Why should it matter if Microsoft "supports" it? Microsoft won't be the ones writing the device drivers.
Microsoft has a vested interest in HD-DVD, as their codec was chosen. Microsoft stands to make a lot of money off of licensing their codec if HD-DVD is the winner, plus they can refuse to let their codec be used on Linux. Is it any wonder that Microsoft doesn't support Blue-ray?
Sure, Microsoft could use their monopoly position to sabotage Blue-ray, but it would be stupid for them to do so given their current anti-trust problems. So, lack of support in this case really just means that they'll make a lot of noise about the issue.
1. Make sure you investigate Microsoft licensing issues. In our environment, we would have to purchase a CAL for every Linux, OS X and other *NIX system that wanted to play in the Active Directory. Just because you technically can do something doesn't mean you're legally allowed to do it. Microsoft licensing is extremely complex.
2. Decide on a method for authentication. I suggest using Kerberos 5, since that's what Active Directory uses. You must make a choice -- use Active Directory as your KDC, or use MIT or Heimdal as your KDC with a trust between it and the Active Directory. Due to licensing, and technical reasons, we use an MIT KDC, with a 1 way trust (AD trusts the MIT KDC, the MIT KDC doesn't trust AD). The technical reasons boil down to:
Microsoft only supports DES-CBC-CRC, DES-CBC-MD5, RC4-HMAC encryption types. Lots of existing Kerberos clients don't support RC4-HMAC, which leaves DES. Yuk.
Microsoft's Kerberos adds a PAC field to the ticket, which can make for very large kerberos tickets. Lots of existing Kerberos clients have problems with this.
Note that you could choose to have Windows systems authenticate against the AD or authenticate against the MIT Keberos realm, and have non-Windows systems use an MIT KDC.
2. Redirect passwd file lookups to LDAP. You already have an LDAP server -- Active Directory. You'll need to add the LDAP schema defined in RFC 2307, and will need to add the posixAccount auxillary class to all of your users. Part of that process involves putting the passwd file information like uid, gid, geckos, homeDirectory, and shell information in the appropriate attributes.
Again, due to licensing issues, and the fact that we already had an enterprise LDAP directory, we chose to not use Active Directory for this purpose. But, it certainly can be done.
3. On the linux desktop systems, use pam_krb5 to redirect authentication to kerberos, and configure nsswitch.conf and ldap.conf to redirect passwd file lookups to LDAP. On RedHat systems, you can do it all from authconfig, although I think it's helpful to know the files involved.
4. I like pam_access for restricting who is allowed to log in on a given workstation. pam_access can restrict to members of groups, and those groups can be posixGroup objects in LDAP/Active Directory.
I think it's helpful to have home directories on a central server. We use OpenAFS. I don't know if it's possible to have a user's home directory on a Microsoft share or not. If not, you'll probably still be in the business of creating home directories on desktops. Microsoft has some NFS thing for Windows. I haven't used it, so I'll refrain from commenting, other than to remind you to research potential licensing issues.
A lot of this will work across a number of platforms. I have it working on Linux and OS X.
Beyond the stuff above, for managing lots of Linux desktops there are lots of options, but they're probably all roll your own type things. If you have a few standard configurations, you could use rsync. Or have them all point to a central YUM repository, or... Well, there are tons of ways. I can't give you a postmortem on that, because we don't have lots of Linux desktops in our environment yet. Centralized management doesn't make sense for the few that we have.
Read up on kerberos. There's a fair amount to get your head around. If you can explain why kerberos authentication is better than "ldap authentication" you should be in pretty good shape.
Disabling autorun wouldn't have prevented this. Trusted computing wouldn't have prevented this. Not running as Administrator wouldn't have prevented this. The issue is Sony violating people's trust.
Tons of people got suckered into installing this because they trusted Sony. The CD won't play without Sony's player installed, so most people would have browsed into the CD and found an installer if they had autorun disabled. In a trusted computing world, Sony would have had a valid signature, so their software would have been "trusted" by the OS, so it would install just fine. If it prompted users for their Administrator password, most people would supply it, because it's generally needed to install software. Mark Russinovich even fell prey to this, although he was smart enough to figure out that he had been rooted, and how. The issue certainly isn't about users being too dumb, because Mark is not dumb, it's about companies taking advantage of the implicit trust that comes with their being viewed as a "legitimate" company.
The trust issue goes much, much deeper, as Bruce Schneier points out on his blog. Where were the anti-virus companies during all of this? Where was Microsoft during all of this? It has the appearance that they were all colluding with Sony. A question that should be asked of each of those companies is "were they in on it, or were they just incompetent?" Either way, it's not encouraging.
Why is this a troll? Microsoft has a very bad track record of abusing standards. The parent post seems like a very valid suggestion. Just because a product claims to support Open Document doesn't mean that it actually does. The only way to be sure is to test.
I think the one you mean is e^(i*pi) - 1 = 0. That's "Euler's Formula", athough there are many formulas that go by that name... An interesting excercise is to show why that formula is true.
I'll just address point 1, "Lack of Microsoft Office"
Sorry all you OpenOffice guys, you have to face facts though, Microsoft Office is THE BUSINESS STANDARD. Just about every major business under the sun uses the Microsoft Office suite, it is installed on all desktop workstations from the Janitor to the CEO.
MS Office is currently the de facto standard. This will hopefully change with the OASIS Open Document standard. As more and more governments adopt this standard (Massachusetts, various countries in Europe), hopefully businesses will too. While it's not in Microsoft's interest to have Open Document become the standard document format, it is in everyone else's interest.
Once that occurs, Open Office is just one player in the office suite market. It can fill a very specific niche -- a free office suite. You're not going to get call centers, etc for a free product. That doesn't mean that the product is useless. There clearly is a market for 3rd party support vendors.
Your requirements for Open Office to be successful:
offers technical support (excluding forums, because mom & dad want to be able to call someone)
Open Office may not ever support such a thing. "Linux" doesn't offer such a thing, while companies like RedHat do. In a similar vein, support contracts are available for Star Office. I suspect if you search around a bit, you could find a company that would offer support for Open Office as well.
can be purchased, even at a nominal price in places like Costco
This isn't necessary for corporate adoption. What would be nice is if Dell, Gateway, etc would offer Open Office as an option when purchasing a system. Again, Microsoft's abuse of its monopoly position makes this impossible for practical purposes.
then it will become more popular and has a chance on the desktops of corporate America, provided of course that it is 100% compatible with whatever the current version of Microsoft Office is.
I think the world is starting to wise up, and Microsoft Office document format will not be the commonly used standard for too much longer. There's a good chance that the OASIS Open Document will be submitted to ISO. If Open Document becomes an ISO standard, and Microsoft chooses not to play, they will be locked out of some markets they currently dominate.
The problem is not web admins. The problem is with clueless end users who are careless with sensitive data. As an admin, you're faced with hundreds of gigs to terabytes of stuff on your servers. It is impossible to police it. How would you begin to go about searching for social security numbers? Think of all the ways it could be encoded, and all of the false positives you would find in conducting such a search.
I could be wrong here. If someone knows a way to scan an entire enterprise, when you don't have admin access to a number of the systems, and you don't have a list of all of the programs which are in use (so you don't know all the proprietary data formats), I would love to hear about your solution. Oh, you probably also need to be able to search documents and databases for encrypted versions, even though you don't have the keys... Management at the university I work for asked how we could scan the enterprise to find all sensitve data after we had a similar incident.
The person who posted the data on the website is clearly the one who is responsible for that data. That would be the retired faculty member. An admin is responsible for keeping the web server running. Was the information available on the Internet? If so, the admin was doing a their job well.
There are some fundamental questions universities need to be asking themselves:
Why do faculty members have access to Social Security numbers?
What are you doing with Social Security numbers to begin with? Sure, you need them for employees, but why for students?
Why do faculty members have access to other sensitive pieces of data? If they don't need it, they shouldn't have access (principal of least privilege)
Why doesn't the government step in in these situations? Clearly this is a FERPA violation on a huge scale. The individual who put the information on the website ultimately should be held accountable. If nothing else, action should be taken against the university. If the university gets more than a slap on the wrist, you can bet that the next person to do something dumb like this will be held accountable by the university.
I probably shouldn't ask for that, as they'll probably decide it's the sys admin's fault...
Well, I was thinking more in terms of PowerPC, x86, IA64, Sparc, etc. Yes, the more general mainstream architectures. It's not a Microsoft problem, but rather an industry problem.
Also, obviously I wasn't talking about Harvard Architecture... The "all" I was referring to was a general "all" not an absolute. Yeah, that's it. =)
Lately it seems that hardware companies are in the game -- e.g. Intel processors with features designed to make up for the deficiencies of Ballmer's bunch in Redmond.
I think this is the wrong view to take. Buffer overflows exist on all platforms, despite being a problem that has been known about for decades. This is once case where Microsoft's use of their monopoly position was for the good of mankind.
With NX support, buffers can still be overflowed, but the attacker can't run code they've written. They can still jump to the entry point of any valid function that's in memory, and can select the arguments which will be passed to that function. In practice, non-executable page tables make a huge dent in the remote exploit due to buffer overflow problem.
Intel has had no-execute memory protection since the 386, but only offered it for segments, not pages. But, nobody (ok, practically nobody) designs a segmented OS these days. Everyone uses paging. Segmentation is one of those legacy things in the x86 architecture which should be taken out and shot. Only they can't because it would break backwards compatibility.
So, these newer features really are designed to make up for the deficiencies of programmers. It seems programmers are not capable of writing code which is free from buffer overflows. Well, at least not in C...
Who said they're settling on Open Office? Microsoft apparently has confused Open Document with Open Office -- one is a standard, the other is software. MA has been selecting document formats, not software. Based on that outcome, Microsoft has decided that they don't want to be considered.
It's possible someone else will come up with a plugin for Office which lets it read and write Open Document format. If so, MA could continue using Office and still meet their deadline.
Using your reasoning, everyone should still be using WordStar, VisiCalc and CP/M... And they should never upgrade verions of Office because things might change and they would need to be retrained.
Yes, there will be growing pains. IBM has said they think the schedule is a bit agressive, but they support the reasoning behind the move. I agree. It seems like the schedule is a bit rushed. In the long term, they will be much better off for having gone this route -- assuming others follow their lead. By the looks of things, the EU will most likely be going this route. So, I think there will be enough wind behind this movement for it to take off.
Yes, Microsoft Office formats are a standard. Microsoft Office formats are not an open standard, especially the new XML ones. If I can't implement the standard, due to legal reasons (i.e. patents), then the standard isn't really open.
A point that a lot of folks seem to be missing here is that Microsoft sat on the standards commitee that came up with Open Document. Microsoft are the ones who are choosing not to implement the new standard the industry has adopted. If they loose out as a result, boo-hoo. It's their own greed that will be to blame.
Microsoft is free to implement the Open Document standard at any time. Nobody is stopping them. They dont' even have to pay any royalties to do so.
I understand that from a business persepctive it's better for them to try to perpetuate their monopoly. That's their perspective. I'm a consumer. I care much more about my needs than about their needs/desires. My need is to be able to read and write documents on my Linux system, on my OS X system, and share them with people who use Windows, Solaris, HPUX, BSD, etc. Why would I even begin to consider the Microsoft Office XML as a standard instead of the Open Document standard?
Another point of confusion is "open source" vs "open standards". These aren't the same thing. Standards are how systems interact. Open source means you can get the source code for free. You can have commercial (closed source) implementations of an open standard. Beg all you want, you can't see the source code. You also can have an open source program implement a protocol which is not an open standard.
A benefit of open standards is that they are open to peer review. With the closed standards model, a single entity dictates what the standard will be, even if it's extremely short sighted and doesn't address other people's needs. Since Microsoft sat on the Open Document standards committee, if Open Document has the shortcomings they are now claiming, why didn't they speak up? The point of participating in a standards committee is that you can make sure the standard covers all of your needs. If they chose to remain silent, then it's their own fault if Open Document doesn't address their needs. But, I don't think anyone believes that's what occurred.
If Microsoft were to support Open Document in Microsoft Office, I would use Microsoft Office on the platforms it's supported on. It's a good product. If they only offer legally encumbered file formats, then I am going to ditch Microsoft Office completely. I'll use ASCII files to communicate with my co-workers, if that's what it takes. I am not switching to Windows just so I can edit documents.
At any rate, it sounds like Open Office won't be allowed to support the newer Microsoft formats. So they might be "good enough" for you, but if I can't use them they're worthless to me.
An Annual Fee is applied to each sublicensed trademark. The fee is set according to two factors: A) the for profit/non-profit status of your company or organization, and B) the aggregate gross revenue you expect to earn in the next fiscal year for goods/services associated with the mark in question. Marks grouped in a brand are treated as a single mark.
Non-Profit Tier
Annual Fee = US200
For Profit/Other Tier 1
[This is a "grandfather clause" for written sublicenses executed prior to August 1, 2004]
Annual Fee = 0
For Profit/Other Tier 2
[Total projected annual gross revenue between zero and US 100,000]
Annual Fee = US 200
For Profit/Other Tier 3
[Total projected annual gross revenue between US 100,000 and US200,000]
Annual Fee = US 500
For Profit/Other Tier 4
[Total projected annual gross revenue between US 200,000 and US 1 million]
Annual Fee = US 1000
For Profit/Other Tier 5
[Total projected annual gross revenue over US 1 million]
Annual Fee = US 5000
So if you're making over 1 million dollars a year off of Linux, and want to have the word "Linux" in your product's name, you need to pay $5000. For non-profit projects, it's a meer $200. There are administrative costs, legal costs, etc. Again, from the Groklaw article (quoting maddog):
"We need LMI to be self-funding, and following trademark laws in the 200 countries of the world is very expensive."
Vi or emacs? Nothing's stopping MS from making vi or emacs.
From apache.org: 'Apache', 'Apache Software Foundation', the multicoloured feather, and the various Apache project names are trademarks of The Apache Software Foundation, and are usable by others only with permission.
"Microsoft apache" would violate the Apache Software Foundation's trademark, unless Microsoft licensed the trademark from the Apache Software Foundation.
I don't know if PHP is trademarked. At any rate, Microsoft could add PHP support to IIS. If PHP is trademarked, then they would need to obtain a license, or call it something else.
As an example of the last case, I2C is a Phillips trademark. There are a number of chips such as Atmel microcontrollers which implement the I2C protocol. But, to get around the trademark licensing requirements, they don't call it I2C. They call it TWI (Two Wire Interface). It's the exact same protocol, but they can't call it by it's real name unless they obtain a license from Phillips.
I'm not a lawyer, so take this with a grain of salt...
It's about loosing your trademark if you don't defend it. Linus holds the trademark "Linux", so it's up to him to take actions to protect that trademark. If that means "control," then yes, it's about control.
It helps to show that you've made a good faith effort in defending your trademark if you have documentation showing how you've licensed the trademark, and if you've gone after people who have not licensed that trademark.
If Linus does nothing, Microsoft could call the next version of Windows Linux (not that I believe that would happen), and nobody could do a thing about it. Knowing the Patent Office, Microsoft would then be granted the Linux trademark, and would charge $10 per copy... Chaos would ensue, etc.
If it was signed with that officer's public key, then it guarantees (ignoring hash collisions for the moment) that that officer, or someone with access to his private key, sent the message. Signing a message with public key crypto involves creating a hash of the document, and then encrypting the hash with the private key. Anyone can decrypt the hash with the public key, but only the private key owner could have created the hash.
If you're not using public key crypto, then you still can assume that if a message was encrypted with a secret key that only you and the sending party know, then the message is from that sending party.
Kerberos is based on Needham-Schroeder secure key exchange via a trusted 3rd party. The KDC is the "trusted 3rd party". In a nutshell, a session key is generated by the KDC, and 2 copies are made. One is encrypted with the user's key, and one is encrypted with the service's key. Mutual authentication happens, because both parties must know their secret key in order to communicate using that secret key.
It depends. On a nuclear sub, they had better be verifying those orders are authentic before launching. In fact they do verify that messages are authentic. They use this thing called cryptography. So, this is in fact a healthy lesson to be teaching these cadets. They cannot blindly follow orders comming from untrusted sources.
If wanted to attack such a system, I would flood it with so much false data that you couldn't tell the fake from the real. If people fed the data from such a system into an IPS, where they take actions to block "suspect" packets, it would make for a great DoS tool. Think of it -- use your bot-net to fake reports of attacks from port 80 from microsoft.com.
Now tell me, if I or anyone else can be arrested for training people how to commit "acts of terrorism" in the real world, why hasn't this applied to the digital world as yet?
For one, because to train people how to write anti-virus software, they need to be trained in how viruses work. For another, it's hard to draw a legally clear line that won't prevent security researchers from creating better systems. To make systems better, they need to test them, which means they need to attempt to exploit weaknesses. One of the fundamental parts of research is publishing results so that they can be reviewed by peers.
It's one thing to write about how to make pipe bombs, car bombs, etc, and quite another to set up a school where you train people who you are then going to send out to actually perform terrorist acts. If there weren't such a distinction, Tom Clancy could be thrown in jail for writing about terrorist acts that could be replicated by real world terrorists.
I think you'll find that you still can pick up a copy of "The Anarchist Cookbook", so clearly it's not illegal to write about how to commit violent acts, or construct weapons to assist in attacks.
In the case of this virus, it is not malicious, and is a proof of concept to show that the new shell is not a magic bullet that solves all your security problems. Hopefully this is early enough before Vista is released that MSH won't be embedded into all sorts of things where scripts auto-run, like what we had with VBS in Office documents, and such. If that is the outcome, then the publication is a very positive thing.
A hardware firewall is good advice for a home user, but isn't as good a solution for a big company or university where Remote Desktop is used as a support tool. Sure, there will be corporate firewalls which protect desktops from the Internet, and maybe even from some other internal networks, but all it takes is one worm on someone's laptop to bypass the corporate firewall(s).
I'm curious as to whether 3rd party software firewalls for windows are impacted by this or not. If not, then this hole (and others which are likely to follow) would provide a good justification for purchasing and deploying a 3rd party solution.
No, PVP-UAB is the last software piece, and as such it ensures that you are using a DRM compliant Video Card and monitor. If you have DVI, but your monitor doesn't support HDCP, then you're stuck with low-res output if the content provider marks their content as such.
FTFA:
To work with PVP-OPM, a graphics card manufacturer must provide for the following:
Output Protection Management capability on all board outputs--at a minimum, provide the ability to turn off every output.
Device driver capability to report reliably about the board outputs and their settings.
HDCP protection for DVI and HDMI outputs and Macrovision and CGMS-A protection on analog TV-out outputs. Otherwise, outputs will be turned off by the PVP-OPM software.
The ability to pass video through a constrictor--that is, a downscaler followed by an upscaler--so that the information content of premium video can be reduced when an unprotected output such as analog VGA is present.
If your Monitor isn't HDCP compliant, video will be downscaled, or disabled. The article writer appears to be right on the money.
I took a look on Dell's website, at the PowerEdge servers (at the Higher Education institutions site, since I work at an.edu). A single CPU Itanium2 (1.5 GHz) without an OS costs $15,789.00. A comparable PowerEdge 2850 costs $4,855.90. Or, if I take advantage of a special they are having right now, I can get up to 5 2850's for $2,425.50 each.
Is the Itanium2 system over 3 times faster than the 2850? The servers my group runs are web servers, file servers, print servers, database servers, etc. I would have to be smoking crack to decide to move from Xeons to the Itanium2.
Now, having said that, our Computer Science department just recently purchased some Itaniums for a small cluster (I think about 30 nodes). They chose the Itanium because of its floating point performance.
Itanium has its place, but that place isn't in my server room...
Slashdot Mirror
Microsoft has a vested interest in HD-DVD, as their codec was chosen. Microsoft stands to make a lot of money off of licensing their codec if HD-DVD is the winner, plus they can refuse to let their codec be used on Linux. Is it any wonder that Microsoft doesn't support Blue-ray?
Sure, Microsoft could use their monopoly position to sabotage Blue-ray, but it would be stupid for them to do so given their current anti-trust problems. So, lack of support in this case really just means that they'll make a lot of noise about the issue.
2. Decide on a method for authentication. I suggest using Kerberos 5, since that's what Active Directory uses. You must make a choice -- use Active Directory as your KDC, or use MIT or Heimdal as your KDC with a trust between it and the Active Directory. Due to licensing, and technical reasons, we use an MIT KDC, with a 1 way trust (AD trusts the MIT KDC, the MIT KDC doesn't trust AD). The technical reasons boil down to:
Note that you could choose to have Windows systems authenticate against the AD or authenticate against the MIT Keberos realm, and have non-Windows systems use an MIT KDC.
2. Redirect passwd file lookups to LDAP. You already have an LDAP server -- Active Directory. You'll need to add the LDAP schema defined in RFC 2307, and will need to add the posixAccount auxillary class to all of your users. Part of that process involves putting the passwd file information like uid, gid, geckos, homeDirectory, and shell information in the appropriate attributes.
Again, due to licensing issues, and the fact that we already had an enterprise LDAP directory, we chose to not use Active Directory for this purpose. But, it certainly can be done.
3. On the linux desktop systems, use pam_krb5 to redirect authentication to kerberos, and configure nsswitch.conf and ldap.conf to redirect passwd file lookups to LDAP. On RedHat systems, you can do it all from authconfig, although I think it's helpful to know the files involved.
4. I like pam_access for restricting who is allowed to log in on a given workstation. pam_access can restrict to members of groups, and those groups can be posixGroup objects in LDAP/Active Directory.
I think it's helpful to have home directories on a central server. We use OpenAFS. I don't know if it's possible to have a user's home directory on a Microsoft share or not. If not, you'll probably still be in the business of creating home directories on desktops. Microsoft has some NFS thing for Windows. I haven't used it, so I'll refrain from commenting, other than to remind you to research potential licensing issues.
A lot of this will work across a number of platforms. I have it working on Linux and OS X.
Beyond the stuff above, for managing lots of Linux desktops there are lots of options, but they're probably all roll your own type things. If you have a few standard configurations, you could use rsync. Or have them all point to a central YUM repository, or... Well, there are tons of ways. I can't give you a postmortem on that, because we don't have lots of Linux desktops in our environment yet. Centralized management doesn't make sense for the few that we have.
Summary: pam_krb5 + pam_access + nsswitch + central filesystem == HAPPY
Read up on kerberos. There's a fair amount to get your head around. If you can explain why kerberos authentication is better than "ldap authentication" you should be in pretty good shape.
Tons of people got suckered into installing this because they trusted Sony. The CD won't play without Sony's player installed, so most people would have browsed into the CD and found an installer if they had autorun disabled. In a trusted computing world, Sony would have had a valid signature, so their software would have been "trusted" by the OS, so it would install just fine. If it prompted users for their Administrator password, most people would supply it, because it's generally needed to install software. Mark Russinovich even fell prey to this, although he was smart enough to figure out that he had been rooted, and how. The issue certainly isn't about users being too dumb, because Mark is not dumb, it's about companies taking advantage of the implicit trust that comes with their being viewed as a "legitimate" company.
The trust issue goes much, much deeper, as Bruce Schneier points out on his blog. Where were the anti-virus companies during all of this? Where was Microsoft during all of this? It has the appearance that they were all colluding with Sony. A question that should be asked of each of those companies is "were they in on it, or were they just incompetent?" Either way, it's not encouraging.
Why is this a troll? Microsoft has a very bad track record of abusing standards. The parent post seems like a very valid suggestion. Just because a product claims to support Open Document doesn't mean that it actually does. The only way to be sure is to test.
I think the one you mean is e^(i*pi) - 1 = 0. That's "Euler's Formula", athough there are many formulas that go by that name... An interesting excercise is to show why that formula is true.
Sorry all you OpenOffice guys, you have to face facts though, Microsoft Office is THE BUSINESS STANDARD. Just about every major business under the sun uses the Microsoft Office suite, it is installed on all desktop workstations from the Janitor to the CEO.
MS Office is currently the de facto standard. This will hopefully change with the OASIS Open Document standard. As more and more governments adopt this standard (Massachusetts, various countries in Europe), hopefully businesses will too. While it's not in Microsoft's interest to have Open Document become the standard document format, it is in everyone else's interest.
Once that occurs, Open Office is just one player in the office suite market. It can fill a very specific niche -- a free office suite. You're not going to get call centers, etc for a free product. That doesn't mean that the product is useless. There clearly is a market for 3rd party support vendors.
Your requirements for Open Office to be successful:
- offers technical support (excluding forums, because mom & dad want to be able to call someone)
Open Office may not ever support such a thing. "Linux" doesn't offer such a thing, while companies like RedHat do. In a similar vein, support contracts are available for Star Office. I suspect if you search around a bit, you could find a company that would offer support for Open Office as well.- can be purchased, even at a nominal price in places like Costco
This isn't necessary for corporate adoption. What would be nice is if Dell, Gateway, etc would offer Open Office as an option when purchasing a system. Again, Microsoft's abuse of its monopoly position makes this impossible for practical purposes.then it will become more popular and has a chance on the desktops of corporate America, provided of course that it is 100% compatible with whatever the current version of Microsoft Office is.
I think the world is starting to wise up, and Microsoft Office document format will not be the commonly used standard for too much longer. There's a good chance that the OASIS Open Document will be submitted to ISO. If Open Document becomes an ISO standard, and Microsoft chooses not to play, they will be locked out of some markets they currently dominate.
sin(x) = [e^(ix) - e^(-ix)]/(2i)
cos(x) = [e^(-ix) + e^(ix)]/2
Not using transcendental functions is another matter... Interesting looking book.
I could be wrong here. If someone knows a way to scan an entire enterprise, when you don't have admin access to a number of the systems, and you don't have a list of all of the programs which are in use (so you don't know all the proprietary data formats), I would love to hear about your solution. Oh, you probably also need to be able to search documents and databases for encrypted versions, even though you don't have the keys... Management at the university I work for asked how we could scan the enterprise to find all sensitve data after we had a similar incident.
The person who posted the data on the website is clearly the one who is responsible for that data. That would be the retired faculty member. An admin is responsible for keeping the web server running. Was the information available on the Internet? If so, the admin was doing a their job well.
There are some fundamental questions universities need to be asking themselves:
Why doesn't the government step in in these situations? Clearly this is a FERPA violation on a huge scale. The individual who put the information on the website ultimately should be held accountable. If nothing else, action should be taken against the university. If the university gets more than a slap on the wrist, you can bet that the next person to do something dumb like this will be held accountable by the university.
I probably shouldn't ask for that, as they'll probably decide it's the sys admin's fault...
Also, obviously I wasn't talking about Harvard Architecture... The "all" I was referring to was a general "all" not an absolute. Yeah, that's it. =)
I think this is the wrong view to take. Buffer overflows exist on all platforms, despite being a problem that has been known about for decades. This is once case where Microsoft's use of their monopoly position was for the good of mankind.
With NX support, buffers can still be overflowed, but the attacker can't run code they've written. They can still jump to the entry point of any valid function that's in memory, and can select the arguments which will be passed to that function. In practice, non-executable page tables make a huge dent in the remote exploit due to buffer overflow problem.
Intel has had no-execute memory protection since the 386, but only offered it for segments, not pages. But, nobody (ok, practically nobody) designs a segmented OS these days. Everyone uses paging. Segmentation is one of those legacy things in the x86 architecture which should be taken out and shot. Only they can't because it would break backwards compatibility.
So, these newer features really are designed to make up for the deficiencies of programmers. It seems programmers are not capable of writing code which is free from buffer overflows. Well, at least not in C...
Your mamma's so fat, she could fuel a flight from D.C. to San Fransisco
round trip.
It's possible someone else will come up with a plugin for Office which lets it read and write Open Document format. If so, MA could continue using Office and still meet their deadline.
Using your reasoning, everyone should still be using WordStar, VisiCalc and CP/M... And they should never upgrade verions of Office because things might change and they would need to be retrained.
Yes, there will be growing pains. IBM has said they think the schedule is a bit agressive, but they support the reasoning behind the move. I agree. It seems like the schedule is a bit rushed. In the long term, they will be much better off for having gone this route -- assuming others follow their lead. By the looks of things, the EU will most likely be going this route. So, I think there will be enough wind behind this movement for it to take off.
A point that a lot of folks seem to be missing here is that Microsoft sat on the standards commitee that came up with Open Document. Microsoft are the ones who are choosing not to implement the new standard the industry has adopted. If they loose out as a result, boo-hoo. It's their own greed that will be to blame.
Microsoft is free to implement the Open Document standard at any time. Nobody is stopping them. They dont' even have to pay any royalties to do so.
I understand that from a business persepctive it's better for them to try to perpetuate their monopoly. That's their perspective. I'm a consumer. I care much more about my needs than about their needs/desires. My need is to be able to read and write documents on my Linux system, on my OS X system, and share them with people who use Windows, Solaris, HPUX, BSD, etc. Why would I even begin to consider the Microsoft Office XML as a standard instead of the Open Document standard?
Another point of confusion is "open source" vs "open standards". These aren't the same thing. Standards are how systems interact. Open source means you can get the source code for free. You can have commercial (closed source) implementations of an open standard. Beg all you want, you can't see the source code. You also can have an open source program implement a protocol which is not an open standard.
A benefit of open standards is that they are open to peer review. With the closed standards model, a single entity dictates what the standard will be, even if it's extremely short sighted and doesn't address other people's needs. Since Microsoft sat on the Open Document standards committee, if Open Document has the shortcomings they are now claiming, why didn't they speak up? The point of participating in a standards committee is that you can make sure the standard covers all of your needs. If they chose to remain silent, then it's their own fault if Open Document doesn't address their needs. But, I don't think anyone believes that's what occurred.
If Microsoft were to support Open Document in Microsoft Office, I would use Microsoft Office on the platforms it's supported on. It's a good product. If they only offer legally encumbered file formats, then I am going to ditch Microsoft Office completely. I'll use ASCII files to communicate with my co-workers, if that's what it takes. I am not switching to Windows just so I can edit documents.
At any rate, it sounds like Open Office won't be allowed to support the newer Microsoft formats. So they might be "good enough" for you, but if I can't use them they're worthless to me.
An Annual Fee is applied to each sublicensed trademark. The fee is set according to two factors: A) the for profit/non-profit status of your company or organization, and B) the aggregate gross revenue you expect to earn in the next fiscal year for goods/services associated with the mark in question. Marks grouped in a brand are treated as a single mark.
Non-Profit Tier
Annual Fee = US200
For Profit/Other Tier 1
[This is a "grandfather clause" for written sublicenses executed prior to August 1, 2004] Annual Fee = 0
For Profit/Other Tier 2
[Total projected annual gross revenue between zero and US 100,000] Annual Fee = US 200
For Profit/Other Tier 3
[Total projected annual gross revenue between US 100,000 and US200,000] Annual Fee = US 500
For Profit/Other Tier 4
[Total projected annual gross revenue between US 200,000 and US 1 million] Annual Fee = US 1000
For Profit/Other Tier 5
[Total projected annual gross revenue over US 1 million] Annual Fee = US 5000 So if you're making over 1 million dollars a year off of Linux, and want to have the word "Linux" in your product's name, you need to pay $5000. For non-profit projects, it's a meer $200. There are administrative costs, legal costs, etc. Again, from the Groklaw article (quoting maddog):
"We need LMI to be self-funding, and following trademark laws in the 200 countries of the world is very expensive."
From apache.org: 'Apache', 'Apache Software Foundation', the multicoloured feather, and the various Apache project names are trademarks of The Apache Software Foundation, and are usable by others only with permission.
"Microsoft apache" would violate the Apache Software Foundation's trademark, unless Microsoft licensed the trademark from the Apache Software Foundation.
I don't know if PHP is trademarked. At any rate, Microsoft could add PHP support to IIS. If PHP is trademarked, then they would need to obtain a license, or call it something else.
As an example of the last case, I2C is a Phillips trademark. There are a number of chips such as Atmel microcontrollers which implement the I2C protocol. But, to get around the trademark licensing requirements, they don't call it I2C. They call it TWI (Two Wire Interface). It's the exact same protocol, but they can't call it by it's real name unless they obtain a license from Phillips.
I'm not a lawyer, so take this with a grain of salt...
It helps to show that you've made a good faith effort in defending your trademark if you have documentation showing how you've licensed the trademark, and if you've gone after people who have not licensed that trademark.
If Linus does nothing, Microsoft could call the next version of Windows Linux (not that I believe that would happen), and nobody could do a thing about it. Knowing the Patent Office, Microsoft would then be granted the Linux trademark, and would charge $10 per copy... Chaos would ensue, etc.
If you're not using public key crypto, then you still can assume that if a message was encrypted with a secret key that only you and the sending party know, then the message is from that sending party.
Kerberos is based on Needham-Schroeder secure key exchange via a trusted 3rd party. The KDC is the "trusted 3rd party". In a nutshell, a session key is generated by the KDC, and 2 copies are made. One is encrypted with the user's key, and one is encrypted with the service's key. Mutual authentication happens, because both parties must know their secret key in order to communicate using that secret key.
So, crypto is very useful for authenticity.
It depends. On a nuclear sub, they had better be verifying those orders are authentic before launching. In fact they do verify that messages are authentic. They use this thing called cryptography. So, this is in fact a healthy lesson to be teaching these cadets. They cannot blindly follow orders comming from untrusted sources.
If wanted to attack such a system, I would flood it with so much false data that you couldn't tell the fake from the real. If people fed the data from such a system into an IPS, where they take actions to block "suspect" packets, it would make for a great DoS tool. Think of it -- use your bot-net to fake reports of attacks from port 80 from microsoft.com.
For one, because to train people how to write anti-virus software, they need to be trained in how viruses work. For another, it's hard to draw a legally clear line that won't prevent security researchers from creating better systems. To make systems better, they need to test them, which means they need to attempt to exploit weaknesses. One of the fundamental parts of research is publishing results so that they can be reviewed by peers.
It's one thing to write about how to make pipe bombs, car bombs, etc, and quite another to set up a school where you train people who you are then going to send out to actually perform terrorist acts. If there weren't such a distinction, Tom Clancy could be thrown in jail for writing about terrorist acts that could be replicated by real world terrorists.
I think you'll find that you still can pick up a copy of "The Anarchist Cookbook", so clearly it's not illegal to write about how to commit violent acts, or construct weapons to assist in attacks.
In the case of this virus, it is not malicious, and is a proof of concept to show that the new shell is not a magic bullet that solves all your security problems. Hopefully this is early enough before Vista is released that MSH won't be embedded into all sorts of things where scripts auto-run, like what we had with VBS in Office documents, and such. If that is the outcome, then the publication is a very positive thing.
I'm curious as to whether 3rd party software firewalls for windows are impacted by this or not. If not, then this hole (and others which are likely to follow) would provide a good justification for purchasing and deploying a 3rd party solution.
FTFA:
To work with PVP-OPM, a graphics card manufacturer must provide for the following:
If your Monitor isn't HDCP compliant, video will be downscaled, or disabled. The article writer appears to be right on the money.
Is the Itanium2 system over 3 times faster than the 2850? The servers my group runs are web servers, file servers, print servers, database servers, etc. I would have to be smoking crack to decide to move from Xeons to the Itanium2.
Now, having said that, our Computer Science department just recently purchased some Itaniums for a small cluster (I think about 30 nodes). They chose the Itanium because of its floating point performance.
Itanium has its place, but that place isn't in my server room...