Too difficult to set up user accounts? Oh c'mon it takes about a half dozen clicks through a wizard.
And you don't need to run as admin to get anything done. I haven't run as an admin in XP since I started using it a couple of years ago except to do admin work. I have one app that needs to be run as admin as it's outdated and I'm too cheap to send the 500 to buy an version that supports 2K or XP. Not Microsoft's fault.
And it is a vulnerability if part of your security is knocked out. It may not be an exploit but it sure is a vulnerability. There are a crap load of trojans and spyware that gets knocked out without users intentionally installing software by taking advantage of flaws in other MS products. While a user may currently have to install something that will change within the next few days as this new flaw is taken advantage of.
The user can be blamed once Microsoft cleans up it's act so that it is actually a fact that users can control their machines and not have software installed without them knowing it (Yes I did RTFA and I already acknowledged the current state).
And for those who grip that detractors complained that MS didn't do anything except buy the product but now want to blame MS, well guess what. When they bought the product they bought the problems and responsibility. You need to pick a side instead of making excuses for this company that has historically flooded the market with sub standard products.
Thanks I appreciate that. I was hoping you had a different source. We had so much trouble getting boundless to deliver we went somewhere else. Based on your comments I'm glad:)
Thanks again!
But you can run a vax emulator on X86.. Charon Vax. It runs vms quite well.
As for the original question of 64bit... I would have to say that it doesn't exist - yet - to my knowledge.
Nah it sux... Max's out at 32767 versions... Real pain. j/k of course although for log files that limit needs to be watched and dealt with or log files can't be created.
Oh geeze I thought I was alone in the world. We're running an alpha2100 for allin1 along with a 1200 for development work and a 7820 (77? you'd think I'd know but this stuff is so solid it's 'just there') for production.
Funding is an impediment to migrating anywhere.....
We use linux and windows but neither comes close to VMS for reliability and security.
"If you read the sources carefully especially this you will see that it was Canopy, "
If you had read the sources carefully you would have noticed this
"We already have strong indications from other cases such as Burst v. Microsoft that Microsoft has had a document retention policy that has resulted in routine destruction of corporate emails, sometimes even, according to Burst, if they related to looming litigation issues. Microsoft's response to that accusation can be read here."
"The key line is "The Canopy Group, Inc. ("Canopy"), filed a motion to this court seeking"
No, you're fudging the issue. The canopy group applying for permission is a totally separate issue.
"The sort of fudging of facts in the headline here is how you get people [snip] making the linux crowd look totally unstable to the mainstream."
Of course your inability to comprehend or fudging of facts to excuse the illegal activities undetaken by MS make you appear to be either ignorant or disingenuous. Ignorance is MS's best accomplice in crime.
I tend to replace my two client systems every two years. My wife's in one year and mine the next, etc. The oldest client machine gets converted into a network server and firewall. Older systems if they're still operational and half decent go to family. When I buy I tend to try to stay 6 months to a year behind some of the tech (cpu primarily) as I can get a better bang for the buck than buying the absolute latest. Between those upgrades I'll sometimes tend to have a throw the latest gadget at it (a client system) paying premium prices for video cards, cd or dvd burners (when they were new obviously).
One thing I don't do is use it as a media center... I don't need or want my pc controlling those things and see no point in it, at least so far. I don't have to reboot my stereo or tv (ok besides my digital cable box).
Hmm now that I think about it I'm pretty well always spending money on it lol:)
I'm just curious as to when these worry warts will ever buy their first computer.... I'm sure the lack of indemnification from Microsoft must have prevented them from every buying from MS up till now.
Or did they suddenly wake up after all this time and realize we live in a society of laws.
I have to drop this whole issue into the FUD column given the fact that MS has been less than honest about what it was indemnifying up until now and I've yet to see a legal analysis of what they're offering now.
I have to admit that I only get a blue screen about once every two months. But other issues persist and I also get a funny/funky white background/black text message about once a quarter saying 'something went wrong, user should never see this." without any further hints as to source. I guess Microsoft ran out of blue crayons.
XP is leagues ahead of the old 9x o/s but considering how low they set the goalpost to begin with that's nothing to crow about.
Maybe you should read the news. These vouchers, assuming they exist as it remains unproven, were funnelledd through oil companies who were then able to buy oil a substantially reduced prices. Kickbacks ensued no doubt. As for your foreign leaders comment I haven't seen a single accusation against any (western) world leader yet have you? Government officials yes but there's no country that is without corrupt officials.
Your whitewash of companies is absolute hogwash - see above for alleged method of cashing in.
While I've hedged my words (alleged, accused, etc) I have no doubt it went on so don't misunderstand me. just as I have no doubt Cheney's Halliburton was one of the benefactors via it's subsidiaries.
I watch Fox News because I truly find it funny.
My wife thinks I'm nuts (ok i am, so what) but I think watching what that calls news is great amusement.
That's obviously form my perspective and anyone elses can differ. But you did ask.
It's hardly suprising that Microsoft still doesn't get it.
The hard question is will they ever get it. I suspect as long as the snake oil salesmen trio of Gates, Ballmer, and Allchin are around the answer is a loud no. Whether it's greed or incompetence these so called leaders are a dead loss to the to the computing industry. They do great in the financial industry but monopoly control probably covers a multitude of sins in that area.
I can't believe anyone mod'd you as flamebait.
(also tongue in cheek)
I can't think of anything funnier than you folks invading us considering you failed the last two times you tried that. Maybe third time lucky?
On a serious note... I can't think of two countries which are so similar yet seem to thrive on baiting each other!:)
I agree that 6 years seems overly optimistic and a bit out to lunch but we still run two vax boxes (one of them is our main production machine) and we can get through most hardware failures without our users even being aware it occurred.
We have alpha's as well but their reliability, while beating the intel world by miles, is not as good as the older VAX's....
Unfortunatly declining 3rd party app support (and rapidly increasing support costs) is forcing the issue upon us. Not that I really mind as we'll save a lot of bucks once we transition.
But the reliability simply can't be beat. It can be matched of course... But those that match are big iron boxes as well.
"Compaq issues (fairly) regular updates that require reboots."
When you say Compaq you mean updates for the VAX?
Application restarts maybe... Reboots? Not unless you try every minor version of the o/s which is hardly necessary.
I don't disagree with what you said but the end result of his thought process is that we should all just give up trying to actively and proactively trying to manage our systems, processes, etc since some don't do it. He ignores the fact that it reduces us to not being able to be proactive as we can't find out until patches are avail and blackhats start to reverse engineer to create an exploit.
I want to know and know as soon as possible. I can take down vuln services if there is no patch or we can't patch them ourselves. I can filter access to services where I want to leave them up but know there's a risk.
His implied approach would rob me of the ability to do those types of things at the earliest moment despite the fact blackhats may know of exploits many months in advance of a patch.
I read this article just yesterday in network mag and I have to say I was astounded at it's conclusions.
I have zero issues with the authors suggestion that vuln reporting may not be resulting in better or more secure software. All software is pretty much market driven. Whether for profit or free users want more and more features and they want them ever faster. Developers in all camps respond to that market pressure by churning out releases in attempt to just keep close to what the users are demanding. If they fail to do so they face irrelevancy. Is this good or acceptable? No but it's a reality. The only workable fix is to find some way to enable developers to produce better code with enhanced toolsets which have been put together with secure code in mind and perhaps with better testing methodologies and tools.
Part of the article however strays beyond looking at the state of software and what disclosure has brought to the table. In my opinion the author is suggesting that disclosure isn't bringing any benefit to the table and that's where we part company. The article is fraught with statements similar to 'As far as I know it wasn't independantly exploited.' That's meaningless. Totally. As far as he knows and we all know it may well have been exploited independantly and for a number of years just that the exploitation was kept secret for ill purpose and it wasn't used for the juvenile purpose of worm writing. The lack of knowledge about whether a security vuln is exploited is not proof or even suggestion that it's not. There have been any number of 0 day exploits and underground exploits over the years.
"It might be better if vendors applied fixes in the next release or.."
That certainly won't slow down those who do know about the exploit if they're so inclined. It also only protects me if and when the vendor gets around to fixing it. As the author used MS I will too in that recent patches have fixed holes known for 10 months, there are still over 20 unpatched IE vulns... The maybe we just be quiet and trust in the vendor comment just doesn't cut it in that scenario. And that's not to pick on MS. I wouldn't trust any vendor to have my company's best interests in mind before their own. Yes they consider their clients as a whole but only insofar as would something cause them to enough customers to be of a concern.
I'm hired to manage the IT operation in this organization and to just pass it off is a dereliction both to my employer and in turn our customers. In order to do what I was put in place for I need information and those who suggest keeping mum is a good way are, in my opinion out to lunch.
There is a fine line that could be tread in terms of the amount of detail to be released. I concede that. Working exploits or POC's may be too much. May not....
Anyway I'm beginning to ramble and it's time to get back to work.... But the author should have stuck with the basic premise of whether disclosure is improving quality. Bringing in disclosure is a topic which his measurements does not address. In rebuttal I'll argue that while his study indicates that there hasn't been a measurable drop in software issues so far that there will be a positive result in future as more choice becomes available to the consumer. Those companies who are plagued with security issue after issue will gradually find themselves losing market share to higher quality products as the public becomes more aware. And they are more aware. Each year I get more employees seeking alternatives to the problems they're having with their home systems and questioning why we're using certain products in a work environment (which I am so glad to see).
I may have missed it but I didn't see one of your questions answered. While (ianal) I'm not sure if it applies to copyrights it is the case wrt to trademarks that selective enforcement weakens your claim. ie If it can be shown you only occasionally go after infringers then the any case for infringment can be tossed out. That's why you see some pretty silly law suits between major companies and individuals. They need to prove they enforce their claim rights in order to go after any big time infringers.
Well it's not totally a dual boot issue. The test machine I referred to where's it complaining about the boot partition size (upgrade from rh9 to fc2) has never had anything but linux (ok freebsd once) on it.
No quibble on that. I don't recall windows hosing a boot partition either and perhaps I took your initial comments too generically (ie problems vs a specific type of problem).:)
Well with about 500 windows boxes here I can say I've seen similar issues with MS products from time to time. I've seen their patches render machines unbootable too and some of those occasions have been widespread enough to make the news.
Yes I am a MS detractor but with this post all I'm trying to say is their hands aren't totally clean in this regard.
Slashdot Mirror
Too difficult to set up user accounts? Oh c'mon it takes about a half dozen clicks through a wizard.
And you don't need to run as admin to get anything done. I haven't run as an admin in XP since I started using it a couple of years ago except to do admin work. I have one app that needs to be run as admin as it's outdated and I'm too cheap to send the 500 to buy an version that supports 2K or XP. Not Microsoft's fault.
And it is a vulnerability if part of your security is knocked out. It may not be an exploit but it sure is a vulnerability. There are a crap load of trojans and spyware that gets knocked out without users intentionally installing software by taking advantage of flaws in other MS products. While a user may currently have to install something that will change within the next few days as this new flaw is taken advantage of.
The user can be blamed once Microsoft cleans up it's act so that it is actually a fact that users can control their machines and not have software installed without them knowing it (Yes I did RTFA and I already acknowledged the current state).
And for those who grip that detractors complained that MS didn't do anything except buy the product but now want to blame MS, well guess what. When they bought the product they bought the problems and responsibility. You need to pick a side instead of making excuses for this company that has historically flooded the market with sub standard products.
Thanks I appreciate that. I was hoping you had a different source. We had so much trouble getting boundless to deliver we went somewhere else. Based on your comments I'm glad:) Thanks again!
But you can run a vax emulator on X86.. Charon Vax. It runs vms quite well. As for the original question of 64bit... I would have to say that it doesn't exist - yet - to my knowledge.
Nah it sux... Max's out at 32767 versions... Real pain. j/k of course although for log files that limit needs to be watched and dealt with or log files can't be created.
Ok... You are really using vt510's? Can you get me a source?
Oh geeze I thought I was alone in the world. We're running an alpha2100 for allin1 along with a 1200 for development work and a 7820 (77? you'd think I'd know but this stuff is so solid it's 'just there') for production. Funding is an impediment to migrating anywhere..... We use linux and windows but neither comes close to VMS for reliability and security.
Then you thought right. macro32 is assembler - a rose is a rose ...
Bliss is now a freebie for anyone interested. Not sure where to grab it though.
"If you read the sources carefully especially this you will see that it was Canopy, " If you had read the sources carefully you would have noticed this "We already have strong indications from other cases such as Burst v. Microsoft that Microsoft has had a document retention policy that has resulted in routine destruction of corporate emails, sometimes even, according to Burst, if they related to looming litigation issues. Microsoft's response to that accusation can be read here." "The key line is "The Canopy Group, Inc. ("Canopy"), filed a motion to this court seeking" No, you're fudging the issue. The canopy group applying for permission is a totally separate issue. "The sort of fudging of facts in the headline here is how you get people [snip] making the linux crowd look totally unstable to the mainstream." Of course your inability to comprehend or fudging of facts to excuse the illegal activities undetaken by MS make you appear to be either ignorant or disingenuous. Ignorance is MS's best accomplice in crime.
I tend to replace my two client systems every two years. My wife's in one year and mine the next, etc. The oldest client machine gets converted into a network server and firewall. Older systems if they're still operational and half decent go to family. When I buy I tend to try to stay 6 months to a year behind some of the tech (cpu primarily) as I can get a better bang for the buck than buying the absolute latest. Between those upgrades I'll sometimes tend to have a throw the latest gadget at it (a client system) paying premium prices for video cards, cd or dvd burners (when they were new obviously).
One thing I don't do is use it as a media center... I don't need or want my pc controlling those things and see no point in it, at least so far. I don't have to reboot my stereo or tv (ok besides my digital cable box).
Hmm now that I think about it I'm pretty well always spending money on it lol:)
I'm just curious as to when these worry warts will ever buy their first computer.... I'm sure the lack of indemnification from Microsoft must have prevented them from every buying from MS up till now. Or did they suddenly wake up after all this time and realize we live in a society of laws. I have to drop this whole issue into the FUD column given the fact that MS has been less than honest about what it was indemnifying up until now and I've yet to see a legal analysis of what they're offering now.
I have to admit that I only get a blue screen about once every two months. But other issues persist and I also get a funny/funky white background/black text message about once a quarter saying 'something went wrong, user should never see this." without any further hints as to source. I guess Microsoft ran out of blue crayons. XP is leagues ahead of the old 9x o/s but considering how low they set the goalpost to begin with that's nothing to crow about.
Maybe you should read the news. These vouchers, assuming they exist as it remains unproven, were funnelledd through oil companies who were then able to buy oil a substantially reduced prices. Kickbacks ensued no doubt. As for your foreign leaders comment I haven't seen a single accusation against any (western) world leader yet have you? Government officials yes but there's no country that is without corrupt officials.
Your whitewash of companies is absolute hogwash - see above for alleged method of cashing in.
While I've hedged my words (alleged, accused, etc) I have no doubt it went on so don't misunderstand me. just as I have no doubt Cheney's Halliburton was one of the benefactors via it's subsidiaries.
Wow.
You must really be upset that Halliburton was in on this scam via two of it's French subsidiaries.
Good ole Dickie.. Mever one to miss a chance at making a buck huh? And he gets to blame it on the frogs to boot! Win win
I watch Fox News because I truly find it funny. My wife thinks I'm nuts (ok i am, so what) but I think watching what that calls news is great amusement. That's obviously form my perspective and anyone elses can differ. But you did ask.
It's hardly suprising that Microsoft still doesn't get it. The hard question is will they ever get it. I suspect as long as the snake oil salesmen trio of Gates, Ballmer, and Allchin are around the answer is a loud no. Whether it's greed or incompetence these so called leaders are a dead loss to the to the computing industry. They do great in the financial industry but monopoly control probably covers a multitude of sins in that area.
I can't believe anyone mod'd you as flamebait. (also tongue in cheek) I can't think of anything funnier than you folks invading us considering you failed the last two times you tried that. Maybe third time lucky? On a serious note... I can't think of two countries which are so similar yet seem to thrive on baiting each other!:)
If the staff couldn't bring the system up without the boot disk they were incompetent.
I agree that 6 years seems overly optimistic and a bit out to lunch but we still run two vax boxes (one of them is our main production machine) and we can get through most hardware failures without our users even being aware it occurred.
We have alpha's as well but their reliability, while beating the intel world by miles, is not as good as the older VAX's....
Unfortunatly declining 3rd party app support (and rapidly increasing support costs) is forcing the issue upon us. Not that I really mind as we'll save a lot of bucks once we transition.
But the reliability simply can't be beat. It can be matched of course... But those that match are big iron boxes as well.
"Compaq issues (fairly) regular updates that require reboots."
When you say Compaq you mean updates for the VAX?
Application restarts maybe... Reboots? Not unless you try every minor version of the o/s which is hardly necessary.
He doesn't really have a point.
I don't disagree with what you said but the end result of his thought process is that we should all just give up trying to actively and proactively trying to manage our systems, processes, etc since some don't do it. He ignores the fact that it reduces us to not being able to be proactive as we can't find out until patches are avail and blackhats start to reverse engineer to create an exploit.
I want to know and know as soon as possible. I can take down vuln services if there is no patch or we can't patch them ourselves. I can filter access to services where I want to leave them up but know there's a risk.
His implied approach would rob me of the ability to do those types of things at the earliest moment despite the fact blackhats may know of exploits many months in advance of a patch.
I read this article just yesterday in network mag and I have to say I was astounded at it's conclusions.
.."
I have zero issues with the authors suggestion that vuln reporting may not be resulting in better or more secure software. All software is pretty much market driven. Whether for profit or free users want more and more features and they want them ever faster. Developers in all camps respond to that market pressure by churning out releases in attempt to just keep close to what the users are demanding. If they fail to do so they face irrelevancy. Is this good or acceptable? No but it's a reality. The only workable fix is to find some way to enable developers to produce better code with enhanced toolsets which have been put together with secure code in mind and perhaps with better testing methodologies and tools.
Part of the article however strays beyond looking at the state of software and what disclosure has brought to the table. In my opinion the author is suggesting that disclosure isn't bringing any benefit to the table and that's where we part company. The article is fraught with statements similar to 'As far as I know it wasn't independantly exploited.' That's meaningless. Totally. As far as he knows and we all know it may well have been exploited independantly and for a number of years just that the exploitation was kept secret for ill purpose and it wasn't used for the juvenile purpose of worm writing. The lack of knowledge about whether a security vuln is exploited is not proof or even suggestion that it's not. There have been any number of 0 day exploits and underground exploits over the years.
"It might be better if vendors applied fixes in the next release or
That certainly won't slow down those who do know about the exploit if they're so inclined. It also only protects me if and when the vendor gets around to fixing it. As the author used MS I will too in that recent patches have fixed holes known for 10 months, there are still over 20 unpatched IE vulns... The maybe we just be quiet and trust in the vendor comment just doesn't cut it in that scenario. And that's not to pick on MS. I wouldn't trust any vendor to have my company's best interests in mind before their own. Yes they consider their clients as a whole but only insofar as would something cause them to enough customers to be of a concern.
I'm hired to manage the IT operation in this organization and to just pass it off is a dereliction both to my employer and in turn our customers. In order to do what I was put in place for I need information and those who suggest keeping mum is a good way are, in my opinion out to lunch.
There is a fine line that could be tread in terms of the amount of detail to be released. I concede that. Working exploits or POC's may be too much. May not....
Anyway I'm beginning to ramble and it's time to get back to work.... But the author should have stuck with the basic premise of whether disclosure is improving quality. Bringing in disclosure is a topic which his measurements does not address. In rebuttal I'll argue that while his study indicates that there hasn't been a measurable drop in software issues so far that there will be a positive result in future as more choice becomes available to the consumer. Those companies who are plagued with security issue after issue will gradually find themselves losing market share to higher quality products as the public becomes more aware. And they are more aware. Each year I get more employees seeking alternatives to the problems they're having with their home systems and questioning why we're using certain products in a work environment (which I am so glad to see).
At least that way I could constantly reboot the thing while I'm tied up in traffic and fool myself into thinking I was being productive.
This isn't a sig... The weekend is almost here and heck yeah I'm posting from a win xp box today. Lighten up, life is too short:)
I may have missed it but I didn't see one of your questions answered. While (ianal) I'm not sure if it applies to copyrights it is the case wrt to trademarks that selective enforcement weakens your claim. ie If it can be shown you only occasionally go after infringers then the any case for infringment can be tossed out. That's why you see some pretty silly law suits between major companies and individuals. They need to prove they enforce their claim rights in order to go after any big time infringers.
Well it's not totally a dual boot issue. The test machine I referred to where's it complaining about the boot partition size (upgrade from rh9 to fc2) has never had anything but linux (ok freebsd once) on it.
No quibble on that. I don't recall windows hosing a boot partition either and perhaps I took your initial comments too generically (ie problems vs a specific type of problem). :)
Well with about 500 windows boxes here I can say I've seen similar issues with MS products from time to time. I've seen their patches render machines unbootable too and some of those occasions have been widespread enough to make the news. Yes I am a MS detractor but with this post all I'm trying to say is their hands aren't totally clean in this regard.