Isnt this something that is already going on? Antivirus vendors spread their bait emails and insecure servers around to contract stuff and then react to it.
I think they could be more productive if they just use the current IE flaw and incorperate it into a web survey asking if the user is over 40. Infect that, whitelist all current software on the machine unless it's known bad and report on new executables. Bam, you're done with your honeypot. Those old codgers will click anything! They catch it first and then their zombie sentinel reports home with it's newest malware.
I love google as much as the next person that likes being able to find what they want on the web quickly without crappage...but this just sounds inherently evil. How is this any different than listing the phone # on the click through add? Are you really more likely to call someone you want to do business with because you can do it (semi) anonymously? Who the hell are you doing business with?
When I visit a web page it's because I don't have to deal with a (likely comissioned) salesperson. Oh you want what? Yeah, uh, we have those but you don't want that you want this other unrelated thing my manager told me to push this week.
Eh, whatever, like I have a choice in the matter. I'll never use this garbage and kudos to google if they've found yet another genius product. I'm just a jaded asshole anyway;)
^-- clicked submit too fast. You do see both advantages though. It is both fiscally and support-wise a vastly better decision to use Linux. I know that on Slashdot that I'm preaching to the converted. I guess I thought it was implied that linux was more stable/a better penguin for the job. The fiscal side of things were emphasized because really "at the end of the day" what puts food on the table?
If you can produce a fantastic widget based on free products plus your innovation and capitalize on distribution and support of said widget in a MAJOR way... Windows? what's that, you're fired! I imagine this was the fate of a windows asshat inside IBM during the blade center's initial engineering.
Can you imagine trying to purchase a mission critical virtualized server solution based on some sort of windows underbelly? I would tear my own fingernails off one at a time before I signed up for that hell...and paid twice as much for the privilege.
Sorry that I accidentally implied that choosing linux was for monetary reasons. That rhetorical question had the desired conclusion of stability/fitness for a purpose.
I logged into an AIX box the other day. I was very pleased to see a Linux version on the prompt.
(firm believer that HAL was both in the movie and will figuratively be in the future actually running linux)
As a devout atheist I take offense anytime 90+% of the world says things. All of these arguments about who's fairy tale leads to eternal rewards of varied value are stupid. What's even better is that most Republican Bible-thumping hard core capitalists believe in a bigass socialist monarchy reward when its all over. I'm totally pro capitalism, but I still find this incredibly funny.
What is scariest to me is that, at some point, this religious zealotry was actually an evolutionary benificial trait. It actually fires up a portion of the brain. There's no one religion, but any religion that's good enough fires up this "group think" module in the brain and makes shit warm and fuzzy.
Man, that's freaking scary funny. The best part is, to prove them wrong you have to die and find out for yourself...but you can't because you stopped supplying your thinking parts with oxygen at the critical time, you dumb bastard.
Accurate to a point. It isn't unheard of for a linux distro using windows technology emulation (kerberos) to break on an upgrade. That's really neither here nor there because it was either litigation or proprietary changes that brought it about. It borked my RADIUS server on Gentoo real good one day. emerge -u world... sometimes not for the feint of heart.
Aren't Microsoft SALES figures always going to beat open source? Isn't this like saying more people bought Microsoft's Office suite than Open Office?
Fact is 80-90% of people using OO.org or Linux for that matter DIDN'T buy it. This is the stupidest metric I can think of to compare something that is mostly free with something that is absolutely overpriced. This works from one perspective - Vendors. And it only almost works, as the article noted, this is revenue not profit. From the IT manager perspective this is either FUD or MS marketing.
Did you know that garden fresh vegetables from personal gardens are drastically outsold by grocery produce? Bad comparison..my point exactly.
If you buy an IBM blade center with all the VMWare goodies, you're running linux even if you run Windows on top of that. Wonder why they choose that for a foundation? Because they're smart, that's why. They can sell you this $70,000 software setup and aside from in-house engineering and the licensing for VMWare, their overhead is unbelievably low. You just paid a programmer's salary for the year. If they sell 3000 units and have 1500 programmers/maintenance folks, that's 100% profit. I know my numbers are waaay off but even adjusted/scaled appropriately you see the cash cow this makes. You can almost see why the tossed their low profit PC stuff to Lenovo.
Why do people greenlight this "sky is falling" garbage?
I don't think he mentioned just using piss poor logic or insanely brute force methods whenever possible. I once had to clean up some code from a Masters CS degree holder, who did a thesis on fuzzy navel recognition using visual systems comprised of just this one picture. Not really sure but he couldn't code for sh#*.
His method of updating a row in a SQL table was this: Create recordset from "SELECT *..." Fill array with all the rows values. Do a sequential search until the record in question was found, change that record accordingly, complete loop to n anyway. "DELETE FROM..." Then using the array, repopulate the table with INSERTS.
I was shocked that I could barely think of a less efficient algorithm...possibly doing an n^3 sort on the elements before rot 3 'encryption' and emailing them to himself. Manually saving that file and starting the second module up to do the decryption and inserts... that would've been worse I guess. Did I mention I only saw the code because it didn't actually work.
I let him look over my non-masters-degree-having shoulder when I deleted 90% of his code and replaced it with "UPDATE... SET x='foo'..." Good thing he made more than me, or I would've felt smug.:(
It had nothing but a negative effect on his job, and if I didn't know better, sullied the reputation of his university.
I think you meant: tweak the settings that aren't easily tweaked via GP using an administrative login. Then logoff and replace the Default User profile. That way further personalization is possible after intial login to the "correct" defaults.
However, I think the other guy nailed an easier solution when he said to redirect the settings to a home drive network share so they're pulled in per user and transportable. Your problems arise when they mess up the settings and you have to delete them and start over. They will always mess up the settings.
I don't know how, but they will always find an option 30 tabs deep into the advanced settings. This option will invariably be wierd as hell. The stories I could tell...
These algorithms aren't supposed to be exported. It says so right on the strong encryption agreement info.
"If you are darker than this flesh colored crayon, you may not download the software. You are not made of flesh and therfore surrender all rights to privacy."
Aren't encryption algorithms exponentially harder to break once you add one letter, or even a new subset to the password brute-forcing system? Oh crap, they must've used capitals it's going to take longer than 30 days Mr. Prime Minister.
There are OSS tools to cascade several algorithms making it huge number * huge number * huge number * X^infinity possibilities that you'll ever know what was planned 6,000,000,000 years ago by some dumbass...or his porn collection contents.
Hasn't this been done before? It's usually the resell of a PC/Server complete with restore disks(hopefully already applied). That would include OS and bundled software right?
You've still bought an outmoded system. Where does this go without server or workstation hardware. Last I heard it's fairly difficult to get any kind of decent new hardware without bundled OEM licenses from guess who? MS. So if this transaction didn't include hardware, how is this cool?
Hey guys I've just obtained 20 NT4 server licenses with 300 CALs! Lets fire up our new dual processor/ 4Gig RAM/ 5 blade dual processor 2TB fiber channel storage server with $70,000 worth of VMWare and get down to business. bah!
Buying outdated server hardware and software is a fools game.
This could indicate however, the upcoming buyer's market for software?
You guys know this SSN thing was dictated by db schema developers. What's a good primary key...hmmmm...SSN! yeah that'll do. Hey that could also be a good default password. Yeah or login name! This is great as long as every other financial or educational institution doesn't pick up our idea.
SSN isn't the problem. Anytime you have a national universal "user id come password" you're asking for it. Inside a state DL#s are probably somewhat a commodity in dark hat circles. Though not as usefull in financial situations.
Isn't SSN and other more personal info available from credit reporting agencies with some $$ and a name for any jackass?
I just picture these "unfortunate" blog targets as vampires hissing and recoiling from the light. No mention that the blogs were lying or creating information. So they're telling the truth too much? Hell half the news outlets and executive branch can't stop lying. That's why these blogs work.
Excellent point, and the marketing spin would also be righteous. "Titleist 905T the driver astronauts use." Or "Titleist 905T the only way to achieve escape velocity."
Are you kidding? If I had several million to blow on a trip to space I sure as hell would do it.
I'd want to do stupid stuff too. Like put a tether on and fly around with a fire extinguisher rocket. I'd also probably be an idiot and shoot at the moon some. Then all us astronauts would run out and place space ball. I'm sure that'd be a sweet EVA.
I'd make most of my money back plugging Coke and Virgin Galactic. Then I'd make my own cereal called Space-O's which would really be fruit loops with different packaging and a charicature of my mug on it.
Eventually some aliens would catch my message in a bottle upside the head and be like...oh man, damn earthlings.
Open source demands higher quality by fostering innovation. What? It's out of control, we aren't innovative anymore! Lock it down boys! We'll deliver closed source solutions now, because some people are better at this than we are.
I had a huge comment to post replete with political stabbing.
My point was distilled to this: Make environmental damage unprofitable. Take control of the monetary machinery that funds environmental damage and fix it.
This is much like the belief that human nature is generally good and that the net effect of a communal effort will be good. All lies.
Survival and greed are the motivators. Use them to your advantage. May your advantage be shared among your peers. I hope that your peers are the majority.
Like I would trust my data to a terminal server (of any brand/encryption) unless I owned it. Aside from security concerns: how much would a subscription to extreme high bandwidth++ service cost? How much would a spot on a server with 1 gig RAM.5TB disk space allocated to just me cost....per workstation? Chances are these answers are $bigmoney / month. That's a monthly cost compared to a one-time cost. It would boil down to $technology replacement every 3-5 yrs vs $rental. Right now that falls on the side of the replacement.
Forget the legal liability that they just won't encumber for me to load DeCSS for personal media backups or some of my non-DRM ripped mp3s of CDs I own. Are they going to administrate my domain schema? is that extra? how fast can I do an ADSI hack when needed?
Try this one: Your entire office is offline because a storm has knocked out power to a poorly designed upstream NOC. You sell generators and have none of your client records or inventory database. Unless google's running these systems with their 3 shard techniques, I'd rather do it myself. Then I know that if it breaks I've already planned for it or my site is destroyed and it's my own fault for not co-locating enough.
ditto. You shouldn't learn how to hack, you should learn how to prevent it. Drawing a line between the two is pretty hard though. Learning how to hack is tightly related to learning how to prevent hacks. I think the author's point is that learning from practicioners is less effective than learning from "best practices" because you are forever behind the curve if practicioners are out of the loop. The fact is that many practicioners are simply highly skilled outsider, engineers very much in the loop with nearly limitless spare time dedicated to messing you up.
Learn what good coding means and do it, then you can ignore hacking practices. This is very idealistic as most people don't build a system thinking that it is vulnerable intentionally. Unless the vulnerability is "obscure enough" to be valid. No wait, that's MS common practice.
His point is to developers. Compartmentalize, secure, and validate EVERYTHING. Guilty until proven innocent. User, Processor, and network/storage overhead be damned. Check the stack every microsecond and verify in tandom. Generally, be perfect and only make perfect things. It's as easy as 1,2,3. Relegate computer use to experts only and found a colony of uber hackers that will process all informational transactions henceforth, forever.
He didn't mention eggshell security. "Hard and crunchy on the outside, and soft on the inside." AKA knight in armor vs dragon.
That is what parent was talking about, bringing botulism into the egg via needle or...whatever.
The solutions are many and varied. One solution is configuring extended ACLs (or whatever your vendor calls it) on internal VLAN routers to at least compartmentalize traffic. Could stop sasser or others that rely on access to client PCs. Sure you still lose a VLAN but overall, that's not so bad as the entire LAN. Hopefully you aren't a victim of the patch problem and are secure before it's exploited (at least on the servers, c'mon.)
Bad idea or not, it's better than crossing your fingers and hoping MS turns into a group of elite super coders, able to anticipate exploits before they happen and intuitively test the millions of hacks they used to make part X talk to part Y. Impossible due to permutations, but these guys are imbued with all of the genius of past experience and market dominance...right?
His default deny on code execution sounds cool until you think of the myriad holes. Are the initally launched program and its forks trusted? How compartmentalized is a functional javascript/flash/vbscript app inside a browser before it's restricted to eye candy only? How do you verify that a program is what it says it is? SHA3 hashes stored on read only devices only updatable by super users or universal signing? Think of the admin overhead on that. Oh, I've visited this new business-critical website and they've changed their certificate like they do every year or two. Can you fix it on 80 computers yesterday? Multiply by 1000.
Block port 25 outbound to the internet at least and host your own email..damnit. Of course, allow 25 for in/out of the MTA. Do it for me.
My favorite quote, source unknown, is "When things go bad, don't go with them."
Still doesn't stop a flawed SMB implementation from accessing an "everyone" share and erasing it when they have permission via ACLs. It will stop a sasser from hitting lsass on non-server machines outside of their VLAN. Hope those servers are patched(dumb idea but needed as of 9/2005).
What about the game who's forums are full of complaints about every since patch X, I can't play.
The steam system seems to introduce more bugs than it fixes, and yes I'm a victim of one. I've replaced my entire computer piece by piece trying to resolve this strange crash I have. After tons of tedius tweaking and redownloads, an OS reinstall (redownload), new video card, new sound card, motherboard/processor/RAM replacement, new HDD, and recently a bigger case and power supply.
The only common thread I can figure out is both cards are nvidia and processors were both AMD (XP and now 64).
Nothing was wrong with my computer before except it was a little weak, it still played most games fine. Now I've rebuilt it completely, thanks for the upgrade Valve. Still have the same problem and I'm done with it. $60 down the drain but good motivation for a new PC, I don't care to think about how much I spent on that.
Software curve of bugs vs. patches over time anyone?
I'm seriously considering dual-booting into a 64 bit linux and only keeping windows for the games made by good publishers as I've lost my passion for the last thing that kept me booting this crap.
Instead of this lame attempt to flank google desktop, how about refining data integrity. What happens when inevitably some unforseen combination of data causes your widget driver to BSOD "KMODE EXCEPTION NOT HANDLED" in the middle of a metadata update. Probably nothing good.
Not unless they increase that flash size to at least 4 GB, up the RAM to 256, and throw out any kind of processor that could run off of USB current, not to mention it almost needs to be an x86.
Slashdot Mirror
Isnt this something that is already going on? Antivirus vendors spread their bait emails and insecure servers around to contract stuff and then react to it.
I think they could be more productive if they just use the current IE flaw and incorperate it into a web survey asking if the user is over 40. Infect that, whitelist all current software on the machine unless it's known bad and report on new executables. Bam, you're done with your honeypot. Those old codgers will click anything! They catch it first and then their zombie sentinel reports home with it's newest malware.
I love google as much as the next person that likes being able to find what they want on the web quickly without crappage...but this just sounds inherently evil. How is this any different than listing the phone # on the click through add? Are you really more likely to call someone you want to do business with because you can do it (semi) anonymously? Who the hell are you doing business with?
;)
When I visit a web page it's because I don't have to deal with a (likely comissioned) salesperson. Oh you want what? Yeah, uh, we have those but you don't want that you want this other unrelated thing my manager told me to push this week.
Eh, whatever, like I have a choice in the matter. I'll never use this garbage and kudos to google if they've found yet another genius product. I'm just a jaded asshole anyway
^-- clicked submit too fast. You do see both advantages though. It is both fiscally and support-wise a vastly better decision to use Linux. I know that on Slashdot that I'm preaching to the converted. I guess I thought it was implied that linux was more stable/a better penguin for the job. The fiscal side of things were emphasized because really "at the end of the day" what puts food on the table?
If you can produce a fantastic widget based on free products plus your innovation and capitalize on distribution and support of said widget in a MAJOR way... Windows? what's that, you're fired! I imagine this was the fate of a windows asshat inside IBM during the blade center's initial engineering.
Can you imagine trying to purchase a mission critical virtualized server solution based on some sort of windows underbelly? I would tear my own fingernails off one at a time before I signed up for that hell...and paid twice as much for the privilege.
Sorry that I accidentally implied that choosing linux was for monetary reasons. That rhetorical question had the desired conclusion of stability/fitness for a purpose. I logged into an AIX box the other day. I was very pleased to see a Linux version on the prompt. (firm believer that HAL was both in the movie and will figuratively be in the future actually running linux)
As a devout atheist I take offense anytime 90+% of the world says things. All of these arguments about who's fairy tale leads to eternal rewards of varied value are stupid. What's even better is that most Republican Bible-thumping hard core capitalists believe in a bigass socialist monarchy reward when its all over. I'm totally pro capitalism, but I still find this incredibly funny.
What is scariest to me is that, at some point, this religious zealotry was actually an evolutionary benificial trait. It actually fires up a portion of the brain. There's no one religion, but any religion that's good enough fires up this "group think" module in the brain and makes shit warm and fuzzy.
Man, that's freaking scary funny. The best part is, to prove them wrong you have to die and find out for yourself...but you can't because you stopped supplying your thinking parts with oxygen at the critical time, you dumb bastard.
Accurate to a point. It isn't unheard of for a linux distro using windows technology emulation (kerberos) to break on an upgrade. That's really neither here nor there because it was either litigation or proprietary changes that brought it about. It borked my RADIUS server on Gentoo real good one day. emerge -u world ... sometimes not for the feint of heart.
Aren't Microsoft SALES figures always going to beat open source? Isn't this like saying more people bought Microsoft's Office suite than Open Office?
Fact is 80-90% of people using OO.org or Linux for that matter DIDN'T buy it. This is the stupidest metric I can think of to compare something that is mostly free with something that is absolutely overpriced. This works from one perspective - Vendors. And it only almost works, as the article noted, this is revenue not profit. From the IT manager perspective this is either FUD or MS marketing.
Did you know that garden fresh vegetables from personal gardens are drastically outsold by grocery produce? Bad comparison..my point exactly.
If you buy an IBM blade center with all the VMWare goodies, you're running linux even if you run Windows on top of that. Wonder why they choose that for a foundation? Because they're smart, that's why. They can sell you this $70,000 software setup and aside from in-house engineering and the licensing for VMWare, their overhead is unbelievably low. You just paid a programmer's salary for the year. If they sell 3000 units and have 1500 programmers/maintenance folks, that's 100% profit. I know my numbers are waaay off but even adjusted/scaled appropriately you see the cash cow this makes. You can almost see why the tossed their low profit PC stuff to Lenovo.
Why do people greenlight this "sky is falling" garbage?
I don't think he mentioned just using piss poor logic or insanely brute force methods whenever possible. I once had to clean up some code from a Masters CS degree holder, who did a thesis on fuzzy navel recognition using visual systems comprised of just this one picture. Not really sure but he couldn't code for sh#*.
..." Fill array with all the rows values. Do a sequential search until the record in question was found, change that record accordingly, complete loop to n anyway. "DELETE FROM ..." Then using the array, repopulate the table with INSERTS.
... SET x='foo' ..." Good thing he made more than me, or I would've felt smug. :(
His method of updating a row in a SQL table was this: Create recordset from "SELECT *
I was shocked that I could barely think of a less efficient algorithm...possibly doing an n^3 sort on the elements before rot 3 'encryption' and emailing them to himself. Manually saving that file and starting the second module up to do the decryption and inserts... that would've been worse I guess. Did I mention I only saw the code because it didn't actually work.
I let him look over my non-masters-degree-having shoulder when I deleted 90% of his code and replaced it with "UPDATE
It had nothing but a negative effect on his job, and if I didn't know better, sullied the reputation of his university.
I think you meant: tweak the settings that aren't easily tweaked via GP using an administrative login. Then logoff and replace the Default User profile. That way further personalization is possible after intial login to the "correct" defaults.
However, I think the other guy nailed an easier solution when he said to redirect the settings to a home drive network share so they're pulled in per user and transportable. Your problems arise when they mess up the settings and you have to delete them and start over. They will always mess up the settings.
I don't know how, but they will always find an option 30 tabs deep into the advanced settings. This option will invariably be wierd as hell. The stories I could tell...
These algorithms aren't supposed to be exported. It says so right on the strong encryption agreement info. "If you are darker than this flesh colored crayon, you may not download the software. You are not made of flesh and therfore surrender all rights to privacy." Aren't encryption algorithms exponentially harder to break once you add one letter, or even a new subset to the password brute-forcing system? Oh crap, they must've used capitals it's going to take longer than 30 days Mr. Prime Minister. There are OSS tools to cascade several algorithms making it huge number * huge number * huge number * X^infinity possibilities that you'll ever know what was planned 6,000,000,000 years ago by some dumbass...or his porn collection contents.
Hasn't this been done before? It's usually the resell of a PC/Server complete with restore disks(hopefully already applied). That would include OS and bundled software right?
You've still bought an outmoded system. Where does this go without server or workstation hardware. Last I heard it's fairly difficult to get any kind of decent new hardware without bundled OEM licenses from guess who? MS. So if this transaction didn't include hardware, how is this cool?
Hey guys I've just obtained 20 NT4 server licenses with 300 CALs! Lets fire up our new dual processor/ 4Gig RAM/ 5 blade dual processor 2TB fiber channel storage server with $70,000 worth of VMWare and get down to business. bah!
Buying outdated server hardware and software is a fools game.
This could indicate however, the upcoming buyer's market for software?
You guys know this SSN thing was dictated by db schema developers. What's a good primary key...hmmmm...SSN! yeah that'll do. Hey that could also be a good default password. Yeah or login name! This is great as long as every other financial or educational institution doesn't pick up our idea.
SSN isn't the problem. Anytime you have a national universal "user id come password" you're asking for it. Inside a state DL#s are probably somewhat a commodity in dark hat circles. Though not as usefull in financial situations.
Isn't SSN and other more personal info available from credit reporting agencies with some $$ and a name for any jackass?
I just picture these "unfortunate" blog targets as vampires hissing and recoiling from the light. No mention that the blogs were lying or creating information. So they're telling the truth too much? Hell half the news outlets and executive branch can't stop lying. That's why these blogs work.
Excellent point, and the marketing spin would also be righteous. "Titleist 905T the driver astronauts use." Or "Titleist 905T the only way to achieve escape velocity."
We will add your technological distinctiveness to our own. Resistance is futile. Developers! Developers! Developers!
Are you kidding? If I had several million to blow on a trip to space I sure as hell would do it.
I'd want to do stupid stuff too. Like put a tether on and fly around with a fire extinguisher rocket. I'd also probably be an idiot and shoot at the moon some. Then all us astronauts would run out and place space ball. I'm sure that'd be a sweet EVA.
I'd make most of my money back plugging Coke and Virgin Galactic. Then I'd make my own cereal called Space-O's which would really be fruit loops with different packaging and a charicature of my mug on it.
Eventually some aliens would catch my message in a bottle upside the head and be like...oh man, damn earthlings.
- Jack Handy's step-brother
Open source demands higher quality by fostering innovation. What? It's out of control, we aren't innovative anymore! Lock it down boys! We'll deliver closed source solutions now, because some people are better at this than we are.
If you're already in Linux, shouldn't you be using Evolution? IMHO its way better.
I had a huge comment to post replete with political stabbing.
My point was distilled to this:
Make environmental damage unprofitable. Take control of the monetary machinery that funds environmental damage and fix it.
This is much like the belief that human nature is generally good and that the net effect of a communal effort will be good. All lies.
Survival and greed are the motivators. Use them to your advantage. May your advantage be shared among your peers. I hope that your peers are the majority.
Like I would trust my data to a terminal server (of any brand/encryption) unless I owned it. Aside from security concerns: how much would a subscription to extreme high bandwidth++ service cost? How much would a spot on a server with 1 gig RAM .5TB disk space allocated to just me cost....per workstation? Chances are these answers are $bigmoney / month. That's a monthly cost compared to a one-time cost. It would boil down to $technology replacement every 3-5 yrs vs $rental. Right now that falls on the side of the replacement.
Forget the legal liability that they just won't encumber for me to load DeCSS for personal media backups or some of my non-DRM ripped mp3s of CDs I own. Are they going to administrate my domain schema? is that extra? how fast can I do an ADSI hack when needed?
Try this one: Your entire office is offline because a storm has knocked out power to a poorly designed upstream NOC. You sell generators and have none of your client records or inventory database. Unless google's running these systems with their 3 shard techniques, I'd rather do it myself. Then I know that if it breaks I've already planned for it or my site is destroyed and it's my own fault for not co-locating enough.
ditto. You shouldn't learn how to hack, you should learn how to prevent it. Drawing a line between the two is pretty hard though. Learning how to hack is tightly related to learning how to prevent hacks. I think the author's point is that learning from practicioners is less effective than learning from "best practices" because you are forever behind the curve if practicioners are out of the loop. The fact is that many practicioners are simply highly skilled outsider, engineers very much in the loop with nearly limitless spare time dedicated to messing you up.
Learn what good coding means and do it, then you can ignore hacking practices. This is very idealistic as most people don't build a system thinking that it is vulnerable intentionally. Unless the vulnerability is "obscure enough" to be valid. No wait, that's MS common practice.
His point is to developers. Compartmentalize, secure, and validate EVERYTHING. Guilty until proven innocent. User, Processor, and network/storage overhead be damned. Check the stack every microsecond and verify in tandom. Generally, be perfect and only make perfect things. It's as easy as 1,2,3. Relegate computer use to experts only and found a colony of uber hackers that will process all informational transactions henceforth, forever.
He didn't mention eggshell security. "Hard and crunchy on the outside, and soft on the inside." AKA knight in armor vs dragon.
That is what parent was talking about, bringing botulism into the egg via needle or...whatever.
The solutions are many and varied. One solution is configuring extended ACLs (or whatever your vendor calls it) on internal VLAN routers to at least compartmentalize traffic. Could stop sasser or others that rely on access to client PCs. Sure you still lose a VLAN but overall, that's not so bad as the entire LAN. Hopefully you aren't a victim of the patch problem and are secure before it's exploited (at least on the servers, c'mon.)
Bad idea or not, it's better than crossing your fingers and hoping MS turns into a group of elite super coders, able to anticipate exploits before they happen and intuitively test the millions of hacks they used to make part X talk to part Y. Impossible due to permutations, but these guys are imbued with all of the genius of past experience and market dominance...right?
His default deny on code execution sounds cool until you think of the myriad holes. Are the initally launched program and its forks trusted? How compartmentalized is a functional javascript/flash/vbscript app inside a browser before it's restricted to eye candy only? How do you verify that a program is what it says it is? SHA3 hashes stored on read only devices only updatable by super users or universal signing? Think of the admin overhead on that. Oh, I've visited this new business-critical website and they've changed their certificate like they do every year or two. Can you fix it on 80 computers yesterday? Multiply by 1000.
Block port 25 outbound to the internet at least and host your own email..damnit. Of course, allow 25 for in/out of the MTA. Do it for me.
My favorite quote, source unknown, is "When things go bad, don't go with them."
Still doesn't stop a flawed SMB implementation from accessing an "everyone" share and erasing it when they have permission via ACLs. It will stop a sasser from hitting lsass on non-server machines outside of their VLAN. Hope those servers are patched(dumb idea but needed as of 9/2005).
What about the game who's forums are full of complaints about every since patch X, I can't play.
The steam system seems to introduce more bugs than it fixes, and yes I'm a victim of one. I've replaced my entire computer piece by piece trying to resolve this strange crash I have. After tons of tedius tweaking and redownloads, an OS reinstall (redownload), new video card, new sound card, motherboard/processor/RAM replacement, new HDD, and recently a bigger case and power supply.
The only common thread I can figure out is both cards are nvidia and processors were both AMD (XP and now 64).
Nothing was wrong with my computer before except it was a little weak, it still played most games fine. Now I've rebuilt it completely, thanks for the upgrade Valve. Still have the same problem and I'm done with it. $60 down the drain but good motivation for a new PC, I don't care to think about how much I spent on that.
Software curve of bugs vs. patches over time anyone?
I'm seriously considering dual-booting into a 64 bit linux and only keeping windows for the games made by good publishers as I've lost my passion for the last thing that kept me booting this crap.
Instead of this lame attempt to flank google desktop, how about refining data integrity. What happens when inevitably some unforseen combination of data causes your widget driver to BSOD "KMODE EXCEPTION NOT HANDLED" in the middle of a metadata update. Probably nothing good.
Not unless they increase that flash size to at least 4 GB, up the RAM to 256, and throw out any kind of processor that could run off of USB current, not to mention it almost needs to be an x86.