Funny, something very similar with Sony Vaio laptops led me to drop them as a business supplier.
There is a reason why Dell, IBM et al are still selling laptops that cost 30-60% more to businesses and succeeding in doing so. It's amazing what businesses will pay in the name of not having to put up with that sort of rubbish.
This is a re-run of the old "you don't need a full-blown PC on your desk, you can make do with a dumb terminal" meme that was going around when I was at University. (Scary bit is that's ten years ago now).
The argument then was that networks were fast enough that you could use a bunch of dumb terminals (cheaper than Windows PCs) and save much of the messing around with things like domains and (then quite new) Active Directory.
IIRC, it wasn't that great a solution because instead of hiring a half a dozen support monkeys, you had to hire a couple of server gurus who really knew their stuff and were considerably more expensive to hire - and even then there were all sorts of caveats that didn't exist in the "PC on desk" paradigm. ISTR printing was a big one.
I don't really see that these arguments have been entirely eliminated. They've been greatly reduced by the advent of AJAX-driven SaaS applications, pervasive wireless and 3G data dongles, but I wonder if that's enough.
I use Windows at work. I can't say that I spend a whole lot of time "managing" my computer. I'm too busy getting work done— and hanging out on Slashdot, of course;).
If you're working for a company of any appreciable size, there is a very good chance your IT department is using AD to ensure that the amount of work you have to do in terms of managing your computer is nil or as near as possible nil.
If you're not working for a company of any appreciable size, the amount of work you'd have to do is pretty small anyway.
Someone else has already mentioned the fedora directory project, but you don't even need to go that far.
It's easy enough to get a Linux box to pick up user and group information from Active Directory. Once you've done that, you can set file ownership on files on the Linux box so they're owned by AD groups/users and Bob's your uncle.
That doesn't solve all your problems, however, because Linux applications seldom plug into the underlying authentication structure as neatly and seamlessly as Windows applications do. (I'm aware of PAM and how it works. I stand by my statement). The upshot is your box can be talking to AD just fine but the userland application that provides the actual service you want to use (eg. samba or a web app) can still show integration issues.
For practical purposes it still opens up all sorts of issues. Taking AV as the example, let's say for the sake of argument MS do bundle Security Essentials with Windows 8 and it does force (at least domestic AV products) out of the market. That sort of thing is not going to have hordes of people rushing to download Ubuntu, regardless of how mature Ubuntu is.
Either way, how are you going to sell an ebook - possibly the ultimate commodity item - at a price substantially higher than RRP when Apple can sell at RRP, still make a profit and you can't?
I read it as: Publishers used to offer a 50% discount. These days, they generally offer a 30% discount. The nature of our agreements with publishers is such that anyone who's getting a 50% discount won't continue to do so for long.
Well and good, so we have a 30% margin assuming we sell at RRP. As does everyone else. So along come Apple, and they ask us to give them 30% of the amount we charge as a royalty.
Hang on a minute. That means that the only way we can make any money at all is to ramp our price up to substantially higher than the recommended retail. Apple, meanwhile, not being stuck with this somewhat onerous demand, can sell books through iTunes at precisely recommended retail.
Meh. Like any security model, it's only good if it gets used properly in the real world.
Windows has a perfectly good security model, it's only when exposed to real-world use it falls over horribly. Make it too complex and people will do everything in their power to undermine it.
Funny, works just fine with this SIP phone I've got here.
SIP isn't the first protocol to be designed with precisely zero regard for the real world and it won't be the last. Right now we're going through an awkward period because getting around NAT is still not something that's really very well standardised. Should you use a proxy? An application-aware firewall? Not use NAT at all? Whether or not those issues get resolved before the world starts using IPv6 or as a side effect of IPv6 remains to be seen.
The good news is that there's a protocol which provides the means for anyone to implement an alternative to skype, and lots of people already have. There's even hardware that supports it natively so you don't need to teach your grandma to use a software client. You buy the special phone, set it up for her and away she goes. It even supports video calls, it's called SIP.
The bad news is that outside of businesses, few people are using it. You can't use it to call other Skype users directly unless they've got a SkypeIn number; they can't call you directly unless they buy Skype credit, which costs them money. SIP to SIP calls are usually free, but even when people use SIP I've never seen anyone publish their SIP contact details. Only ever a PSTN number they've got associated with the SIP account.
If you're running two bonded 1Gb connections from a database server to serve 25 users in a school and it's not fast enough, I can only think of two possible explanations:
1. It's a university rather than a school, and it's a big dataset being used for reasonably high-tech research. 2. Your problem is not the network.
When you run a company - any company - there are really only two things you can do to increase profit.
The first is increase the money coming in through sales - maybe by upping your prices, selling more things to your customers or getting more customers.
The second is cut costs - maybe find cheaper office space or reduce staff cost.
The first one is difficult, expensive and risky. Upping prices may alienate customers, selling more things means finding more things to sell and getting more customers (maybe advertising, maybe changing sales staff incentives) is damn hard work, and nobody really knows how to do it with any guaranteed degree of success. History is paved with examples of companies that tried to do something big to increase sales and it spectacularly backfired.
But most companies of any appreciable size have huge costs and typically 50% or more of these costs come from staff. Cutting costs is easy, and when you have no easy way to measure individual staff performance (which, let's face it, outside of sales is often quite hard to do) many senior managers assume that one developer, one accounting clerk, one customer service rep, one sysadmin is much the same as any other. So it makes a lot of sense to do everything you can to reduce those costs - moving software development to India, for instance.
Does it actually need to with LinuxBIOS? I thought most operating systems more-or-less ignored the BIOS routines. Though I suppose bootloaders might use them, so you may have to emulate something there.
Part of the issue is how these sites market themselves. Many sell themselves as "a fast, easy, secure way to send files to friends and colleagues without being hit by such bothersome things as email size limits or limits on sending executables".
The security they provide varies. Some allow you to password-protect the download (so nobody's getting it without entering the password first). Others don't do this, the security stems from the URL they give you to include in the email being apparently-random and not published anywhere. Security through obscurity, in other words. To you and me, this is a disaster waiting to happen, but these products aren't being used by you and me. They're being used by others in the business who are annoyed that the IT department is blocking them from sending out a particular attachment, and rather than ask the IT department to come up with a solution are instead using such a service. It's actually pretty common for these companies to offer corporate accounts so you can give your users a solution which is branded with your company name and logo and allows you to enforce rules regarding what options users may choose when they come to send a file. But corporate accounts cost money, getting the money means setting up a project and will take a minimum of a couple of months. This file needs to reach the recipient in a couple of hours.
These researchers have demonstrated that not only are the URLs generated not particularly random, they're easy to guess and people are already guessing them left and right.
But if you're looking to it to change society in 50 years - no chance. This isn't something you can do in a couple of generations; even the Industrial Revolution - the biggest, fastest societal change in history - took place over the course of about 100-150 years.
Replying to myself, but I pushed the file through VirusTotal (which runs suspect files through a whole host of AV engines). Somewhat depressingly, most of them didn't catch it.
Slashdot Mirror
Funny, something very similar with Sony Vaio laptops led me to drop them as a business supplier.
There is a reason why Dell, IBM et al are still selling laptops that cost 30-60% more to businesses and succeeding in doing so. It's amazing what businesses will pay in the name of not having to put up with that sort of rubbish.
This is a re-run of the old "you don't need a full-blown PC on your desk, you can make do with a dumb terminal" meme that was going around when I was at University. (Scary bit is that's ten years ago now).
The argument then was that networks were fast enough that you could use a bunch of dumb terminals (cheaper than Windows PCs) and save much of the messing around with things like domains and (then quite new) Active Directory.
IIRC, it wasn't that great a solution because instead of hiring a half a dozen support monkeys, you had to hire a couple of server gurus who really knew their stuff and were considerably more expensive to hire - and even then there were all sorts of caveats that didn't exist in the "PC on desk" paradigm. ISTR printing was a big one.
I don't really see that these arguments have been entirely eliminated. They've been greatly reduced by the advent of AJAX-driven SaaS applications, pervasive wireless and 3G data dongles, but I wonder if that's enough.
I use Windows at work. I can't say that I spend a whole lot of time "managing" my computer. I'm too busy getting work done— and hanging out on Slashdot, of course ;).
If you're working for a company of any appreciable size, there is a very good chance your IT department is using AD to ensure that the amount of work you have to do in terms of managing your computer is nil or as near as possible nil.
If you're not working for a company of any appreciable size, the amount of work you'd have to do is pretty small anyway.
Purely out of curiosity, is there any such thing as a modern nuclear reactor operating commercially anywhere in the world?
Someone else has already mentioned the fedora directory project, but you don't even need to go that far.
It's easy enough to get a Linux box to pick up user and group information from Active Directory. Once you've done that, you can set file ownership on files on the Linux box so they're owned by AD groups/users and Bob's your uncle.
That doesn't solve all your problems, however, because Linux applications seldom plug into the underlying authentication structure as neatly and seamlessly as Windows applications do. (I'm aware of PAM and how it works. I stand by my statement). The upshot is your box can be talking to AD just fine but the userland application that provides the actual service you want to use (eg. samba or a web app) can still show integration issues.
They bought it as part of an acquisition and haven't had time to mess it up yet.
For practical purposes it still opens up all sorts of issues. Taking AV as the example, let's say for the sake of argument MS do bundle Security Essentials with Windows 8 and it does force (at least domestic AV products) out of the market. That sort of thing is not going to have hordes of people rushing to download Ubuntu, regardless of how mature Ubuntu is.
Either way, how are you going to sell an ebook - possibly the ultimate commodity item - at a price substantially higher than RRP when Apple can sell at RRP, still make a profit and you can't?
That wasn't quite how I read it.
I read it as: Publishers used to offer a 50% discount. These days, they generally offer a 30% discount. The nature of our agreements with publishers is such that anyone who's getting a 50% discount won't continue to do so for long.
Well and good, so we have a 30% margin assuming we sell at RRP. As does everyone else. So along come Apple, and they ask us to give them 30% of the amount we charge as a royalty.
Hang on a minute. That means that the only way we can make any money at all is to ramp our price up to substantially higher than the recommended retail. Apple, meanwhile, not being stuck with this somewhat onerous demand, can sell books through iTunes at precisely recommended retail.
You know what? I'm not entirely convinced.
It may lead to stronger heuristics, but I can also see it leading to about a thousand variants, all just different enough to avoid tripping a scanner.
Meh. Like any security model, it's only good if it gets used properly in the real world.
Windows has a perfectly good security model, it's only when exposed to real-world use it falls over horribly. Make it too complex and people will do everything in their power to undermine it.
If he's got 25 people opening a 2GB Access database simultaneously, I refer you to explanation 2. The network is not the problem.
Funny, works just fine with this SIP phone I've got here.
SIP isn't the first protocol to be designed with precisely zero regard for the real world and it won't be the last. Right now we're going through an awkward period because getting around NAT is still not something that's really very well standardised. Should you use a proxy? An application-aware firewall? Not use NAT at all? Whether or not those issues get resolved before the world starts using IPv6 or as a side effect of IPv6 remains to be seen.
That's more-or-less what I meant by "your problem is not the network" ;)
You want the good or the bad news?
The good news is that there's a protocol which provides the means for anyone to implement an alternative to skype, and lots of people already have. There's even hardware that supports it natively so you don't need to teach your grandma to use a software client. You buy the special phone, set it up for her and away she goes. It even supports video calls, it's called SIP.
The bad news is that outside of businesses, few people are using it. You can't use it to call other Skype users directly unless they've got a SkypeIn number; they can't call you directly unless they buy Skype credit, which costs them money. SIP to SIP calls are usually free, but even when people use SIP I've never seen anyone publish their SIP contact details. Only ever a PSTN number they've got associated with the SIP account.
If you're running two bonded 1Gb connections from a database server to serve 25 users in a school and it's not fast enough, I can only think of two possible explanations:
1. It's a university rather than a school, and it's a big dataset being used for reasonably high-tech research.
2. Your problem is not the network.
Simple.
When you run a company - any company - there are really only two things you can do to increase profit.
The first is increase the money coming in through sales - maybe by upping your prices, selling more things to your customers or getting more customers.
The second is cut costs - maybe find cheaper office space or reduce staff cost.
The first one is difficult, expensive and risky. Upping prices may alienate customers, selling more things means finding more things to sell and getting more customers (maybe advertising, maybe changing sales staff incentives) is damn hard work, and nobody really knows how to do it with any guaranteed degree of success. History is paved with examples of companies that tried to do something big to increase sales and it spectacularly backfired.
But most companies of any appreciable size have huge costs and typically 50% or more of these costs come from staff. Cutting costs is easy, and when you have no easy way to measure individual staff performance (which, let's face it, outside of sales is often quite hard to do) many senior managers assume that one developer, one accounting clerk, one customer service rep, one sysadmin is much the same as any other. So it makes a lot of sense to do everything you can to reduce those costs - moving software development to India, for instance.
Does it actually need to with LinuxBIOS? I thought most operating systems more-or-less ignored the BIOS routines. Though I suppose bootloaders might use them, so you may have to emulate something there.
Part of the issue is how these sites market themselves. Many sell themselves as "a fast, easy, secure way to send files to friends and colleagues without being hit by such bothersome things as email size limits or limits on sending executables".
The security they provide varies. Some allow you to password-protect the download (so nobody's getting it without entering the password first). Others don't do this, the security stems from the URL they give you to include in the email being apparently-random and not published anywhere. Security through obscurity, in other words. To you and me, this is a disaster waiting to happen, but these products aren't being used by you and me. They're being used by others in the business who are annoyed that the IT department is blocking them from sending out a particular attachment, and rather than ask the IT department to come up with a solution are instead using such a service. It's actually pretty common for these companies to offer corporate accounts so you can give your users a solution which is branded with your company name and logo and allows you to enforce rules regarding what options users may choose when they come to send a file. But corporate accounts cost money, getting the money means setting up a project and will take a minimum of a couple of months. This file needs to reach the recipient in a couple of hours.
These researchers have demonstrated that not only are the URLs generated not particularly random, they're easy to guess and people are already guessing them left and right.
You've never heard of the Nürburgring, have you?
http://en.wikipedia.org/wiki/Nürburgring
"...is widely considered the toughest, most dangerous, and most demanding purpose-built racing circuit in the world."
Unless Safari picked up the configuration from when I migrated from a machine running Tiger, Snow Leopard does exactly the same thing.
I tried this myself. It downloads a zip which contains a .mpkg, which OS X automatically executes.
It's linked to from here if you want to try it yourself:
http://cobbaut.blogspot.com/
The installation process itself is not automated, you'd still need to click through and enter your admin password, but I didn't let it get that far.
Oh, education works perfectly well.
But if you're looking to it to change society in 50 years - no chance. This isn't something you can do in a couple of generations; even the Industrial Revolution - the biggest, fastest societal change in history - took place over the course of about 100-150 years.
Replying to myself, but I pushed the file through VirusTotal (which runs suspect files through a whole host of AV engines). Somewhat depressingly, most of them didn't catch it.
The results are here if anyone's interested.
I let it complete downloading, the zip file contains a Mac application called MacProtector and it fires up an installer immediately.
In other words, it's started. Mac users can't be complacent any more.