, but it only works with OSS. If he needed to acquire functional IP through business acquisitions,
You make a good point, but FYI Red Have have acquired IP in proprietary software through business acquisitions. They're purchased Sistina and the Netscape Directory Server (formerly known as iPlanet) from AOL. Both the GFS SAN filesystem and Red Hat Directory Server are now Open Source.
They needed a distro on which to build their OES/NLD products,
Did they? Why? What makes Novell apps different to other proprietary apps that run on a variety of different Linux distros? Frankly I don't think Novell's making most of its money from supporting Suse. Why don't they just sell NTerprise, which runs on a variety of Linux distros, most of which people are already quite happy with, rather than trying to make folks in the US or APAC use Suse (which is quite rar to do in such areas)? Why does everyone who makes apps on Linux apparently need a distro? Veritas doesn't, Symantec doesn't, IBM doesn't.
M$FT, well they will have no ensure their products are vulnerable if they expect to sell AV and anti keylogger/spyware software.
RTFA. They're including the software in Windows.
And M$? Are you twelve?
They're still crooks (legally - they're a monopoly) but it's best you actually use illegal things they've done to point that out rather than making shit up.
The problem is that VIA doesn't really play nicely with Linux, and one had to do quite a lot of work on his own in the past before getting a reasonably well working system.
Conversely, how much work have the VIA guys done? It's their responsibility to write, or pay someone to write, their drivers. If you find them either non-existant or lacking, vote with your dollars.
Yes, this isn't an answer to your question, and no, I don't have one. Just making a point, hope you don't mind.
> How can you claim that Kerberos is "fairly poor security wise" ?
Very easily.
> I would argue that it's vastly *more* secure than PKI.
Then you'll need better arguments than those below. You clearly didn't understand my post. If you can prove Kerberos is more secure than PKI you clearly know more than the authors of Kerberos, who disagree with you.
> You don't need to send your password over the network to authenticate,
Er, PKI provides that. And doesn't keep secrets on the server.
> And it's actually possible to lock user accounts (unlike PKI, where you'd need a working revocation system to do that).
Do you know of any PKI implementation that doesmn't include certificate revocation?
> And Kerberos doesn't store copies of the users' passwords on the server - it stores hashes of them
I know. A derived version of the password is effectively a password - replay attacks are trivial. If someone comproses a KDC, the game ends, and you lose. If someone compromises a server storing public keys, they get, er, public keys.
As a user, do you trust the second party to adequately secure their system? As an authenticator, do you want to be held legally responsible for identity thefts that were based on credentials you should not have been storing in the first place?
Kerberos is like single DES or MD4 passwords. Common, convenient, and weak as piss.
IIS. Less than half the market share of Apache httpd. If popularity doesn't mean anything in terms of server exploits, why would it mean something in terms of desktop exploits?
Slashdot Mirror
Then use the proposed solution.
And it should be called Petals Around the Roses, as there may be more than one.
"Steve Ballmer would never go for it. Approach him with a microchip gun and he'd throw a chair at you. And then bury you. In chairs. He's done it before and he'll do it again."
Oscar Wilde
Thanks for an actually decent post.
> Well, Win2K = NT 5.0 and WinXP = NT 5.1, released only a year and a half later, so what were you expecting?
A major revision anytime in the last five (maybe six?) years.
> OK, this I don't get. What is wrong with the XP SP2 firewall?
> It's trivially easy for any malware that wants to send data outbound to do so using a method that could not possibly be distinguished from legitimate traffic.
Portscan a default SP2 install, portscan a default Fedora install. Note how many worms run on the ports mentioned.
Like anything, it doesn't 100% stop anyone, but outbound filtering does add more steps for someone trying to break in to work around, and does have a practical benefit. I've known people alerted to stuff on their Windows boxes by ZAs outbound dialogs.
Oh yeah, an Run As doesn't work properly with nearly any thind party app. Grr!
And yeah, spyware got more popular in the last few years, so you need antispyware tools now too.
> Funnily enough, I've never had a problem with it. And I've never needed a tool to get rid of it off other people's systems, either.
> As long as you don't go around installing random software from unknown sources, you won't have a problem.
Are you saying a lot of the popular Windows apps from well known sources don't contain spyware? What about Kazaa? Hell, what about RealPlayer?
> Of course, Linux users don't do this, because unknown sources don't tend to have a Linux version of their software available, so it isn't really an issue there, either.
Yeah, but the Linux versions of things - P2P, VOIP apps, etc, which often don't have a Windows version, and don't have spyware in their Linux version.
> Everything you list is trivially easy to find, completely free and doesn't require reboots to install under Windows these days.
Unless somethings changed since I last used Windows (around SP2, because I was interested to see what was up in Windows land), I simply don't believe you. Sure, I haven't installed, say, Office LatestVersion, but Office 2000 and Office XP require a reboot, why wouldn't the most recent ver? Likewise helping out the Windows using neighbors even crappy iPod addons require reboots, again on XP. Sorry, but I don't believe you.
> There's even useful shit like strace in the OS.
Similar tools are available for windows as parts of the various SDKs, or for independent download.
Indeed, they're not avaiable in the OS and they're an expensive download.
> The rationale for not including it is that it's useless to anyone who isn't a developer, which seems sensible to me.
I disagree. I'm not a developer by any stretch of the imagination and I've discovered problems with both software and my system with these tools. They're small, not hard to understand for administrators (no harder than say, regedit) and an invaluable aid to troubleshooting. A lot of the things I've found with strace (what, Sophos always wants US English installed?) I would not have found without. If I was using Windows, I'd either pay a lot of money for an equivalent tool (and it may not end up being useful to me - like strace doesn't always fix every problem) or throw my hands up in disgust.
> Linux installs are often intimidating to new users, because they get to the software selection screen and see all the packages that are included, and have no idea how to choose what they need and what they don't need.
Kinda, but it depends on your distro, they're aimed at different audiences. Fedora just installs a default set of software, or lets the user pick from about 10-15 groups of packages with simple names (or individual packages if they want). I see no reason why Windows couldn't do the same.
> Re: Windows: (but without asking what they want)
IIRC, you can customize what's installed by default in Windows too.
PS, what's this 'real computer user' stuff?
Random guess - are you very young?
Honestly, how much effort does it take to download a 300k setup.exe for Cygwin.
You missed the point. I'm not complaining about the effort to download and install one thing, I'm complaining about downloading and installing 25 things, many of which require reboots (Cygwin IIRC thankfully doesn't). Is this not a legitamite complaint?
Read my post before you respond to it next time.
> You seem to not even know about UnxUtils, which happens to contain a native win32 port of wget and many other utils.
Dude, I've known about tools like Cygwin and Interix for years, prolly since before Unxutils existed. The point I'm making above is, what comes with the OS?
> I remember Evolution in 1998 too, what a piece of crap that was. It sure was pretty, but it really liked to hose the system.
I used Evo later than 1998 - around 2000 was when it became my main mail client. It was quite usable for me by then.
Yeah, there's benefits of PC games, I don't dispute that. But there's benefits of consoles too - having games that work on your more-than-two-years-old system is one.
I have never heard this before. Got a URL where someone who's seen Bill Gates' office can confirm this? I'm doubtful, but surprise me.
I used to get really exited about Windows. Betas of Windows 98 and NT 4 at home, Systernals tools, things like TweakUI, an NT 4 era MCSE, caring about the differences between Windows 95 OSR2 and OSR1, etc.
...what? A crap web browser, an IM that only does MSN (Linux does AOL, ICQ, Yahoo, and Jabber, aka Google), a crap mail client (compared to Evolution - check hotwayd if you need to check Hotmail), OpenOffice 2 (yeah, I think OO 1 was crap too) a good firewall out of the box, no spyware hassles, and the ability to install and upgrade my apps/hardware without rebooting for every single one, over and over again. Sure, you could install all this stuff in Windows, but you have to find it and pay for it and reboot and reboot and reboot. If Linux fucks up, all the config files are documented and I can fix it. There's even useful shit like strace in the OS. If Windows fucks up, most of the registry isn't documented and Systernals tools are expensive as hell.
I kinda stopped being interested shortly after Windows 2000. What happened? Well nothing. Before Windows 2000, you had Windows 98, which was unstable, and Windows NT 4, which was a bastard to use (in particular, it had no Plug and Play support).
Then there was Windows 2000, and it was more stable and still easy to use.
Windows XP could hav been a Windows 2000 service pack. A better themable UI, a minor IE update, some utilities to do things like registry snapshots that were useful, but always available as cheap third party tools. No big deal. XP SP 2 was the same, except the firewall was so bad you still needed a third party firewall. And yeah, spyware got more popular in the last few years, so you need antispyware tools now too.
There have been no significant improvements since Windows 2000. Meanwhile, about 1998, I saw a screenshot of Enlightenment. I wanted Enlightenment. Linux came with the bargain. Linux was tweakable to my hearts content. And also really difficult. And I'd use it for a little while,. then mess it up or find something I couldn't do, then go back to Windows.
The thing is, Linux seemed to be improving. Things that seemed to buy me about Linux were bugging other people too. I went from Red Hat 5.2 to Mandrake, which had a nicer GUI, KDE. Then Red Hat 6 came out, and it had KDE plus a simpler GUI installer. Woo. And tools to notice new hardware and configure it. And I started learning about Linux, cause it was nice and tweakable and interesting.
After a while, I'd want to do something in Linux I couldn't do in Windows. First it was pull down sequences of files using wget. In Windows you'd need to fetch and install some trialware crap to do that, and Linux came with the tool. Then it was use Evolution. Then I found smssend, which was cool as hell. Meanwhile, Gnome got quite decent, so I switched to that. These days, Windows has
Meanwhile, I and my Linux buddies had finished Grand Theft Auto on the PS2 while most of my remaining Windows using mates were waiting for it to be released.
There's a pretty good chance he will discuss using Services for Unix to get name service from to Active Directory.
Great. But what about authentication? He has two options:
* Use LDAP authentication. This is not what Windows does, as it loses all the single sign on benefits of Kerberos (with LDAP, your initial login will not give you a credential you can use to check your mail, authenticate and map to an NFS export, pull stuff out of SVN, etc, with Kerberos it will). If Matt uses LDAP he's showing you how to do a half assed job of being an Active Directory client.
* Use Kerberos authentication. This involves using MIT Kerberos 1.3 (or backports to older versions like Red Hat offer for their older RHEL releases), that's been created after 5 years of engineering following Microsoft's implementation of proposed (ie, non) standard Kerberos extensions like Kerberos over TCP, and Microsoft specific encryption types. If Matt uses Kerberos for authentication, using MIT Kerberos, he's showing you how to be a proper AD client, and get single sign on, despite Microsoft.
* If he uses it as a sales pitch to push some other AD client, he's proving that Microsoft clearly care more about money (licensing documentation for proprietary protocols) than interoperability.
Why not ask a Unix vendor to give this talk? Red Hat, or Novell, or Sun can all provide ways to interoperate with Windows, in most cases using Open Source tools, without the Microsoft agenda.
Matt, if you're reading this, my email is mmaccanaATredhat.com. I am not speaking for my employer in this post.
in Evo, Thunderbird, mutt or whatever using hotwayd. GIYF.
No thanks to MS.
> Yes, and so do the trade organizations I just mentioned. Professional editors -- at least in the United States (so sorry to have offended your culture)
Cool. Got a link?
Did I say you offended my culture? I simply suggested it's better not assume everyone works in one country. I'm not offended, you just assumed something about your audience your shouldn't have.
> It's a generally held standard of professional practice that is our responsibility to serve our readers, not advertisers.
Part of a good editors responsibilities should be serving both his audience and his advertisers. They are both the magazines customers. That's the way the business works.
Does this mean letting advertisers influence the content of the magazine? No, they're not directly part of their decision making process. Something you keep failing to understand. Neither are readers. It's a balance between what the readers desire - a advertisement-free publication for no cost that's five hundred pages a month - and the advertisers, who'd ideally want to control the actual contents of the articles. Neither will get what they want. There is no deception involved.
Oh wait, you didn't say it was deceptive. If there's no deception, where is the ethical concern? You seem confused about this. How coudl there be an ethical concern without deception?
Oh wait... it just means these magazine are 'catalogs'? It seems you have a problem distinguishing catering to the advertisers and letting them influence what's said inside editorial content. A well run business does the former, but not the latter, which distinguishes it from a catalog.
Apple (and various other multimedia companies) might buy a double page spread that month, but the journalist writing the article won't know, and is perfectly free to write a damning review of the latest iPod. If it get edited to death by a sub working behind the scenes for a vendor, that's a problem. But most of the time it isn't, thanks to ethical standards.
Perhaps publications in the US can use their larger readership to ignore the realities of their smaller [circa 100,000 audited subscriber] equivalents and make the idyllic 500 page ad-less magazine you want. But from what I've heard, IDG doesn't operate any differently to any other mag locally, and I don't really thin kthe US would be different. I don't believe any high level (non sctional) editor doesn't involve himself with sales. Feel free to try and convince me, or not. I don't care.
>> Also, could you provide a link that says you are an editor, rather than one that says you're a columnist?
> Again, a simple click would have revealed
Er, no. One click would have revealed you're a columnist. Clicks again...yep, Infoworld Columnist Neil McAllister. Perhaps if you label a link saying you are an editor, it should be to a page that says you are an editor? As someone trying to understand what you're telling me, why are you making me do the work? Why should the burden of proof about your background be on me? It's your opinion, back it up yourself. I can't be bothered clicking.
Do your columns work the same way?
Also, could you provide a link that says you are an editor, rather than one that says you're a columnist?
And mark up the text for those links in a less deceptive fashion? Perhaps you could read some Australian editorial ethics guidelines. Oh, ait, simply glancingg at your screen indicates we're from different countries. I don't even need to do an exhaustive background check!
Thanks.
I've worked with editors from Australian Consolidated Press, Fairfax, NineMSN, Haymarket Media, and Next, and edited for Next.
I wouldn't have been inclined to discover your real identity and then hunt down infomation about your background as you've already demonstrated a lack of experience in the area. How long have you been an editor for?
So you think it is unethical to plan the content of a publications based around products advertisers have to sell? Why? How is that deceptive? And why do you think all magazines come from America?
Do you think Infoworld should have more articles reviewing electric guitars? Or do you disagree, and therefore demonstrate a rather obvious problem with your reading and comprehension skills?
>> The magazine's value is to link consumers with advertisers, hopefully by content relevant to both.
> Relevant to both? Not really. An advertiser is in the business of selling something. It's not in the business of reading magazines.sn't need to get anything out of the content of the magazine.
Er, really. Relevant to both. You don't seem to have had experience in the industry (no problem, I probably don't have experience in various things you do) but call up an editor of any major magazine and ask them if they son't set out to create content relevant to the advertiser.
If I want to sell advertising to Apple, Olympus, and Creative, I brief journos on an Audio feature, and get my sales guys to call these companes and pitch ads. This month the mag is being targetted specifically to their audience: people interested in mp3 players, so they should buy an ad. The ads are sprinkled around the same section of the magazine.
Hence, the feature is relevant to both advertisers and readers. There's exceptions, but the fewer of them there are the healthier the bottom line of the magazine is.
Most magazines are funded by ads. The cover price covers paying contributors, artists, printers and distribution networks. The magazine's value is to link consumers with advertisers, hopefully by content relevant to both.
> Very good point he makes, but it only works with OSS. If he needed to acquire functional IP through business acquisitions,
You make a good point, but FYI Red Have have acquired IP in proprietary software through business acquisitions. They're purchased Sistina and the Netscape Directory Server (formerly known as iPlanet) from AOL. Both the GFS SAN filesystem and Red Hat Directory Server are now Open Source.
> If I'm a PHB C?O, which distro do I use and buy support from? Hmmm, I've HEARD of Novell...
Yeah, they made all that Netware stuff we pulled out in favor of Windows NT 4 in 1996, because it was too expensive.
Red Hat get more coverage in business magazines than Novell do. Read a business magaine sometime.
Businesses achieve tasks by running apps. Often they're proprietary. Those apps are certified against Red Hat first, and maybe Suse later.
(If you're going to reply about how much better Netware was than NT4, you've missed the point)
They needed a distro on which to build their OES/NLD products,
Did they? Why? What makes Novell apps different to other proprietary apps that run on a variety of different Linux distros? Frankly I don't think Novell's making most of its money from supporting Suse. Why don't they just sell NTerprise, which runs on a variety of Linux distros, most of which people are already quite happy with, rather than trying to make folks in the US or APAC use Suse (which is quite rar to do in such areas)? Why does everyone who makes apps on Linux apparently need a distro? Veritas doesn't, Symantec doesn't, IBM doesn't.
Anti-malware software needs to operate at a level higher than the malware
Excellent post, but you mean lower than. The kernel is considered 'lower' than user space when talking about such things.
M$FT, well they will have no ensure their products are vulnerable if they expect to sell AV and anti keylogger/spyware software.
RTFA. They're including the software in Windows.
And M$? Are you twelve?
They're still crooks (legally - they're a monopoly) but it's best you actually use illegal things they've done to point that out rather than making shit up.
The problem is that VIA doesn't really play nicely with Linux, and one had to do quite a lot of work on his own in the past before getting a reasonably well working system.
Conversely, how much work have the VIA guys done?
It's their responsibility to write, or pay someone to write, their drivers. If you find them either non-existant or lacking, vote with your dollars.
Yes, this isn't an answer to your question, and no, I don't have one. Just making a point, hope you don't mind.
That's why we're all sitting around here talking about BSD, and hardly anyone * uses Linux
* anyone in bizarro world.
> How can you claim that Kerberos is "fairly poor security wise" ?
Very easily.
> I would argue that it's vastly *more* secure than PKI.
Then you'll need better arguments than those below. You clearly didn't understand my post. If you can prove Kerberos is more secure than PKI you clearly know more than the authors of Kerberos, who disagree with you.
> You don't need to send your password over the network to authenticate,
Er, PKI provides that. And doesn't keep secrets on the server.
> And it's actually possible to lock user accounts (unlike PKI, where you'd need a working revocation system to do that).
Do you know of any PKI implementation that doesmn't include certificate revocation?
> And Kerberos doesn't store copies of the users' passwords on the server - it stores hashes of them
I know. A derived version of the password is effectively a password - replay attacks are trivial. If someone comproses a KDC, the game ends, and you lose. If someone compromises a server storing public keys, they get, er, public keys.
As a user, do you trust the second party to adequately secure their system? As an authenticator, do you want to be held legally responsible for identity thefts that were based on credentials you should not have been storing in the first place?
Kerberos is like single DES or MD4 passwords. Common, convenient, and weak as piss.
> Really? Got an example?
IIS. Less than half the market share of Apache httpd.
If popularity doesn't mean anything in terms of server exploits, why would it mean something in terms of desktop exploits?