Um, what? Debian (and by extension, ubuntu) has had the ability to add things like this to/etc/network/interfaces forever. I've been adding routes, setting up VPN bridges, enabling firewalls, setting up UPnP routes, and doing all sorts of things with that for ages. Adding in a command to run mii-tool sounds trivial.
Did you not know about that file, or was there something about it that was undiscoverable/not doable for you?
For a corporate environment, MSE isn't really the right approach, it has next to no management available. Forefront endpoint protection and the related management tools are the corporate option.
... Until they use an attack against one of the plugins that you have installed that have the same vulnerability on any platform: like, say, flash, which has insanely deep market penetration. If they were targeting you specifically (as is the case with a targeted attack against a specific company, which is what happened here), then they'll use whatever means they can to figure out what you're running. Then they'll tailor the attack to take over flash (which on linux is no more sandboxed than it is on windows XP), and from there, they mess with your profile to the point where doing something that wants admin chains through their own thing, or they use a local vulnerability you haven't patched yet, and wait. And all you would know is that flash crashed firefox once again, and you blithely restarted firefox.
My girlfriend tried to play this again recently. She nearly broke down in tears just when she just saw the horse you ride, let alone when she killed her first collossus. She had to stop playing. It probably wouldn't affect me the same way, but I remember being visibly shocked when my character was nuked to death in modern warfare 1, and running scared as a megalomaniacal computer had me doing its bidding in system shock 2. (plus there were those damned spiders). Hell, System Shock 2 didn't even look all that special by today's standards, but it STILL manages to make my flesh crawl when i hear the sounds from it.
because then the malicious software would just start detecting and suppressing the popup? anything already on the system will break. newly downloaded stuff might be able to overcome existing defences by malicious software, OTOH. Thus, the game of cat and mouse continues, but at least the cat isn't being completely blind in this scenario.
I reinstalled, as one of the first things i tried. And yes, i'm aware that the 59xx series are much younger, but nvidia's drivers were more capable of recovering gracefully when windows vista RTM first shipped with a brand new driver model than how ati are handling a 4 month old windows 7 OS. All i'm saying in my initial post was that both sides have stability issues, it's cutting edge tech on both sides.
Actually to cover all of your points: 1) l4d2 has gotten better with the release of 10.3a. But 9.10 sucked on my crossfire-built-in 5970. As soon as the level changed, the framerate dropped to less than half, and it started stuttering. Alt-tabbing out and back in fixed it temporarily, until the next level change. This is not an issue the non-crossfire setups faced, from what i read online. 2) Sorry, you claiming your system is stable makes no difference to me. i changed the video card, i started getting hangs and crashes. usually just in the video subsystem, but they still required me to hit the power button to shutdown the system. At least the nvidia driver would recover and ACTUALLY LET ME SEE THE DESKTOP when they infrequently failed (even back in the early days of vista were they doing that) 3) I don't use XP. I never used XP, it was, and will always be shit. All of my systems run retail windows 7 (not dodgy pirated versions either) 4) This doesn't negate my issue where my system blue-screened when going from the 9.10 hotfix drivers to 10.1. It ran okay the next time, but couldn't find the installed product upon reboot. I had to uninstall them completely. This was a 2 week old install, which I'd done after i got the ATI card from newegg (since previously, it'd run nvidia fine, and I figured cleaning up the drivers was a good idea) 5) no, it doesn't. The texture flickering is nearly epilepsy-inducing. This might still only be a crossfire problem. 6) yeah, I mean crossfire. SLI's kinda become the generic term for the idea in my head.
Just to make this anecdote war complete: I used to have an nvidia 285-based card. Ran perfectly, stable, no issues. Eventually, it passes it's used by date, and releases the magic smoke (case was on the hot side)
I replaced it with an ati card: a HIS 5970, high end video card: Framerate issues in l4d2 after a level change Frequent hangs/crashes of the video system Drivers that blue screen the system during installation Drivers that can't upgrade to the next version without a full uninstall, boot to safe mode, and wipe using a driver cleaner Horrible flickering in GTA4 when shadows are turned on. And to cap it all off, the performance with a built-in-sli card is WORSE than the old 285 i used to have!
(yeah, okay, it's windows for both, but the exact same system was 100% stable with one, and not with the other, the only difference being the card and the drivers.) I see your anecdote, and raise you one "surprise, both sides have issues, that's not what this story is about"
While a nice idea, initially, this doesn't actually solve the problem.
A Virtual Machine may be unable to penetrate the Host, but the same is *not* true of the Host being able to penetrate the VM. If someone has system level access on the host, and they know the bank uses the VM to start up a "safe" environment, they can just patch the vmd/vhd on disk, on the fly as it's being read, in memory, or attack the VM's memory itself, etc. This, while technically complex, is not really a difficult one to overcome.
Realistically, the only way to guarantee saftey while banking is to guarantee that the entire stack is legitimate from the ground up. A bootable USB key is okay, but then, what if the user accidentally leaves it plugged in (worm checks for, finds, and then patches usb key to install itself into environment) Read-only media provides a reasonable solution, but then, there goes the user's ability to safely save stuff (tax reports, expense records, whatever)
Sadly, this looks like it'll be one of those painful conveinence vs security tradeoffs that're probably just going to remain something that insurance and bank fees deal with:(
the javascript bit benefits from multi-core support, not gpu.
The GPU acceleration kicks in when you go near font smoothing, SVG support, video rendering, etc. No point letting the cpu do that when the gpu is so much better at it, and has been for years.
Hardware accelerated SVG, Video rendering, font smoothing, etc.
Why should your cpu do all the work when any modern system with a 5 or so year old video card can render it faster, with less power used, and better quality?
Some of IE's demos at mix showed them rendering an architectural drawing (where even the letters on the page for room numbers) are drawn using paths, paths can be hardware accelerated very easily, and then scaled to your resolution/zoom by dedicated hardware.
the html5 canvas crowd are also going nuts over the possibilities (games written without flash? yes please!)
Actually, it's mainly just because there's been several tech conferences, two of which were run by MS in the past few months.
First, we had PDC'09, where a bunch of stuff was announced, and a bunch of CTPs and Betas were released or technology demoed. Then we had GDC last week, where some windows phone stuff was demoed. Then we had MIX, where windows phone, silverlight 4, XNA 4, ie9, and other assorted things were demoed.
And a good answer to your question (is sadly another question): How do you comprehensively test compliance?
Last i heard, it was by using exhaustive test suites. The kind of thing that all of the major browser makers should (and for most of them, have afaik) been contributing to. Including Microsoft. This drives clarity of the spec (ie, what to do in edge cases it doesn't specify, or the border between SVG and DOM, or whatever that physics ball test was showing, for instance) and it lets everyone meet the same standard in the same way.
I'm just glad that they (all of them, not just MS) appear to be more or less doing it right, this time.
And yeah, i'm no big fan of ACID3 either. I was hoping ie9 would knock it out of the park, just to stomp on some friends i know who treat it like some kind of holy grail, but one single test is far too hard to cheat at. you need a test suite, not 100 edge cases.
Except they may not even kill themselves, they may kill other, innocent random people who can't get vaccinated for legitimate reasons: eg: Immuno-compromised (transplant, chemotherapy, genetics, other), too young (just recently born, see Dana McCaffrey in Australia), etc.
That pushes them over into the category of criminally negligence, IMHO, but we just aren't at that level yet.
That's assuming every single one shortens the day. Do we know if they'll actually do that, or if there's more likely to be some kind of gaussian spread across positive and negative shifts?
I'm pretty sure the skin flakes, hairs, dust and other miscellaneous gunk trapped in and on the device would make the water conductive after a short period, however.
Calling this a 'back door' is a bit disengenuous. That's data that Microsoft has collected about you, through your use of their services. If a law enforcement agency has the appropriate request (supoena or warrant, etc), then it's either "provide a way for them to collect it, in such a way that protects every other user of the service from undue scrutiny" or "let them walk in and take the servers, and screw everyone"
You're making a big mistake if you think that law enforcement agents won't do the latter if you refuse to give them the former.
It doesn't save me anything, as a matter of fact. fighting past bellevue, then across the i-90, then back up to greenwood takes just as long, if not longer, the times i've tried it. I've had occasional success with going over the top of the lake, but the traffic needs to be completely screwed on the 520, and relatively light on the 405 north for that.
Let's be 100% clear about this. I take that bridge to work every day.
It is one of the worst, most overly congested bridges I've ever seen. It's congested all day every day except sunday and between about 9pm -> 6am, generally speaking, and right now, it seems like getting a new bridge in sooner would do more to alleviate carbon production than waiting for extra PT could ever hope to achieve in any kind of useful timeframe.
Simply put, when taking the bridge, I spend up to an hour, for what should be a 15-20 minute trip. That's around 30 minutes of extra idle time in my car, which could easily be saved. We also already have functioning public and private bus systems across the bridge, and that's not going to go away.
Additionally, this is a company that went out and bought a bunch of coaches to setup their own private transit system so that even more employees could leave their cars at home in places where there was no effective PT to campus. I hardly think this is an example of Microsoft not caring about the environment or carbon emissions. We've also been working hard to consolidate and reduce the amount of computer lab space we're using, reducing energy costs, setting more machines to sleep at night,etc.
This article is a complete hatchet job designed to just paint Microsoft in the worst possible light. I'm not surprised that kdawson posted it in the slightest.
You'd probably have to read something like Windows Internals for an answer to that.
The answer is, it's probably designed to scale, or turn a lot of its behavior off or ramp up under lots of different, interacting, conditions.
Doing this kind of thing to ensure performance is reasonable on low memory conditions isn't really a large problem, and probably isn't something they didn't think of.
Slashdot Mirror
Well, if anything i learned from Quake is true, i can blast it into chunky kibbles...
Um, what? /etc/network/interfaces forever. I've been adding routes, setting up VPN bridges, enabling firewalls, setting up UPnP routes, and doing all sorts of things with that for ages. Adding in a command to run mii-tool sounds trivial.
Debian (and by extension, ubuntu) has had the ability to add things like this to
Did you not know about that file, or was there something about it that was undiscoverable/not doable for you?
For a corporate environment, MSE isn't really the right approach, it has next to no management available.
Forefront endpoint protection and the related management tools are the corporate option.
... Until they use an attack against one of the plugins that you have installed that have the same vulnerability on any platform: like, say, flash, which has insanely deep market penetration. If they were targeting you specifically (as is the case with a targeted attack against a specific company, which is what happened here), then they'll use whatever means they can to figure out what you're running.
Then they'll tailor the attack to take over flash (which on linux is no more sandboxed than it is on windows XP), and from there, they mess with your profile to the point where doing something that wants admin chains through their own thing, or they use a local vulnerability you haven't patched yet, and wait.
And all you would know is that flash crashed firefox once again, and you blithely restarted firefox.
My girlfriend tried to play this again recently. She nearly broke down in tears just when she just saw the horse you ride, let alone when she killed her first collossus. She had to stop playing.
It probably wouldn't affect me the same way, but I remember being visibly shocked when my character was nuked to death in modern warfare 1, and running scared as a megalomaniacal computer had me doing its bidding in system shock 2. (plus there were those damned spiders).
Hell, System Shock 2 didn't even look all that special by today's standards, but it STILL manages to make my flesh crawl when i hear the sounds from it.
because then the malicious software would just start detecting and suppressing the popup? anything already on the system will break. newly downloaded stuff might be able to overcome existing defences by malicious software, OTOH.
Thus, the game of cat and mouse continues, but at least the cat isn't being completely blind in this scenario.
NARF
I reinstalled, as one of the first things i tried. And yes, i'm aware that the 59xx series are much younger, but nvidia's drivers were more capable of recovering gracefully when windows vista RTM first shipped with a brand new driver model than how ati are handling a 4 month old windows 7 OS.
All i'm saying in my initial post was that both sides have stability issues, it's cutting edge tech on both sides.
Actually to cover all of your points:
1) l4d2 has gotten better with the release of 10.3a. But 9.10 sucked on my crossfire-built-in 5970. As soon as the level changed, the framerate dropped to less than half, and it started stuttering. Alt-tabbing out and back in fixed it temporarily, until the next level change. This is not an issue the non-crossfire setups faced, from what i read online.
2) Sorry, you claiming your system is stable makes no difference to me. i changed the video card, i started getting hangs and crashes. usually just in the video subsystem, but they still required me to hit the power button to shutdown the system. At least the nvidia driver would recover and ACTUALLY LET ME SEE THE DESKTOP when they infrequently failed (even back in the early days of vista were they doing that)
3) I don't use XP. I never used XP, it was, and will always be shit. All of my systems run retail windows 7 (not dodgy pirated versions either)
4) This doesn't negate my issue where my system blue-screened when going from the 9.10 hotfix drivers to 10.1. It ran okay the next time, but couldn't find the installed product upon reboot. I had to uninstall them completely. This was a 2 week old install, which I'd done after i got the ATI card from newegg (since previously, it'd run nvidia fine, and I figured cleaning up the drivers was a good idea)
5) no, it doesn't. The texture flickering is nearly epilepsy-inducing. This might still only be a crossfire problem.
6) yeah, I mean crossfire. SLI's kinda become the generic term for the idea in my head.
But by all means, accuse me of being incompetent.
And yes, by SLI i meant crossfire. Terminology mixup between mental concept and keyboard. :P
As far as i'm concerned, SLI became the generic name
Just to make this anecdote war complete: I used to have an nvidia 285-based card. Ran perfectly, stable, no issues. Eventually, it passes it's used by date, and releases the magic smoke (case was on the hot side)
I replaced it with an ati card: a HIS 5970, high end video card:
Framerate issues in l4d2 after a level change
Frequent hangs/crashes of the video system
Drivers that blue screen the system during installation
Drivers that can't upgrade to the next version without a full uninstall, boot to safe mode, and wipe using a driver cleaner
Horrible flickering in GTA4 when shadows are turned on.
And to cap it all off, the performance with a built-in-sli card is WORSE than the old 285 i used to have!
(yeah, okay, it's windows for both, but the exact same system was 100% stable with one, and not with the other, the only difference being the card and the drivers.)
I see your anecdote, and raise you one "surprise, both sides have issues, that's not what this story is about"
Sure. Then you find a nifty app for your bank... Except It isn't actually made by or distributed by your bank and it's really a man-in-the-middle attack in disguise.
While a nice idea, initially, this doesn't actually solve the problem.
A Virtual Machine may be unable to penetrate the Host, but the same is *not* true of the Host being able to penetrate the VM. If someone has system level access on the host, and they know the bank uses the VM to start up a "safe" environment, they can just patch the vmd/vhd on disk, on the fly as it's being read, in memory, or attack the VM's memory itself, etc. This, while technically complex, is not really a difficult one to overcome.
Realistically, the only way to guarantee saftey while banking is to guarantee that the entire stack is legitimate from the ground up. A bootable USB key is okay, but then, what if the user accidentally leaves it plugged in (worm checks for, finds, and then patches usb key to install itself into environment)
Read-only media provides a reasonable solution, but then, there goes the user's ability to safely save stuff (tax reports, expense records, whatever)
Sadly, this looks like it'll be one of those painful conveinence vs security tradeoffs that're probably just going to remain something that insurance and bank fees deal with :(
the javascript bit benefits from multi-core support, not gpu.
The GPU acceleration kicks in when you go near font smoothing, SVG support, video rendering, etc. No point letting the cpu do that when the gpu is so much better at it, and has been for years.
Hardware accelerated SVG, Video rendering, font smoothing, etc.
Why should your cpu do all the work when any modern system with a 5 or so year old video card can render it faster, with less power used, and better quality?
Some of IE's demos at mix showed them rendering an architectural drawing (where even the letters on the page for room numbers) are drawn using paths, paths can be hardware accelerated very easily, and then scaled to your resolution/zoom by dedicated hardware.
the html5 canvas crowd are also going nuts over the possibilities (games written without flash? yes please!)
Actually, it's mainly just because there's been several tech conferences, two of which were run by MS in the past few months.
First, we had PDC'09, where a bunch of stuff was announced, and a bunch of CTPs and Betas were released or technology demoed.
Then we had GDC last week, where some windows phone stuff was demoed.
Then we had MIX, where windows phone, silverlight 4, XNA 4, ie9, and other assorted things were demoed.
It's just a tech-rich season. *shrug*
And a good answer to your question (is sadly another question): How do you comprehensively test compliance?
Last i heard, it was by using exhaustive test suites. The kind of thing that all of the major browser makers should (and for most of them, have afaik) been contributing to. Including Microsoft. This drives clarity of the spec (ie, what to do in edge cases it doesn't specify, or the border between SVG and DOM, or whatever that physics ball test was showing, for instance) and it lets everyone meet the same standard in the same way.
I'm just glad that they (all of them, not just MS) appear to be more or less doing it right, this time.
And yeah, i'm no big fan of ACID3 either. I was hoping ie9 would knock it out of the park, just to stomp on some friends i know who treat it like some kind of holy grail, but one single test is far too hard to cheat at. you need a test suite, not 100 edge cases.
Except they may not even kill themselves, they may kill other, innocent random people who can't get vaccinated for legitimate reasons: eg: Immuno-compromised (transplant, chemotherapy, genetics, other), too young (just recently born, see Dana McCaffrey in Australia), etc.
That pushes them over into the category of criminally negligence, IMHO, but we just aren't at that level yet.
Just wait till you install Twidroid! You'll be updating multiple times a day then :)
That's assuming every single one shortens the day. Do we know if they'll actually do that, or if there's more likely to be some kind of gaussian spread across positive and negative shifts?
I'm pretty sure the skin flakes, hairs, dust and other miscellaneous gunk trapped in and on the device would make the water conductive after a short period, however.
Calling this a 'back door' is a bit disengenuous. That's data that Microsoft has collected about you, through your use of their services. If a law enforcement agency has the appropriate request (supoena or warrant, etc), then it's either "provide a way for them to collect it, in such a way that protects every other user of the service from undue scrutiny" or "let them walk in and take the servers, and screw everyone"
You're making a big mistake if you think that law enforcement agents won't do the latter if you refuse to give them the former.
It doesn't save me anything, as a matter of fact. fighting past bellevue, then across the i-90, then back up to greenwood takes just as long, if not longer, the times i've tried it. I've had occasional success with going over the top of the lake, but the traffic needs to be completely screwed on the 520, and relatively light on the 405 north for that.
Let's be 100% clear about this. I take that bridge to work every day.
It is one of the worst, most overly congested bridges I've ever seen. It's congested all day every day except sunday and between about 9pm -> 6am, generally speaking, and right now, it seems like getting a new bridge in sooner would do more to alleviate carbon production than waiting for extra PT could ever hope to achieve in any kind of useful timeframe.
Simply put, when taking the bridge, I spend up to an hour, for what should be a 15-20 minute trip. That's around 30 minutes of extra idle time in my car, which could easily be saved. We also already have functioning public and private bus systems across the bridge, and that's not going to go away.
Additionally, this is a company that went out and bought a bunch of coaches to setup their own private transit system so that even more employees could leave their cars at home in places where there was no effective PT to campus. I hardly think this is an example of Microsoft not caring about the environment or carbon emissions. We've also been working hard to consolidate and reduce the amount of computer lab space we're using, reducing energy costs, setting more machines to sleep at night ,etc.
This article is a complete hatchet job designed to just paint Microsoft in the worst possible light. I'm not surprised that kdawson posted it in the slightest.
You'd probably have to read something like Windows Internals for an answer to that.
The answer is, it's probably designed to scale, or turn a lot of its behavior off or ramp up under lots of different, interacting, conditions.
Doing this kind of thing to ensure performance is reasonable on low memory conditions isn't really a large problem, and probably isn't something they didn't think of.