I don't know if you admin 98 boxes, but I did at one time. Once you're in charge of keeping over 400 98 boxes across 4 locations secure and operating(at least half of them have multiple users), you begin to care quite a bit about it. And after you upgrade those boxes to win2k and your desktop support workload drops something like 80 percent, you begin to loath that OS. The younguns probably can't appreciate how things were back then, but those who were there know exactly what I'm talking about. You'd think of ways to professionally beg management to just upgrade everyone to WindowsNT, how you could find some magic argument that would override their cost argument.
If you're on any OS connected to the internet IMO, you should be using a firewall. Any win box or box serving files to win boxes should have anti-virus protection(macosx should have it too, I've never been infected or known anyone who has on BSD, Solaris, or Linux).
Interesting you have different experiences with 2k than I have. I wasn't saying 2k was bullet proof, only that IN MY EXPERIENCE, I just see alot less problems with it. What kind of anti-malware tools are you using? Just out of curiosity. I've been using and recommending to my clients SpySweeper, which has done really well in the last 4 months for most of my clients(and my wife whose on XP).
But if there are no remote exploits, what danger is there to magnify?
I hope you don't do IT security for a living... There are remote exploits, the link I provided explains 2 I believe. Say you don't use IE, do you use Eudora? Do you use Winamp? Do you use AIM? Do you use Outlook? Do your friends/colleagues ever send you files? Do you ever get files on CDs burned by friends/colleagues?
If you use software on the internet the potential exists for bugs in that software to open up remote exploits, even these so-called safe browser alternatives to IE could eventually be found to have problems(nay, they WILL be found to have problems at some point). Or an acquaintenance could pass you a virus that your anti-virus misses and it proceeds to stomp all over your harddrive, wherever it damn well pleases because of the naked filesystem. There's a world of possibilities.
But you can take the ostrich philosophy if you want. I'm not here to argue with you. You asked about a hole in 98s security and I told you the largest one IMO. Sorry you can't see the problem with it.
The thing that bothers me most about 98(or any of the 9x) is the naked filesystem. It's wide open to anyone who gains access to your system. That's the biggest security hole as far as I'm concerned. It magnifies the potential danger of any remote exploits substantially.
But given how the typical windows user sets up XP, it's probably the same game. And I'm not targeting the slashdot windows users, you, I hope to God, are not typical to what I see when I work on client machines. IMO, Win2k is the best game in town when it comes to a Windows OS. I use Suse myself though. I don't care much for XP, there is something far more breakable about it that Windows2000 didn't share IMO. I just didn't and don't see the same types of breakage with my windows2000 clients.
...or does hurling an asteroid at a distant planet sound like a good way to piss ETs off? On a more practical note, it also sounds like a good way to infect a planet with some such bug. And if they weren't talking about targeting a planet with that "communication medium", then it seems really absurd that that could be a better way to communicate than radiating. Radiating allows you, with relatively little energy expenditure, to send your message out in many different directions hoping someone gets it. I'm sure someone will correct me if I'm wrong.
I didn't read any of the articles yet because they all appear to be slashdotted. Nice going everyone.
No, I wasn't aware of phishers changing addresses as I haven't had a problem with it yet. D'oh.
Also, is it really worth alienating 10% of your customers to save 1% in chargebacks by forcing shipment to the billing address?
If those are the numbers you're dealing with then I agree with you. Before we refused to ship to anything other than the billing address, 4 out of 7 transactions placed through our stores that were destined to an address other than the billing address were fraudulent. Of the 3 out of 7 that weren't, they comprised less than 4 percent of our total orders. This was based on the first 6 months of business online.
It would seem we have different dynamics at work in our respective markets. My online sales are largely jewelry and precious metals related. Our solution for customers that want items shipped to an alternate address is to use paypal. So far this has worked out fine for us.
I'm an internet merchant too and there is one *extremely* good way to protect yourself. Only ship to the billing address of the credit card used. Our card processing service verifies this instantly for us.
We have had zero problems with credit card fraud since implementing this policy. The caveat would be that this is only helpful for merchants who ship tangible goods. There may be ways to conduct fraud around this, but I don't think the typical fraudsters do much more than grab card numbers and try to use them.
Speaking only of the server segment, IDC reported that Opteron based server growth was 2183 percent over last year. Xeons was 10 percent.
But growth rate, however, really isn't a fair comparison. Xeon has dominated the market for several years in the x86 server space, so when a successful newcomer comes on board, of course the newcomer will have more rapid growth AT FIRST. Unfortunately, I don't have the specific numbers of units shipped, but of course Xeon will have insanely more shipped.
That's exactly what I fear. Nothing(save for societal collapse) fouls up the march of progress and competitive advantage like government paranoia and control.
That's a very good point. But I do think we are going to see more paranoid attempts at control in the coming years(speaking US centric here) until our government gets over its Post Traumatic Stress Disorder.
I guess there's only one way to find out how it plays out.
And, the best part, we will see it in our lifetimes.
Maybe. This is the wrong time and political environment for these types of advances to be occuring, IMO. I could be wrong, but I see governmental control on this technology for the foreseeable future. There isn't more now because they really don't have anything that could be mass produced, but when we reach that point, get ready for the "terrorists could do xyz with this!" hyperbole and heavy legislation to control it.
I guess if they just limit it to universities and favored businesses we might still get to see some of the fruits of it. Let's hope I'm wrong. The faster we get quantum computing into the hands of as many people as possible, the faster our technology will advance.
I've been working on a project for a few months now, utilizing parts from old drives. I'm time deficient of late, but I'm hoping when I finish a current work project, I'll have more time.
All you tinkerer nerds out there, if you haven't looked into BEAM robotics, look into it. You can utilize a good deal of junk electronics.
There are too many airheads. Unfortunately, my skeet shooting buddies for whatever reason, just don't feel comfortable having a skeet shooting protest against Bush.
So I'm going to try to get my model rocketry club to organize something.
I might as well share my horror stories... 2 DVDs bought, with nothing in them. I had to argue with the store manager to get them to give me new DVDs. But I didn't learn from this, I just figured they were being over protective of theft(even though all I wanted was exactly what I thought I was buying in the first place). So...
A few months after that, I saw an ad for zero percent financing. I needed a consumer level PC to test with an app I was contracted to work on for a software company. I figured, why spend cash out of pocket on it and wait to be reimbursed? I went in, purchased an HP pc by opening an account with "0 percent financing". All was well, right?
A few weeks later, more problems with buying another DVD. This time, my nephew bought one and the wrong DVD was in the package. We took the DVD back and asked for a replacement. They didn't have another copy. We asked them if they could order it, they said we could order it, but we'd have to pay for it! We asked then just for a refund, they said they couldn't do that(because of some law, uh-huh), and two "customer service" people behind the counter very loudly said they thought we were trying to scam them. Called corporate headquarters, they offered us some !@#%$^% 10 dollar buy card(which was less than what we paid), but no refund, no replacement. I told them to shove it. My nephew ended up exchanging it at another store that was something like 60 miles away, as they had a copy in stock. They exchanged it, but not without an argument with a manager.
So a few more weeks go buy, I haven't recieved my bill yet for the "0 percent" finacing credit line. I called, asked about it, and was told that it was on the way and not to worry. Another month later, still no bill, I have no idea where to send payment. I call in, tell them I haven't recieved the bill, they said it was on the way. I get the bill, with 2 months worth of late charges on it. I call in then I was told it was my responsibility to pay the bill on time and that I had to pay the late charges.
That was it. I paid off the entire balance, closed the account, and when asked the reason I was closing the account I told them it was because I had better things to do than do business with petty thieves and conartists.
Best buy sucks ass. Their customers are wrong. They are wrong for being customers of Best Buy. I have never experienced this type of bullshit from Sears, Target, Circuit City, Walmart, Good Guys, hell, no one else. Best Buy is the single worst retail establishment I've ever dealt with and I will never do business with them again. Since that incident, I have bought a new dryer, not from Best Buy. A new fridge(high end), not from Best Buy. And a new TV(34" Sony Wega Widescreen), not from Best Buy. I paid a little more on each item than I would have from Best Buy, but it was worth not having any anxiety about problems after the sale. Best Buy sucks ass.
As an anon-cow pointed out, taking source from closed source apps doesn't seem feasible for what should be obvious reasons. I also think you are misrepresenting Stallman's intent. I don't think he wants to force anything on anyone. I think his goal is to get everyone to go along with the GPL voluntarily. Forcing people to release source code goes against my principles every bit as much as the GPL goes with my principles. Maybe I've read Stallman wrong, but forcing people to release source code goes very much against the principle of freedom(as in speech).
When we cross that line, then we've validated the claims that Open Source is communist in nature. Free Open Source Software must be voluntary, or it isn't free as in speech and is rather, simply free as in beer. Free beer sounds good, but there's nothing noble or principled about it.
I guess it probably comes down to the difference between scientific applications, where the software is specialised, and recompiling and tweaking for speed is pretty much expected, and database driven business applications - which are usualy built on closed source 3rd party platforms (and are probably IO bound anyway)
That sounds about right. Yeah, I can't recompile oracle and there's some things I don't, but I would recompile MySQL, or APACHE(to name some more well known apps), and it is a trivial task to setup your optimized applications for fast recovery in an emergency. But, I can see some scenarios where it's probably better for the admin to go with precompiled binaries.
My real objection was, I didn't think you were recognizing a valid segment of the target audience who is very much interested in that. We want to be recognized ya know.;)
And all the linux distributions and third party software providers (Oracle, etc) are going to do the same, right?
It's kinda irrelevant how well either processor works when compiled with opomisations that real world software is probably never going to use.
Hold on a sec, you do have a valid point within the context of typical windows machines, but when you're talking about high end workstations and servers, which both chips are targeted for, you have a whole different ball game.
I have never relied on precompiled binaries in a production environment when dealing with high performance apps. Hell, on my own Linux boxes, and I can't believe I'm alone or in a vast minority in the Linux community when I say this, I always play around with squeezing the most performance out of the apps through compiler optimizations.
If this were a Windows review, I wouldn't object so much. But we have to recognize that a Linux review is targeting an audience that includes people who do in fact utilize compiler optimizations in real world software. Any Linux admin worth his salt is going to do everything he can to make his machines and the apps that run on them, perform as fast as possible for his users.
I've had no problems my via chipset in my dual opteron 248(MSI motherboard), short of I was a seriously early adopter and couldn't utilize my SATA controller right away under Linux. But hey, thems the breaks for early adopters.
Other than that, which is not a weakness of the chipset, everything has hummed along smoothly. This was the first high end system I'd purchased in over 8 years, and it was well worth it. The only thing weak about this platform IMO, is the cost, which is still less than a dual Xeon equivalent. But you know, it all comes down to personal choice and personal experience. I understand if you've been in the burned in the past not wanting to try it again. I'm like that with American brand cars.
This was a made for TV movie, but it sucked bad. Really bad. If you could find a way to mathematically quantify just how bad this movie is, you would probably go mad like that guy from Pi and drill a whole in your head. You might even be tempted to do that while watching it.
We're nerds, sometimes we do pointless exercises of intellect for fun. I once devised a Prime number compression algorithm for fun. It was never as tight as all the current popular ones, but it was fun.
On the other hand, public discourse can be used as an insidious tool. SCO uses it to trash everyone against them every chance they get, why not refute it publically by pointing out the nonsense in a logical manner? Folly that goes unchallenged or unquestioned can become "common sense" real quick.
It doesn't neccesarily have to be the heavy stuff, we could be dealing with people who have simply smoked pot every day for the last 10 years, throughout every waking hour. I mean, you don't take a break from that stuff once in a while to clear your head, you can start thinking bizzare things, like you own Linux for example.
Slashdot Mirror
I don't know if you admin 98 boxes, but I did at one time. Once you're in charge of keeping over 400 98 boxes across 4 locations secure and operating(at least half of them have multiple users), you begin to care quite a bit about it. And after you upgrade those boxes to win2k and your desktop support workload drops something like 80 percent, you begin to loath that OS. The younguns probably can't appreciate how things were back then, but those who were there know exactly what I'm talking about. You'd think of ways to professionally beg management to just upgrade everyone to WindowsNT, how you could find some magic argument that would override their cost argument.
If you're on any OS connected to the internet IMO, you should be using a firewall. Any win box or box serving files to win boxes should have anti-virus protection(macosx should have it too, I've never been infected or known anyone who has on BSD, Solaris, or Linux).
Interesting you have different experiences with 2k than I have. I wasn't saying 2k was bullet proof, only that IN MY EXPERIENCE, I just see alot less problems with it. What kind of anti-malware tools are you using? Just out of curiosity. I've been using and recommending to my clients SpySweeper, which has done really well in the last 4 months for most of my clients(and my wife whose on XP).
But if there are no remote exploits, what danger is there to magnify?
I hope you don't do IT security for a living... There are remote exploits, the link I provided explains 2 I believe. Say you don't use IE, do you use Eudora? Do you use Winamp? Do you use AIM? Do you use Outlook? Do your friends/colleagues ever send you files? Do you ever get files on CDs burned by friends/colleagues?
If you use software on the internet the potential exists for bugs in that software to open up remote exploits, even these so-called safe browser alternatives to IE could eventually be found to have problems(nay, they WILL be found to have problems at some point). Or an acquaintenance could pass you a virus that your anti-virus misses and it proceeds to stomp all over your harddrive, wherever it damn well pleases because of the naked filesystem. There's a world of possibilities.
But you can take the ostrich philosophy if you want. I'm not here to argue with you. You asked about a hole in 98s security and I told you the largest one IMO. Sorry you can't see the problem with it.
for starters:, 00.asp
http://www.pcworld.com/howto/article/0,aid,117405
The thing that bothers me most about 98(or any of the 9x) is the naked filesystem. It's wide open to anyone who gains access to your system. That's the biggest security hole as far as I'm concerned. It magnifies the potential danger of any remote exploits substantially.
But given how the typical windows user sets up XP, it's probably the same game. And I'm not targeting the slashdot windows users, you, I hope to God, are not typical to what I see when I work on client machines. IMO, Win2k is the best game in town when it comes to a Windows OS. I use Suse myself though. I don't care much for XP, there is something far more breakable about it that Windows2000 didn't share IMO. I just didn't and don't see the same types of breakage with my windows2000 clients.
Well I've gotten to read the article, I understand what's being said now. Damned slashdotting...
...or does hurling an asteroid at a distant planet sound like a good way to piss ETs off? On a more practical note, it also sounds like a good way to infect a planet with some such bug. And if they weren't talking about targeting a planet with that "communication medium", then it seems really absurd that that could be a better way to communicate than radiating. Radiating allows you, with relatively little energy expenditure, to send your message out in many different directions hoping someone gets it. I'm sure someone will correct me if I'm wrong.
I didn't read any of the articles yet because they all appear to be slashdotted. Nice going everyone.
No, I wasn't aware of phishers changing addresses as I haven't had a problem with it yet. D'oh.
Also, is it really worth alienating 10% of your customers to save 1% in chargebacks by forcing shipment to the billing address?
If those are the numbers you're dealing with then I agree with you. Before we refused to ship to anything other than the billing address, 4 out of 7 transactions placed through our stores that were destined to an address other than the billing address were fraudulent. Of the 3 out of 7 that weren't, they comprised less than 4 percent of our total orders. This was based on the first 6 months of business online.
It would seem we have different dynamics at work in our respective markets. My online sales are largely jewelry and precious metals related. Our solution for customers that want items shipped to an alternate address is to use paypal. So far this has worked out fine for us.
Thanks for clueing me into the address changes.
I'm an internet merchant too and there is one *extremely* good way to protect yourself. Only ship to the billing address of the credit card used. Our card processing service verifies this instantly for us.
We have had zero problems with credit card fraud since implementing this policy. The caveat would be that this is only helpful for merchants who ship tangible goods. There may be ways to conduct fraud around this, but I don't think the typical fraudsters do much more than grab card numbers and try to use them.
http://www.digit-life.com/articles2/amd-hammer-fam ily/
Basically, 2.0 ghz Opteron SPECfp peak 1170
1 ghz Itanium 2 SPECfp peak 1356.
Speaking only of the server segment, IDC reported that Opteron based server growth was 2183 percent over last year. Xeons was 10 percent.
But growth rate, however, really isn't a fair comparison. Xeon has dominated the market for several years in the x86 server space, so when a successful newcomer comes on board, of course the newcomer will have more rapid growth AT FIRST. Unfortunately, I don't have the specific numbers of units shipped, but of course Xeon will have insanely more shipped.
That's exactly what I fear. Nothing(save for societal collapse) fouls up the march of progress and competitive advantage like government paranoia and control.
That's a very good point. But I do think we are going to see more paranoid attempts at control in the coming years(speaking US centric here) until our government gets over its Post Traumatic Stress Disorder.
I guess there's only one way to find out how it plays out.
Hey, those well dressed men were just asking about you...
LOL. Ah, but it was worth it for the sake of the joke. The Feds can take a joke, right?
KNOCK KNOCK
I have to go now, some well dressed men are at my door wanting to talk to me...
And, the best part, we will see it in our lifetimes.
Maybe. This is the wrong time and political environment for these types of advances to be occuring, IMO. I could be wrong, but I see governmental control on this technology for the foreseeable future. There isn't more now because they really don't have anything that could be mass produced, but when we reach that point, get ready for the "terrorists could do xyz with this!" hyperbole and heavy legislation to control it.
I guess if they just limit it to universities and favored businesses we might still get to see some of the fruits of it. Let's hope I'm wrong. The faster we get quantum computing into the hands of as many people as possible, the faster our technology will advance.
http://www.nis.lanl.gov/projects/robot//
I've been working on a project for a few months now, utilizing parts from old drives. I'm time deficient of late, but I'm hoping when I finish a current work project, I'll have more time.
All you tinkerer nerds out there, if you haven't looked into BEAM robotics, look into it. You can utilize a good deal of junk electronics.
There are too many airheads. Unfortunately, my skeet shooting buddies for whatever reason, just don't feel comfortable having a skeet shooting protest against Bush.
So I'm going to try to get my model rocketry club to organize something.
But some of the best religion jokes are blasphemous!
I might as well share my horror stories... 2 DVDs bought, with nothing in them. I had to argue with the store manager to get them to give me new DVDs. But I didn't learn from this, I just figured they were being over protective of theft(even though all I wanted was exactly what I thought I was buying in the first place). So...
A few months after that, I saw an ad for zero percent financing. I needed a consumer level PC to test with an app I was contracted to work on for a software company. I figured, why spend cash out of pocket on it and wait to be reimbursed? I went in, purchased an HP pc by opening an account with "0 percent financing". All was well, right?
A few weeks later, more problems with buying another DVD. This time, my nephew bought one and the wrong DVD was in the package. We took the DVD back and asked for a replacement. They didn't have another copy. We asked them if they could order it, they said we could order it, but we'd have to pay for it! We asked then just for a refund, they said they couldn't do that(because of some law, uh-huh), and two "customer service" people behind the counter very loudly said they thought we were trying to scam them. Called corporate headquarters, they offered us some !@#%$^% 10 dollar buy card(which was less than what we paid), but no refund, no replacement. I told them to shove it. My nephew ended up exchanging it at another store that was something like 60 miles away, as they had a copy in stock. They exchanged it, but not without an argument with a manager.
So a few more weeks go buy, I haven't recieved my bill yet for the "0 percent" finacing credit line. I called, asked about it, and was told that it was on the way and not to worry. Another month later, still no bill, I have no idea where to send payment. I call in, tell them I haven't recieved the bill, they said it was on the way. I get the bill, with 2 months worth of late charges on it. I call in then I was told it was my responsibility to pay the bill on time and that I had to pay the late charges.
That was it. I paid off the entire balance, closed the account, and when asked the reason I was closing the account I told them it was because I had better things to do than do business with petty thieves and conartists.
Best buy sucks ass. Their customers are wrong. They are wrong for being customers of Best Buy. I have never experienced this type of bullshit from Sears, Target, Circuit City, Walmart, Good Guys, hell, no one else. Best Buy is the single worst retail establishment I've ever dealt with and I will never do business with them again. Since that incident, I have bought a new dryer, not from Best Buy. A new fridge(high end), not from Best Buy. And a new TV(34" Sony Wega Widescreen), not from Best Buy. I paid a little more on each item than I would have from Best Buy, but it was worth not having any anxiety about problems after the sale. Best Buy sucks ass.
As an anon-cow pointed out, taking source from closed source apps doesn't seem feasible for what should be obvious reasons. I also think you are misrepresenting Stallman's intent. I don't think he wants to force anything on anyone. I think his goal is to get everyone to go along with the GPL voluntarily. Forcing people to release source code goes against my principles every bit as much as the GPL goes with my principles. Maybe I've read Stallman wrong, but forcing people to release source code goes very much against the principle of freedom(as in speech).
When we cross that line, then we've validated the claims that Open Source is communist in nature. Free Open Source Software must be voluntary, or it isn't free as in speech and is rather, simply free as in beer. Free beer sounds good, but there's nothing noble or principled about it.
I guess it probably comes down to the difference between scientific applications, where the software is specialised, and recompiling and tweaking for speed is pretty much expected, and database driven business applications - which are usualy built on closed source 3rd party platforms (and are probably IO bound anyway)
;)
That sounds about right. Yeah, I can't recompile oracle and there's some things I don't, but I would recompile MySQL, or APACHE(to name some more well known apps), and it is a trivial task to setup your optimized applications for fast recovery in an emergency. But, I can see some scenarios where it's probably better for the admin to go with precompiled binaries.
My real objection was, I didn't think you were recognizing a valid segment of the target audience who is very much interested in that. We want to be recognized ya know.
And all the linux distributions and third party software providers (Oracle, etc) are going to do the same, right? It's kinda irrelevant how well either processor works when compiled with opomisations that real world software is probably never going to use.
Hold on a sec, you do have a valid point within the context of typical windows machines, but when you're talking about high end workstations and servers, which both chips are targeted for, you have a whole different ball game.
I have never relied on precompiled binaries in a production environment when dealing with high performance apps. Hell, on my own Linux boxes, and I can't believe I'm alone or in a vast minority in the Linux community when I say this, I always play around with squeezing the most performance out of the apps through compiler optimizations.
If this were a Windows review, I wouldn't object so much. But we have to recognize that a Linux review is targeting an audience that includes people who do in fact utilize compiler optimizations in real world software. Any Linux admin worth his salt is going to do everything he can to make his machines and the apps that run on them, perform as fast as possible for his users.
I've had no problems my via chipset in my dual opteron 248(MSI motherboard), short of I was a seriously early adopter and couldn't utilize my SATA controller right away under Linux. But hey, thems the breaks for early adopters.
Other than that, which is not a weakness of the chipset, everything has hummed along smoothly. This was the first high end system I'd purchased in over 8 years, and it was well worth it. The only thing weak about this platform IMO, is the cost, which is still less than a dual Xeon equivalent. But you know, it all comes down to personal choice and personal experience. I understand if you've been in the burned in the past not wanting to try it again. I'm like that with American brand cars.
This was a made for TV movie, but it sucked bad. Really bad. If you could find a way to mathematically quantify just how bad this movie is, you would probably go mad like that guy from Pi and drill a whole in your head. You might even be tempted to do that while watching it.
Worst. movie. ever.
We're nerds, sometimes we do pointless exercises of intellect for fun. I once devised a Prime number compression algorithm for fun. It was never as tight as all the current popular ones, but it was fun.
On the other hand, public discourse can be used as an insidious tool. SCO uses it to trash everyone against them every chance they get, why not refute it publically by pointing out the nonsense in a logical manner? Folly that goes unchallenged or unquestioned can become "common sense" real quick.
It doesn't neccesarily have to be the heavy stuff, we could be dealing with people who have simply smoked pot every day for the last 10 years, throughout every waking hour. I mean, you don't take a break from that stuff once in a while to clear your head, you can start thinking bizzare things, like you own Linux for example.