Actually in a mall I would expect them to move them farther apart, just so the people did walk past other stores and displays. Isn't that part of what a mall or shopping center sells to the stores, more eyes on their store fronts?
>> but I don't pay the AV penalty in CPU cycles or $$$
That is true, but you are paying the AV penalty in time and effort.
So part of the decision is what is the 'best' way for someone to pay the AV penalty.
So some it will be with time and effort and for others it will be with dollars and CPU cycles. Sadly for most of us it takes both to stay reasonable safe and secure.
I will say that I would find being 'hacked a few times' totally unacceptable and would find a better solution. If I was paying with $$$ I would change who I was paying, if I was paying with time and effort I would find a better way to spend my time checking. Something you are doing isn't working.
Since Storm was spread through social engineering it stands to reason that the machines taken over by it are machines with active users at the keyboard reading email.
It was spread by sending massive numbers of email asking a user to click on a link that would install the program. It was not a true 'worm' that could spread by itself, it required the user to actually click on a link in an email, and then say run the program.
Why did it spread so much? They picked timely, and valid, subjects. Around holidays the link said it was to an online greeting card, we all have family members that send those so if we reconize the from email we think it is safe. Some were said they were about the major news story of the day, same thing, people clicked on them.
So the typical machine has a user that clicked on a link in an email and ran a program that it asked them to read.
If I get less then 5000 spams in a day I know my internet connection is broke. That is the min for a day.
In the past 3 weeks I had a max of 84,000 spams in one day, and a 1/3 of the days are over 20,000.
Also just a home system.
Greylisting does a very good job of blocking it. But I have found that many legit email servers won't retry, which is causing legit email to be blocked. So with greylisting enabled I can no longer claim zero false positives. I have to keep scanning the logs watching for things (domains and addresses) that could be legit that didn't retry and add them to a whitelist.
Well, I block about 50% of the connections to my email server based on RBLs.
So it could cost me almost double in bandwidth, processing, and storage if I let all of the email through. And then I would assume the users would end up deleting the emails anyway, causing them to do additional thinking/clicking.
Everyone's numbers are going to be a little different depending on how much they block on the RBLs. I use pretty non-agressive RBLs since I don't want to block any legit email.
Some RBLs are best used for scoring emails, some are good for blocking. You have to use them in the way that makes the most sense for what you are trying to accomplish.
I do believe that if someone is not explictly told they have access to something then they don't.
I do not believe everything is community property by default, and if you want to keep something you have to secure it. I believe that everything is owned/controlled by someone/something and if you want to use it you need their permission. People are allowed to let others freely use whatever they own, I do not object to that. I just do not believe that is how the world works.
Until about 6 months ago I was charged by volume and speed. And it was expensive.
There are places and connections that do charge that way.
So how would you know what their billing arangements are? What difference should it make what their billing arangements are? You aren't paying to use that connection. If you want a connection then you pay for it, and let who you want use it.
>>If you leave your house do you lock your door?? If not your just asking for someone to break in.
If you find a house with the door unlocked, or just has a flimsy lock, maybe just a piece of tape holding the door closed, does that mean you are allowed to access and use anything in that house?
What if the fence around your house is only 6" high? Am I allowed to go check your door to see if I can get in?
If you lock your door or not, it is still illegal to go into the house without the owners permission.
It may surprise you but there are still many area's where it is common to leave the doors unlocked. And people expect honest people to stay out of their house.
>>Furthermore: What about those that make the name of the access point its key? What about those that use default key settings? They are certainly saying: "Use me, I'm free".
I have to disagree with this. If you see the writing that says "Use me, I'm free" and it is clear the person made an effort to make the writing public, then it is free.
Everything in the world is not free for anyone to use unless they are stopped.
Everything in the world is owned by someone and unless they explicitly say you are free to use it then the default is that you are not.
It may be prudent to lock/secure what you have, but just because someone can access it does not make it public property.
Again, the default is that access is NOT permitted unless a visible effort was made to allow it.
And from what I remember there was not a fully compliant implementation of the standard when it came out. And not for several years afterwards. I seem to recall one or two companies that did have a real close frontend, but they were not 100%.
It was a fun time trying to write portable c++ code that would compile on Sun, VMS, Windows, and AIX at the time.
>>once all your data is locked up in those binary PST files
I have heard this mentioned a few times. Where are these binary PST files? Is that where the exchange server is storing everything in? One big PST file?
I know that one my home system we don't have PST files on the workstations, all the data is stored on the exchange server and I cannot find any PST files there. I need to find them so I can get them backed up. Otherwise the Exchange backup's that I do make probably aren't worth much.
The problem these people have is they bought the bottom of the line and expected it to run all of Vista.
If they have bought the top of the line they (probably) wouldn't be having this lawsuit.
I will say I don't understand how someone could pay 2100 dollars for a laptop and only be able to run email on it. I think he just got ripped off. For all I know it could have been a Mac that he got.
>> The article was nothing more than a list of whiny excuses for what Microsoft did when others were able to accomplish the same functionality without all the nonsense.
And what software from 1990 was writing wordprocessing files and spreadsheet files out in an standardized interchangable format? What format where they using? What programs were not writing their data out tied to the software that created it?
What word processing documents was 1-2-3 able to link to? Or was it WordPerfect that was able to embed any spreadsheet? I think Word 2.0 was able to talk to Excel with DDE, I know I was writing code for it in 1991. I know the year is correct, not sure about the versions of Word or Excel though.
>> Separating data and representation is a basic programming skill
Since when? I have to say that in over 25 years of this stuff I never heard that as a basic programming skill.
There are applications (like html/web) where it is a good idea, but most of those are fairly recent (like the last 10 years? Even HTML was orginally designed to be all together).
But for a word document, what do you think is stored in the file? Data or presentation?
I'll give you a little hint, if you only want the data store it in a text file. If you want the document formatted then store both so it is available.
Unless your name is Nissan and you run computer company. Not sure if it is still ongoing, but going to nissan.com used to give most if not all of the story.
>> If I hire Bob to come build me a gate, he doesn't get to charge me every time someone comes through it. He is paid to build the gate and then he gets the hell out of my life. He only gets paid again if I need him to return and do more work.
That totally depends on what arrangements you made with Bob to build the gate. You could have hired Bob to build the gate and his pay is the ability to charge anyone that goes though the gate (ever hear of toll road?).
And the people walking up to the gate don't have the ability to change which agreement you made with Bob, they may get to walk through on your dime or they might have to pay him his or they can decide to not go through at all.
Is this a reasonable answer to someone who may just use the computer to edit their photos for publishing and checking email? Is this a good way to respond to someone asking for help with their router?
You are saying they need to learn more about their router, and yet when they asked about it you say they should not be using their computer because they don't know the answers. They are damned if they do and damned if they don't.
>> the consumer's right to do whatever they want with something they own
When you pay to have a song written, pay to have it set to music, pay to have it recorded, and then release it, you own it.
But when you purchase a CD that someone paid for you are only purchasing the license they want to grant.
Your choices are to agree to the license and purchase it, or to not agree to the license and don't purchase it. Just because you don't like the conditions doesn't give you any right to change them to something you do like.
Licenses are contracts and it requires very special conditions to have one side alter them after they have been agreed to and finalized.
>> or as in or 'already broadcast a million times for free'??
What makes you think they are broadcast for free? You don't think the TV station is paying to broadcast those for you to watch? You don't think they are limited in how often they can broadcast them?
They pay for them with the money they charged for the commercials that are placed in the broadcast, that you have to watch and interupt the show.
Or you can get a channel that doesn't play commercials (like HBO), they just bill you directly instead of a company with commercials to air.
But either way they still collect money to pay for the right to play specific shows. Shows are not broadcast for free.
It is not the music or movie industries that are in trouble. It is the entire idea of ownership.
It used to be that if I didn't own something then it was wrong for me to take it (physical or not).
But now, the thought is that if you want to keep what is yours you have to protect it so it cannot be taken/stolen/copied. It is no longer wrong to enter someones house that is not locked, it is the persons fault for not locking the door.
We think we should be able to copy IP because it is 'easy', and we are saying more and more that we can take anything that is 'easy' to take and it is the owners fault for not protecting it better.
I know you were only talking about IP, but the pattern is in society.
>> Okay, that first part "Download some malware". How?
Read up on how Storm-Worm got started. It sent an email asking people to go to a site and download something. Guess what, they did what they were told to do.
Now it may have only have been 1 out of a 1000 people who actually did it, but that number is high enough to get a good start. And then all that those individual computers needed to be able to do was connect to a website and send email. Something pretty much any computer on the internet can do (even Linux boxes running as a user can connect to a website and send email).
All you need is enough targets to make that 1 out of 1000 (or 1 out of 1000000) to make it work. You don't need some magical hole in the OS, or root privileges, or anything special. You just need enough dumb users that will do what you ask them to do.
It would actually be much harder to successfully target an OS with less than probably 50% of the market, you might even need more then that to be worthwhile.
But of the 3, if they had equal market share I think OS-X would loose out the most, and get targeted the most. Linux users tend to be a more technical group and Windows users are used to dealing with viruses. So those two groups for different reasons don't get infected as much. But OS-X users tend to feel as secure as Linux, but don't always have the skills/knowledge to reconize a problem.
I think today the trojans/viruses are targeted towards market share and user technical level. If I can infect 1% of the dumb users, then where are the most dumb users? Linux has both a smaller market share and a smaller percentage of potential targets. But I think OS-X has the percentage of potential targets, just not the market share (yet).
It would not be any harder to write the malware for one OS over any other. Today the difficulty is more in avoiding all the different virus/malware scanners.
Are you sure that worms are a bigger threat than trojans?
I have not heard of a worm causing serious problems in a while (some are still there, but not causing any real damage anymore). (Note, Storm Worm is NOT a worm, it is a trojan).
Trojans, click happy users, and some good social engineering seem to be the main way these botnets are keeping their sizes.
What worms have you heard of that are in the wild now causing problems?
Slashdot Mirror
>> I wonder if end-of-lifing the product changes the contract terms.
Why not read the contract and see? It would be stated in there.
Actually in a mall I would expect them to move them farther apart, just so the people did walk past other stores and displays. Isn't that part of what a mall or shopping center sells to the stores, more eyes on their store fronts?
>> but I don't pay the AV penalty in CPU cycles or $$$
That is true, but you are paying the AV penalty in time and effort.
So part of the decision is what is the 'best' way for someone to pay the AV penalty.
So some it will be with time and effort and for others it will be with dollars and CPU cycles. Sadly for most of us it takes both to stay reasonable safe and secure.
I will say that I would find being 'hacked a few times' totally unacceptable and would find a better solution. If I was paying with $$$ I would change who I was paying, if I was paying with time and effort I would find a better way to spend my time checking. Something you are doing isn't working.
Since Storm was spread through social engineering it stands to reason that the machines taken over by it are machines with active users at the keyboard reading email.
It was spread by sending massive numbers of email asking a user to click on a link that would install the program. It was not a true 'worm' that could spread by itself, it required the user to actually click on a link in an email, and then say run the program.
Why did it spread so much? They picked timely, and valid, subjects. Around holidays the link said it was to an online greeting card, we all have family members that send those so if we reconize the from email we think it is safe. Some were said they were about the major news story of the day, same thing, people clicked on them.
So the typical machine has a user that clicked on a link in an email and ran a program that it asked them to read.
If I get less then 5000 spams in a day I know my internet connection is broke. That is the min for a day.
In the past 3 weeks I had a max of 84,000 spams in one day, and a 1/3 of the days are over 20,000.
Also just a home system.
Greylisting does a very good job of blocking it. But I have found that many legit email servers won't retry, which is causing legit email to be blocked. So with greylisting enabled I can no longer claim zero false positives. I have to keep scanning the logs watching for things (domains and addresses) that could be legit that didn't retry and add them to a whitelist.
Well, I block about 50% of the connections to my email server based on RBLs.
So it could cost me almost double in bandwidth, processing, and storage if I let all of the email through. And then I would assume the users would end up deleting the emails anyway, causing them to do additional thinking/clicking.
Everyone's numbers are going to be a little different depending on how much they block on the RBLs. I use pretty non-agressive RBLs since I don't want to block any legit email.
Some RBLs are best used for scoring emails, some are good for blocking. You have to use them in the way that makes the most sense for what you are trying to accomplish.
I do believe that if someone is not explictly told they have access to something then they don't.
I do not believe everything is community property by default, and if you want to keep something you have to secure it. I believe that everything is owned/controlled by someone/something and if you want to use it you need their permission. People are allowed to let others freely use whatever they own, I do not object to that. I just do not believe that is how the world works.
Until about 6 months ago I was charged by volume and speed. And it was expensive.
There are places and connections that do charge that way.
So how would you know what their billing arangements are? What difference should it make what their billing arangements are? You aren't paying to use that connection. If you want a connection then you pay for it, and let who you want use it.
>>If you leave your house do you lock your door?? If not your just asking for someone to break in.
If you find a house with the door unlocked, or just has a flimsy lock, maybe just a piece of tape holding the door closed, does that mean you are allowed to access and use anything in that house?
What if the fence around your house is only 6" high? Am I allowed to go check your door to see if I can get in?
If you lock your door or not, it is still illegal to go into the house without the owners permission.
It may surprise you but there are still many area's where it is common to leave the doors unlocked. And people expect honest people to stay out of their house.
>>Furthermore: What about those that make the name of the access point its key? What about those that use default key settings? They are certainly saying: "Use me, I'm free".
I have to disagree with this. If you see the writing that says "Use me, I'm free" and it is clear the person made an effort to make the writing public, then it is free.
Everything in the world is not free for anyone to use unless they are stopped.
Everything in the world is owned by someone and unless they explicitly say you are free to use it then the default is that you are not.
It may be prudent to lock/secure what you have, but just because someone can access it does not make it public property.
Again, the default is that access is NOT permitted unless a visible effort was made to allow it.
And from what I remember there was not a fully compliant implementation of the standard when it came out. And not for several years afterwards. I seem to recall one or two companies that did have a real close frontend, but they were not 100%.
It was a fun time trying to write portable c++ code that would compile on Sun, VMS, Windows, and AIX at the time.
>> The mere fact that there ARE no implementations of OOXML, however, should be a giant, florescent, waving red flag.
Using this logic C++ would never have become the language it is today. It may never have become a language at all.
>>once all your data is locked up in those binary PST files
I have heard this mentioned a few times. Where are these binary PST files? Is that where the exchange server is storing everything in? One big PST file?
I know that one my home system we don't have PST files on the workstations, all the data is stored on the exchange server and I cannot find any PST files there. I need to find them so I can get them backed up. Otherwise the Exchange backup's that I do make probably aren't worth much.
>>Granted it was a top of the line for its day
The problem these people have is they bought the bottom of the line and expected it to run all of Vista.
If they have bought the top of the line they (probably) wouldn't be having this lawsuit.
I will say I don't understand how someone could pay 2100 dollars for a laptop and only be able to run email on it. I think he just got ripped off. For all I know it could have been a Mac that he got.
>> The article was nothing more than a list of whiny excuses for what Microsoft did when others were able to accomplish the same functionality without all the nonsense.
And what software from 1990 was writing wordprocessing files and spreadsheet files out in an standardized interchangable format? What format where they using? What programs were not writing their data out tied to the software that created it?
What word processing documents was 1-2-3 able to link to? Or was it WordPerfect that was able to embed any spreadsheet? I think Word 2.0 was able to talk to Excel with DDE, I know I was writing code for it in 1991. I know the year is correct, not sure about the versions of Word or Excel though.
>> Separating data and representation is a basic programming skill
Since when? I have to say that in over 25 years of this stuff I never heard that as a basic programming skill.
There are applications (like html/web) where it is a good idea, but most of those are fairly recent (like the last 10 years? Even HTML was orginally designed to be all together).
But for a word document, what do you think is stored in the file? Data or presentation?
I'll give you a little hint, if you only want the data store it in a text file. If you want the document formatted then store both so it is available.
Unless your name is Nissan and you run computer company.
Not sure if it is still ongoing, but going to nissan.com used to give most if not all of the story.
>> If I hire Bob to come build me a gate, he doesn't get to charge me every time someone comes through it. He is paid to build the gate and then he gets the hell out of my life. He only gets paid again if I need him to return and do more work.
That totally depends on what arrangements you made with Bob to build the gate. You could have hired Bob to build the gate and his pay is the ability to charge anyone that goes though the gate (ever hear of toll road?).
And the people walking up to the gate don't have the ability to change which agreement you made with Bob, they may get to walk through on your dime or they might have to pay him his or they can decide to not go through at all.
Is this a reasonable answer to someone who may just use the computer to edit their photos for publishing and checking email? Is this a good way to respond to someone asking for help with their router?
You are saying they need to learn more about their router, and yet when they asked about it you say they should not be using their computer because they don't know the answers. They are damned if they do and damned if they don't.
>> the consumer's right to do whatever they want with something they own
When you pay to have a song written, pay to have it set to music, pay to have it recorded, and then release it, you own it.
But when you purchase a CD that someone paid for you are only purchasing the license they want to grant.
Your choices are to agree to the license and purchase it, or to not agree to the license and don't purchase it. Just because you don't like the conditions doesn't give you any right to change them to something you do like.
Licenses are contracts and it requires very special conditions to have one side alter them after they have been agreed to and finalized.
>> or as in or 'already broadcast a million times for free'??
What makes you think they are broadcast for free? You don't think the TV station is paying to broadcast those for you to watch? You don't think they are limited in how often they can broadcast them?
They pay for them with the money they charged for the commercials that are placed in the broadcast, that you have to watch and interupt the show.
Or you can get a channel that doesn't play commercials (like HBO), they just bill you directly instead of a company with commercials to air.
But either way they still collect money to pay for the right to play specific shows. Shows are not broadcast for free.
And this is the attitude that is the problem.
It is not the music or movie industries that are in trouble. It is the entire idea of ownership.
It used to be that if I didn't own something then it was wrong for me to take it (physical or not).
But now, the thought is that if you want to keep what is yours you have to protect it so it cannot be taken/stolen/copied. It is no longer wrong to enter someones house that is not locked, it is the persons fault for not locking the door.
We think we should be able to copy IP because it is 'easy', and we are saying more and more that we can take anything that is 'easy' to take and it is the owners fault for not protecting it better.
I know you were only talking about IP, but the pattern is in society.
>> Okay, that first part "Download some malware". How?
Read up on how Storm-Worm got started. It sent an email asking people to go to a site and download something. Guess what, they did what they were told to do.
Now it may have only have been 1 out of a 1000 people who actually did it, but that number is high enough to get a good start. And then all that those individual computers needed to be able to do was connect to a website and send email. Something pretty much any computer on the internet can do (even Linux boxes running as a user can connect to a website and send email).
All you need is enough targets to make that 1 out of 1000 (or 1 out of 1000000) to make it work. You don't need some magical hole in the OS, or root privileges, or anything special. You just need enough dumb users that will do what you ask them to do.
It would actually be much harder to successfully target an OS with less than probably 50% of the market, you might even need more then that to be worthwhile.
But of the 3, if they had equal market share I think OS-X would loose out the most, and get targeted the most. Linux users tend to be a more technical group and Windows users are used to dealing with viruses. So those two groups for different reasons don't get infected as much. But OS-X users tend to feel as secure as Linux, but don't always have the skills/knowledge to reconize a problem.
I think today the trojans/viruses are targeted towards market share and user technical level. If I can infect 1% of the dumb users, then where are the most dumb users? Linux has both a smaller market share and a smaller percentage of potential targets. But I think OS-X has the percentage of potential targets, just not the market share (yet).
It would not be any harder to write the malware for one OS over any other. Today the difficulty is more in avoiding all the different virus/malware scanners.
Are you sure that worms are a bigger threat than trojans?
I have not heard of a worm causing serious problems in a while (some are still there, but not causing any real damage anymore). (Note, Storm Worm is NOT a worm, it is a trojan).
Trojans, click happy users, and some good social engineering seem to be the main way these botnets are keeping their sizes.
What worms have you heard of that are in the wild now causing problems?