What really bothers me is not simply that the patent system is being used to protect the obvious these days, because it's a reflection on the general zeitgeist in America.
It seems to me in a very general way that there is no sense of achievement in American business outside of the next quarter. Instead of concentrating on moving forward and doing new things, there's an emphasis on not moving at all and creating wealth by protecting what someone has.
It's become a very different kind of hostile business climate. Not so many years ago a hostile business climate was described as one with high tax burden and many regulations that made it expensive to run a business. I'd say we're well on our way to eliminating both in the U.S. and yet the business climate is even more hostile because of the threat of litigation. Is the country better off for this? For the majority of Americans, I'd say no. Not at all.
I think the problem here is Software vs. Hardware firewalls.
No, that's not the problem. The problem is you've chosen to ignore the fundamental flaw of Windows.
Windows 3.1, 95, 98, 2000, XP (Longwait??) were never designed to run securely. BSD/*nix's are, from the kernel up. Are they invincible? No, but no OS is. Are they meaningfully better? Yes, very much so.
Now, if you still insist on believing the problem is not your OS. 1. Not one of my home customers would pay for a firewall what they paid for their PC! 2. A pix is not a magic bullet. It's good at it's job, but the windows desktop is still very vulnerable. (activex anyone?)
Please, for your own benefit look at the facts with a little more objectivity.
Linux has IP Tables which is very good for the job. Is it as good as BSD? I would argue less time consuming if you already run Linux, but it's not the same.
Notes: I believe for stateful packet inspection, the kernel needs ip_conntrack and a few other things in it. Most distro kernels have this but it's worth double checking. From there, it's learning the IP tables syntax which isn't hard after going through one of the many examples out there. Once you get logging going, check out intrusion prevention systems!
Every time I see some ministry talking head say things like, "if there's a crime we'll prosecute!"
1. Crime? what crime? You mean rapid delivery of internet service is a crime? 2. Crime? What crime? The boss says put it on the back burner... 3. Crime? No it's "market forces" delivering "better" service.
And then there's the "swift" justice delivered in Microsoft's Monopoly conviction. A conviction is cold comfort if you're one of the guys they ran out of business.
maintaining gaps in Windows security to avoid competing with 3rd party vendors
Whoever dreamed up this rationalization is gifted.
The holes are there by design. As in security wasn't a part of the overall design. I would argue that it still isn't.
Like all the versions that have come before, "It's more secure" for about a week after launch and then I'm back to cleaning out infected PC's. This works out great for me because it's my job. Personally, the people that take my advice to switch -always- thank me later for making a switch.
I'm tired of reading yet another story about microsoft and OSS cozying up. Though in this case it's a sad joke, the rest of the time it's a coordinated attack on OSS. (mozilla devs, black hat testing, etc)
If it doesn't work they'll buy the best developers and hide them away. If that doesn't work, they'll drop more litigation bombs.
It's all about maintaining the monopoly people. There's no maybe, that's it.
Forget about the so-called security. It's "secure" to the vast majority of voters.
The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.
This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.
FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.
This is a perfect example of the current zeitgeist (is that the right word?) where the "something must be done!" public opinion is acknowledged and someone's head HAD to roll. Maureen was "it" this time. And we're all happy. No
In 6-12 months after everyone has forgotten about it, she'll get another CTO job at 100+ times the average wage earner in the U.S.
I'd love to hear who threw her to the wolves on this one because we all know it's very rare the person that did it actually hangs.
Note to self: Finish Web 2.0 business plan to pay myself 200+ times my exploited and willing American worker salary.
Is the information on this machine considered part of a persons "papers or effects" or is all information now property of the government court to be surrendered on demand?
It won't ever belong to you. "Your honor this person is tampering with the car's safety system." Pretty much says it all.
do I have a right to smash up my own car Yes, but don't fsck with the black box. Kind of like people rewinding odometers, it will be forbidden.
You are lucky to have such thought provoking friends, but I'm afraid the individual has no standing.
This is the MINISTRY OF DEFENSE where draconian access control and accounting should be routine.
It's very difficult to go from that environment back to the real world where security is measured by successfully implementing long passwords in a company.
Making the inductive(?) leap that OpenOffice.org is insecure is a really long leap of faith. Are there holes? Probably.
In many ways, this is good news because the open source application is being picked over with a fine tooth comb by a large ministry.
The parent post is right. And add to that: in 06 I don't see why you *must* pay rent on a retail location. Your target audience isn't the young gamer. It's an older crowd that remembers having fun playing games before they went to work.
Here's the order of events as I see it. 1. Go to *every* place that has people sitting down, even for a few minutes. Coffee, bars... nightclubs. 2. Corner the head-honcho and tell her you will bring the PC's for a game night and you want a cut of the business that night. Talk to somebody that books nightclubs to figure out what the nightclub is used to paying. 3. If you get enough enthusiastic yes's then step 4. 4. Lease PC's and LCD's 5. Advertise, Advertise Advertise! 6. Run game nights. 7. Profit?
what vendor the article author thinks is doing more to improve security than Microsoft if this statement is to be decried as FUD
Just about every linux/bsd distro and probably apple too on the desktop.
and what kind of metrics/data support this. Amount of exploits patched? The problem with this mindset is you think it's okay that the code that is increasingly responsible for running more things that make a country productive is never seen and can't be reviewed except for poking at it in a willy-nilly blackbox style. As a matter of principal I don't think it's okay. At all.
Amount of money spent on security? If I were Warren Buffet I could spend two hundred million dollars on security for a fundamentally insecure OS by buying advertisement and story space telling people it's really secure. And they would believe it. I could set up a site called port23 and look like I'm reaching out to the IT pro. Meanwhile BSD and *nix security is insanely robust at pennies (tenths of pennies?) on the dollar with code that everyone can see and test.
I'll say it again, Microsoft has no incentive in providing a reasonably secure OS. (ex. your favorite distro) Like every version that's come before Longwait, it's a coordinated message to make the PHB's buy it because they "fixed security" in longwait.
Mom & Pop buyers will be okay with this because they'll pay MS every month like they pay a cable tv bill. The software monoculture pretty much dictates that their machine will be zombies anyway.
This works out great for me because I will have -plenty- of work baby sitting these things.
While I 100% agree with your first paragraph, it's just a "something must be done!" kind of response to keep the voters happy and concentrate power in DC.
Your next couple of points should be reconsidered carefully:
There is no evaulation of technology On the contrary, there is quite a bit of evaluation of technology. Only the U.S. gov't can afford to pay people to spend the time to come up with these torture tests. My current employer was very briefly involved early on in the process for the new U.S. passport and I can tell you the tests the Feds came up with are very high quality tests that have improved the technology and force companies to better comply with ISO standards.
Please consider RFID passports as a response to the demand for *much* more international travel in even larger planes. In order to more accurately process many more people through customs at airports around the world, this is a good way to do it more efficiently.
Finally, I believe no one is claiming they are "secure" as in magically impenetrable. They are not. And like most security systems, the critical control points of entry are probably not staffed by the "brightest and best" so the usual systemic failures will occur. Only, the wait at customs will be a little shorter and govt's will have more data (not necessarily better or higher quality!) as to who is entering when.
American markets are divided, prices are fixed, supplies are intentionally constrained by global competitors without any punishable Sherman Act violation. They simply do the negotiations in a country that looks the other way. American office doesn't ever know.
Rambus got penalized because they abused the priviledge. Period.
But this is web 2.0 stuff we're talking about here!
Caldera was early and the Linux desktop has come a long way since.
I'll hazzard a guess and say Linspire is still a little early to the game, but I think Longwait's convoluted marketing plan with different packages unlocking different functions only benefits Linspire.
If they continue to concentrate on OEM contracts, I think they'll provide a great deal of exposure to the Linux desktop. It will be a clearly lower priced and function as well. Let's not forget the dramatically better security model that's pretty transparent to the desktop user.
Hopefully, they aren't burning through cash like a web 2.0 startup so they'll be around for a while.
1. One to many fingerprint matching algorithm. 2. One to many facial matching algorithm. 3. Fingerprint sensor driver. (In linux no less) 4. Algorythms to detect fake fingers and faces. 5. Backend storage systems for all of the data
Unless you are working for a company that develops these systems, there's not much information out there.
As someone that has seen sell-through market data for PC's of all kinds in the recent past, I have an seen the data to back my conclusions.
Panasonic made (makes?) a ruggedized laptop specifically for public agency markets. 1. It's too expensive for regular consumers 2. Doesn't have any feature a regular consumer -wants- to warrant paying more. 3. Volume isn't there for Panasonic to use the product as some kind of magical lever into mass-market.
TPM is similar in nature, only add to this the MOBO manufacturers are running on razor thin margins. You expect them to just add $6-15 per mobo + R&D implementing the thing to satisfy a narrow customer range? Nope.
An OEM will make a MOBO for some brand with a TPM and probably a couple of other gov't features, but there's no volume, so it will be *really* expensive. But a couple of brands that do lots of Army business will buy it. Will the mass market rush out and buy this mobo? No. Too expensive. Will the OEM market it on their own? Not likely.
Microsoft has spent years trying to force MOBO OEM's into doing things their way and most give them a polite "No thank you. But can you fix problems XY and Z in your OS so our MOBO's work better?"
A bad scenario for MS is some OSS company become big enough to compete for the PHB's attention with a bunch of lesser but valuable OSS applications. Which could lead to the nightmare scenario of the PHB walking away from the Active Directory/Exchange crack pipe.
OT: I have to give them big-time credit for creating another crack house with Office and sharepoint. (or some other server CAL nightmare)
Why oh why would they give away the technical details to their next revenue stream?
My opinion is the Microsoft groupthink has the desktop war won.
To keep the desktop they have, they use "security" like Americans use "Terrist" or the label "communist" before that.
Nevermind that the system is not designed for operating securely. Just heighten the fear, deny your former security partners valuable information and the Monopoly money will keep coming.
coming for the poor saps who were idiotic enough to go to the media while they were still employed by the Contractor/Agency. The Federal agency may have bid the contract out won't do anything different. They get to blame someone else for being a "bad apple."
The Marshalls just made the career limiting move of the rest of their *life* for what exactly?
For the next person that finds themselves in a similar situation, learn how to do this the right way.
1. If you disagree strongly enough, find another job. 2. While you are finding said job, get some professional help objectivly evaluating your options and creating a strategy. 3. Map out reasonable tactics and choose the plan that is best for you and your loved ones. 4. Execute plan and prepare for unexpected things. In general, the contractor you worked for will publicly discredit you and do what it can to punish you.
If you have done steps 1, 2, and 3 right, there's some protection from events in #4.
Slashdot Mirror
What really bothers me is not simply that the patent system is being used to protect the obvious these days, because it's a reflection on the general zeitgeist in America.
It seems to me in a very general way that there is no sense of achievement in American business outside of the next quarter. Instead of concentrating on moving forward and doing new things, there's an emphasis on not moving at all and creating wealth by protecting what someone has.
It's become a very different kind of hostile business climate. Not so many years ago a hostile business climate was described as one with high tax burden and many regulations that made it expensive to run a business. I'd say we're well on our way to eliminating both in the U.S. and yet the business climate is even more hostile because of the threat of litigation. Is the country better off for this? For the majority of Americans, I'd say no. Not at all.
designed to run securely and has all the security features of Unixes.
And that's why you need a pix and an antivirus subscription and antispyware software and a NAT'd router on 2000/XP?
Denial, it's not just a river in Africa my friend.
I think the problem here is Software vs. Hardware firewalls.
No, that's not the problem. The problem is you've chosen to ignore the fundamental flaw of Windows.
Windows 3.1, 95, 98, 2000, XP (Longwait??) were never designed to run securely. BSD/*nix's are, from the kernel up. Are they invincible? No, but no OS is. Are they meaningfully better? Yes, very much so.
Now, if you still insist on believing the problem is not your OS.
1. Not one of my home customers would pay for a firewall what they paid for their PC!
2. A pix is not a magic bullet. It's good at it's job, but the windows desktop is still very vulnerable. (activex anyone?)
Please, for your own benefit look at the facts with a little more objectivity.
Linux has IP Tables which is very good for the job. Is it as good as BSD? I would argue less time consuming if you already run Linux, but it's not the same.
e nt=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q= iptables&btnG=Search
Notes: I believe for stateful packet inspection, the kernel needs ip_conntrack and a few other things in it. Most distro kernels have this but it's worth double checking. From there, it's learning the IP tables syntax which isn't hard after going through one of the many examples out there. Once you get logging going, check out intrusion prevention systems!
http://www.google.com/search?hs=3PG&hl=en&lr=&cli
Every time I see some ministry talking head say things like, "if there's a crime we'll prosecute!"
1. Crime? what crime? You mean rapid delivery of internet service is a crime?
2. Crime? What crime? The boss says put it on the back burner...
3. Crime? No it's "market forces" delivering "better" service.
And then there's the "swift" justice delivered in Microsoft's Monopoly conviction. A conviction is cold comfort if you're one of the guys they ran out of business.
Oh yeah, they are on the case...
maintaining gaps in Windows security to avoid competing with 3rd party vendors
Whoever dreamed up this rationalization is gifted.
The holes are there by design. As in security wasn't a part of the overall design. I would argue that it still isn't.
Like all the versions that have come before, "It's more secure" for about a week after launch and then I'm back to cleaning out infected PC's. This works out great for me because it's my job. Personally, the people that take my advice to switch -always- thank me later for making a switch.
I'm tired of reading yet another story about microsoft and OSS cozying up. Though in this case it's a sad joke, the rest of the time it's a coordinated attack on OSS. (mozilla devs, black hat testing, etc)
If it doesn't work they'll buy the best developers and hide them away. If that doesn't work, they'll drop more litigation bombs.
It's all about maintaining the monopoly people. There's no maybe, that's it.
Forget about the so-called security. It's "secure" to the vast majority of voters.
The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.
This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.
FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.
This is a perfect example of the current zeitgeist (is that the right word?) where the "something must be done!" public opinion is acknowledged and someone's head HAD to roll. Maureen was "it" this time. And we're all happy. No
In 6-12 months after everyone has forgotten about it, she'll get another CTO job at 100+ times the average wage earner in the U.S.
I'd love to hear who threw her to the wolves on this one because we all know it's very rare the person that did it actually hangs.
Note to self: Finish Web 2.0 business plan to pay myself 200+ times my exploited and willing American worker salary.
Is the information on this machine considered part of a persons "papers or effects" or is all information now property of the government court to be surrendered on demand?
It won't ever belong to you. "Your honor this person is tampering with the car's safety system." Pretty much says it all.
do I have a right to smash up my own car
Yes, but don't fsck with the black box. Kind of like people rewinding odometers, it will be forbidden.
You are lucky to have such thought provoking friends, but I'm afraid the individual has no standing.
This is the MINISTRY OF DEFENSE where draconian access control and accounting should be routine.
It's very difficult to go from that environment back to the real world where security is measured by successfully implementing long passwords in a company.
Making the inductive(?) leap that OpenOffice.org is insecure is a really long leap of faith. Are there holes? Probably.
In many ways, this is good news because the open source application is being picked over with a fine tooth comb by a large ministry.
Bring it on!
The parent post is right. And add to that: in 06 I don't see why you *must* pay rent on a retail location. Your target audience isn't the young gamer. It's an older crowd that remembers having fun playing games before they went to work.
Here's the order of events as I see it.
1. Go to *every* place that has people sitting down, even for a few minutes. Coffee, bars... nightclubs.
2. Corner the head-honcho and tell her you will bring the PC's for a game night and you want a cut of the business that night. Talk to somebody that books nightclubs to figure out what the nightclub is used to paying.
3. If you get enough enthusiastic yes's then step 4.
4. Lease PC's and LCD's
5. Advertise, Advertise Advertise!
6. Run game nights.
7. Profit?
what vendor the article author thinks is doing more to improve security than Microsoft if this statement is to be decried as FUD
Just about every linux/bsd distro and probably apple too on the desktop.
and what kind of metrics/data support this. Amount of exploits patched?
The problem with this mindset is you think it's okay that the code that is increasingly responsible for running more things that make a country productive is never seen and can't be reviewed except for poking at it in a willy-nilly blackbox style. As a matter of principal I don't think it's okay. At all.
Amount of money spent on security?
If I were Warren Buffet I could spend two hundred million dollars on security for a fundamentally insecure OS by buying advertisement and story space telling people it's really secure. And they would believe it. I could set up a site called port23 and look like I'm reaching out to the IT pro. Meanwhile BSD and *nix security is insanely robust at pennies (tenths of pennies?) on the dollar with code that everyone can see and test.
I'll say it again, Microsoft has no incentive in providing a reasonably secure OS. (ex. your favorite distro) Like every version that's come before Longwait, it's a coordinated message to make the PHB's buy it because they "fixed security" in longwait.
Mom & Pop buyers will be okay with this because they'll pay MS every month like they pay a cable tv bill. The software monoculture pretty much dictates that their machine will be zombies anyway.
This works out great for me because I will have -plenty- of work baby sitting these things.
Did you ever have to replace a power supply in a Dell tower? Proprietary plug.
Did you ever try to use a case from Dell? Proprietary too.
Enough with the starry-eyed optimism. It was plain old economics.
http://en.wikipedia.org/wiki/IBM_PC_compatible
While I 100% agree with your first paragraph, it's just a "something must be done!" kind of response to keep the voters happy and concentrate power in DC.
Your next couple of points should be reconsidered carefully:
There is no evaulation of technology
On the contrary, there is quite a bit of evaluation of technology. Only the U.S. gov't can afford to pay people to spend the time to come up with these torture tests. My current employer was very briefly involved early on in the process for the new U.S. passport and I can tell you the tests the Feds came up with are very high quality tests that have improved the technology and force companies to better comply with ISO standards.
Please consider RFID passports as a response to the demand for *much* more international travel in even larger planes. In order to more accurately process many more people through customs at airports around the world, this is a good way to do it more efficiently.
Finally, I believe no one is claiming they are "secure" as in magically impenetrable. They are not. And like most security systems, the critical control points of entry are probably not staffed by the "brightest and best" so the usual systemic failures will occur. Only, the wait at customs will be a little shorter and govt's will have more data (not necessarily better or higher quality!) as to who is entering when.
American markets are divided, prices are fixed, supplies are intentionally constrained by global competitors without any punishable Sherman Act violation. They simply do the negotiations in a country that looks the other way. American office doesn't ever know.
Rambus got penalized because they abused the priviledge. Period.
Yes,
But this is web 2.0 stuff we're talking about here!
Caldera was early and the Linux desktop has come a long way since.
I'll hazzard a guess and say Linspire is still a little early to the game, but I think Longwait's convoluted marketing plan with different packages unlocking different functions only benefits Linspire.
If they continue to concentrate on OEM contracts, I think they'll provide a great deal of exposure to the Linux desktop. It will be a clearly lower priced and function as well. Let's not forget the dramatically better security model that's pretty transparent to the desktop user.
Hopefully, they aren't burning through cash like a web 2.0 startup so they'll be around for a while.
1. One to many fingerprint matching algorithm.
2. One to many facial matching algorithm.
3. Fingerprint sensor driver. (In linux no less)
4. Algorythms to detect fake fingers and faces.
5. Backend storage systems for all of the data
Unless you are working for a company that develops these systems, there's not much information out there.
Immensly useful research in a fun application.
In the next 5+ years 100% guaranteed.
How do I know this?
As someone that has seen sell-through market data for PC's of all kinds in the recent past, I have an seen the data to back my conclusions.
Panasonic made (makes?) a ruggedized laptop specifically for public agency markets.
1. It's too expensive for regular consumers
2. Doesn't have any feature a regular consumer -wants- to warrant paying more.
3. Volume isn't there for Panasonic to use the product as some kind of magical lever into mass-market.
TPM is similar in nature, only add to this the MOBO manufacturers are running on razor thin margins. You expect them to just add $6-15 per mobo + R&D implementing the thing to satisfy a narrow customer range? Nope.
An OEM will make a MOBO for some brand with a TPM and probably a couple of other gov't features, but there's no volume, so it will be *really* expensive. But a couple of brands that do lots of Army business will buy it. Will the mass market rush out and buy this mobo? No. Too expensive. Will the OEM market it on their own? Not likely.
Microsoft has spent years trying to force MOBO OEM's into doing things their way and most give them a polite "No thank you. But can you fix problems XY and Z in your OS so our MOBO's work better?"
is Microsoft's only objective.
A bad scenario for MS is some OSS company become big enough to compete for the PHB's attention with a bunch of lesser but valuable OSS applications. Which could lead to the nightmare scenario of the PHB walking away from the Active Directory/Exchange crack pipe.
OT:
I have to give them big-time credit for creating another crack house with Office and sharepoint. (or some other server CAL nightmare)
Why oh why would they give away the technical details to their next revenue stream?
My opinion is the Microsoft groupthink has the desktop war won.
To keep the desktop they have, they use "security" like Americans use "Terrist" or the label "communist" before that.
Nevermind that the system is not designed for operating securely. Just heighten the fear, deny your former security partners valuable information and the Monopoly money will keep coming.
12 tenets my a**.
They'll blame someone. They have to.
I once worked at a company where the executive managers blamed another executive that died of cancer for their woes.
That's just what people do.
coming for the poor saps who were idiotic enough to go to the media while they were still employed by the Contractor/Agency. The Federal agency may have bid the contract out won't do anything different. They get to blame someone else for being a "bad apple."
The Marshalls just made the career limiting move of the rest of their *life* for what exactly?
For the next person that finds themselves in a similar situation, learn how to do this the right way.
1. If you disagree strongly enough, find another job.
2. While you are finding said job, get some professional help objectivly evaluating your options and creating a strategy.
3. Map out reasonable tactics and choose the plan that is best for you and your loved ones.
4. Execute plan and prepare for unexpected things. In general, the contractor you worked for will publicly discredit you and do what it can to punish you.
If you have done steps 1, 2, and 3 right, there's some protection from events in #4.
Reporter asks Hillary: "Why did you climb Everest?"
Hillary: "Because it's there"
Same story, different environment.