(Extending the legal situation: to prove that what Apple is doing is illegal would take a single court case; there apparently isn't one...)
Unless enough people can get together to form a class action in the US, there won't be one. Your "each pays their own costs" system explicitly discourages people from taking a company to court over something that can be replaced for under $1000.
Yes, and the point the GP was making is that noncondensing conditions are downright impossible to maintain in daily use. Which means that the wording of the specification is unreasonable.
Ah, so it was YOU I went to college with. You should have known when we all warned you about it, but the failing grade on your final really should have clued you in.
Seriously, I went to college with a kid who proposed an encryption method that involved taking the ASCII value of each letter in the string to be encrypted, and multiplying each one by a unique randomly-generated 8-digit number. When asked how you decrypted it, he stated that all you needed to do was DIVIDE each character of the encrypted string by a series of freshly-generated 8-digit pseudorandom numbers.
Needless to say, though the code was well-written in and of itself, he never did get it running for finals, and about a dozen of us spent several hours each attempting to explain to him why.
PS: He also bought lottery tickets.:)
A variant on that (use XOR rather than multiply/divide) does actually work if you seed the RNG with the same value both times and use a password provided by the user as a seed. It's not exactly going to give professionals a headache but it'll keep your younger brother out of your files.
The only bijou issuette is the encrypted files are not necessarily portable because unless you provide your own RNG you can't be sure that the algorithm used by rand() is the same on different platforms - or indeed the same across different versions of the standard libraries.
They already tried something similar when cars first started having diagnostic ports - you had to use a special machine to read the diagnostic code which was only available from the manufacturer to franchised dealers. This is why OBD-II was developed and is now mandated in much of the world.
The problem is, this is something that affects my work - I'm the sysadmin - and I guarantee you that as soon as you start putting roadblocks like that in people's way, they start to look for ways around them.
I'd also have to screw around with the laptop to prevent Windows accessing the bank's website (easiest answer would be a few strategic entries in the hosts file) - but the inevitable upshot is that I guarantee the enduser would wind up doing something like using their own PC for banking rather than rebooting the laptop. At least I have a chance (however slim) of being able to manage the risk on the laptop I give them.
We have recently ditched Symantec anyway - not for this reason, I hasten to add, because I was unaware of this when we ditched it - and the new AV product is a suite complete with managed firewall, browser protection and every conceivable bell and whistle.
(Yes I know Symantec also produce such a product. But it requires a Windows server which would have been quite a bit more licensing expense considering all my backend infrastructure is Linux).
The rootkit in question was Zeus, which is known to evade many AV scanners. It probably wouldn't have made much difference what I was running - and more than one rootkit in the wild today is designed to account for the fact that a user may not have admin privs.
Mail is screened, but I can't easily control their internet connection when the computer in question is a laptop. Otherwise there would be little point in issuing laptops.
I fully accept that Linux would be just as big a target if everyone had root privs and it was anywhere near as popular. I also accept that you can't protect against user stupidity.
But right now, today, there are very few Linux trojans and rootkits in the wild compared with Windows. I don't believe a 100% malware proof computer is even physically possible, but making it 98% malware proof would be a hell of an improvement on the current situation.
48 hours ago I was notified of a laptop with a rootkit.
And I can tell you now, that laptop wasn't running slowly.
It wasn't redirecting web requests.
It wasn't doing any of the things you might associate with rootkits. Yet replacing the AV with an alternate product and the alternate product detected several real issues.
Frankly, if I hadn't been notified by our bank (whose security company had managed to get a site shutdown and get a list of all potentially compromised accounts) I would never have had a clue. I concede that the user had admin privs on their laptop but I'm given to understand that even that isn't a huge barrier to a lot of modern rootkits. Thank Christ the bank in question doesn't allow you to do anything without the use of a separate security device they ship you.
Talk about a rock and a hard place. I can't trust the laptop at all, and it was infected while running a regularly-updated copy of Symantec AV Enterprise which suggests I can't necessarily rely on AV software to do what it says on the tin. Windows is obviously a lost cause unless I want to spend the rest of my live playing whack-a-mole yet I don't think the Powers that Be will stomach a move to Linux (even though most of them haven't used Windows-specific software in years).
The simple fact of the matter is that even with all the security turned on, even with all the updates being installed automatically you still can't avoid the odd rootkit. And there are several modern rootkits which are really hard to spot - most AV packages won't prevent them and they don't take over the machine to the point where you start to think "hang on a minute..... there's something wrong here".
Incidentally, the situation sometimes isn't helped by the legal system. Here in Western Australia, breaking into and stealing from property during the hours of daylight is regarded as a different crime from doing the same thing at night. Go figure. I didn't vote for the craniorectal that came up with that one.:-{
The precedent for this goes back some way - I believe in the bible it is described a different crime after dark - though I can't remember off the top of my head where in the bible exactly.
Maybe the part about HDD caching slowing things down?
I could be wrong there, since I'm not an expert but I remember the dark, dark days when my computer when spend 2-3 minutes just to redraw a Word document. Why? Because it was using the HDD like memory, instead of using the actual memory. It seems to me that this problem, while minimized, has never completely gone away.
Anyway telling me "you're wrong" doesn't enlighten either me, or the other readers. Please elucidate.
There's a lot of variables, but in simple terms the theory goes that something which you have recently accessed (be it an application, a document or whatever) you are likely to want again in the near future. Hence it's worth keeping a copy in memory on the offchance.
On the other hand, you really don't want to be swapping. So if a program needs more physical memory than what you have immediately available, it makes more sense to allocate memory which was recently holding cached data and just reduce the cache size than it does to start swapping, which is what any sane OS will do.
If there's any real intelligence involved in this, the OS will re-allocate an area which hasn't been used in a while.
The cache would only cause a problem in the way you describe it if the OS did not dynamically resize cache to account for other demands on system RAM.
I can't explain the differences between yours and your brother's computer but I can tell you that OEM builds of Windows tend to have so much garbage loaded at boot that they often need serious work before they're genuinely usable. Some of the builds I've seen, it is a wonder they boot at all.
"Please pirate our game! Please please please! We promise to make our DRM so annoying you're sure to have lots and lots of grateful people loving your clearly superior version!"
Were it not for the fact that it's pretty hard to accept money without creating a trail and drawing attention to yourself, I wouldn't be even remotely surprised if lots of pirates were to start selling DRM-free versions of games for a quarter the normal retail price.
Actually, in many ways that would be quite interesting to see - it'd say a hell of a lot about the state of gaming today if the pirates made real money that way. But I rather fear the games industry wouldn't consider it an object lesson, more a target.
Can you imagine if Osama Bin Laden were a major trading partner of ours in 2020?
His country is an important strategic ally. His family are respected businessmen. People closely linked to him, and who have possibly financing him, do business in the US and UK.
Which is why we haven't gone anywhere near his country, instead deciding to invade Afghanistan. As far as I can tell, the only reason to invade Afghanistan was Bush wanted to show he was doing something decisive after the September 11 attacks, and seeing as the country has been thoroughly shat upon by invaders and their own homegrown nutcases for the last century, doing a bit more shitting upon it wouldn't really make much difference.
However you're an AC, and lots of people browse/. with all AC's automatically downmodded to -1 so there's probably not much point. But I agree with much of what you say - with more to add.
Most of the arguments against this article boil down to one single thing.
"It's too hard."
You know something? That's a lousy argument. If "It's too hard" was a real argument against reliable software, the airline industry would never have developed modern autopilots without planes crashing out of the sky because of software faults on a daily basis.
If "It's too hard" was a real argument, NASA wouldn't have a reputation for developing almost bug-free software.
If "It's too hard" was a real argument, OpenBSD would have had a lot more than just two remote holes in the default install in over 10 years.
Frankly, as an industry IT (and I'm referring to all IT here, not just software development. Sysadmins are just as guilty) needs to grow up and start developing and implementing some real good-practise processes industry-wide. The engineering industry seems to have mostly managed that, and when was the last time you heard of a properly maintained car exploding for no good reason?
Damn, with a friendly IT department like that, Norfolk don't need enemy malware.
Even a simple Windows Repair Install would have fixed the machines and kept the data files.
There are lots of automated mechanisms - both using Microsoft's own Remote Imaging Services and third-party products - for rebuilding an OS and installing all applications very quickly to a bunch of PCs. With everything properly set up, you can go from nothing to every PC built, on the domain and all applications installed in under an hour. If you use multicast, about the only limitation is the speed of the network and how many PCs your technicians can visit to force a PXE boot in a given space of time. (I have consciously excluded any discussion of Intel's vPro technology because I am unfamiliar with it - is it in common use? Would it eliminate the need for technicians to visit the PCs?)
I don't know of any similarly automated mechanisms to repair hosed Windows installations - frankly, it's not the kind of thing you'd consider. You need the imaging method for new PCs and replacing hard disks in existing PCs. Your policy almost certainly bans storing data on the local PC precisely because it's impractical to backup several hundred PCs so you may as well use it for hosed installations as well. In the normal course of things, you'd never anticipate seeing that very often anyway.
Otherwise putting together such a mechanism (which you'd probably have to put together by hand, since I doubt there are very many pre-cooked things you can setup to boot from PXE and attempt a recovery) is simply generating work for yourself.
You just restore the image from a ghost backup without worrying about the data because the data is stored (by policy) on the servers. What? A user ignored that policy? Tough luck for him.
Exactly. No IT department is about to waste much time and effort on recovering data from individual PCs. Yes, you could script much of it but you're still going to have to reimage the things and running that script takes time away from the reimaging process.
If anything, this could be a blessing in disguise - the admin who's been saying for years "Why do we even leave it physically possible to write to the local hard disk on desktop PCs when the policy states clearly that files get stored on the server?" might now be able to enforce this policy.
An alleged gamer allegedly slipped an allegedly threatening note under his door. Personally, I would need more than a politician's word on it.
-jcr
An alleged gamer allegedly slipped an allegedly threatening alleged note under an alleged door. We don't have any hard evidence that either note or door exist, let alone how threatening the note was or who put it there.
I much regret that the idiot argument does still take place today. I wish it didn't (it almost invariably makes the person who's making the argument look like a wanker in public) but IMO it's still not dead.
On the positive side, I would say it's hanging over someone's shoulder with a body collector about to go past calling "Bring out your dead!"
The label Quakers was a derogatory term given to the Society of Friends because of their habit of "quaking" during services.
The alternative meaning of the term is it originates from when George Fox was on trial and told the judge that he should "quake in fear of the Lord".
The judge retorted by calling him a Quaker and the name stuck. It may have been intended as derogatory but the Quakers don't really seem bothered by it.
Slashdot Mirror
It originally clocked in at 861 MPH
So they're going for the world land speed record as well as the fuel economy record? Impressive stuff.
(Extending the legal situation: to prove that what Apple is doing is illegal would take a single court case; there apparently isn't one...)
Unless enough people can get together to form a class action in the US, there won't be one. Your "each pays their own costs" system explicitly discourages people from taking a company to court over something that can be replaced for under $1000.
Yes, and the point the GP was making is that noncondensing conditions are downright impossible to maintain in daily use. Which means that the wording of the specification is unreasonable.
They were bought out by a company with serious financial issues.
Ah, so it was YOU I went to college with. You should have known when we all warned you about it, but the failing grade on your final really should have clued you in.
Seriously, I went to college with a kid who proposed an encryption method that involved taking the ASCII value of each letter in the string to be encrypted, and multiplying each one by a unique randomly-generated 8-digit number. When asked how you decrypted it, he stated that all you needed to do was DIVIDE each character of the encrypted string by a series of freshly-generated 8-digit pseudorandom numbers.
Needless to say, though the code was well-written in and of itself, he never did get it running for finals, and about a dozen of us spent several hours each attempting to explain to him why.
PS: He also bought lottery tickets. :)
A variant on that (use XOR rather than multiply/divide) does actually work if you seed the RNG with the same value both times and use a password provided by the user as a seed. It's not exactly going to give professionals a headache but it'll keep your younger brother out of your files.
The only bijou issuette is the encrypted files are not necessarily portable because unless you provide your own RNG you can't be sure that the algorithm used by rand() is the same on different platforms - or indeed the same across different versions of the standard libraries.
They already tried something similar when cars first started having diagnostic ports - you had to use a special machine to read the diagnostic code which was only available from the manufacturer to franchised dealers. This is why OBD-II was developed and is now mandated in much of the world.
That's an interesting idea.
The problem is, this is something that affects my work - I'm the sysadmin - and I guarantee you that as soon as you start putting roadblocks like that in people's way, they start to look for ways around them.
I'd also have to screw around with the laptop to prevent Windows accessing the bank's website (easiest answer would be a few strategic entries in the hosts file) - but the inevitable upshot is that I guarantee the enduser would wind up doing something like using their own PC for banking rather than rebooting the laptop. At least I have a chance (however slim) of being able to manage the risk on the laptop I give them.
We have recently ditched Symantec anyway - not for this reason, I hasten to add, because I was unaware of this when we ditched it - and the new AV product is a suite complete with managed firewall, browser protection and every conceivable bell and whistle.
(Yes I know Symantec also produce such a product. But it requires a Windows server which would have been quite a bit more licensing expense considering all my backend infrastructure is Linux).
... and for some idiot reason, only one major vendor is actually producing a ready-made Live CD which does this. (F-Secure)
The rootkit in question was Zeus, which is known to evade many AV scanners. It probably wouldn't have made much difference what I was running - and more than one rootkit in the wild today is designed to account for the fact that a user may not have admin privs.
Mail is screened, but I can't easily control their internet connection when the computer in question is a laptop. Otherwise there would be little point in issuing laptops.
I fully accept that Linux would be just as big a target if everyone had root privs and it was anywhere near as popular. I also accept that you can't protect against user stupidity.
But right now, today, there are very few Linux trojans and rootkits in the wild compared with Windows. I don't believe a 100% malware proof computer is even physically possible, but making it 98% malware proof would be a hell of an improvement on the current situation.
48 hours ago I was notified of a laptop with a rootkit.
And I can tell you now, that laptop wasn't running slowly.
It wasn't redirecting web requests.
It wasn't doing any of the things you might associate with rootkits. Yet replacing the AV with an alternate product and the alternate product detected several real issues.
Frankly, if I hadn't been notified by our bank (whose security company had managed to get a site shutdown and get a list of all potentially compromised accounts) I would never have had a clue. I concede that the user had admin privs on their laptop but I'm given to understand that even that isn't a huge barrier to a lot of modern rootkits. Thank Christ the bank in question doesn't allow you to do anything without the use of a separate security device they ship you.
Talk about a rock and a hard place. I can't trust the laptop at all, and it was infected while running a regularly-updated copy of Symantec AV Enterprise which suggests I can't necessarily rely on AV software to do what it says on the tin. Windows is obviously a lost cause unless I want to spend the rest of my live playing whack-a-mole yet I don't think the Powers that Be will stomach a move to Linux (even though most of them haven't used Windows-specific software in years).
Answers on the back of a postcard....
I really do wish it was that simple.
The simple fact of the matter is that even with all the security turned on, even with all the updates being installed automatically you still can't avoid the odd rootkit. And there are several modern rootkits which are really hard to spot - most AV packages won't prevent them and they don't take over the machine to the point where you start to think "hang on a minute..... there's something wrong here".
Incidentally, the situation sometimes isn't helped by the legal system. Here in Western Australia, breaking into and stealing from property during the hours of daylight is regarded as a different crime from doing the same thing at night. Go figure. I didn't vote for the craniorectal that came up with that one. :-{
The precedent for this goes back some way - I believe in the bible it is described a different crime after dark - though I can't remember off the top of my head where in the bible exactly.
Maybe the part about HDD caching slowing things down?
I could be wrong there, since I'm not an expert but I remember the dark, dark days when my computer when spend 2-3 minutes just to redraw a Word document. Why? Because it was using the HDD like memory, instead of using the actual memory. It seems to me that this problem, while minimized, has never completely gone away.
Anyway telling me "you're wrong" doesn't enlighten either me, or the other readers. Please elucidate.
There's a lot of variables, but in simple terms the theory goes that something which you have recently accessed (be it an application, a document or whatever) you are likely to want again in the near future. Hence it's worth keeping a copy in memory on the offchance.
On the other hand, you really don't want to be swapping. So if a program needs more physical memory than what you have immediately available, it makes more sense to allocate memory which was recently holding cached data and just reduce the cache size than it does to start swapping, which is what any sane OS will do.
If there's any real intelligence involved in this, the OS will re-allocate an area which hasn't been used in a while.
The cache would only cause a problem in the way you describe it if the OS did not dynamically resize cache to account for other demands on system RAM.
I can't explain the differences between yours and your brother's computer but I can tell you that OEM builds of Windows tend to have so much garbage loaded at boot that they often need serious work before they're genuinely usable. Some of the builds I've seen, it is a wonder they boot at all.
Here we see why /. needs a "-1, Wrong" mod.
I can just see the headline now...
"Ubisoft reports 500,000 sales of their latest hit game within a week of release!
Pirate group reports 750,000 sales of the exact same game but with the DRM removed and sold at a slightly higher price within a week of release!"
I'll say one thing - it'd kill DRM stone dead within a week of being announced.
It most obviously does NOT mean "technical measures which protects from running unauthorized code", because then the R4 wouldn't exist.
If there was such a thing as a 100% reliable technical protection measure, there would be no need for such a law to exist.
"Please pirate our game! Please please please! We promise to make our DRM so annoying you're sure to have lots and lots of grateful people loving your clearly superior version!"
Were it not for the fact that it's pretty hard to accept money without creating a trail and drawing attention to yourself, I wouldn't be even remotely surprised if lots of pirates were to start selling DRM-free versions of games for a quarter the normal retail price.
Actually, in many ways that would be quite interesting to see - it'd say a hell of a lot about the state of gaming today if the pirates made real money that way. But I rather fear the games industry wouldn't consider it an object lesson, more a target.
Can you imagine if Osama Bin Laden were a major trading partner of ours in 2020?
His country is an important strategic ally. His family are respected businessmen. People closely linked to him, and who have possibly financing him, do business in the US and UK.
Which is why we haven't gone anywhere near his country, instead deciding to invade Afghanistan. As far as I can tell, the only reason to invade Afghanistan was Bush wanted to show he was doing something decisive after the September 11 attacks, and seeing as the country has been thoroughly shat upon by invaders and their own homegrown nutcases for the last century, doing a bit more shitting upon it wouldn't really make much difference.
I have mod points so I would mod you up.
However you're an AC, and lots of people browse /. with all AC's automatically downmodded to -1 so there's probably not much point. But I agree with much of what you say - with more to add.
Most of the arguments against this article boil down to one single thing.
"It's too hard."
You know something? That's a lousy argument. If "It's too hard" was a real argument against reliable software, the airline industry would never have developed modern autopilots without planes crashing out of the sky because of software faults on a daily basis.
If "It's too hard" was a real argument, NASA wouldn't have a reputation for developing almost bug-free software.
If "It's too hard" was a real argument, OpenBSD would have had a lot more than just two remote holes in the default install in over 10 years.
Frankly, as an industry IT (and I'm referring to all IT here, not just software development. Sysadmins are just as guilty) needs to grow up and start developing and implementing some real good-practise processes industry-wide. The engineering industry seems to have mostly managed that, and when was the last time you heard of a properly maintained car exploding for no good reason?
Damn, with a friendly IT department like that, Norfolk don't need enemy malware.
Even a simple Windows Repair Install would have fixed the machines and kept the data files.
There are lots of automated mechanisms - both using Microsoft's own Remote Imaging Services and third-party products - for rebuilding an OS and installing all applications very quickly to a bunch of PCs. With everything properly set up, you can go from nothing to every PC built, on the domain and all applications installed in under an hour. If you use multicast, about the only limitation is the speed of the network and how many PCs your technicians can visit to force a PXE boot in a given space of time. (I have consciously excluded any discussion of Intel's vPro technology because I am unfamiliar with it - is it in common use? Would it eliminate the need for technicians to visit the PCs?)
I don't know of any similarly automated mechanisms to repair hosed Windows installations - frankly, it's not the kind of thing you'd consider. You need the imaging method for new PCs and replacing hard disks in existing PCs. Your policy almost certainly bans storing data on the local PC precisely because it's impractical to backup several hundred PCs so you may as well use it for hosed installations as well. In the normal course of things, you'd never anticipate seeing that very often anyway.
Otherwise putting together such a mechanism (which you'd probably have to put together by hand, since I doubt there are very many pre-cooked things you can setup to boot from PXE and attempt a recovery) is simply generating work for yourself.
You just restore the image from a ghost backup without worrying about the data because the data is stored (by policy) on the servers. What? A user ignored that policy? Tough luck for him.
Exactly. No IT department is about to waste much time and effort on recovering data from individual PCs. Yes, you could script much of it but you're still going to have to reimage the things and running that script takes time away from the reimaging process.
If anything, this could be a blessing in disguise - the admin who's been saying for years "Why do we even leave it physically possible to write to the local hard disk on desktop PCs when the policy states clearly that files get stored on the server?" might now be able to enforce this policy.
What on Earth is $x Euro? Do you mean €x?
An alleged gamer allegedly slipped an allegedly threatening note under his door. Personally, I would need more than a politician's word on it.
-jcr
An alleged gamer allegedly slipped an allegedly threatening alleged note under an alleged door. We don't have any hard evidence that either note or door exist, let alone how threatening the note was or who put it there.
I much regret that the idiot argument does still take place today. I wish it didn't (it almost invariably makes the person who's making the argument look like a wanker in public) but IMO it's still not dead.
On the positive side, I would say it's hanging over someone's shoulder with a body collector about to go past calling "Bring out your dead!"
The label Quakers was a derogatory term given to the Society of Friends because of their habit of "quaking" during services.
The alternative meaning of the term is it originates from when George Fox was on trial and told the judge that he should "quake in fear of the Lord".
The judge retorted by calling him a Quaker and the name stuck. It may have been intended as derogatory but the Quakers don't really seem bothered by it.