I dont think hardware was an issue. Its surprising how well XP runs on old hardware. Well, not too surprising when you remember its release date was 9 years ago.
I think the issue was that these manufacturers needed to hit a very low price point and that $40-60 bulk OEM license raised the price too much. With linux you could sell a machine for $249. With XP you're now at $299.
On top of that, there's real consumer demand for Windows. When I bought my gf a Lenovo netbook with Win7, her coworkers were really impressed it ran Windows. Turns out they were early adopters and have been using Linux and unable to run things like MS office, HP/Canon software, work applications, etc.
That's the larger issue here. Consumers like what they know and demand massive amounts of backwards compatibility. A decent linux distro can handle 80% of their needs, but not getting that 20% is unacceptable. MS quickly realized this and made special pricing for netbook machines. Now OEMs pay half or one-third the typical fees as long as the hardware falls within what they consider netbook spec.
>And they'll get about as much of a punishment as Charles Rangel.
Its not like all these restrictions started under the GOP/Bush government, right?
Ah yes when the GOP/Tea Party types are in power in January we'll see no more of this, right? The scanners will be torn down as the uber-conservative Ayn Rand superman asserts himself using only the immense will of his superior ego! We will cower beneath this man who will make all transport safe with just his superior stare and the quick intellect! Who would dare challenge this Adonis among men? For he is truly more god than man! Surely, terrorism will end that day!
Naww, they'll just outlaw Islam and start camps. Maybe shoot a couple more abortion doctors for good measure.
While there were other progressive bands and the credit for advancing rock music in the 1960s goes to hundreds if not thousands of musicians out there I think its important to see the Beatles as inventive and important.
To be fair, Dark Side of the Moon was released in 1973. Thats 3 years after the Beatles broke up. PF's earlier efforts were mixed at best and PF didn't peak until well into the 1970s - 10 years after the Beatles begun to peak. By the time artists like PF and Hendrix were starting up the Beatles have already laid down a lot of ground work but bands like PF and Hendrix were certainly part of that narrative.
My post has a lot to do with the argument above about how the Beatles were just repackaging the status quo. My point is that the status quo at the time was pretty horrible and outside of a few progressive sounds it was something of a wasteland of white/safe/suburban/junk. Remember, people actually protested the Beatles. The music just went against their Andy Williams or Sonny and Cher outlook and was seen as a threat. That aint the status quo.
The Stones were very much a straight up blues-based rock band who was more influenced than influential. They're attempts to do anything inventive on the level of the Beatles failed on its faced, especially the embarassingly awful Beatlesque 'Their Satanic Majesties Request.' Afterwards, the Stones just went back their hard-driving blues sound.
I love the Stones, but they're a one trick pony. Its just that trick is very good.
>Both are scarcely more than a thin veneer over the status quo.
Oh, I wouldn't say that about the Beatles. If you look at the Beatles peers when they were active you'll see that they weren't just "white plastic on OEM crap." Lets skip past their early stuff which is admittingly cookie cutter to Rubber Soul's release in 1965. The Billboard top 100 had acts like Sonny and Cher and songs like "Wooley Bully." Or when the Beatles released Revolver in 1966, the charts were leading with stuff like the Mamas and Papas. Sgt Peppers was released in 1967 when the Billboards top song was stuff like I'm A Believer by the Monkees. Its weird to even think of them as competing peers considering how far and away Sgt Peppers is from anything mainstream release.
I think the Beatles really earned their reputation as game changers. They're one of the first rock bands to really begin exploring outside the mainstream, challenge the status quo, and succeeding at this without alienating listeners. Its odd to think that by 1969 they were pretty much done, but if you listen to a lot of the music from the 1970s you'll hear quite a bit of Beatles influence. I think they really wrote the template on how to make rock music that isn't just disposable catchy hits and could be something closer to fine art than just music to dance/get high/get laid to.
>Of course, if you buy Android you'll be using the extremely standards-compliant WebKit engine Apple put together
Err, webkit is a fork of KHTML, which Apple forked in 2002 and rebadged "webkit." Thank the KDE guys who wrote KHTML under a license that allows such things.
Who is sandboxing? Sure IE by default runs in protected mode, but the plugins I mentioned do not. Suspicious links are meaningless, these exploits do no require visiting some odd link. Most of these hackers take over ad servers and push malware in ads on legitimate sites.
AV sofware is also useless. These guys are compiling multiple versions of their malware per hour. Your AV can't keep up. By the time the AV vendors have a signature its 12-48 hours too late and that build is removed from production.
Remember, we're talking out of the box security for end users - they're not downloading VMware and loading VMs or using sandboxie. We need better out of the box security. Plugin writers need to have auto-update running daily without user intervention. Expecting the end user to run all these apps and go to Help > Update is a failed strategy.
>so it's the users installing it and not just holes in the system being exploited.
Are you sure about that? The analysis of various crimepack stats posted by Brian Krebs shows that the vector for these infections is usually (in order) Java, Adobe Reader, Flash, and browser exploits. So lets assume you patched these machines using Windows Update. That means you patched any known browser exploits, but the malware writer can still try various Java, Reader, and Flash exploits.
I think the real issue currently is how poorly these app updaters are written. Reader may never ask to do an update unless you manually start it once to install the current version of Adobe Updater. Java, depending on the version, either sits quietly in the tray asking for an update or never bothers. Flash asks at startup sometimes, but it may only update IE, but not Firefox.
For end users who have no clue, which is most of them, these apps should just be set to auto-update without asking. Admins and power users can edit this as needs be. In the meantime, its pretty trivial to infect a machine. Almost no one makes an effort to patch these apps.
I don't believe the problem is PEBCAK as we like to think. Browser plugs are a serious issue. They're just not being updated.
Exactly. I'm starting to dislike this narrative that has developed here, namely that MS doesn't know what it has and that they're going out of their way to stop people from hacking it.
1. I'm sure the researchers at MS know exactly what they have and that a lot of what you're seeing now has been in their labs for ages. Its just that MS isn't in the 3D video space and aren't trying to sell 3D video software for movie production or whatever.
2. From what I've read from the guy who built the first drivers, there isn't any crypto or other tricks to stop PCs from communicating with the Kinect. Its just a plain jane USB device.
3. At the end of the day the interesting parts of the Kinect are its software. If you wanted a stereo camera or something that could do 3D depth, there are items like this in the 3D space that do a hell of a lot more than VGA resolution.
4. MS is monetizing this technology again in Win8. Gestures are built into the OS, etc. Its not like Kinect doesn't have a future on the PC platform as a commercial device.
Oh well, back to your regularly scheduled "ZOMG MS IS EVIL!!" 2 minutes hate.
The real issue, and whats missing from the summary, is that the NLPC is a conservative organization (look at its list of targets) and as such is biased against Democrats. Now that the GOP has power in the House to start investigations, you'll start seeing a lot of frivolous attacks on Obama that they hope will lead into a Whitewater-like investigation which leads to more investigations until something sticks. More than a couple GOP politicians has stated that taking Obama down is a priority. The next two years will be full of these accusations, but we wont see much about connections between the GOP leader and big oil or big tobacco (Boehner famously handed out Tobacco lobbyist checks on the House floor), etc.
Corruption is not partisan, but I have a feeling the "energized" conservative base is going to dominate the discussion with an avalanche of complaints - frivolous or not. Anything to get a foot in the door for investigations and to try to paint the other guys as the shameless corporatists.
Why bother with all this stuff that just confuses the end user and won't be implemented anywhere?
The wifi consortium should be addressing this. I can see a solution where I have a password-free AP but it negotiates an encrypted link anyway. I imagine there are ways to work around or at least minimize a chance of someone intercepting that key during handshake (diffe-helman?). I also would like to see APs default to a "public mode" that firewalls each client off and looks to detect ARP poisoning and other common tricks. Modern routers are beefy enough to run a little IDS.
WPA3 or whatever can address all this. In a few years we could have everyone using it without them doing anything different than connecting as they typically do.
then these machines aren't guarding your home. Get an alarm system.
That said, I owned a Rovio for a few weeks last year. I bought it as an xmas present to myself and found it lacking. I thought it would be cute to watch the dog from work but the CMOS webcam on it just required too much light to be usable. Even under well-lit conditions the compressed video was of marginal quality. I also wanted to use voice chat feature, which is IE only btw, but that didn't work out well either. The audio was either horrible or badly delayed. Not was there a "listen" button. It simply decided to broadcast audio when it decided to (whenever sound hit a threshold). It also had a low battery life and failed to dock often. Luckily, Amazon accepted my return and I got my money back.
Its a neat device and cheap for a telepresence robot, but not that great. I'd love to see a v2 of this, especially if it was easily hackable.
Actually, that doesn't work. I'm able to log in but then it fails on the next page load.
The issue is that if you login without https it redirects you to a https page FOR LOGIN ONLY. Everything else in unencrypted past that point. The trick you supplied is forcing it to use https after login and that is not supported. At least on Firefox.
>Viruses exploit software defects produced by Microsoft.
Stats released of common crimbacks by Brian Krebs reveal that the biggest vectors are Adobe Reader, Java, and Flash. MS's own exploits are pretty low on the list, but if you get infected via these vectors you dont blame Adobe or Oracle, you blame MS. As such MS has a huge incentive to release its own quality AV.
Definition updates can be delivered with WSUS currently, but you'll never get AD integration or any centralized tool. They want you to pay for Forefront for that.
SE is a lightweight simple nag-free AV scanner. Most end users have an out of subscription Mcaffee or Symantec crapware installed not by choice but by the OEM. The AV industry needs a shakedown. The products end users are force to endure are ridiculously bloaty apps that do nothing to help their security.
Secondly, any good sysadmin knows that most Windows infections are from Java, Reader, or Flash and MS products last. Its not 1996 anymore.
Lastly, AV is nearly useless in the modern world. It can only fight yesterdays battles. Malware writers are compiling new versions of their malware several times per day. You could have an AV product with a update thats 5 minutes old and still be vulnerable to the most popular exploits that day. If MS had a pair they would also put up a big "YOU HAVE AN OUTDATED VERSION OF ADOBE READER AND JAVA - UPDATE NOW" at boot up. Regulators need to untie MS's hands, the 3rd party market for common apps is shit. Apple has its own PDF reader bundled. MS should have that option too. Its going to be hard to outdo the incompetence of Adobe.
Again, 3rd party PAC spending for the GOP outspent the dems 4 to 1 or 2 to 1 DEPENDING ON THE RACE. Again, these are massive amounts of money unlocked by the CU ruling because companies feel more free to spend when they don't have to reveal who they are.
Again, Meg Whieman spent 145 million dollars. Linda McMahon 46 million and Johnson 8 million of their personal cash.
And your reply is "hollywood moguls and foreigners" bullshit? You're the one in the fantasy land.
Again, I am addressing PAC spending which the CU ruling affects, where the Dems were outspent 4 to 1 in the Senate and 2 to 1.
Again, the big picture:
Meg Whiteman: 142 million of her own money Linda McMahon: 46 million of her own money Ron Johnson: 8 million of his own money
GOP PACs went hogwild after the CU ruling and the GOP's millionaire members went hog wild as well. Yes, when we remove the PAC ads the Dems themselves spent a little more BECAUSE THEY ARE ALSO FIGHTING THE MASSIVE GOP PAC MONEY THAT THEY WERE OUTSPENT 4 to 1 for or 2 to 1 for. That's the big picture. Ignoring PAC money and personal fortunes is hiding your head in the sand to continue to believe the false narrative of the GOP as underspent and as the CU ruling as non-damaging.
Slashdot Mirror
I dont think hardware was an issue. Its surprising how well XP runs on old hardware. Well, not too surprising when you remember its release date was 9 years ago.
I think the issue was that these manufacturers needed to hit a very low price point and that $40-60 bulk OEM license raised the price too much. With linux you could sell a machine for $249. With XP you're now at $299.
On top of that, there's real consumer demand for Windows. When I bought my gf a Lenovo netbook with Win7, her coworkers were really impressed it ran Windows. Turns out they were early adopters and have been using Linux and unable to run things like MS office, HP/Canon software, work applications, etc.
That's the larger issue here. Consumers like what they know and demand massive amounts of backwards compatibility. A decent linux distro can handle 80% of their needs, but not getting that 20% is unacceptable. MS quickly realized this and made special pricing for netbook machines. Now OEMs pay half or one-third the typical fees as long as the hardware falls within what they consider netbook spec.
You are correct. Here are the peerguardian people talking about this. When running 64-bit signing is required. 32-bit it is not.
http://www.raymond.cc/blog/archives/2009/08/24/loading-unsigned-drivers-in-windows-7-and-vista-64-bit-x64/
Nope, I install an unsigned driver frequently for a project I'm working on. You just get a "ARE YOU SURE YOU WANT TO DO THIS" prompt/UAC event.
or physical access. At that point anything goes. Why bother with screwing with code signing tricks when you can just run whatever code you like.
>And they'll get about as much of a punishment as Charles Rangel.
Its not like all these restrictions started under the GOP/Bush government, right?
Ah yes when the GOP/Tea Party types are in power in January we'll see no more of this, right? The scanners will be torn down as the uber-conservative Ayn Rand superman asserts himself using only the immense will of his superior ego! We will cower beneath this man who will make all transport safe with just his superior stare and the quick intellect! Who would dare challenge this Adonis among men? For he is truly more god than man! Surely, terrorism will end that day!
Naww, they'll just outlaw Islam and start camps. Maybe shoot a couple more abortion doctors for good measure.
While there were other progressive bands and the credit for advancing rock music in the 1960s goes to hundreds if not thousands of musicians out there I think its important to see the Beatles as inventive and important.
To be fair, Dark Side of the Moon was released in 1973. Thats 3 years after the Beatles broke up. PF's earlier efforts were mixed at best and PF didn't peak until well into the 1970s - 10 years after the Beatles begun to peak. By the time artists like PF and Hendrix were starting up the Beatles have already laid down a lot of ground work but bands like PF and Hendrix were certainly part of that narrative.
My post has a lot to do with the argument above about how the Beatles were just repackaging the status quo. My point is that the status quo at the time was pretty horrible and outside of a few progressive sounds it was something of a wasteland of white/safe/suburban/junk. Remember, people actually protested the Beatles. The music just went against their Andy Williams or Sonny and Cher outlook and was seen as a threat. That aint the status quo.
The Stones were very much a straight up blues-based rock band who was more influenced than influential. They're attempts to do anything inventive on the level of the Beatles failed on its faced, especially the embarassingly awful Beatlesque 'Their Satanic Majesties Request.' Afterwards, the Stones just went back their hard-driving blues sound.
I love the Stones, but they're a one trick pony. Its just that trick is very good.
>Both are scarcely more than a thin veneer over the status quo.
Oh, I wouldn't say that about the Beatles. If you look at the Beatles peers when they were active you'll see that they weren't just "white plastic on OEM crap." Lets skip past their early stuff which is admittingly cookie cutter to Rubber Soul's release in 1965. The Billboard top 100 had acts like Sonny and Cher and songs like "Wooley Bully." Or when the Beatles released Revolver in 1966, the charts were leading with stuff like the Mamas and Papas. Sgt Peppers was released in 1967 when the Billboards top song was stuff like I'm A Believer by the Monkees. Its weird to even think of them as competing peers considering how far and away Sgt Peppers is from anything mainstream release.
I think the Beatles really earned their reputation as game changers. They're one of the first rock bands to really begin exploring outside the mainstream, challenge the status quo, and succeeding at this without alienating listeners. Its odd to think that by 1969 they were pretty much done, but if you listen to a lot of the music from the 1970s you'll hear quite a bit of Beatles influence. I think they really wrote the template on how to make rock music that isn't just disposable catchy hits and could be something closer to fine art than just music to dance/get high/get laid to.
>Of course, if you buy Android you'll be using the extremely standards-compliant WebKit engine Apple put together
Err, webkit is a fork of KHTML, which Apple forked in 2002 and rebadged "webkit." Thank the KDE guys who wrote KHTML under a license that allows such things.
Who is sandboxing? Sure IE by default runs in protected mode, but the plugins I mentioned do not. Suspicious links are meaningless, these exploits do no require visiting some odd link. Most of these hackers take over ad servers and push malware in ads on legitimate sites.
AV sofware is also useless. These guys are compiling multiple versions of their malware per hour. Your AV can't keep up. By the time the AV vendors have a signature its 12-48 hours too late and that build is removed from production.
Remember, we're talking out of the box security for end users - they're not downloading VMware and loading VMs or using sandboxie. We need better out of the box security. Plugin writers need to have auto-update running daily without user intervention. Expecting the end user to run all these apps and go to Help > Update is a failed strategy.
>so it's the users installing it and not just holes in the system being exploited.
Are you sure about that? The analysis of various crimepack stats posted by Brian Krebs shows that the vector for these infections is usually (in order) Java, Adobe Reader, Flash, and browser exploits. So lets assume you patched these machines using Windows Update. That means you patched any known browser exploits, but the malware writer can still try various Java, Reader, and Flash exploits.
I think the real issue currently is how poorly these app updaters are written. Reader may never ask to do an update unless you manually start it once to install the current version of Adobe Updater. Java, depending on the version, either sits quietly in the tray asking for an update or never bothers. Flash asks at startup sometimes, but it may only update IE, but not Firefox.
For end users who have no clue, which is most of them, these apps should just be set to auto-update without asking. Admins and power users can edit this as needs be. In the meantime, its pretty trivial to infect a machine. Almost no one makes an effort to patch these apps.
I don't believe the problem is PEBCAK as we like to think. Browser plugs are a serious issue. They're just not being updated.
Exactly. I'm starting to dislike this narrative that has developed here, namely that MS doesn't know what it has and that they're going out of their way to stop people from hacking it.
1. I'm sure the researchers at MS know exactly what they have and that a lot of what you're seeing now has been in their labs for ages. Its just that MS isn't in the 3D video space and aren't trying to sell 3D video software for movie production or whatever.
2. From what I've read from the guy who built the first drivers, there isn't any crypto or other tricks to stop PCs from communicating with the Kinect. Its just a plain jane USB device.
3. At the end of the day the interesting parts of the Kinect are its software. If you wanted a stereo camera or something that could do 3D depth, there are items like this in the 3D space that do a hell of a lot more than VGA resolution.
4. MS is monetizing this technology again in Win8. Gestures are built into the OS, etc. Its not like Kinect doesn't have a future on the PC platform as a commercial device.
Oh well, back to your regularly scheduled "ZOMG MS IS EVIL!!" 2 minutes hate.
The real issue, and whats missing from the summary, is that the NLPC is a conservative organization (look at its list of targets) and as such is biased against Democrats. Now that the GOP has power in the House to start investigations, you'll start seeing a lot of frivolous attacks on Obama that they hope will lead into a Whitewater-like investigation which leads to more investigations until something sticks. More than a couple GOP politicians has stated that taking Obama down is a priority. The next two years will be full of these accusations, but we wont see much about connections between the GOP leader and big oil or big tobacco (Boehner famously handed out Tobacco lobbyist checks on the House floor), etc.
Corruption is not partisan, but I have a feeling the "energized" conservative base is going to dominate the discussion with an avalanche of complaints - frivolous or not. Anything to get a foot in the door for investigations and to try to paint the other guys as the shameless corporatists.
Why bother with all this stuff that just confuses the end user and won't be implemented anywhere?
The wifi consortium should be addressing this. I can see a solution where I have a password-free AP but it negotiates an encrypted link anyway. I imagine there are ways to work around or at least minimize a chance of someone intercepting that key during handshake (diffe-helman?). I also would like to see APs default to a "public mode" that firewalls each client off and looks to detect ARP poisoning and other common tricks. Modern routers are beefy enough to run a little IDS.
WPA3 or whatever can address all this. In a few years we could have everyone using it without them doing anything different than connecting as they typically do.
then these machines aren't guarding your home. Get an alarm system.
That said, I owned a Rovio for a few weeks last year. I bought it as an xmas present to myself and found it lacking. I thought it would be cute to watch the dog from work but the CMOS webcam on it just required too much light to be usable. Even under well-lit conditions the compressed video was of marginal quality. I also wanted to use voice chat feature, which is IE only btw, but that didn't work out well either. The audio was either horrible or badly delayed. Not was there a "listen" button. It simply decided to broadcast audio when it decided to (whenever sound hit a threshold). It also had a low battery life and failed to dock often. Luckily, Amazon accepted my return and I got my money back.
Its a neat device and cheap for a telepresence robot, but not that great. I'd love to see a v2 of this, especially if it was easily hackable.
Important note: Turning on HTTPS will work for Hotmail over the web, but it will cause errors if you try to access Hotmail through programs like:
* Outlook Hotmail Connector
MS is really screwing this up. I use the Outlook connector on a different computer. So now I can have either HTTPS or the connector.
Actually, that doesn't work. I'm able to log in but then it fails on the next page load.
The issue is that if you login without https it redirects you to a https page FOR LOGIN ONLY. Everything else in unencrypted past that point. The trick you supplied is forcing it to use https after login and that is not supported. At least on Firefox.
Some sites dont support SSL. Hotmail for instance.
>Viruses exploit software defects produced by Microsoft.
Stats released of common crimbacks by Brian Krebs reveal that the biggest vectors are Adobe Reader, Java, and Flash. MS's own exploits are pretty low on the list, but if you get infected via these vectors you dont blame Adobe or Oracle, you blame MS. As such MS has a huge incentive to release its own quality AV.
Definition updates can be delivered with WSUS currently, but you'll never get AD integration or any centralized tool. They want you to pay for Forefront for that.
SE is a lightweight simple nag-free AV scanner. Most end users have an out of subscription Mcaffee or Symantec crapware installed not by choice but by the OEM. The AV industry needs a shakedown. The products end users are force to endure are ridiculously bloaty apps that do nothing to help their security.
Secondly, any good sysadmin knows that most Windows infections are from Java, Reader, or Flash and MS products last. Its not 1996 anymore.
Lastly, AV is nearly useless in the modern world. It can only fight yesterdays battles. Malware writers are compiling new versions of their malware several times per day. You could have an AV product with a update thats 5 minutes old and still be vulnerable to the most popular exploits that day. If MS had a pair they would also put up a big "YOU HAVE AN OUTDATED VERSION OF ADOBE READER AND JAVA - UPDATE NOW" at boot up. Regulators need to untie MS's hands, the 3rd party market for common apps is shit. Apple has its own PDF reader bundled. MS should have that option too. Its going to be hard to outdo the incompetence of Adobe.
Hands with 4 fingers, kids wearing eyepatches, and all the M. avium & Cryptococcus infections.
Again, 3rd party PAC spending for the GOP outspent the dems 4 to 1 or 2 to 1 DEPENDING ON THE RACE. Again, these are massive amounts of money unlocked by the CU ruling because companies feel more free to spend when they don't have to reveal who they are.
Again, Meg Whieman spent 145 million dollars. Linda McMahon 46 million and Johnson 8 million of their personal cash.
And your reply is "hollywood moguls and foreigners" bullshit? You're the one in the fantasy land.
Again, I am addressing PAC spending which the CU ruling affects, where the Dems were outspent 4 to 1 in the Senate and 2 to 1.
Again, the big picture:
Meg Whiteman: 142 million of her own money
Linda McMahon: 46 million of her own money
Ron Johnson: 8 million of his own money
GOP PACs went hogwild after the CU ruling and the GOP's millionaire members went hog wild as well. Yes, when we remove the PAC ads the Dems themselves spent a little more BECAUSE THEY ARE ALSO FIGHTING THE MASSIVE GOP PAC MONEY THAT THEY WERE OUTSPENT 4 to 1 for or 2 to 1 for. That's the big picture. Ignoring PAC money and personal fortunes is hiding your head in the sand to continue to believe the false narrative of the GOP as underspent and as the CU ruling as non-damaging.
>That was by independant groups NOT Republicans or Democrats!
Indepedent groups - PACs is what the CU ruling affects and is what I wrote about.
>in reality the Democrats spend hundreds of millions more.
Err, no. The GOP outspend the Dems by quite a bit even if you ignore the personal fortunes of many of the millionaire candidates.