Well it's pretty clear that Apple would win a huge chunk of the desktop market by default, but probably not the the extent that Microsoft has today. The rest would be carved up by various Linux distros, and maybe new or revitalized OSs?
The server market would just be consumed by UNIX-like OSs and probably Apple would gain ground there as well, but not nearly like the desktop situation.
It would be a huge win for IBM and Apple, and even Sun could probably make some ground.
I wonder if Dell would come up with their own OS to start selling, or a highly customized version of Red Hat? Hmm... one would think that Dell wouldn't want to lose it's grasp on the PC market.
The real problem would be all the chaos that would ensue when no one was dominating the standards. Despite being Pure Evil, Microsoft *does* give everyone else standards to integrate with. Everyone at least makes their stuff as compatible with Windows(TM) as possible. Without the standards, companies like IBM, Sun, Apple, Cisco, HP, etc would all compete with their own proprietary stuff and it would probably be a real nightmare for application developers.
So people who obsess about getting their new box setup w/o Microsoft, but with OOo, Samba, NDIS wrapper, KDE, VNC, IPP, etc (hint: all basically just like Microsoft, only "free") are professionals, but people who keep the Internet running are not?
Oh OK, I see your point. waaaiiit...
Most average human beings can at least put pipes together, they just don't want to get dirty. If the posts I see every day on Linux mailing lists and message boards are any indication, even running a simple LAN must be akin to building the freakin Panama canal...
So then you're saying that responsibility = money? Some of the richest people in the world are the most irresponsible, so I don't see how that follows...
You don't get licenses to speak to people on the street, you don't get licenses for having the privilege to talk on the phone, why should you have to get what amounts to an e-mail license? It's pretty much the same thing, after all. While phones do have monthly charges, so do ISP accounts so that part of it is already taken care of.
Clearly, money is not a problem for many spammers, but it *is* a problem for lots of responsible hobbiests and other people who don't want their private e-mail being snooped on (yay for TLS!). Since money is not a differentiating factor between spammers are reponsible non-spammers, this idea is certainly not a good one.
Even the revised estimate of $250 is still ridiculous, I'm not going to pay $250/year (~$20/month, which is more than many pay just for connectivity) to some vigilante organization as "protection money". I pay for my bandwidth and IPs, that's enough, damnit! This amounts to little more than licensing protocol usage, which will just start down a slippery slope. Next you'll have a fee to visit web pages that promise they won't use unsigned scripting code and install spyware, or you'll have to pay for the "privilege" of having an FTP site, etc. That's not the Internet I grew up with and I won't stand for it.
People don't pay several hundred thousand dollars for Qmail. Obviously, it's not "just a tool" but it's a tool with an extremely specific purpose. Have you seen the interface? It allows extremely granular tracking of the success or failure of each "campaign" and what the specific error codes were. You can configure up to 254 IP addresses per box (hmm, why would you want to do that???), etc...
Now most folks don't have to send 500,000 msgs/hr from one box, which is what IronPort claims to do. They also don't need to have specific breakouts and reports of how their messages to each recipient was transmitted and received.
Don't take my word for it. Look at their customer list, Viacom (advertising), click.doubleclick (hello???), etc...
Qmail and Postfix were designed to generically send and receive e-mail, and their only special purpose was to be more secure than Sendmail. IronPort bends over backwards to put in spammer friendly features like the ability to spread a "campaign" over multiple source IP addresses and tracking how successful they were in delivering their spam.
Have you actually checked out what OpenBSD has been doing instead of blindly ranting about it? Go ahead and click the link http://www.openbsd.org/35.html
Notable additions (besides CARP) BGP4 daemon, unmatched by any other free routing software pfsync to share firewall states across multiple boxen (goes along with CARP) amd64 support with on-chip W^X Security improvements for malloc Several more daemons run with privilege separation Support for native AES instructions on some VIA C3 CPUs (accelerated crypto)
Far from being dead, several network equipment vendors are using OpenBSD as a platform for their software, such as SourceFire and nCircle.
The difference is that OpenBSD tries to be an OS for professionals and do things that replace commercial products from companies like Cisco. While the average home user doesn't give a crap (oooh, we want accelerated 3D!) many professionals do (BGP routing, HighAvailability firewalls, professional grade documentation, secure configuration by default, etc).
Oh and buy the way, SMP is actually in CVS and you can actually use it; it's just not part of the 3.5 release.
So what you're saying is that people are too stupid to communicate on their own and they need to have someone hold their hand to make sure it gets done "right"?
Hmm, let's see how well that translates to other areas: You're too stupid to procreate correctly, we'll regulate that You're too stupid to pick the right career, we'll do that for you You're too stupid to own a vehicle, we'll take care of transporting you etc...
Except that Bonded Sender is run by IronPort Systems, which is a notorious spammer supplier. Since they started selling "anti-spam" products, they've removed most of the blatant references to spamming from their website, but they still prominently feature their "A series" which are nothing other than screaming spam cannons. Their literature claims to "help you with marketing campaigns". A lot of the spam you get every day comes from an IronPort box.
It's in IronPort's best interest to keep signing up spammers, and it's in the spammers best interest to sign up (if enough people subscribe to Bonded Sender to make the by-pass worthwhile, which currently isn't the case). Maybe IronPort will hand out some slaps on the wrist, but they wouldn't want to delist too many companies because that wouldn't leave an incentive for more companies to sign up.
In short, IronPort is doing a tight rope walk between spammers and spam recipients. They can't totally please either parties, and I suspect in the end they won't satisfy either on. Of course, that's assuming anyone actually signs up, which so far they have had only very limited interest (much like their so-called "anti-spam" product).
Of course, the parent posted anonymously so we're only left to guess at their affiliation with IronPort Systems.
(PS if you're one of my friends who works there, no offense;)
I'm in agreement. There is a frightening trend on the Internet to "centralize" and "take power from the Edge(TM)". What that really means is "commercialize" and "make non-free/non-open". It's going counter to the very basis of the Internet, which is free sharing of information.
It's happening with ISPs that do draconian port filtering to prevent their paying users from being able to host their own content, to VeriSign attempting to own typos, to Microsoft wanting to decide how e-mail "postage" is used, and now the most unlikely (and disheartening) instance is Spamhaus wanting to create a new serfdom of "unclean" Internet users, where "unclean" translates to "didn't pay us".
The Internet isn't supposed to be about who can most ruthlessly separate people from their money, it's supposed to be about lowering the threshold of entry to information sharing/gathering, not raising it!
Sweet, merciful crap! Apparently FireFox does not add proper CRLF when submitting a form? WHERE ARE MY PARAGRAPHS???
Bah, you beat me to it
on
Security Warrior
·
· Score: 5, Informative
I'm reviewing the book as well with the intent to publish the review, but with so much work lately I haven't had time for reading.
Any way, my summary so far (up to the UNIX specific attacks) is that it feels somewhat fragmented, and the order is slightly jarring. The first section of the book jumps right into assembly. While that might be a foundation to computing (one step up from machine code), it's a real bucket of ice water in the face for anyone trying to get started with the book. Even though I've been trained in a couple of programming languages and I'm familiar with ASM, it was still difficult to follow along some times.
The first section on networking felt very incomplete and shallow, but then after skipping around a bit they come back to more network security topics a bit later. It remains to be seen how well it will flesh out in the later chapters. I was rather hoping for some details, like W. Richard Stevens tcpdump approach to teaching TCP/IP, given all the detail they had earlier on ASM, but alas I haven't seen anything like that, so far.
On the other hand, I found the section on reversing Linux binaries to be very enlightening. I never realized how broken/limited the tools are for reversing on a Linux platform. Certainly that could make it very difficult to examine Linux viruses and worms when they finally start circulating in large numbers.
Any way, I'll reserve the rest of my judgement until I actually finish the book.
While you're at it, could you please do something about the SPAM?
As long as we're having a frank discussion on the failings of RealNetworks and what they could do to improve, what about that endless barage of e-mail that your marketing flunkies bombard people with?
I used to work for a major e-mail carrier (upwards of 20million mailboxes, at one point) and many nights on the graveyard NOC shift over 50% of the spam clogging our queues was from RealNetworks. Since your own mail servers are very hostile to accepting mail (they won't even take their own bounce messages) we were often forced to wholesale delete messages by the hundreds of thousands and periodically put RealNetworks on our blacklist.
Now mind you, I haven't downloaded any of Real's cra.. uh, I mean "software" in years, but at one point I distinctly remember the installer trying to trick people into "opting in" for about 5 different spam mailings (it was cleverly hidden in the installer with several very deliberate tricks to avoid detection). Does the Real installer still do this (I certainly hope not)?
If you're serious about fixing Real, I would suggest the board starts with firing the entire marketing department and all the product managers and business developers, then starting over with a business model that doesn't involve thoroughly pissing off everyone that even comes into oblique contact with your company or it's excrem... er, products and advertisements.
That's great for you, considering they raffled it and some very clueless young women had the ticket. I guess you knew through a telepathic link that she had the ticket you would have received had you actually attended?
The party was actually really fun. My only gripe is that some clueless chick got a really nice 2U server from offmyserver.com and she didn't even know what FreeBSD was.
Hey, at least I got a bootable FreeBSD CD that loads in a RAMdisk, so that alone was worth showing up for!
Slashdot Mirror
Well it's pretty clear that Apple would win a huge chunk of the desktop market by default, but probably not the the extent that Microsoft has today. The rest would be carved up by various Linux distros, and maybe new or revitalized OSs?
The server market would just be consumed by UNIX-like OSs and probably Apple would gain ground there as well, but not nearly like the desktop situation.
It would be a huge win for IBM and Apple, and even Sun could probably make some ground.
I wonder if Dell would come up with their own OS to start selling, or a highly customized version of Red Hat? Hmm... one would think that Dell wouldn't want to lose it's grasp on the PC market.
The real problem would be all the chaos that would ensue when no one was dominating the standards. Despite being Pure Evil, Microsoft *does* give everyone else standards to integrate with. Everyone at least makes their stuff as compatible with Windows(TM) as possible. Without the standards, companies like IBM, Sun, Apple, Cisco, HP, etc would all compete with their own proprietary stuff and it would probably be a real nightmare for application developers.
So people who obsess about getting their new box setup w/o Microsoft, but with OOo, Samba, NDIS wrapper, KDE, VNC, IPP, etc (hint: all basically just like Microsoft, only "free") are professionals, but people who keep the Internet running are not?
Oh OK, I see your point. waaaiiit...
Most average human beings can at least put pipes together, they just don't want to get dirty. If the posts I see every day on Linux mailing lists and message boards are any indication, even running a simple LAN must be akin to building the freakin Panama canal...
So then you're saying that responsibility = money? Some of the richest people in the world are the most irresponsible, so I don't see how that follows...
You don't get licenses to speak to people on the street, you don't get licenses for having the privilege to talk on the phone, why should you have to get what amounts to an e-mail license? It's pretty much the same thing, after all. While phones do have monthly charges, so do ISP accounts so that part of it is already taken care of.
Clearly, money is not a problem for many spammers, but it *is* a problem for lots of responsible hobbiests and other people who don't want their private e-mail being snooped on (yay for TLS!). Since money is not a differentiating factor between spammers are reponsible non-spammers, this idea is certainly not a good one.
Even the revised estimate of $250 is still ridiculous, I'm not going to pay $250/year (~$20/month, which is more than many pay just for connectivity) to some vigilante organization as "protection money". I pay for my bandwidth and IPs, that's enough, damnit! This amounts to little more than licensing protocol usage, which will just start down a slippery slope. Next you'll have a fee to visit web pages that promise they won't use unsigned scripting code and install spyware, or you'll have to pay for the "privilege" of having an FTP site, etc. That's not the Internet I grew up with and I won't stand for it.
People don't pay several hundred thousand dollars for Qmail. Obviously, it's not "just a tool" but it's a tool with an extremely specific purpose. Have you seen the interface? It allows extremely granular tracking of the success or failure of each "campaign" and what the specific error codes were. You can configure up to 254 IP addresses per box (hmm, why would you want to do that???), etc...
Now most folks don't have to send 500,000 msgs/hr from one box, which is what IronPort claims to do. They also don't need to have specific breakouts and reports of how their messages to each recipient was transmitted and received.
Don't take my word for it. Look at their customer list, Viacom (advertising), click.doubleclick (hello???), etc...
Qmail and Postfix were designed to generically send and receive e-mail, and their only special purpose was to be more secure than Sendmail. IronPort bends over backwards to put in spammer friendly features like the ability to spread a "campaign" over multiple source IP addresses and tracking how successful they were in delivering their spam.
Have you actually checked out what OpenBSD has been doing instead of blindly ranting about it? Go ahead and click the link http://www.openbsd.org/35.html
Notable additions (besides CARP)
BGP4 daemon, unmatched by any other free routing software
pfsync to share firewall states across multiple boxen (goes along with CARP)
amd64 support with on-chip W^X
Security improvements for malloc
Several more daemons run with privilege separation
Support for native AES instructions on some VIA C3 CPUs (accelerated crypto)
Far from being dead, several network equipment vendors are using OpenBSD as a platform for their software, such as SourceFire and nCircle.
The difference is that OpenBSD tries to be an OS for professionals and do things that replace commercial products from companies like Cisco. While the average home user doesn't give a crap (oooh, we want accelerated 3D!) many professionals do (BGP routing, HighAvailability firewalls, professional grade documentation, secure configuration by default, etc).
Oh and buy the way, SMP is actually in CVS and you can actually use it; it's just not part of the 3.5 release.
So what you're saying is that people are too stupid to communicate on their own and they need to have someone hold their hand to make sure it gets done "right"?
Hmm, let's see how well that translates to other areas:
You're too stupid to procreate correctly, we'll regulate that
You're too stupid to pick the right career, we'll do that for you
You're too stupid to own a vehicle, we'll take care of transporting you
etc...
Except that Bonded Sender is run by IronPort Systems, which is a notorious spammer supplier. Since they started selling "anti-spam" products, they've removed most of the blatant references to spamming from their website, but they still prominently feature their "A series" which are nothing other than screaming spam cannons. Their literature claims to "help you with marketing campaigns". A lot of the spam you get every day comes from an IronPort box.
;)
It's in IronPort's best interest to keep signing up spammers, and it's in the spammers best interest to sign up (if enough people subscribe to Bonded Sender to make the by-pass worthwhile, which currently isn't the case). Maybe IronPort will hand out some slaps on the wrist, but they wouldn't want to delist too many companies because that wouldn't leave an incentive for more companies to sign up.
In short, IronPort is doing a tight rope walk between spammers and spam recipients. They can't totally please either parties, and I suspect in the end they won't satisfy either on. Of course, that's assuming anyone actually signs up, which so far they have had only very limited interest (much like their so-called "anti-spam" product).
Of course, the parent posted anonymously so we're only left to guess at their affiliation with IronPort Systems.
(PS if you're one of my friends who works there, no offense
I'm in agreement. There is a frightening trend on the Internet to "centralize" and "take power from the Edge(TM)". What that really means is "commercialize" and "make non-free/non-open". It's going counter to the very basis of the Internet, which is free sharing of information.
It's happening with ISPs that do draconian port filtering to prevent their paying users from being able to host their own content, to VeriSign attempting to own typos, to Microsoft wanting to decide how e-mail "postage" is used, and now the most unlikely (and disheartening) instance is Spamhaus wanting to create a new serfdom of "unclean" Internet users, where "unclean" translates to "didn't pay us".
The Internet isn't supposed to be about who can most ruthlessly separate people from their money, it's supposed to be about lowering the threshold of entry to information sharing/gathering, not raising it!
That's a very accurate assessmet. It is very much a PenTester's handbook.
Sweet, merciful crap! Apparently FireFox does not add proper CRLF when submitting a form? WHERE ARE MY PARAGRAPHS???
I'm reviewing the book as well with the intent to publish the review, but with so much work lately I haven't had time for reading. Any way, my summary so far (up to the UNIX specific attacks) is that it feels somewhat fragmented, and the order is slightly jarring. The first section of the book jumps right into assembly. While that might be a foundation to computing (one step up from machine code), it's a real bucket of ice water in the face for anyone trying to get started with the book. Even though I've been trained in a couple of programming languages and I'm familiar with ASM, it was still difficult to follow along some times. The first section on networking felt very incomplete and shallow, but then after skipping around a bit they come back to more network security topics a bit later. It remains to be seen how well it will flesh out in the later chapters. I was rather hoping for some details, like W. Richard Stevens tcpdump approach to teaching TCP/IP, given all the detail they had earlier on ASM, but alas I haven't seen anything like that, so far. On the other hand, I found the section on reversing Linux binaries to be very enlightening. I never realized how broken/limited the tools are for reversing on a Linux platform. Certainly that could make it very difficult to examine Linux viruses and worms when they finally start circulating in large numbers. Any way, I'll reserve the rest of my judgement until I actually finish the book.
While you're at it, could you please do something about the SPAM? As long as we're having a frank discussion on the failings of RealNetworks and what they could do to improve, what about that endless barage of e-mail that your marketing flunkies bombard people with? I used to work for a major e-mail carrier (upwards of 20million mailboxes, at one point) and many nights on the graveyard NOC shift over 50% of the spam clogging our queues was from RealNetworks. Since your own mail servers are very hostile to accepting mail (they won't even take their own bounce messages) we were often forced to wholesale delete messages by the hundreds of thousands and periodically put RealNetworks on our blacklist. Now mind you, I haven't downloaded any of Real's cra.. uh, I mean "software" in years, but at one point I distinctly remember the installer trying to trick people into "opting in" for about 5 different spam mailings (it was cleverly hidden in the installer with several very deliberate tricks to avoid detection). Does the Real installer still do this (I certainly hope not)? If you're serious about fixing Real, I would suggest the board starts with firing the entire marketing department and all the product managers and business developers, then starting over with a business model that doesn't involve thoroughly pissing off everyone that even comes into oblique contact with your company or it's excrem... er, products and advertisements.
That's great for you, considering they raffled it and some very clueless young women had the ticket. I guess you knew through a telepathic link that she had the ticket you would have received had you actually attended?
The party was actually really fun. My only gripe is that some clueless chick got a really nice 2U server from offmyserver.com and she didn't even know what FreeBSD was. Hey, at least I got a bootable FreeBSD CD that loads in a RAMdisk, so that alone was worth showing up for!