almost no banks support doing this for non-Windows what business advantage does Intuit (or my bank) have in restricting
The key word there is support. Just because something isn't supported, that doesn't mean it wont work. Have you tried it?
Very often this is simply done to reduce the load on the company's tech support line. (Either Intuit or the bank or both). Its hard enough to get competent folks to man your support lines, without having to train them on things they will only encounter once in a hundred calls. So they save some money by going lowest-common-denominator.
Now, will someone please explain to me how updating drivers for a 3 year old wireless keyboard will encrypt the path from the keyboard to the receiver?
There could be a number of legitimate ways this happened:
1. The encryption feature was there all along, but they didn't get around to supporting it in the software until now. This often happens in commercial hardware products, when you hit a deadline and the drivers just aren't ready. Although 3 years does seem a bit excessive.
2. The driver actually downloads code to the controller in the keyboard, thereby "upgrading" it to include encryption.
3. The hardware supported it all along, but they were having trouble getting their government paperwork to ship a product with encryption. So they just yanked the feature out of the driver until such time as the paperwork is done. Now its done so they are shipping the drivers.
I wasn't going to say anything about it, but I was wondering the same thing. It very quickly got 1 each of "Insightful", "Interesting" and "Informative" all within about 10 minutes of when I posted it.
Then about 2 1/2 hours later, somebody came in and modded it down one as Offtopic. I have no idea why.
It does point out a bug (IMHO) in the moderation system. You can get 4 or 5 mods up, but if somebody wants to come in at the end and declare "troll" or "offtopic" then thats the word that gets pasted on the end of your moderation total. Of course its still scored 4 so its very visible, but I wonder how many folks see "Offtopic" and skip, regardless of score. Always taking the last choice as the name doesn't make sense.
Check out anything by Alan Cooper. His "The Inmates are Running the Asylum" is more of a rant than a guidebook, but still excellent reading. "About Face" is probably more of what you want.
He would call what you are talking about "interaction design" not "interface design". The Inmates book makes a good case for how the two are different and why interaction design is a better approach.
Yes I am aware of that. However, he was talking about the old-style "WNET" RPC's that run directly in the SMB protocol, which as you know are a different thing entirely.
We're getting into topic creep, but I guess nobody will mind because the original topic was so silly....;-)
That is a different kind of RPC's, that pre-date Windows. It does not use 135. Microsoft usually screws things up the first time, and reinvents it several times after. This is one of them.
The RPC stuff in SAMBA dates from the old LAN Manager days, and ran over the same port the file and print sharing did (139). This stuff existed in the days of DOS and Win16, long before COM and DCOM ever existed. It worked well enough to add a few functions to this subsystem. It had lots of problems: it was not easily extensible, couldn't be run on top of other protocols, and was not object oriented, etc.
Later, when Microsoft was building what became COM and DCOM (and what was then called OLE), they realized they needed a more robust RPC mechanism. They decided to use DCERPC, theoretically an open standard. It is what DCOM is built on top of.
SAMBA continues to use the "old" RPC mechanism (for compatibility), and therefore does not use this port. If you look into the API documentation for the API's exposed on top of these RPC's, you'll see Microsoft deprecates many of them.
I think that port 135 might be common here. But that's gonna hurt...
Your so-called "Senior Security Engineer" needs to get a little more training. Port 135 has absolutely nothing to do with the Windows Messenger service.
Port 135 is the RPC/DCOM portmapper in Windows. It performs the exact same service that port 111 does on a Unix box offering RPC services. It allows remote RPC calls to "find" the dynamically assigned port that their target service is running on.
Windows Messenger does not use RPC or DCOM. It uses part of the same protocol that SAMBA uses.
I figure since you're not firewalled, you probably are not aware of the method to stop the Messenger service. Go to a command prompt or pick "Run" from the start menu and type:
NET STOP MESSENGER
To make sure it doesn't restart next time you reboot, go into Control Panel, find the Services applet. Set the Messenger service to startup settings of "Manual" or "Disabled" (as opposed to "Automatic" which restarts it at every boot).
That works for NT, 2000 and XP. If you are still running 95/98/Me, then may god have mercy on your soul.
I haven't heard nearly as much about it as I have about TiVo.
Tivo has a bigger marketing budget, pure and simple.
It doesn't sound like it does any sort of preference-tracking. The thumbs-up/thumbs-down feature that lets TiVo pick new shows for you...
Correct, Replay does no such thing. It only records the shows you tell it to. This can be with a "show based channel" (what Tivo calls a "season pass") or by keyword searching in a "theme channel" (I think Tivo calls this a "wish list"). They also have something called Replay Zones, which are basically theme channels that use more complex queries on the program database preset by the folks up at Replay.
The keyword search can be restricted to Title, Description, Actors and Directors on each channel. This is handy, I have an "Alfred Hitchcock" channel set up on my Replay that works quite nicely -- theres always some Hitchcock film sitting there ready to watch.
The ReplayZones feature has a wide variety of stuff in there, I don't use it much frankly. In the early days of the product, there was alot of advertising sponsored stuff in here, for instance a "Must See TV" channel sponsored by NBC. They seem to have abandoned this approach as they have abandoned the freeze-frame advertisements they once ran. Now Replay Zones is category-based stuff, but there are interesting things like for instance theres a zone for "four star" rated films, another one for sci-fi flicks, another one that is just films shown in Letterbox format, etc.
Apples and oranges! RealSecure 6.5 and 7.0 are two completely different beasts. Add to that the pecularities of the Nokia platform and you're off in bananas now.
RealSecure 7.0 is the first version to integrate the "BlackIce" technology ISS obtained when it bought Network ICE last year. RealSecure 6.5 on Nokia has none of that.
Sorry to be such a blatant shill, but I've owned a ReplayTV for about 3 years now, and I think they're great. In many ways I think they are much nicer than TIVO. (I don't own stock in SonicBlue or even know anyone who works for them).
FWIW, these tools that Microsoft provides (see excellent links in parent message) are actually built on a Windows API that is publicly documented (see "password filter") and they even offer free sample source code.
So if you have some home-grown system you need to sync with, or you just like to roll your own solutions, you can do it. Essentially there is a DLL you load on the server that gets called every time a password is changed. It can then approve or deny the change, but more importantly since it sees the password it can do the sync. This is how the PASSFILT.DLL is implemented as well as the Novell and Unix solutions mentioned in the parent of this post.
Some of the Baby Bells have a product called "Privacy Director" (BellSouth) or "Privacy Manager" (SBC's companies including SW Bell, Ameritech, PacBell etc) that is great for this.
Basically this is a very smart version of 'block anonymous calls'. Instead of just blocking all anonymous calls, it routes them to an intercept message where they can unblock their caller ID (if it is deliberately blocked) or identify themselves verbally. Only if they follow the procedure does the call go through, and you still get the opportunity to screen it when your phone rings.
Here's the best part, which they don't really advertise. Since most telemarketers use automated phone dialing systems, most of the calls never make it past the intercept message! The automated dialer thinks it hit your answering machine and hangs up. So your phone never rings.
I found that once I turned on Privacy Director on my home phone, the number of telemarketing calls I get has gone down like 90%. And I never had to hassle with anyone, register on a list, or anything. Plus it makes Caller ID all the more useful because you never see "Out of Area" or "Unavailable" anymore.
Not sure if this is a new media, but I thought it was cool when I first saw it. According to the LHPO web site: "The Large Hot Pipe Organ is the world's only MIDI controlled, propane powered explosion organ."
Basically controlled blasts of ignited propane create music in giant pipes. Very bassy and loud.
Along the same lines, the group Man.. or Astroman? does a song called "A Simple Text File" that is just that....a text file run through an old Apple ImageWriter II printer. (It's on their album "A Spectrum of Infinite Scale"). They've even been known to perform it "live".
As for it getting old, well thats the nature of new forms. It takes a while for them to achieve something more than novelty. Patience!
Some of the folks who brought us the old Pink Floyd / Wizard of Oz synchronization have investigated others, and some among them think this is a new form of art called synchronicity art.
FYI, they are not the first to run Snort rules faster than Snort does. RealSecure 7.0 by ISS already does this. I believe they use a similar technique internally, although I have no direct knowledge of it. RealSecure can also run rings around Snort performance-wise on off-the-shelf hardware, particularly with certain types of attacks going on.
However, as explained in this white paper you might not even want to try to run Snort rules in RealSecure, because in many cases its own signatures are much more accurate. That's because RealSecure actually does protocol analysis, while Snort just matches patterns. See the paper for details.
Full disclosure: I used to work at ISS and still own a bunch of stock in it. However I wouldn't post this for any of their products (some of them suck). RealSecure is one of their good ones.
Slashdot Mirror
what business advantage does Intuit (or my bank) have in restricting
The key word there is support. Just because something isn't supported, that doesn't mean it wont work. Have you tried it?
Very often this is simply done to reduce the load on the company's tech support line. (Either Intuit or the bank or both). Its hard enough to get competent folks to man your support lines, without having to train them on things they will only encounter once in a hundred calls. So they save some money by going lowest-common-denominator.
Yeah, it worked for me too, and I sure don't have a subscription to WSJ.
This was already reported on slashdot eleven days ago, though the link in this one seems to work better.
Aww, but that ruins the surprise!
Worth a look!
There could be a number of legitimate ways this happened:
1. The encryption feature was there all along, but they didn't get around to supporting it in the software until now. This often happens in commercial hardware products, when you hit a deadline and the drivers just aren't ready. Although 3 years does seem a bit excessive.
2. The driver actually downloads code to the controller in the keyboard, thereby "upgrading" it to include encryption.
3. The hardware supported it all along, but they were having trouble getting their government paperwork to ship a product with encryption. So they just yanked the feature out of the driver until such time as the paperwork is done. Now its done so they are shipping the drivers.
Not sure where you got this number from the story. I see references to two lengths of cable totalling 7320 nautical miles.
By my math that is 13,556 km, but maybe I'm missing something.
Then about 2 1/2 hours later, somebody came in and modded it down one as Offtopic. I have no idea why.
It does point out a bug (IMHO) in the moderation system. You can get 4 or 5 mods up, but if somebody wants to come in at the end and declare "troll" or "offtopic" then thats the word that gets pasted on the end of your moderation total. Of course its still scored 4 so its very visible, but I wonder how many folks see "Offtopic" and skip, regardless of score. Always taking the last choice as the name doesn't make sense.
Ironically, this post is technically offtopic.
He would call what you are talking about "interaction design" not "interface design". The Inmates book makes a good case for how the two are different and why interaction design is a better approach.
Yes I am aware of that. However, he was talking about the old-style "WNET" RPC's that run directly in the SMB protocol, which as you know are a different thing entirely.
We're getting into topic creep, but I guess nobody will mind because the original topic was so silly....;-)
That is a different kind of RPC's, that pre-date Windows. It does not use 135. Microsoft usually screws things up the first time, and reinvents it several times after. This is one of them.
The RPC stuff in SAMBA dates from the old LAN Manager days, and ran over the same port the file and print sharing did (139). This stuff existed in the days of DOS and Win16, long before COM and DCOM ever existed. It worked well enough to add a few functions to this subsystem. It had lots of problems: it was not easily extensible, couldn't be run on top of other protocols, and was not object oriented, etc.
Later, when Microsoft was building what became COM and DCOM (and what was then called OLE), they realized they needed a more robust RPC mechanism. They decided to use DCE RPC, theoretically an open standard. It is what DCOM is built on top of.
SAMBA continues to use the "old" RPC mechanism (for compatibility), and therefore does not use this port. If you look into the API documentation for the API's exposed on top of these RPC's, you'll see Microsoft deprecates many of them.
Your so-called "Senior Security Engineer" needs to get a little more training. Port 135 has absolutely nothing to do with the Windows Messenger service.
Port 135 is the RPC/DCOM portmapper in Windows. It performs the exact same service that port 111 does on a Unix box offering RPC services. It allows remote RPC calls to "find" the dynamically assigned port that their target service is running on.
Windows Messenger does not use RPC or DCOM. It uses part of the same protocol that SAMBA uses.
NET STOP MESSENGER
To make sure it doesn't restart next time you reboot, go into Control Panel, find the Services applet. Set the Messenger service to startup settings of "Manual" or "Disabled" (as opposed to "Automatic" which restarts it at every boot).
That works for NT, 2000 and XP. If you are still running 95/98/Me, then may god have mercy on your soul.
Tivo has a bigger marketing budget, pure and simple.
It doesn't sound like it does any sort of preference-tracking. The thumbs-up/thumbs-down feature that lets TiVo pick new shows for you...
Correct, Replay does no such thing. It only records the shows you tell it to. This can be with a "show based channel" (what Tivo calls a "season pass") or by keyword searching in a "theme channel" (I think Tivo calls this a "wish list"). They also have something called Replay Zones, which are basically theme channels that use more complex queries on the program database preset by the folks up at Replay.
The keyword search can be restricted to Title, Description, Actors and Directors on each channel. This is handy, I have an "Alfred Hitchcock" channel set up on my Replay that works quite nicely -- theres always some Hitchcock film sitting there ready to watch.
The ReplayZones feature has a wide variety of stuff in there, I don't use it much frankly. In the early days of the product, there was alot of advertising sponsored stuff in here, for instance a "Must See TV" channel sponsored by NBC. They seem to have abandoned this approach as they have abandoned the freeze-frame advertisements they once ran. Now Replay Zones is category-based stuff, but there are interesting things like for instance theres a zone for "four star" rated films, another one for sci-fi flicks, another one that is just films shown in Letterbox format, etc.
I liken it to a Yahoo-style approach (using human editors) as opposed to Tivo's Google approach (using unknown computer algorithms possibly involving flying rats).
Personally I like this. I know what I want to watch, I don't need some harebrained piece of software "guessing" what I want to watch. YMMV.
Yes, the biggest difference between Tivo and Replay seems to have been marketing. Tivo has always done a far better job of it.
Attention anonymous coward:
Apples and oranges! RealSecure 6.5 and 7.0 are two completely different beasts. Add to that the pecularities of the Nokia platform and you're off in bananas now.
RealSecure 7.0 is the first version to integrate the "BlackIce" technology ISS obtained when it bought Network ICE last year. RealSecure 6.5 on Nokia has none of that.
Check your facts, man. Replay is alive and kicking at SonicBlue and in fact just released a new crop of players (the 4500 series).
ReplayTV's latest units (the 4000 and 4500 series) take care of this. You connect them all to your home Ethernet and you can watch shows in the bedroom that you recorded in the living room. They even have enough CPU now to be streaming one show while you record another.
Replay has also added other features that TIVO doesn't have, like web-based scheduling without compromising the security of your home network, photo viewing and sending shows across the net.
Sorry to be such a blatant shill, but I've owned a ReplayTV for about 3 years now, and I think they're great. In many ways I think they are much nicer than TIVO. (I don't own stock in SonicBlue or even know anyone who works for them).
So if you have some home-grown system you need to sync with, or you just like to roll your own solutions, you can do it. Essentially there is a DLL you load on the server that gets called every time a password is changed. It can then approve or deny the change, but more importantly since it sees the password it can do the sync. This is how the PASSFILT.DLL is implemented as well as the Novell and Unix solutions mentioned in the parent of this post.
Basically this is a very smart version of 'block anonymous calls'. Instead of just blocking all anonymous calls, it routes them to an intercept message where they can unblock their caller ID (if it is deliberately blocked) or identify themselves verbally. Only if they follow the procedure does the call go through, and you still get the opportunity to screen it when your phone rings.
Here's the best part, which they don't really advertise. Since most telemarketers use automated phone dialing systems, most of the calls never make it past the intercept message! The automated dialer thinks it hit your answering machine and hangs up. So your phone never rings.
I found that once I turned on Privacy Director on my home phone, the number of telemarketing calls I get has gone down like 90%. And I never had to hassle with anyone, register on a list, or anything. Plus it makes Caller ID all the more useful because you never see "Out of Area" or "Unavailable" anymore.
I had to go look up what the heck "Duchamp's ready-mades" meant, and I assume I'm not alone. here is a link rodentia forgot to dig up.
Basically controlled blasts of ignited propane create music in giant pipes. Very bassy and loud.
As for it getting old, well thats the nature of new forms. It takes a while for them to achieve something more than novelty. Patience!
Some of the folks who brought us the old Pink Floyd / Wizard of Oz synchronization have investigated others, and some among them think this is a new form of art called synchronicity art.
However, as explained in this white paper you might not even want to try to run Snort rules in RealSecure, because in many cases its own signatures are much more accurate. That's because RealSecure actually does protocol analysis, while Snort just matches patterns. See the paper for details.
Full disclosure: I used to work at ISS and still own a bunch of stock in it. However I wouldn't post this for any of their products (some of them suck). RealSecure is one of their good ones.