The obvious solution to potential application breakage is you provide a sandbox so the application thinks it's writing where it wants to. Though I'm not sure if the overhead involved in that may have been prohibitive back in the days of NT4.
Regarding developers being sloppy - while I am not a developer, I can take a fairly well educated guess at a number of contributing factors:
Applications written originally for Win9x - where there was little concept of security. (You could authenticate against a domain and the fileserver would prevent Ann from seeing Bob's files, but once those files were on the workstation anything was possible).
Developers given local admin rights on their own PC by their employer never bothering to check if taking these rights away impacted their code. Or if it did, not really caring. Probably got a vicious circle there straight away.
Developers using the "suck it and see" method of coding rather than actually seeing if recommendations were available. (As in: "I wonder if I can solve this problem by doing X... cool, I can. Right, what's next?" rather than "This must be a fairly common problem, I wonder if there's a recommended solution?")
Probability and actuality are 2 different things. Just because the probability is low doesn't mean it won't happen with the first 2 blocks encountered. I don't see how this (using a hash) can work given that the results are not guaranteed.
We are not talking "probability so low you'd be better off entering the lottery". We are talking "probability so low you'd be more likely to win every lottery in existence on the planet simultaneously".
As I've already said, you can enable full checking if you are really paranoid - and some applications where you need to put a cast-iron guarantee on data integrity (possibly financial or health related) probably would. For the rest of us, I wouldn't be so bothered.
Identical machine SIDs and WSUS identifiers (stored in the registry) don't stop the updates from being applied...they just cause the WSUS reports to show only the details for the last cloned machine that connected.
Oh good. So if Machine A fails to apply a patch for whatever reason and machine B comes along 5 minutes later with exactly the same SID but gets on fine.... you'll never know about machine A?
Thing is, in Mac OS X there isn't a registry to scatter everything all over.
Myself, I am firmly of the opinion that Microsoft have allowed third-party app developers to produce apps that behave like that for far too long. The very concept of a single user being granted supreme executive power (with apologies to Python) over a system has been considered detrimental to security for years, Microsoft would actually have been doing some real innovation if they'd done away with that while retaining a reasonable degree of usability but NOOOOOO....
The real threat nowadays is hostile stuff on the web, which things like Norton suck balls at handling - Spybot S&D is really the only protection you need now.
This is why the commercial editions of most AV products are moving away from AV and towards a complete, centrally managed security solution covering AV, software firewall (with control over what processes can communicate with the outside world), antispyware and quite possibly browser protection.
It doesn't help that Windows cannot easily be set up to prevent a lot of things from being done.
Sure, you can block access to Control Panel (or indeed some aspects of control panel) but quite often the underlying config changes that the Control Panel applets provide control over are not protected - and it is not by any stretch unusual to find an application which will carry out such changes itself.
Disclaimer: I must concede that my experience concerning this is only with NT4 - GPO allows you to lock things down a lot more tightly but at the same time IMO it offers too many configuration options. Locking everything down properly can be a hell of a task.
There are, of course, ifs and buts concerning that - chiefly that we assume that any given hash is as likely to come up as any other given hash.
So far this seems to be the case with SHA256 but AFAIK nobody's formally proved it. It's possible (albeit unlikely) that a relatively straightforward means of generating collisions will be announced tomorrow.
As far as I know, nobody has ever been successfully sued for violating a license agreement (as opposed to copyright law itself, or the DMCA) included with a movie DVD, so your analogy fails.
Psystar, more or less by the definition of their own business model, are copying OS X in order to install it on their hackintoshes. (Copying from the install media).
They are then selling these hackintoshes, complete with the copied OS.
Apple's argument, AFAICT, boils down to the idea that this copy is copyright infringement - nowhere near as bad as the MP|RIAA would make out - and selling it is committing copyright infringement for profit.
(Myself I think it's stretching it a little to call "installing an OS constitutes making a copy and hence copyright infringement unless you do so in accordance with our terms, ipso facto selling a PC with the installed OS is making a profit out of copyright infringement and a Very Bad Thing Indeed", but the whole point of a lawsuit is when A and B disagree, you have a disinterested third party, C, make the decision).
And Microsoft are in a fantastically strong position to significantly reduce their numbers - let's face it, a small business doing this costs them far more than an end user.
How? Simple.
"New from Microsoft: If your PC shipped with this illegal copy of Windows, fax or email a copy of your invoice and we'll give you a FREE legitimate copy. (We'll also set the BSA on the retailer)."
I bought a legal copy of xp pro from a local retail store.. its cd key clearly visible through the transparent wrapping. No they didn't have a box, "that's all there is" they told me.
In that case you almost certainly bought an OEM copy - full retail copies are boxed.
If a hash were a replacement for data. that's all we'd need....goedelize the universe?
Sometimes I just want to scream, or weep, or shoot everybody....or just drop to my knees and beg them to think - just a little tiny insignificant bit - think. Maybe it'll add up. Probably not, but it's the best I can do.
Which is why ZFS allows you to specify using a proper file comparison rather than just a hash.
It's unlikely you'll have a collision considering it's a 256-bit hash but, as you allude, that likelihood does go up somewhat when you're dealing with a filesystem which is designed to (and therefore presumably does) handle terabytes of information.
And before anyone chimes in with "But nobody will give you a refund for opened software!", let me add:
That, legally, is your problem.
I'm in the UK but AFAIK most countries' consumer legislation have it so that the purchaser's contract is with the retailer and there are some automatic rights to return in the event that the item is faulty or not fit for purpose. (If that purpose is not the intended purpose of the product, then this is the consumer's problem... UNLESS s/he advised the retailer prior to purchase and was assured that the product would be OK)
A hackintosh definitely falls under the heading of "not the intended purpose", and no respectable retailer will tell you that OS X will work on one.
But itunes, amazon books, and steam games seem to be functioning pretty well. Granted they use drm, but their success shows that users are willing to accept and pay for it if a greater service is provided. The above examples demonstrate that digital media services can work as long as their implementation details are hashed out.
Minor nit: Apple completed the job of removing all DRM from iTunes earlier this year. All tracks are now DRM-free 256Kbps AAC. (Though they do still embed the purchasers' name and email address in the file).
> 3. Thin Clients: Tell that to the guys over at TiVo that thin-client set-top-boxes are bunk.
Nevermind the Tivo. Web based "thin client computing" has been on the rise in corporate computing for over 10 years now. There are a lot of corporate Windows users that use what is essentially a Windows based dumb terminal. Larger companies even go out of their way to make sure that changing the setup on your desktop office PC is about as hard as doing the same to a Tivo.
Client based computing (java or.net) is infact "all the rage".
They've been doing that for years. Strangely, even when your desktop PCs are locked down so tight they may as well be dumb terminals, a lot of people will still scream blue murder if it really is a dumb terminal being put on their desk.
When Steve Jobs killed the clone market, he offered nothing to the companies that made clones. There is no more Power Computing, Inc. and the other companies that made the clones don't make computers any more. There wasn't so much as a handshake. It was "sorry, can't be bothered" and boom! The companies folded. I have to say that, during these economic times, I have a lot of trouble having any sympathy towards someone who causes job loss like that.
Are you aware of the history behind that? Apple are not - and never have been - very good at competing at the commodity level, which is exactly what the clone market did to their products. Their options were basically:
1. Kill the clone market. 2. Die.
As for the clone makers, they presumably read the contracts they had with Apple. IMO, basing your entire business on the continued functioning and goodwill of another party without at least having a plan B is very dangerous.
I really do wish people making such bold assertions would do a little research to back them up.
If Wikipedia is to be believed, EULAs may (at least in the US in some circumstances) be perfectly enforceable, so it's nowhere near as clear-cut as you make out.
On somewhat unrelated, but interesting note: Now that SSDs (and, potentially PRAM) are picking of speed, it may well be possible to to run programs directly off the HD. This would completely sidestep all this 'copying to RAM is infringement' BS
Not without some major OS (and possibly hardware) re-architecture, seeing as disks aren't usually memory mapped.
Slashdot Mirror
The obvious solution to potential application breakage is you provide a sandbox so the application thinks it's writing where it wants to. Though I'm not sure if the overhead involved in that may have been prohibitive back in the days of NT4.
Regarding developers being sloppy - while I am not a developer, I can take a fairly well educated guess at a number of contributing factors:
Probability and actuality are 2 different things. Just because the probability is low doesn't mean it won't happen with the first 2 blocks encountered. I don't see how this (using a hash) can work given that the results are not guaranteed.
We are not talking "probability so low you'd be better off entering the lottery". We are talking "probability so low you'd be more likely to win every lottery in existence on the planet simultaneously".
As I've already said, you can enable full checking if you are really paranoid - and some applications where you need to put a cast-iron guarantee on data integrity (possibly financial or health related) probably would. For the rest of us, I wouldn't be so bothered.
you can drive nails into your balls. Its not necessarily a good idea though.
It isn't? Damn, I knew I was doing something wrong.
Except if your clock has an error of +/- 5 minutes.
Then you need a new clock.
Depends also on the laws of the country where the car is sold.
Here in the UK a speedo may overread by as much as 10% but it may not underread at all. As a consequence, most car speedometers tend to overread.
This is absolutely correct.
Identical machine SIDs and WSUS identifiers (stored in the registry) don't stop the updates from being applied...they just cause the WSUS reports to show only the details for the last cloned machine that connected.
Oh good. So if Machine A fails to apply a patch for whatever reason and machine B comes along 5 minutes later with exactly the same SID but gets on fine.... you'll never know about machine A?
Thing is, in Mac OS X there isn't a registry to scatter everything all over.
Myself, I am firmly of the opinion that Microsoft have allowed third-party app developers to produce apps that behave like that for far too long. The very concept of a single user being granted supreme executive power (with apologies to Python) over a system has been considered detrimental to security for years, Microsoft would actually have been doing some real innovation if they'd done away with that while retaining a reasonable degree of usability but NOOOOOO....
Think of it from the wife's perspective.
They've been good and faithful for ten years, and BAM, syphyllis, HIV, and herpes.
Because they KNEW their husband wasn't a dirty cheating bastard.
Can tell you're not married. No woman who's been married for 10 years still has sex with her husband.
The real threat nowadays is hostile stuff on the web, which things like Norton suck balls at handling - Spybot S&D is really the only protection you need now.
This is why the commercial editions of most AV products are moving away from AV and towards a complete, centrally managed security solution covering AV, software firewall (with control over what processes can communicate with the outside world), antispyware and quite possibly browser protection.
It doesn't help that Windows cannot easily be set up to prevent a lot of things from being done.
Sure, you can block access to Control Panel (or indeed some aspects of control panel) but quite often the underlying config changes that the Control Panel applets provide control over are not protected - and it is not by any stretch unusual to find an application which will carry out such changes itself.
Disclaimer: I must concede that my experience concerning this is only with NT4 - GPO allows you to lock things down a lot more tightly but at the same time IMO it offers too many configuration options. Locking everything down properly can be a hell of a task.
Lesson learned - Give the same system rights to your windows users as your Linux users have, and they can't get infected even if they wanted to.
Not a virus in the strict sense of the word, but AFAIK most modern viruses aren't - they're trojans and worms which don't depend on admin rights.
There are, of course, ifs and buts concerning that - chiefly that we assume that any given hash is as likely to come up as any other given hash.
So far this seems to be the case with SHA256 but AFAIK nobody's formally proved it. It's possible (albeit unlikely) that a relatively straightforward means of generating collisions will be announced tomorrow.
As far as I know, nobody has ever been successfully sued for violating a license agreement (as opposed to copyright law itself, or the DMCA) included with a movie DVD, so your analogy fails.
Psystar, more or less by the definition of their own business model, are copying OS X in order to install it on their hackintoshes. (Copying from the install media).
They are then selling these hackintoshes, complete with the copied OS.
Apple's argument, AFAICT, boils down to the idea that this copy is copyright infringement - nowhere near as bad as the MP|RIAA would make out - and selling it is committing copyright infringement for profit.
(Myself I think it's stretching it a little to call "installing an OS constitutes making a copy and hence copyright infringement unless you do so in accordance with our terms, ipso facto selling a PC with the installed OS is making a profit out of copyright infringement and a Very Bad Thing Indeed", but the whole point of a lawsuit is when A and B disagree, you have a disinterested third party, C, make the decision).
And Microsoft are in a fantastically strong position to significantly reduce their numbers - let's face it, a small business doing this costs them far more than an end user.
How? Simple.
"New from Microsoft: If your PC shipped with this illegal copy of Windows, fax or email a copy of your invoice and we'll give you a FREE legitimate copy. (We'll also set the BSA on the retailer)."
I bought a legal copy of xp pro from a local retail store.. its cd key clearly visible through the transparent wrapping.
No they didn't have a box, "that's all there is" they told me.
In that case you almost certainly bought an OEM copy - full retail copies are boxed.
Everybody knows that Windows requires regular reinstallation, so you have nobody to blame but yourself.
Really?
At the risk of being modded troll, this hasn't really been true IME since the Bad Old Days of Win9x (and to a lesser extent NT4)
I could see it for write-only media.
I had a CD writer like that once.
If a hash were a replacement for data. that's all we'd need....goedelize the universe?
Sometimes I just want to scream, or weep, or shoot everybody....or just drop to my knees and beg them to think - just a little tiny insignificant bit - think. Maybe it'll add up. Probably not, but it's the best I can do.
Which is why ZFS allows you to specify using a proper file comparison rather than just a hash.
It's unlikely you'll have a collision considering it's a 256-bit hash but, as you allude, that likelihood does go up somewhat when you're dealing with a filesystem which is designed to (and therefore presumably does) handle terabytes of information.
And before anyone chimes in with "But nobody will give you a refund for opened software!", let me add:
That, legally, is your problem.
I'm in the UK but AFAIK most countries' consumer legislation have it so that the purchaser's contract is with the retailer and there are some automatic rights to return in the event that the item is faulty or not fit for purpose. (If that purpose is not the intended purpose of the product, then this is the consumer's problem... UNLESS s/he advised the retailer prior to purchase and was assured that the product would be OK)
A hackintosh definitely falls under the heading of "not the intended purpose", and no respectable retailer will tell you that OS X will work on one.
Why do you believe that EULAs are entirely unenforceable? Have you any case or statue law to back up this assertion?
But itunes, amazon books, and steam games seem to be functioning pretty well. Granted they use drm, but their success shows that users are willing to accept and pay for it if a greater service is provided. The above examples demonstrate that digital media services can work as long as their implementation details are hashed out.
Minor nit: Apple completed the job of removing all DRM from iTunes earlier this year. All tracks are now DRM-free 256Kbps AAC. (Though they do still embed the purchasers' name and email address in the file).
> 3. Thin Clients: Tell that to the guys over at TiVo that thin-client set-top-boxes are bunk.
Nevermind the Tivo. Web based "thin client computing" has been on the rise in corporate computing for over 10 years now. There are a lot of corporate Windows users that use what is essentially a Windows based dumb terminal. Larger companies even go out of their way to make sure that changing the setup on your desktop office PC is about as hard as doing the same to a Tivo.
Client based computing (java or .net) is infact "all the rage".
They've been doing that for years. Strangely, even when your desktop PCs are locked down so tight they may as well be dumb terminals, a lot of people will still scream blue murder if it really is a dumb terminal being put on their desk.
When Steve Jobs killed the clone market, he offered nothing to the companies that made clones. There is no more Power Computing, Inc. and the other companies that made the clones don't make computers any more. There wasn't so much as a handshake. It was "sorry, can't be bothered" and boom! The companies folded. I have to say that, during these economic times, I have a lot of trouble having any sympathy towards someone who causes job loss like that.
Are you aware of the history behind that? Apple are not - and never have been - very good at competing at the commodity level, which is exactly what the clone market did to their products. Their options were basically:
1. Kill the clone market.
2. Die.
As for the clone makers, they presumably read the contracts they had with Apple. IMO, basing your entire business on the continued functioning and goodwill of another party without at least having a plan B is very dangerous.
I really do wish people making such bold assertions would do a little research to back them up.
If Wikipedia is to be believed, EULAs may (at least in the US in some circumstances) be perfectly enforceable, so it's nowhere near as clear-cut as you make out.
On somewhat unrelated, but interesting note: Now that SSDs (and, potentially PRAM) are picking of speed, it may well be possible to to run programs directly off the HD. This would completely sidestep all this 'copying to RAM is infringement' BS
Not without some major OS (and possibly hardware) re-architecture, seeing as disks aren't usually memory mapped.