Just for grins, I searched Google Groups for "Unisys". Here's the top-ranked post (angle brackets edited to correct html confusion, but otherwise verbatim):
1. Bill B
Nov 8 1996, 3:00 am hide options Newsgroups: comp.sys.unisys From: Bill B (b...@prolog.net) - Find messages by this author Date: 1996/11/08 Subject: Unisys/Arete 1200 ??? Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse
I have a Unisys / Arete 1200 and I'm not sure what I am going to do with it. I connected a Wyse treminal and it seems to work, but I have no Info about the machine, any help would be nice. Here is what is inside,
2) CPU32 boards.
2) 2/8 MB Mem Boards.
1) DMC Board.
2) HSDT/IOCP Boards.
1) GC/IOCP Board.
1) MAC Board.
2) Fujitsu HDs, 168mbs ea.
1) Tape drive.
If anyone has any info or would like any or all of this computer here is my Email b...@ptdprolog.net Thanks, Bill
2. Thomas Wyckoff
Nov 11 1996, 3:00 am hide options Newsgroups: comp.sys.unisys From: Thomas Wyckoff - Find messages by this author Date: 1996/11/11 Subject: Re: Unisys/Arete 1200 ??? Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse
That's a pretty nice system from the late '80s. You have 2 CPU's with 68030's, some memory (you'll have to pop out the boards. If they're full they're 8 megs each). The DMC is the memory controller, the HPIO is the tape and disk controller. The GCPIO board(s) are the terminal controllers, 8 terms per board. The MAC card is a frame that lets you use multi-bus boards in the Arete (ARIX now) system. It might have an ethernet or x.25 card in it. The 168 meg disks will cost more than a new Buick to replace if they go. The Army still has a lot of these systems, and I still get to work on one once in a while. Tom Wyckoff
1. Dependency analysis graphs for over 5000 system binaries
I'm stunned to learn this hasn't been an ongoing effort over the last 15 years. I had boldly assumed they understood the dependencies between all their code and actively managed it. To call this "new work" seemed silly to me. I gave this part, on a scale of one to ten, a zero.
2.... developing a design and engineering ethic...
Another goodie I'd count under "should have been done over a decade ago".
3.... re-architecting the kernel and IO subsystems for reliability, recoverability...
Darn - same comment.
4. Improving scheduling algorithms for application sets that require low-latency
This seemed like new stuff to me. But the way they described it scared the hell out of me. I'm having trouble envisioning how you can group threads scattered across processes (and the kernel, probably) such that they can be assigned a very high priority, and thus do the video trick. This has gotta trash quite a few existing data structures, and introduce a bag more. Since I can't picture how to do this cleanly, I had trouble getting excited about this one. Are they making a huge mess? And also, being an applications guy, and an old one at that, I'm more server centric, so playing gapless video didn't strike me has a big win that will change the world. In fact, regardless of who you are, I don't think your world will change because of this. On the other hand, if they have to introduce a bag of hacks to make this one work, maybe it will affect your world, although it may not be in the positive fashion you had envisioned.
5. "Just Fix It Now"
That's a great point. But to learn that backwards compatibility is an objective tells me that they have a large number of contraints they have to respect. Respecting such constraints will limit their ability to do things "right". How well they navigate the abyss between "Just Fix It Now" and "Do It Right" remains to be seen.
Would you care to enlighten the rest of us, with your infinite wisdom, of what is wrong with the NT kernel?
For those who can't read, I stated up from I'm an applications guy, not an OS guy.
Seriously, I'm interested in hearing what you think is wrong with the NT kernel. I suspect you have absolutely zero knowledge of what it is or how it works, and are just trying to spread the daily MS FUD dose.
Seriously, I don't think you are interested - it's clear from your tone you're more interested in squashing anyone who has quibbles with Windows. But for a more direct response, I'd say this: the x86 processor has 4 rings of protection. Windows and Linux only use rings 0 and 3. Some other operating systems on 4-ring processors (like OpenVMS) use all 4 rings and segregate the driver architecture accordingly. Since you're obviously an OS expert, you'll instantly recognize how this contributes to the kernel's stability.
The fact that it took until just recently to implement No Execute protection (in hardware and software) shows that security was not a core concern of Cutler or the others that designed it. Other operating systems (albeit older ones) have had that for years.
The fact that this is the 3rd redesign of the driver architecture in 15 years makes me wonder if they got it "right" this time. But since "right" is usually determined by the marketing folks in Redmond, rather than architects trying to do the right thing, I'm not holding my breath.
We're talking about the fucking kernel. Can you get that into your thick head?
For those who can't read, I stated up from I'm an applications guy, not an OS guy.
Although I work daily on Linux, Windows, OpenVMS and Solaris, I'm really not a rabid fan of any (ok, maybe OpenVMS, but it's got its issues too). Device drivers are done "right" in OpenVMS - only the stuff that has to run in ring 0 runs there. Everything else is pushed out to rings 1,2 and 3. Now Windows, Solaris, and Linux fans might not be aware of this, but there are actually 4 rings of protection available on the x86 processor (as is the case with the VAX and Alpha processors). Windows, Linux, and Solaris (I think) use only 0 and 3. Why they didn't use rings 1 and 2 for further isolation/protection I don't know - trade-offs of some kind (like performance), I suppose.
Actually the notion of throwing it out and starting over has at least some merit. By far the biggest contributor to the virus "epidemic" we're having is the homogeneity of our computing infrastructure. Whether it will happen this century or next, the only true defense against a virus that does widespread damage is to ensure our computing fabric consists of many operating systems.
At the moment the world is too busy trying to fix the unfixable (for every security measure there is always an attack), and perhaps it will take a few generations before we take the lessons of the Irish potato famine to heart.
Now I'm only half way through the video, but holy minimizer Batman, is that all they're doing?
So they discovered software dependencies and configuration management, error handling in the kernel, and reversed one of their previous errors - putting device drivers inside the kernel.
I'm no OS guru (I'm just an applications guy), but shouldn't they have thrown the whole mess in the garbage and started over? They're referring to the Vista kernel as "NT"!! It's freakin NT!
NT's karma has waned (especially this week). God help us - we'll be stuck with MS security holes forever.
Even MS will tell you - there's ton of licensed 3rd party stuff in IE. Do a Help | About in the current version and you'll see a partial list of credits. MS can't release this stuff in source form unless they renegotiate lots of licenses.
This issue has stopped other products from being open-sourced - it's not unique to IE by any means.
Fact = Malware is a problem Spin1 = Malware can be *reliably* detected Spin2 = Hardware is the answer
Lies = Intel will protect you from malware.
Nice PR work!
Until we address the root cause of our security woes, everything else is spin to ease those dollars out of our pockets. It's massively expensive to fix this problem, but we must be willing to see it: The homogeneity of our computing infrastructure is its gaping shortcoming. For any security mechanism we invent, the bad guys will build a crack. Until now we have focused on the the bad guy's "cost" side of the ledger - making it harder and harder, and thus more expensive, to find and build a crack.
Soon it will be time to address the "revenue" side of the bad guy's ledger, and indeed we've already started to some degree. Anti-virus products reduce the lifespan, and infectable population size, of a virus. This reduces it's overall effectiveness, or put another way, reduces it's "revenue".
We must reduce the value of much further, to the point where it won't be worth building the crack (in most cases anyway, Fort Knox et. al excepted). How? By ensuring that a crack can only work on a limited number of computers - which brings us back to homogeneity.
Windows for all, or Linux for all, and ANY ONE THING for all is a recipee for disaster (which, to some degress, and by some measures, is what we have today).
Mr. Hawking is unable to exceed Ms. Jameson's performance due to physical constraints, which I hereby declare outside the boundaries of this AI-related comment.
This "Real AI" is bullshit and I can prove it with this simple mind test: If they haven't made an AI that gives a top-drawer backrub and bj, what chance is there they've gone that far beyond?
Yeah you're right - escalation is much better term to describe the mechanism under scruntiny. Build away, but let's not tout it as "the solution", ok? Some of these white-paper-brainiacs think their darling solution is going to solve the world's problem once and for all and they're dead wrong. If it takes a bitch-slap with a stinky fish to wake them up, so be it.
That said, I have no more left in me for this argument. The underlying truth has been revealed ("move along, no panacea here"), and I will silently suffer the remaining naysaying, bad words and thinly veiled insults of you and everyone else like us.
I had another dozen thoughts about why I believe your gentle optimism is so gravenly misplaced, and here are two: 1) Virii will evolve to avoid honeypots. If you can't detect it, you certainly can't spank it with your signature stick. How will a virus detect a honeypot? Oh a bazillion different ways. Eg. No pr0n viruses, we die. OS signature is known? We die. OS Fingerprinting reveals a VM? We die. There's no fucking end to this shit. Anything you invent will be broken. Get over it.
2) Who the fuck built the perfect VM? When did this stunning achievement of mankind occur? Is every API in the thing proven to be 100% reliable against every possible input and machine state? And for all chipsets and bios combinations on which it runs? Will the global celebration be a day-off-work in my area of the US? Puhleeeze, I'm fucking dying laughing over here.
Your education in security will not be at my expense. The fact that a detector detected a worm that was not designed to evade the detector is nice, and likely the lowest of publicizable hurdles. It said "ma-ma', how nice.
This is an arms war and both sides are in motion. The proposed mechanism can be overcome by so many means (and combined means) it's laughable. This is lesson 1 of security: Any measure can be overcome - it's a matter of time.
Now don't argue about distributing signatures faster than the worm's velocity in the wild. If you don't recognize that is just another system that can be subverted, I won't talk to you anymore;-)
Well, move the boundaries all you want - if you're explicitly going after worms that directly transmit something, you'll likely detect worms that directly transmit something. Congratulations, you've detected one sub-type of infection. And the most common one. Coulda done that in VB.
Extensive web references notwithstanding, your approach to the matter seems more intellectual than practical. Get your nose out of the Web References Are Us web site and tell us how such a system would really work with today's Windows and today's internet.
I said it, and I'll say it again: The premise is fundamentally flawed.
Ever hear of a floating casino? When Windows Vista does away with all those reboots (see today's news), transient virii will become a reality. They will live until the next reboot. Months? A year or (gasp) maybe two ?
At Botnet Central they'll see members disappear as the reboots go by, and members join as new computers are infected. But on average, their floating botnet should do a great job of spam distribution, or whatever the currency of the day is.
On the bright side, only an as-yet unwritten super-feaky memory scanner could detect a transient virus on a running system - if it could at all. Even if it could detect "today's" transient virus, detecting tomorrow's may take months of work.
Well kids, back to the Nightly Reboot Routine - it'll be the only way to ensure your Windows Vista Virus Magnet isn't working while you're snoozin.
Final advice? Always choose the least popular operating system - or write your own.
You're missing part of the "reliable" equation. Both false positives *and* false negatives will ruin the proposed automatic system. Stick an arse-of-the-recording-world SONY disc in the honeypot and and watch desktop computers around the globe violently expel their SONY disks, decapitating nearby music workers. That's the (admittedly extreme) result of a false positive.
I said it, and I'll say it again with emphasis: This entire premise if fundamentally flawed.
Oh, and viruses that don't survive reboots will do just fine very soon. Microsoft's just-announce new feature in Windows Vista will allow you to patch most of the thing without rebooting. "No reboots" - that's the target. Every heard of a floating casino? Floating botnets are next.
The tinkling you're hearing isn't me - maybe you just peed yourself?;-)
Don't think so. I'm not gonna wade through everyone else's attempts to build behavior-based detection algorithms and other assorted gifts to mankind to find the inevitable holes in each.
You can't get 100% accuracy so you'll generate false positives or false negatives. This demands a human be in the loop or our "magic" sensor spews occassional garbage and knocks the lights out somewhere.
I said it, and I'll say it again: The entire premise is flawed.
The key here is *reliable* virii detection. Idle honeypot or not, I say you can't reliably tell the machine is infected, hence the whole concept is flawed. There is no magic.
I like the magic part where this incredibly advanced piece of software figures out that the machine has been infected. It's so smart, in fact, it can figure out what viral signature can uniquely identify it.
Ya know, if ya had some code that could reliably identify virii without signatures, wouldn't we all be running *that* on all our desktops?
It's an unlikely engineering premise that slapping on an after-the-fact-reboot-manager would yield useful results. If Vista hasn't been designed from the start for this, it's too late for varnish now.
So if, in fact, it was designed for this, why are we just hearing about it now? With a corporation this masterful with The Marketing Stick, there's likely something else going on nearby they don't want noticed.
Laughing my ass off... After all the screaming and yelling and spin-doctoring that guy has done over the last 25 years, it's pretty tough to believe anything out of his mouth today.
Personally, I believe the chair took a beating. How he justifies the statement that he didn't throw it... well.. he's been able to rationalize far greater lies in the past. The give-away: He used the word "honestly". Puh-leeeeze.
OpenVMS clustering, arguably the most mature and most flexible clustering available, was somehow omitted from IBM's view of the clustering universe. Why didn't they address hot/hot[/hot[/hot...]] configurations? How about Single System Image (every member boots from the same system disk) configurations? (These two are not mutually exclusive).
These two are the Holy Grail of clustering capabilities. Um, no wonder IBM didn't mention them. And only the grey-haired/.ers remember VMS anyway.
Slashdot Mirror
Just for grins, I searched Google Groups for "Unisys". Here's the top-ranked post (angle brackets edited to correct html confusion, but otherwise verbatim):
1. Bill B
Nov 8 1996, 3:00 am hide options
Newsgroups: comp.sys.unisys
From: Bill B (b...@prolog.net) - Find messages by this author
Date: 1996/11/08
Subject: Unisys/Arete 1200 ???
Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse
I have a Unisys / Arete 1200 and I'm not sure what I am going to do with
it. I connected a Wyse treminal and it seems to work, but I have no Info
about the machine, any help would be nice. Here is what is inside,
2) CPU32 boards.
2) 2/8 MB Mem Boards.
1) DMC Board.
2) HSDT/IOCP Boards.
1) GC/IOCP Board.
1) MAC Board.
2) Fujitsu HDs, 168mbs ea.
1) Tape drive.
If anyone has any info or would like any or all of this computer here is my
Email
b...@ptdprolog.net
Thanks, Bill
2. Thomas Wyckoff
Nov 11 1996, 3:00 am hide options
Newsgroups: comp.sys.unisys
From: Thomas Wyckoff - Find messages by this author
Date: 1996/11/11
Subject: Re: Unisys/Arete 1200 ???
Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse
That's a pretty nice system from the late '80s. You have 2 CPU's with
68030's, some memory (you'll have to pop out the boards. If they're full
they're 8 megs each). The DMC is the memory controller, the HPIO is the
tape and disk controller. The GCPIO board(s) are the terminal
controllers, 8 terms per board. The MAC card is a frame that lets you
use multi-bus boards in the Arete (ARIX now) system. It might have an
ethernet or x.25 card in it. The 168 meg disks will cost more than a new
Buick to replace if they go. The Army still has a lot of these systems,
and I still get to work on one once in a while. Tom Wyckoff
I see your point, but here's some of mine:
... developing a design and engineering ethic ...
... re-architecting the kernel and IO subsystems for reliability, recoverability ...
1. Dependency analysis graphs for over 5000 system binaries
I'm stunned to learn this hasn't been an ongoing effort over the last 15 years. I had boldly assumed they understood the dependencies between all their code and actively managed it. To call this "new work" seemed silly to me. I gave this part, on a scale of one to ten, a zero.
2.
Another goodie I'd count under "should have been done over a decade ago".
3.
Darn - same comment.
4. Improving scheduling algorithms for application sets that require low-latency
This seemed like new stuff to me. But the way they described it scared the hell out of me. I'm having trouble envisioning how you can group threads scattered across processes (and the kernel, probably) such that they can be assigned a very high priority, and thus do the video trick. This has gotta trash quite a few existing data structures, and introduce a bag more. Since I can't picture how to do this cleanly, I had trouble getting excited about this one. Are they making a huge mess? And also, being an applications guy, and an old one at that, I'm more server centric, so playing gapless video didn't strike me has a big win that will change the world. In fact, regardless of who you are, I don't think your world will change because of this. On the other hand, if they have to introduce a bag of hacks to make this one work, maybe it will affect your world, although it may not be in the positive fashion you had envisioned.
5. "Just Fix It Now"
That's a great point. But to learn that backwards compatibility is an objective tells me that they have a large number of contraints they have to respect. Respecting such constraints will limit their ability to do things "right". How well they navigate the abyss between "Just Fix It Now" and "Do It Right" remains to be seen.
Would you care to enlighten the rest of us, with your infinite wisdom, of what is wrong with the NT kernel?
For those who can't read, I stated up from I'm an applications guy, not an OS guy.
Seriously, I'm interested in hearing what you think is wrong with the NT kernel. I suspect you have absolutely zero knowledge of what it is or how it works, and are just trying to spread the daily MS FUD dose.
Seriously, I don't think you are interested - it's clear from your tone you're more interested in squashing anyone who has quibbles with Windows. But for a more direct response, I'd say this: the x86 processor has 4 rings of protection. Windows and Linux only use rings 0 and 3. Some other operating systems on 4-ring processors (like OpenVMS) use all 4 rings and segregate the driver architecture accordingly. Since you're obviously an OS expert, you'll instantly recognize how this contributes to the kernel's stability.
The fact that it took until just recently to implement No Execute protection (in hardware and software) shows that security was not a core concern of Cutler or the others that designed it. Other operating systems (albeit older ones) have had that for years.
The fact that this is the 3rd redesign of the driver architecture in 15 years makes me wonder if they got it "right" this time. But since "right" is usually determined by the marketing folks in Redmond, rather than architects trying to do the right thing, I'm not holding my breath.
We're talking about the fucking kernel. Can you get that into your thick head?
For those who can't read, I stated up from I'm an applications guy, not an OS guy.
Although I work daily on Linux, Windows, OpenVMS and Solaris, I'm really not a rabid fan of any (ok, maybe OpenVMS, but it's got its issues too). Device drivers are done "right" in OpenVMS - only the stuff that has to run in ring 0 runs there. Everything else is pushed out to rings 1,2 and 3. Now Windows, Solaris, and Linux fans might not be aware of this, but there are actually 4 rings of protection available on the x86 processor (as is the case with the VAX and Alpha processors). Windows, Linux, and Solaris (I think) use only 0 and 3. Why they didn't use rings 1 and 2 for further isolation/protection I don't know - trade-offs of some kind (like performance), I suppose.
Actually the notion of throwing it out and starting over has at least some merit. By far the biggest contributor to the virus "epidemic" we're having is the homogeneity of our computing infrastructure. Whether it will happen this century or next, the only true defense against a virus that does widespread damage is to ensure our computing fabric consists of many operating systems.
At the moment the world is too busy trying to fix the unfixable (for every security measure there is always an attack), and perhaps it will take a few generations before we take the lessons of the Irish potato famine to heart.
Now I'm only half way through the video, but holy minimizer Batman, is that all they're doing?
So they discovered software dependencies and configuration management, error handling in the kernel, and reversed one of their previous errors - putting device drivers inside the kernel.
I'm no OS guru (I'm just an applications guy), but shouldn't they have thrown the whole mess in the garbage and started over? They're referring to the Vista kernel as "NT"!! It's freakin NT!
NT's karma has waned (especially this week). God help us - we'll be stuck with MS security holes forever.
And in a related story: Female Masturbation Is Up!
Even MS will tell you - there's ton of licensed 3rd party stuff in IE. Do a Help | About in the current version and you'll see a partial list of credits. MS can't release this stuff in source form unless they renegotiate lots of licenses.
This issue has stopped other products from being open-sourced - it's not unique to IE by any means.
Where do these people come from?
Web 2.0 - A term for the technically illiterate denoting the passage of time
Best Practices - A term describing what the technically inept do to avoid getting fired
Web 2.0 Best Practices - What the technically illitate ask the technically inept do to, giving rise to the world's worst, bug-ridden software.
Fact = Malware is a problem
Spin1 = Malware can be *reliably* detected
Spin2 = Hardware is the answer
Lies = Intel will protect you from malware.
Nice PR work!
Until we address the root cause of our security woes, everything else is spin to ease those dollars out of our pockets. It's massively expensive to fix this problem, but we must be willing to see it: The homogeneity of our computing infrastructure is its gaping shortcoming. For any security mechanism we invent, the bad guys will build a crack. Until now we have focused on the the bad guy's "cost" side of the ledger - making it harder and harder, and thus more expensive, to find and build a crack.
Soon it will be time to address the "revenue" side of the bad guy's ledger, and indeed we've already started to some degree. Anti-virus products reduce the lifespan, and infectable population size, of a virus. This reduces it's overall effectiveness, or put another way, reduces it's "revenue".
We must reduce the value of much further, to the point where it won't be worth building the crack (in most cases anyway, Fort Knox et. al excepted). How? By ensuring that a crack can only work on a limited number of computers - which brings us back to homogeneity.
Windows for all, or Linux for all, and ANY ONE THING for all is a recipee for disaster (which, to some degress, and by some measures, is what we have today).
Mr. Hawking is unable to exceed Ms. Jameson's performance due to physical constraints, which I hereby declare outside the boundaries of this AI-related comment.
This "Real AI" is bullshit and I can prove it with this simple mind test: If they haven't made an AI that gives a top-drawer backrub and bj, what chance is there they've gone that far beyond?
It's a simple test, but effective.
Yeah you're right - escalation is much better term to describe the mechanism under scruntiny. Build away, but let's not tout it as "the solution", ok? Some of these white-paper-brainiacs think their darling solution is going to solve the world's problem once and for all and they're dead wrong. If it takes a bitch-slap with a stinky fish to wake them up, so be it.
That said, I have no more left in me for this argument. The underlying truth has been revealed ("move along, no panacea here"), and I will silently suffer the remaining naysaying, bad words and thinly veiled insults of you and everyone else like us.
I had another dozen thoughts about why I believe your gentle optimism is so gravenly misplaced, and here are two: 1) Virii will evolve to avoid honeypots. If you can't detect it, you certainly can't spank it with your signature stick. How will a virus detect a honeypot? Oh a bazillion different ways. Eg. No pr0n viruses, we die. OS signature is known? We die. OS Fingerprinting reveals a VM? We die. There's no fucking end to this shit. Anything you invent will be broken. Get over it.
2) Who the fuck built the perfect VM? When did this stunning achievement of mankind occur? Is every API in the thing proven to be 100% reliable against every possible input and machine state? And for all chipsets and bios combinations on which it runs? Will the global celebration be a day-off-work in my area of the US? Puhleeeze, I'm fucking dying laughing over here.
Warmest regards,
Your education in security will not be at my expense. The fact that a detector detected a worm that was not designed to evade the detector is nice, and likely the lowest of publicizable hurdles. It said "ma-ma', how nice.
;-)
This is an arms war and both sides are in motion. The proposed mechanism can be overcome by so many means (and combined means) it's laughable. This is lesson 1 of security: Any measure can be overcome - it's a matter of time.
Now don't argue about distributing signatures faster than the worm's velocity in the wild. If you don't recognize that is just another system that can be subverted, I won't talk to you anymore
Well, move the boundaries all you want - if you're explicitly going after worms that directly transmit something, you'll likely detect worms that directly transmit something. Congratulations, you've detected one sub-type of infection. And the most common one. Coulda done that in VB.
Extensive web references notwithstanding, your approach to the matter seems more intellectual than practical. Get your nose out of the Web References Are Us web site and tell us how such a system would really work with today's Windows and today's internet.
I said it, and I'll say it again: The premise is fundamentally flawed.
Merriam-Webster?
An on-line dictionary?
Fucking brilliant boys!
Ever hear of a floating casino? When Windows Vista does away with all those reboots (see today's news), transient virii will become a reality. They will live until the next reboot. Months? A year or (gasp) maybe two ?
At Botnet Central they'll see members disappear as the reboots go by, and members join as new computers are infected. But on average, their floating botnet should do a great job of spam distribution, or whatever the currency of the day is.
On the bright side, only an as-yet unwritten super-feaky memory scanner could detect a transient virus on a running system - if it could at all. Even if it could detect "today's" transient virus, detecting tomorrow's may take months of work.
Well kids, back to the Nightly Reboot Routine - it'll be the only way to ensure your Windows Vista Virus Magnet isn't working while you're snoozin.
Final advice? Always choose the least popular operating system - or write your own.
You're missing part of the "reliable" equation. Both false positives *and* false negatives will ruin the proposed automatic system. Stick an arse-of-the-recording-world SONY disc in the honeypot and and watch desktop computers around the globe violently expel their SONY disks, decapitating nearby music workers. That's the (admittedly extreme) result of a false positive.
;-)
I said it, and I'll say it again with emphasis: This entire premise if fundamentally flawed.
Oh, and viruses that don't survive reboots will do just fine very soon. Microsoft's just-announce new feature in Windows Vista will allow you to patch most of the thing without rebooting. "No reboots" - that's the target. Every heard of a floating casino? Floating botnets are next.
The tinkling you're hearing isn't me - maybe you just peed yourself?
Don't think so. I'm not gonna wade through everyone else's attempts to build behavior-based detection algorithms and other assorted gifts to mankind to find the inevitable holes in each.
You can't get 100% accuracy so you'll generate false positives or false negatives. This demands a human be in the loop or our "magic" sensor spews occassional garbage and knocks the lights out somewhere.
I said it, and I'll say it again: The entire premise is flawed.
The key here is *reliable* virii detection. Idle honeypot or not, I say you can't reliably tell the machine is infected, hence the whole concept is flawed. There is no magic.
I like the magic part where this incredibly advanced piece of software figures out that the machine has been infected. It's so smart, in fact, it can figure out what viral signature can uniquely identify it.
Ya know, if ya had some code that could reliably identify virii without signatures, wouldn't we all be running *that* on all our desktops?
It's an unlikely engineering premise that slapping on an after-the-fact-reboot-manager would yield useful results. If Vista hasn't been designed from the start for this, it's too late for varnish now.
/.er's?
So if, in fact, it was designed for this, why are we just hearing about it now? With a corporation this masterful with The Marketing Stick, there's likely something else going on nearby they don't want noticed.
What's under those rocks
Laughing my ass off... After all the screaming and yelling and spin-doctoring that guy has done over the last 25 years, it's pretty tough to believe anything out of his mouth today.
Personally, I believe the chair took a beating. How he justifies the statement that he didn't throw it... well.. he's been able to rationalize far greater lies in the past. The give-away: He used the word "honestly". Puh-leeeeze.
OpenVMS clustering, arguably the most mature and most flexible clustering available, was somehow omitted from IBM's view of the clustering universe. Why didn't they address hot/hot[/hot[/hot...]] configurations? How about Single System Image (every member boots from the same system disk) configurations? (These two are not mutually exclusive).
/.ers remember VMS anyway.
These two are the Holy Grail of clustering capabilities. Um, no wonder IBM didn't mention them. And only the grey-haired