Many years ago there was a mass suicide where most everybody in a cult drank poisoned punch. What ever the punch was, it was associated through re-telling with an American product called Kool-aid.
Kool-aid is a brand of punch which comes in a little envelope with coloring and some artificial flavor. You mixed it with a ton of sugar and water. Many kids drank the stuff.
The editorial staff at this pub is repeating the usual MS party line: this version will fix that, so buy it.
In 2006 it's "Oh security! Yeah we fixed that."
Well, the facts seem to tell otherwise: Tom's Harware: "But Microsoft hasn't taken this principle entirely to heart, either. The first user defined during installation is automatically granted administrative privileges. Worse yet, the reserved account named Administrator is not required to have a password to log into the machine!" http://www.tomshardware.com/2006/05/31/windows_vis ta/page18.html
In conclusion decades of "yeah we fixed that" on top of an OS *never* designed with security as an underlying principal and we've got more of the same.
And the "tipping point" for publications is when the Microsoft advert dollars stop pouring in.
I'll change my tune when they start paying me to say otherwise.
Nearly all mergers have a period prior to public announcement of a merger where the price of the two company's shares will change. One usually goes up and the other goes down. Along the way, volume goes up too.
Both companies fail this test.
That does not mean it's not happening. But when there's plenty of money to be made on some privileged information, history is full of people who take advantage of it.
If one of the two is shopping for a merger, then that too would be reflected in the price of their stock.
What you have to look out for is companies that are not being run honestly
I'm sorry, but history has proven time and again that the shortest path to the top is "bending the rules" because it's easier to ask for forgiveness than to ask for permission...
There is no honesty in business. None.. It's business not religion or a morality play.
Taking the easy shortcut is natural human behavior.
I don't understand why all the comments are so outraged.
It seems that many people believe they have *some* privacy.
Well, you don't. You haven't for quite some time. There is a giant industry that knows pretty much everything about you and is quite profitable too. Now, the point was made, "What happens when a video of you and your SO in your house doing something embarassing is all over the Internet?" Does that change your opinion. No. Like most things, it will be forgotten as quickly as it appeared.
Now, about "the database" everyone fears. There are decades of development in large-scale AFIS. I don't know how many criminals frequent/. but when you are processed by law enforcement, fingerprints are collected. Guess what? Those fingerprints (millions of them in large systems) are kept on computers and they do all kinds of fantastic things with them.
A few DMV's collect fingerprints. So they can handle the volume no problem.
So, they take existing law-enforcement AFIS systems, award a fat contract for a job that could be done for 1/2 the price to scale up existing AFIS databases.
5 years later after a few poorly managed implementations, fraudulent contracting and general inefficiency, the uber-database is ready!
Just because there's no market in the current (static) situation, doesn't mean there's no (dynamic) market!
Look, I think maybe your enthusiasm maybe getting a little ahead of what has been observed in Economics for quite a while.
1. Markets strongly tend to monopolies/duopolies. 2. A monopolist blocks all competition by controlling price. If a competitor arises, the monopolist prices the competitor out of the market, then resumes over-charging and under-performing. There are other ways to block your competitors, but that's an easy one.
The lawyer I work with always recommends making up names at the very least by jamming words together.
Using common words -with or without spaces- is a weak trademark case no matter the size of the company.
Like most things, might makes right even in the weak cases. So Microsoft can slam-dunk pretty much anyone even though their case is weak. Look at how the Lindows vs. Microsoft case went,that gives you a clue how weak their situation is.
They deliberately confuse the application with the file format.
Psycologically reinforcing the perception that everything in a computer is vertically oriented and "incompatible" unless it comes from our application.
They understand the immense threat that a viable alterative (file format in this case) presents. PHB gets idea, "If this is iteroperable, gee I wonder what else is?"
All in all - OOo's file formats are a nice and simple solution for exchanging reasonably sized documents. That's a beautifully written insult. Pleasant, yet condescending without a single fact.
(if you don't mind usual XML-namespace-hell structure) I'm sorry, what? I save docs to myfile.odt. I double-click on that file and just like magic it opens!! I can edit it. Better still, my grand-daughter will be able to view it 100 years from now. Amazing...
I am nowhere near your level of persuasion with politically correct language. I tip my hat to you sir.
There has been a lot of work to improve the admin problem in Vista Let me guess, it's all automatic now and works beautifully. What are the chances this solution becomes a vector for compromised machines like sooo many other "features" have in the past?
turn the PC into a DRM'd set-top box.
Personal innuendos aside, the roughly 4-5 out of 6 sku's are disabled forms of the OS.
Hey that's... Wait for it.... Digital Rights Management!
A rational person would say that Microsoft's plans aren't secret and you're not seeing the forest through the trees.
Based on your remarks, it's obvious I'll still have a job babysitting MS products with Longwait.
If they are the vast majority of Windows boxes then they most certainly are.
and a lot of apps just can't I don't see a clear path to this "virtual admin" functionality. Everytime I've got one of the desktops I support running something that requires a dip into admin priveleges for the apps that can't run in the user space, the OS is going to ask for verification. Given this will be *very* annoying, I'm guessing there's a little checkbox to "remember" this decision. Lo and behold! The system is running in Admin!
the amount we have to care about putting up with a just-in-time priviledge escalation model goes down. No. it doesn't. You are teaching them to: 1. click okay and let the chips fall where they may. 2. turn the PC into a DRM'd set-top box. We all know you can't teach users anything they don't -really- want to know, so I believe you are paving the way for option 2 with Longwait.
Though I'll definitely admit that file permissions can be a bitch to deal with if you want to share stuff
Bingo!
Besides that minor functions of Office apps failed in very unusual ways with no errors given. These aren't power users by any stretch of the imagination either.
An extra strike for special third party developer apps that wouldn't work either.
MS produces some of the programs most capable of performing correctly in limited user situations I've ever seen
I'm sorry, what version of Windows is that? Where can I get one? MS Office certainly won't work right either.
As an sysadmin, I tell you from personal experience this is IMPOSSIBLE in windows 2k/xp. That's why NIST has a huge document on how one "secures" a desktop OS never designed for that purpose. In the *nix world, it works right.
Maybe you are on a domain? Things work better in a domain. The OS is not designed to do what you falsely claim it can.
If I could place a bet on a Tiered Internet, I would because it's going to happen.
The profit potential is too great.
Whatever you thought the Internet is/was, it won't be for long because there are too many players that stand to make way too much money.
-Big ISP's kill the smaller ISP's because they'll pay a "wholesale transit tax." Competition? What competition?
-Companies providing the fiber/cable get to collect more. Someone explain to me how it's possible for there to be any competition in this segment.
-New industry segment is born out of ownership. Effectively creating a new kind of prepaid calling cards.
-Consumer pays only slightly more. The perfect example is the ass-raping Visa/MC gets away with. Consumers see only a little of the cost in some transactions sometimes. Meanwhile, merchants get to pay their bank many, many times over.
It's microsoft after all, and they have a history of deception.
What's nice about that is that as a sysadmin I'm -guaranteed- work anywhere that attempts to do anything slightly different than a default installation.
It's the implementation of a contactless crypto card where it all goes to pieces.
Your -special- prox card is one card per building/office that's duplicated many times. No crypto, it just sends it's unique ID to the reader when powered. The reader is programmed to accept that card code.
Now, to add a little crypto to the system means perhaps the contactless card does a little computation, or decrypts a message sent from the reader to the card, then returns it to the reader. We're talking about 1 or more seconds passing. Definitely beyond the average medium-traffic door. I haven't even gotten into personalizing the card and sending that data over yet. And then there's the reader that is still horribly expensive.
FYI, there are a number of proprietary contactless products out there: 1. Sony's Felica(sp?) 2. Mifare Some megacorp... (ISO 14443 + proprietary?) 3. HID's "prox" (many buildings use this)
The ISO standard is 14443.
The insecurity comes from the really dumb contactless cards that are essentially open, just power the card and query for it's contents. This is where all the volume is and probably will be for quite some time.
If you are actually concerned, then you should probably stick with magstripe insecurity for your bankcards in the U.S.
he doesn't really seem to work with companies like Sun to see if their interests and his own can coincide
You are asking the Fox to guard the henhouse.
-Here's the source code good luck! (lindows and a couple of other projects) -Tivoized Linux: (can't modify it because my DRM engine checks for a single signature) -Red Hat/Suse and others to follow: The community version is not ready for production use. -Sun's Solaris/Java. Total license confusion. ex. can't use debian's apt. They aren't license compatible, yet both are "free." Hmmm.
The original intent of OSS is pretty much gone in all three cases.
This kind of thing is most likely is a kind of "white collar" crime.
The worst case scenario for white collar crimes is your Martha Stewart incarceration with a felony conviction. You have to really screw many things up to get penalized like her though.
No one is ever going to jail over this one or anything like it because the corporation is the "individual" being prosecuted. Individuals within a corporation rarely get penalized. It's your average American "win-win."
Take them to small claims, it's absolutely worth the effort.
So, I'm the evil-agency-du-jour and today I'm auditing IP traffic. If you are a person of interest, they know:
1. You are sending packets to and from specific IP addresses. 2. Grabbing copies of those packets. 3. Putting super-computers to work on them. 4. Discover you are ordering pizza over SIP. (whatever, it's funny)
The concept of "Privacy" was dead a long time ago. I *still* don't understand the outrage when most of your activity is available through many data brokers. What's not there, is available with little procedural check or balance.
Where it is very valuable is company to company communication. Where your competitors may not have the expertise to get the info.
But, then there's the encryption problem anyone has that uses it. It's stupifyingly easy to build a case on suspicion. Trying someone in the court of public opinion is easy and swift. "He uses encryption so he must be hiding something.." is all it takes to end a career, destroy your social status.
Cryptographer==criminal. Film at 11.
If one can codify it's everyday use, I think it's a big step forward.
while the HP may be made in China, it is an American company, and you have to assume they have some kind of oversight of their manufacturing plants
Few Americans understand OEM markets and the way they work. There is no such oversight. This is the *very* basic model. 1. HP sends a specification to the one or two OEM builders that can handle their volume. 2. OEM builders submit a price and cajole, bribe and whatever else it takes to close the deal. 3. HP tests one, maybe two pilot versions and makes a decision. 4. Purchase orders flow from there. No one looks at anything.
Please remember that all of the Western business rules do not apply in the developing world. The rule is there are no rules. No litigation, legislation, few requirements other than bribing the right officials. The wild east. Enjoy!
Lenovo has no such interest since it is based in China and is answerable only to the Chinese government in terms of breaking any laws. Wrong again. You fail to comprehend that the PC business at Lenovo's scale is global. Things get built in China and therefore parts of the business are under local control. Beyond that, your statement is pure hyperbole.
f HP allowed their computers to be bugged, they'd have major legal troubles back home in the states No they don't. It's a document called a "license agreement." Every HP computer user agrees to it simply by using the PC. It's purpose in life is to eliminate liability.
I'll say it again: Gov't contracts is a dirty business. This is a story about a once-venerated brand being discredited by it's rivals using FUD. Note not a single peep out of IBM on the matter. They are doing what it takes to remain a trusted software/services provider. They stopped caring about thinkpads as soon as their obligations ended.
Slashdot Mirror
Many years ago there was a mass suicide where most everybody in a cult drank poisoned punch. What ever the punch was, it was associated through re-telling with an American product called Kool-aid.
http://www.wordspy.com/words/drinktheKool-Aid.asp
Kool-aid is a brand of punch which comes in a little envelope with coloring and some artificial flavor. You mixed it with a ton of sugar and water. Many kids drank the stuff.
The editorial staff at this pub is repeating the usual MS party line:
s ta/page18.html
4 08915
this version will fix that, so buy it.
In 2006 it's "Oh security! Yeah we fixed that."
Well, the facts seem to tell otherwise:
Tom's Harware:
"But Microsoft hasn't taken this principle entirely to heart, either. The first user defined during installation is automatically granted administrative privileges. Worse yet, the reserved account named Administrator is not required to have a password to log into the machine!"
http://www.tomshardware.com/2006/05/31/windows_vi
My exchange with a Microsoftie claiming their admin problems are solved.
http://slashdot.org/comments.pl?sid=186700&cid=15
In conclusion decades of "yeah we fixed that" on top of an OS *never* designed with security as an underlying principal and we've got more of the same.
And the "tipping point" for publications is when the Microsoft advert dollars stop pouring in.
I'll change my tune when they start paying me to say otherwise.
Nearly all mergers have a period prior to public announcement of a merger where the price of the two company's shares will change. One usually goes up and the other goes down. Along the way, volume goes up too.
Both companies fail this test.
That does not mean it's not happening. But when there's plenty of money to be made on some privileged information, history is full of people who take advantage of it.
If one of the two is shopping for a merger, then that too would be reflected in the price of their stock.
Top of my list of pet peeves is criticisms just like this.
Todays alternatives:
http://www.gnustep.org/ different desktop
http://www.enlightenment.org/Enlightenment/DR17/ (another different desktop)
http://cm.bell-labs.com/plan9/
How about putting some time and effort into ONE new and different thing, then let's talk about new and different okay?
What you have to look out for is companies that are not being run honestly
I'm sorry, but history has proven time and again that the shortest path to the top is "bending the rules" because it's easier to ask for forgiveness than to ask for permission...
There is no honesty in business. None.. It's business not religion or a morality play.
Taking the easy shortcut is natural human behavior.
A code of conduct that says "using pirated business software in your business is wrong."
It just doesn't work in the non-western world.
Who cares, we couldn't afford it anyway is the usual answer....
I don't understand why all the comments are so outraged.
/. but when you are processed by law enforcement, fingerprints are collected. Guess what? Those fingerprints (millions of them in large systems) are kept on computers and they do all kinds of fantastic things with them.
It seems that many people believe they have *some* privacy.
Well, you don't. You haven't for quite some time. There is a giant industry that knows pretty much everything about you and is quite profitable too. Now, the point was made, "What happens when a video of you and your SO in your house doing something embarassing is all over the Internet?" Does that change your opinion. No. Like most things, it will be forgotten as quickly as it appeared.
Now, about "the database" everyone fears. There are decades of development in large-scale AFIS. I don't know how many criminals frequent
A few DMV's collect fingerprints. So they can handle the volume no problem.
So, they take existing law-enforcement AFIS systems, award a fat contract for a job that could be done for 1/2 the price to scale up existing AFIS databases.
5 years later after a few poorly managed implementations, fraudulent contracting and general inefficiency, the uber-database is ready!
Just because there's no market in the current (static) situation, doesn't mean there's no (dynamic) market!
Look, I think maybe your enthusiasm maybe getting a little ahead of what has been observed in Economics for quite a while.
1. Markets strongly tend to monopolies/duopolies.
2. A monopolist blocks all competition by controlling price. If a competitor arises, the monopolist prices the competitor out of the market, then resumes over-charging and under-performing. There are other ways to block your competitors, but that's an easy one.
Please review basic economic theory.
Unlike the rest of the cowardly replies talking about something other than getting involved...
What is this 10th grade? Do we all have to stand around and "be cool"?
Oh, wait... It is.
The lawyer I work with always recommends making up names at the very least by jamming words together.
Using common words -with or without spaces- is a weak trademark case no matter the size of the company.
Like most things, might makes right even in the weak cases. So Microsoft can slam-dunk pretty much anyone even though their case is weak. Look at how the Lindows vs. Microsoft case went,that gives you a clue how weak their situation is.
MS did this right again.
They deliberately confuse the application with the file format.
Psycologically reinforcing the perception that everything in a computer is vertically oriented and "incompatible" unless it comes from our application.
They understand the immense threat that a viable alterative (file format in this case) presents. PHB gets idea, "If this is iteroperable, gee I wonder what else is?"
Beautiful.
All in all - OOo's file formats are a nice and simple solution for exchanging reasonably sized documents.
That's a beautifully written insult. Pleasant, yet condescending without a single fact.
(if you don't mind usual XML-namespace-hell structure)
I'm sorry, what? I save docs to myfile.odt. I double-click on that file and just like magic it opens!! I can edit it. Better still, my grand-daughter will be able to view it 100 years from now. Amazing...
I am nowhere near your level of persuasion with politically correct language. I tip my hat to you sir.
There has been a lot of work to improve the admin problem in Vista
Let me guess, it's all automatic now and works beautifully. What are the chances this solution becomes a vector for compromised machines like sooo many other "features" have in the past?
turn the PC into a DRM'd set-top box.
Personal innuendos aside, the roughly 4-5 out of 6 sku's are disabled forms of the OS.
Hey that's... Wait for it.... Digital Rights Management!
A rational person would say that Microsoft's plans aren't secret and you're not seeing the forest through the trees.
Based on your remarks, it's obvious I'll still have a job babysitting MS products with Longwait.
a lot of people just dont run as admin
If they are the vast majority of Windows boxes then they most certainly are.
and a lot of apps just can't
I don't see a clear path to this "virtual admin" functionality.
Everytime I've got one of the desktops I support running something that requires a dip into admin priveleges for the apps that can't run in the user space, the OS is going to ask for verification.
Given this will be *very* annoying, I'm guessing there's a little checkbox to "remember" this decision. Lo and behold! The system is running in Admin!
the amount we have to care about putting up with a just-in-time priviledge escalation model goes down.
No. it doesn't. You are teaching them to:
1. click okay and let the chips fall where they may.
2. turn the PC into a DRM'd set-top box.
We all know you can't teach users anything they don't -really- want to know, so I believe you are paving the way for option 2 with Longwait.
Though I'll definitely admit that file permissions can be a bitch to deal with if you want to share stuff
Bingo!
Besides that minor functions of Office apps failed in very unusual ways with no errors given. These aren't power users by any stretch of the imagination either.
An extra strike for special third party developer apps that wouldn't work either.
The Microsoft employee has deliberately misstated Apple's functionality.
Send me a check for USD$100,000 and I'll deliberately lie to promote Longwait over all other operating systems for 12 months.
MS produces some of the programs most capable of performing correctly in limited user situations I've ever seen
I'm sorry, what version of Windows is that? Where can I get one? MS Office certainly won't work right either.
As an sysadmin, I tell you from personal experience this is IMPOSSIBLE in windows 2k/xp. That's why NIST has a huge document on how one "secures" a desktop OS never designed for that purpose. In the *nix world, it works right.
Maybe you are on a domain? Things work better in a domain. The OS is not designed to do what you falsely claim it can.
If I could place a bet on a Tiered Internet, I would because it's going to happen.
The profit potential is too great.
Whatever you thought the Internet is/was, it won't be for long because there are too many players that stand to make way too much money.
-Big ISP's kill the smaller ISP's because they'll pay a "wholesale transit tax." Competition? What competition?
-Companies providing the fiber/cable get to collect more. Someone explain to me how it's possible for there to be any competition in this segment.
-New industry segment is born out of ownership. Effectively creating a new kind of prepaid calling cards.
-Consumer pays only slightly more. The perfect example is the ass-raping Visa/MC gets away with. Consumers see only a little of the cost in some transactions sometimes. Meanwhile, merchants get to pay their bank many, many times over.
Ahh capitalism....
It's microsoft after all, and they have a history of deception.
What's nice about that is that as a sysadmin I'm -guaranteed- work anywhere that attempts to do anything slightly different than a default installation.
(I after e except after c right?)
The cards alone aren't the cost barrier.
It's the implementation of a contactless crypto card where it all goes to pieces.
Your -special- prox card is one card per building/office that's duplicated many times. No crypto, it just sends it's unique ID to the reader when powered. The reader is programmed to accept that card code.
Now, to add a little crypto to the system means perhaps the contactless card does a little computation, or decrypts a message sent from the reader to the card, then returns it to the reader. We're talking about 1 or more seconds passing. Definitely beyond the average medium-traffic door. I haven't even gotten into personalizing the card and sending that data over yet. And then there's the reader that is still horribly expensive.
FYI, there are a number of proprietary contactless products out there:
1. Sony's Felica(sp?)
2. Mifare Some megacorp... (ISO 14443 + proprietary?)
3. HID's "prox" (many buildings use this)
The ISO standard is 14443.
The insecurity comes from the really dumb contactless cards that are essentially open, just power the card and query for it's contents. This is where all the volume is and probably will be for quite some time.
If you are actually concerned, then you should probably stick with magstripe insecurity for your bankcards in the U.S.
Happy hacking!
"Partnership" means flashing ebay ads in the Yahoo toolbar. Phuleeze!
he doesn't really seem to work with companies like Sun to see if their interests and his own can coincide
You are asking the Fox to guard the henhouse.
-Here's the source code good luck! (lindows and a couple of other projects)
-Tivoized Linux: (can't modify it because my DRM engine checks for a single signature)
-Red Hat/Suse and others to follow: The community version is not ready for production use.
-Sun's Solaris/Java. Total license confusion. ex. can't use debian's apt. They aren't license compatible, yet both are "free." Hmmm.
The original intent of OSS is pretty much gone in all three cases.
This kind of thing is most likely is a kind of "white collar" crime.
The worst case scenario for white collar crimes is your Martha Stewart incarceration with a felony conviction. You have to really screw many things up to get penalized like her though.
No one is ever going to jail over this one or anything like it because the corporation is the "individual" being prosecuted. Individuals within a corporation rarely get penalized. It's your average American "win-win."
Take them to small claims, it's absolutely worth the effort.
In America, the corporation owns you!
So, I'm the evil-agency-du-jour and today I'm auditing IP traffic. If you are a person of interest, they know:
1. You are sending packets to and from specific IP addresses.
2. Grabbing copies of those packets.
3. Putting super-computers to work on them.
4. Discover you are ordering pizza over SIP. (whatever, it's funny)
The concept of "Privacy" was dead a long time ago. I *still* don't understand the outrage when most of your activity is available through many data brokers. What's not there, is available with little procedural check or balance.
Where it is very valuable is company to company communication. Where your competitors may not have the expertise to get the info.
But, then there's the encryption problem anyone has that uses it. It's stupifyingly easy to build a case on suspicion. Trying someone in the court of public opinion is easy and swift. "He uses encryption so he must be hiding something.." is all it takes to end a career, destroy your social status.
Cryptographer==criminal. Film at 11.
If one can codify it's everyday use, I think it's a big step forward.
while the HP may be made in China, it is an American company, and you have to assume they have some kind of oversight of their manufacturing plants
Few Americans understand OEM markets and the way they work. There is no such oversight. This is the *very* basic model.
1. HP sends a specification to the one or two OEM builders that can handle their volume.
2. OEM builders submit a price and cajole, bribe and whatever else it takes to close the deal.
3. HP tests one, maybe two pilot versions and makes a decision.
4. Purchase orders flow from there. No one looks at anything.
Please remember that all of the Western business rules do not apply in the developing world. The rule is there are no rules. No litigation, legislation, few requirements other than bribing the right officials. The wild east. Enjoy!
Lenovo has no such interest since it is based in China and is answerable only to the Chinese government in terms of breaking any laws.
Wrong again. You fail to comprehend that the PC business at Lenovo's scale is global. Things get built in China and therefore parts of the business are under local control. Beyond that, your statement is pure hyperbole.
f HP allowed their computers to be bugged, they'd have major legal troubles back home in the states
No they don't. It's a document called a "license agreement." Every HP computer user agrees to it simply by using the PC. It's purpose in life is to eliminate liability.
I'll say it again:
Gov't contracts is a dirty business. This is a story about a once-venerated brand being discredited by it's rivals using FUD. Note not a single peep out of IBM on the matter. They are doing what it takes to remain a trusted software/services provider. They stopped caring about thinkpads as soon as their obligations ended.