Slashdot Mirror


User: 99BottlesOfBeerInMyF

99BottlesOfBeerInMyF's activity in the archive.

Stories
0
Comments
10,115
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,115

  1. Re:Criminal organisation on Should Microsoft Be Excluded From EU Government Sales? · · Score: 1

    Microsoft has never been accused of criminal violations...

    You are mistaken. That is understandable. Most antitrust cases begin as civil suits then are taken up by the executive branch and made into criminal cases (often after the person filing the civil case asks for intervention). Maybe you recall the Department of Justice V. Microsoft. Let me tell you, that wasn't the DoJ suing MS in civil court. The same applies in the EU. Antitrust offenses are criminal violations.

    The rest of your post was founded upon your misunderstanding so I'll not belabor the point.

  2. Re:Would *any* be an improvement? on AOL Jumps Into the Ring with Microsoft, Yahoo!, Google · · Score: 2, Interesting

    AOL+Yahoo doesn't strike me as being able to produce better services than Yahoo alone could. Or MS+Yahoo. Or any other combination.

    It does me. You see right now in some markets there is competition, but MS is one of the players and they are breaking antitrust law to artificially gain more market share. When they manage to have enough market, they intentionally break compatibility to undermine competition (illegally). Then they try to use that to move into the next market and gain share not by offering something better, but by tying it to something you already have to use because MS has monopolized it.

    Basically, anyone but MS, is a good company to merge with Yahoo. If it was AOL, at least we'd finally have broken the walled garden of instant messaging since AOL is committed to open protocols like Jabber/XMMP in open federation with anyone who wants to interoperate. It would pull all instant messaging except MS Messenger into using open protocols and would allow for limited interoperability with MSN.

    Can you imagine a world where you could have a GTalk account or a Yahoo account or an AIM account or an ICQ account or just an account on your company's internal XMMP server and it would allow you to send chat messages directly to absolutely every other IM user on the planet... without having to register five different accounts? Can you imagine that then extending to voice and video chats via Jingle and the like? Can you imagine being able to run your own chat server at your own domain and having it be able to talk to anyone and be able to use end to end encryption? That alone makes me hope for a Google or AOL merger, rather than MS getting 50% of chat and keeping it locked into formats that intentionally won't talk to players using open protocols.

    The bigger a company is, the more cultural inertia it has, the less willing it is to try something new. Would strapping AOL's "never change anything" mentality to any company make it better?

    AOL is very schizophrenic, but I doubt they would break any of the Web services Yahoo has, especially since most were acquisitions in the first place. They might even save some of AOL's stagnant assets.

    At least Microsoft has occasionally given one of its subdivisions such free-reign that it's been able to innovate (Microsoft mice, xbox360's networking features).

    Sadly free reign does not exempt one from corporate oversight or reverse their culture of criminal abuses. Two of those three divisions you mention are undermining free trade via antitrust abuse.

    Yahoo by itself is already producing tons of different services [wikipedia.org], on the off-chance that a handful will be successful.

    Most of the popular ones were acquired. Slowly the home grown ones are merged with the acquisitions to capitalize upon their popularity. I'm not trying to dump on Yahoo here. I have friends there who are really bright guys. it is just that it looks like someone will acquire them and I can see benefit to either Google or AOL doing so (save the chat industry) whereas MS acquiring them would almost certainly lead to more leverage to undermine the free market.

    Would that slowdown be offset by making some more likely to be successful? I doubt it.

    I think Yahoo chat would be more successful if it could talk to everyone (including any new players) instead of limited ability to talk to MS Messenger users.

  3. Re:Big Problem for MSFT on Should Microsoft Be Excluded From EU Government Sales? · · Score: 1

    As an European and an user of open source products I don't support this proposition. Microsoft has been punished already. Time to move on.

    Microsoft has been 'punished' for two particular abuses: media player and tying to their server OS. They haven't even been charged with other abuses that they have been convicted of in other jurisdictions, let alone the dozens of other obvious abuses companies have asked the EU to look into. On top of that the punishment for bundling Windows media player was completely ineffective and has not made any difference in the market. How about holding off on that "put it all in the past" thing until they actually stop all the abuses they've been convicted of as well as the laundry list of other abuses that have not gone to trial yet?

    Microsoft is already facing serious competitions and its dominant position looks less invicible than it used to be.

    MS has used their monopoly to slowly grow one monopoly into three as well as unduly large chunks of a dozen other markets and they show no sign of stopping their criminal acts. What exactly is it that you think is likely to fix the problem if the EU takes no action? Would you feel the same way if you were competing with Microsoft in say, the music jukebox space and had a better product, but could not bundle it with iPods or Windows because you did not already have a dominant product in a different, related market? If you player was easier to use, but did not support either Apple or MS's DRM and was offered as a stand alone download, do you really think it would have larger market share than WMP and iTunes, since the market was fair and a level playing field?

    Technically/Financially Open Source is the way forward for public services.

    Not if MS's abuses are not stopped. Open source is a clever legal hack to bypass many of the disadvantages artificially imposed by MS, but without a fair market, investment in OSS may never reach critical mass, especially if MS derails it with faux open source and other lock-in techniques.

    But if Microsoft can prove that their products are objectively better for an administration, then I see no reason why it shouldn't be used.

    The whole point of antitrust abuse is that you can artificially break competing products so it is in a buyer's best interests to go with the monopolized product unless they are such a huge buyer they can absorb the artificial interoperability costs and artificially high migration cost. Thats' the problem. The abuses must be stopped or you cannot objectively view products because the fact that a product is not the one from the monopolist will cost you money. That is why they are illegal to abuse, they undermine capitalist fair trade.

    Leftists such as this green party are taking it as an easy ideological shot against big companies (they hate them). I don't support that.

    Who cares the motivation, this is just a matter of does this law apply. If so it should be applied fairly just as it is against any other convicted monopolist. It's not like ideologically buying from IBM or Sun instead of MS is taking money away from big American companies.

  4. Re:EU is picking winners: Why. on Should Microsoft Be Excluded From EU Government Sales? · · Score: 1

    You're right in that I'm flying largely by the seat of my pants. The best evidence to support my primary argument is slashdot itself. I see a lot of antitrust articles go by and it feels like it's the EU is really just making a show out of this.

    Slashdot is not the mass media. It is a small subset of the population that is disproportionately affected MS's actions and more likely to have personal experience. I don't think the EU is making a show of anything. They have been very conservative.

    Initially the EU was dead on.

    EU commission's first action was with regard to the bundling of Windows Media player. You think they were "right on" with their so called punishment? Do you think RealPlayer or other makers of music jukebox software that don't have a monopoly or near monopoly to leverage are doing better and able to compete fairly? Do you think if you made a music jukebox player that was easier to use than iTunes or WMP, but did not play their closed formats or DRM would do well in the market today, taking share away from the existing heavyweights?

    The first EU ruling was so useless that even when convicted MS was not forced to stop the illegal action. They still bundle WMP and Windows; business as usual.

    They were doing what they needed to with the inqueries and investigations. They are also investigating every shipping product to validate that it is with in the bounds of antitrust law.

    Maybe you are not very well versed with antitrust law. Bundling IE and Windows is a blatant violation. MS has already been convicted of that action in the US. The EU has not even touched that particular abuse yet. The same goes for dozens of other, very blatant abuses. The EU has been very hands off with MS, trying to be diplomatic and hoping the US would actually take care of it where it would not create nationalist sentiments to cloud the issue. The EU has looked at Windows server and media player. They haven't touched DirectX, IE, MS Office, the Zune, the Xbox, or literally dozens of other, very obvious criminal actions.

    Yes, I agree that Microsoft's tactics in the EU were illegal, that was never my argument. But they have been punished for it, as well as for their initial non-compliance with the EU.

    They have been "punished" for a very small subset of the abuses that other companies have specifically asked the commission to look into. By most estimates their punishment including all the extra fines is still less money than MS made by their abuses, just in the EU. They've only been made to stop one of the two abuses as part of their "punishment." That is insanely lenient for a repeat offender and has done little to discourage MS's illegal business practices; rather they have confirmed MS's theory that crime pays.

    The judges may justify it differently. That's my issue. Are the judges making the punishment too harsh?

    I don't know about you, but in my book the law is ineffective unless the punishment costs more than the crime profited the criminal. I understand the EU's position. They're trying to play nice diplomatically, avoid any reasonable argument for nationalist favoritism, and give MS an initial warning before going after them for some of the other, really obvious criminal antitrust actions.

    As for the model of non-compatibility, this I can give hard evidence against.

    Then why did it take MS years to comply with the order to document their protocols that speak to Windows server?

    work a lot with file protocols, so here's what I've seen. 1) MSNFS is now built into Vista. MS has been working hard to play with Sun these past few years. NFS is a protocol that Sun owns and has made public. MS plays in that space for compatibility. Also, the MS SMB team has been working with the samba group to hammer out specs that samba can use. That's for both SMB 1 and SMB 2.

    First, Sun doesn't own

  5. Re:EU is picking winners: Why. on Should Microsoft Be Excluded From EU Government Sales? · · Score: 4, Insightful

    Ya see, it's that last line that I'm worried about. I don't think they do.

    That is certainly a valid opinion, if one I don't share and question your ability to support.

    One of the big things that open source offered to me was choice. Whether it's the megacorp, the small company, or open source. Which ever I chose to use. Restricting choice in any way is a bad thing.

    And it's that last line which I have issues with. Is restricting say, the choice of people to give large cash contracts to people who recently murdered their wives a bad thing? What we're discussing here is not a matter of one company being favored over another. All companies have to abide by the same laws. MS broke the laws and like anyone else who did that, they have to deal with numerous ramifications of that. People convicted of treason and espionage may be banned by law from serving in the military. Taking that choice away from the military is not necessarily a bad thing. This is the government we're talking about, not a private company. Unlike private companies, they are subject to all sorts of rules regarding their behavior because they exist only to serve the people.

    Here's the other thing I'm scared of, tying into the first argument. A couple of my friend working in IT over in europe (one in London, one in France (can't remember his city's name :)) on two separate occasions have said "we need this not to go too much further" in reference to the EU's actions on MS. They are starting to feel like it's just the EU is turning this into a publicity stunt instead of a judicial action.

    I think that's a very common feeling. It is my belief that very few people understand antitrust abuse, why it is a crime, and how it works. After a hundred years of living under laws that make antitrust abuse illegal, most people simply assume all markets are functioning free, capitalist ones and don't even understand that there are alternatives. When competing products are artificially broken via antitrust abuse, most people blame the victim, not understanding the mechanism of antitrust abuse. When one, successful company is punished for an action and people don't understand how monopolies can be abused, they often don't even understand how that action differs from legal behaviors by other companies. Certainly very few people look at the big picture of how free trade works in a regulated capitalist market to ensure continued innovation and lower prices. They take innovation and the relatively low costs for granted and while they may have some vague understanding that extreme socialism is "bad" and resulted in disaster in some parts of the world, they don't understand how or why or equate antitrust abuse to causing those very same deficiencies in their own economy.

    I apologize for getting long winded. The truth is, a lot of people feel that the EU's actions may be "bad" but at the same time very few of those people understand the reasons and very few have had to live with the terrible conditions the lack of those laws created in the past. (Cue the quote about those who do not understand history.)

    Lastly, and this is perhaps the most depressing part, I'm seeing more people yelling "yeah, take that MS" when someone else legislates against microsoft instead of focusing their energy on making software that is unquestionably the better choice.

    That is a very interesting choice of words. You said, "legislates against microsoft." Has any law been passed that applies to Microsoft and not everyone else? Nope. No one has legislated against Microsoft, they've just enforced existing laws against Microsoft because Microsoft built thier entire business model on breaking laws and then tying things up in the courts and paying fines and settlements, which they plan on being smaller than the cash they make from breaking the law in the first place. To date, they've been completely correct. The courts are horribly slow and ineffici

  6. Re:It's all tied together... on Should Microsoft Be Excluded From EU Government Sales? · · Score: 2, Insightful

    So, first thing. My current computers are more power efficient than my older ones. P3s are a power hog and my current Core2 Duo uses less power over the entire system.

    This is a very good point, but I think it is undermined by several other ones. First, power consumption is not he only environmental cost of hardware upgrades. Old hardware needs to be disposed of and has a lot of hazardous materials in it. Often, this stuff ends up in landfills, or being very messily recycled in the third world resulting in significant poisoning of water supplies. Even if it is recycled properly, that is an additional cost in both money and energy used.

    Second, the computing power needed and used for MS servers and desktops and alternative servers and desktops are not necessarily the same. For example, our server room needed to support both Windows servers and Linux servers, but for each Windows service we ended up running a separate piece of hardware, due to stability and multitasking issues. Newer MS server releases are better about this, but a lot of systems are going to be running older versions, especially in large, bureaucratic government agencies.

    and more goverment money that could be spent on an environmental or human health program that instead goes into the pockets of an American Corporation.

    So, should the US Government decide that it would forbid itself from purchasing anything from Europe as money would then go into the pockets of a European Corporation, you would support it?

    This is a very valid question. Supporting a healthy, free market versus purchasing locally is a very valid area for debate... usually. In this case, however, the question is not just between an American company and a European one. It is between an American company repeatedly convicted of antitrust abuse on a enormous scale versus other companies both American, European, and from other parts of the world. The "free trade" argument in favor of Microsoft falls awfully flat.

    Besides, the money would most likely go to a Corporation, just not Microsoft. You'd still need support for Linux or whatever other OS the EU chose.

    This is true too, and any migration is going to cost more money upfront. That said, for the long term, there is little to support the opinion that buying products from MS and buying products from other companies would cost the same. Whenever a company abuses a monopoly they can use that to extract additional money over time with forced upgrades because of the lack of competition. Linux, for example, is the epitome of protection from this type of ongoing cost as its OSS model allows multiple companies to bid for all ongoing development and service costs and in fact you are able to take competitive bids for every contract, as opposed to being locked into one vendor who can charge higher prices and count on the one time migration cost to dissuade you each time from going with another vendor.

    There have been a lot of studies conducted in Europe as to what the total cost of ownership for different OS's are and the majority have favored Linux. So no, it is not the same amount of money given to a corporation either way, in the case of moving from MS it may well be a larger amount going out initially and a lower amount going out over time... thus leaving more money for environmental or human health programs as argued by the previous poster.

  7. Re:Looks Good on Paper, but... on Should Microsoft Be Excluded From EU Government Sales? · · Score: 4, Insightful

    I think excluding a source of solutions (as bad as we claim it is, regardless) could have a negative impact on the market and competitive.

    You do realize that MS is under threat of being banned for the crime of undermining the free market and using criminal actions to make competing products artificially worse, right? How exactly would removing them from bidding on a subset of new contracts for the next 5 years negatively impact competition? There are still dozens of companies with solutions that could bid and compete with one another fairly. In fact, companies that have not bothered investing in those markets and competing because they knew it would result in very poor ROI, would now have financial incentive to invest in competing solutions. I really don't see how you think this would negatively effect competition.

    Of course Microsoft could be engaged in underhanded tactics (vis ISO standardization of Office Open XML..).

    Microsoft has been engaged in underhanded tactics and after years and years of slow court proceedings they were convicted. The law says that certain government agencies should not give new contracts to companies convicted in this manner for 5 years in order to insure that companies that have been following the law have a chance to compete, instead of having to go up against a company who may be winning contracts solely because their criminal actions have allowed them to undercut others or otherwise prevent them from providing a bid on projects.

    I'd like to think that Microsoft's ubiquity may very well have raised the bar/baseline for many different software products.

    You'd like to think that? Why? Most software products follow the standard market model. Investors look at a market and potential ROI. They then invest in the markets they think will provide the best ROI. When one company has a huge influence in a market, that allows them to use that influence to break compatibility with others, thereby introducing an artificial problem with that competitor. This means the "monopolist" can make more money with less effort to compete. It also means investors looking at the market see that investing in that market will have to account for trying to work around these artificial compatibility problems in addition to other costs, and at the same time they will always have a very well funded competitor who can take a loss in the short term to undercut them on cost. In short, very few companies invest in those markets and fewer products and innovations result. This is one of the main reasons why antitrust abuse was banned in the first place. It slows down innovation in a market, not speeds it up. I think you have a very wrongheaded idea as to what influence MS has had on markets. Think 8 years after the invention of tabbed browsing before most users saw it. Think 18 years since the first desktop OS to introduce spell checking for all applications, and 90% of users still don't have it.

    Ubiquity of the (somewhat decent, I guess) baseline bundled Windows Mediaplayer results in raising the bar in competing media players (iTunes, Winamp?, etc.)

    Are you joking? The top two media players are shipped by companies who bundle them with products they have a monopoly or near monopoly on. What does that say about the quality of the players themselves? They aren't competing based upon the merits of the players, but upon the relative popularity of Windows and iPods respectively. For years most users who tried ripping their CD collection put CDs into their computer, told it to rip them, then discovered it had ripped to WMA format and added DRM to prevent them from copying it to any other device, including the most popular portable player. Then consumers had to install different software or figure out how to change the settings and do it all over again. That is not quality. That is the epitome of a really, really poorly made piece of software dominating despite being horribly inferior, and pe

  8. Re:EU is picking winners: Why. on Should Microsoft Be Excluded From EU Government Sales? · · Score: 5, Insightful

    If Microsoft wasn't the best choice, why elminate them from the process?

    Microsoft has repeatedly broken the law to become the "best choice" by introducing artificial problems with competing products. It's the same issue as "should the government sign a contract with a concrete supplier who has the lowest price, but also has been repeatedly convicted of blowing of their competitors' factories and hiding bodies in the concrete they sell." According to the laws, no the EU should not be giving contract to either MS or this hypothetical concrete supplier.

    Who is going to benifit the most from this, and what is the connection to this group?

    It doesn't matter who benefits the most. The idea is for the the EU people to benefit by discouraging criminal acts that are harmful to them. If anyone else benefits, it is incidental.

    Is there an eu msft that they are trying to shepard[sic] to the big time, or is it simple corruption?

    Umm, I don't even understand what question you're trying to ask.

    Who wins with MS out of the picture?

    The people of the EU win.

  9. Re:Private means private. on Google StreetView Is In Your Driveway · · Score: 1

    Usually when you refute someone's points, you actually point out how they were incorrect. You did not. All you've done is rephrase my comments and expanded upon them, mostly in language that is less commonly understood by a lay person.

    I still say using the term 'civil trespass' is misleading. The common parlance is to say that no it isn't breaking the law there, but it may be grounds for a lawsuit. That is something everyone can easily understand and no one mistakes that for breaking a law, which is what most people infer from labeling it "civil trespass."

    Giving long diatribes with an air of authority on something you clearly know nothing about without (or even with) an appropriate disclaimer is what is misleading.

    You're awfully defensive about this. I made a few brief comments about what the laws in that jurisdiction were. It is true I did not bother making disclaimer about not being a lawyer, but that was because it is fairly irrelevant. You don't have to be a lawyer to understand what the law is in a given jurisdiction, nor to understand the distinction between a criminal offense and suing someone in civil court. Maybe you should just take a chill pill.

  10. Yahoo Video on Flickr Adds Video Capabilities to Service · · Score: 3, Insightful

    So let me get this straight. Yahoo bought Flickr. Yahoo merged their Yahoo Photos service into Flickr because it was already popular and people preferred it. Now, Yahoo is adding video to Flickr... but they still run a competing service called Yahoo Video. I presume they hope Flickr's popularity will rub off on video too and create a competitor to Youtube?

    Is anyone else sick of all these walled garden Web services? Wouldn't it be great if all the competing services would interoperate and then you could view anything from your choice of Web service, depending upon which interface you liked best? Some days it seems like Web 2.0 is just a step backwards to the internet of yore.

  11. Re:Private means private. on Google StreetView Is In Your Driveway · · Score: 1

    I strongly suspect you are confusing criminal trespass and civil trespass here. They are different things and may well have different rules, although something amounting to criminal trespass will almost always also be civil trespass.

    I think you are the one who is confused. My understanding is that trespassing is covered by the criminal code (a misdemeanor almost everywhere, usually covered by a fine). So called "civil trespass" would simply be suing someone one in civil court for something you refer to as trespassing. You can sue someone for absolutely anything you want, you just aren't likely to win in many cases. If someone were to trespass you could sue them and might even get damages if the courts thought they were appropriate. That said, trying to refer to a "crime" as "civil-foo" is confusing and misleading.

  12. Disruptive? on Xiotech Unveils Disruptive Storage Technology · · Score: 3, Insightful

    The result is quite impressive, a SAN that can practically heal itself, as well as prevent common failures.

    Maybe I'm missing something. I read their announcement and one of the articles on this new product. As near as I can tell they're selling SAN systems where instead of plugging in individual drives, you plug in a box with two drives in it. They paired this with some nice software for working around failed sectors and rewriting correctable drive problems. I guess I'm just not all that impressed. Is this really "disruptive" technology? It looks like evolutionary improvements and some nice automation to take some of the grunt work out of managing SAN.

    I'm, admittedly, not an expert on network storage. So what do people think? Is this really the best thing since sliced bread or just another slashvertisement someone hyped to sound like news for nerds and rehashing a lot of marketing weasel words?

  13. Re:Private means private. on Google StreetView Is In Your Driveway · · Score: 1

    They have no right to be on private property.

    Actually, this varies a lot by jurisdiction. For example, in both my state and in Pittsburgh where the event took place, it is only illegal to be on private property if their are posted "no trespassing" signs or if they are asked to leave and refuse (or are asked to leave and return).

    I'd mod your comment "-1, factually incorrect" if such a mod were available.

  14. Re:It's the Software Stupid on HP Unveils Small Commercial Linux Laptop · · Score: 1

    You forget that you'll actually be able to buy this one in the US. Sets it apart from the XO, which is apparently only for starving children in the developing world.

    You are mistaken, or perhaps looking at this from a different perspective. They (HP) removed the optical drive as a way to make sales to educational institutes. That is who they are marketing this to. The XO laptop is for sale to schools in the US. For example, Birmingham, Alabama purchased 15,000 of them.

    It is true that the XO laptops were never intended for individual sale anywhere (they are designed to work together as a mesh and with their dedicated server). Attempts to sell them within the US via the laptopgiving.org Website (buy one donate one) were pretty half-assed and I think that project was cancelled due to logistical problems and the fact that the laptops aren't nearly as useful as stand alone systems (leading to misleading reviews). The HP Mini-note (as they're calling it) may be available for sale to individuals as the ASUS Eee PC is. That is, however, a fairly tertiary point given the intended market for all these devices. For practicality, XO's are on Ebay if you really want one.

  15. It's the Software Stupid on HP Unveils Small Commercial Linux Laptop · · Score: 1

    Gee they're releasing a low end laptop aimed at the education market... and the software it will run will be... umm Suse Linux or Vista and whatever else you buy. Am I the only one that thinks this is a little lacking in the "innovation" department. I mean the OLPC project looked at the needs of kids for education and tried to meet them with a customized OS and software, with real innovation, and an accompanying custom server and worldwide internet service contract all at a much lower price than this.

    This is just pathetic. This competes with the XO laptop in the same way PC's compete with the Wii. This is just a generic low end laptop with an above average price point and some empty marketing hype.

    Hey HP, here's a clue for you. Why don't you copy the XO laptop's basic design, but with a better processor and ship it with both the OLPC OS and Vista pre-installed, maybe with an easy hardware switch so kids can actually switch OS's easily. Add some nice, customized software for one or both of those OS's that is actually aimed at the education market. Or here's another idea, ship it with Vista and a pre-installed VM running the OLPC in emulation with the option to run it in fullscreen mode easily and good hooks for all the hardware. Do SOMETHING to actually make this a better option for kids in education than everything else already on the market at a lower price point. Pre-announcing a new product that is an overpriced low end machine specifically without a CD drive is not going to cut it, regardless of how good your marketing hype is.

    I'm seriously disappointed by this crap and feel you just don't get it.

  16. Re:Designate Windows OS as Terrorist Tool on New Botnet Dwarfs Storm · · Score: 1

    I'd go one step further - make all but signed apps use managed code, like .NET. That code would only allow the app to access it's own data files, the users documents and optionally the network (and even then not on certain ports like 25

    Agreed. In fact I only meant to imply that the self contained "application is a folder" concept used by OS X and OpenStep provided a very easy way to quickly enforce such restrictions with very minor changes to the OS itself.

    I'd also argue that it is useful for applications to have the ability to write their own XML config files to a special directory external to itself, and have read access to the XML config files from other user applications. This facilitates several areas of functionality including:

    • - shared bookmarks for multiple browsers and version of the same browser and other such data
    • - config files that can persist once an application is not available, so if a user runs an application from a CD/DVD, flash drive, or network drive the config can persist across sessions and have system specific characteristics
    • - allow users to uninstall/reinstall applications via drag and drop without losing preferences
    • - allow for user/group/universal preferences that can combine and which are not lost/overwritten when applications are installed just for one user or group

    Apps would not be able to write binary data to files, only XML.

    This might be a step too far. I can see valid use cases for an application to need to generate binary data files for its own use. Rather, I'd allow the program to generate any files it likes so long as they are contained within its folder (and hence invisible to normal users) restricting them only based upon disk usage.

    Things like access control and passwords/encryption would be handed by the OS, and the OS could prevent access to files created by other programs until the user allows it (so no harvesting users documents).

    Again, I agree this could be very useful, but at this point you're going to have to put in a lot more work and have a very polished UI. lot of users want to install a program to open or modify files they did not create. Think image viewers, editors, PDF tools, text editors, etc. Applying such restrictions by default is fine, but there needs to be a really easy way for users to grant access to all files of a given type within their home directory and network shares.

  17. Re:How bad will i get flamed for this? on New Botnet Dwarfs Storm · · Score: 1

    How do you propose that the user decide whether to trust certain software without education? Do most users even know that Adobe phones home, and if not, shouldn't they be able to make an informed decision as to what's going on? Windows popping up a notice that some application is trying to access the Internet isn't going to be terribly useful information.

    The first problem is identify software and its source. To this end OS's should use a signing framework to verify that software comes from a given vendor and is a given, unmodified version. (Most OS's have such a framework but it is largely unused). While the user should be able to ultimately decide how much to trust software, I think it would be more useful for the OS to allow one or more data feeds that can certify the trustworthiness of software as well as define the correct operating parameters so that software can be jailed appropriately (against buffer overflows and the like). Data feeds should basically be trust ratings for companies and individual programs (and versions), as well as ACLs. Every program should also ship with a predefined ACL so third parties can simply verify it.

    Basically instead of installing Norton antivirus and/or McAffe and/or ClamAV, you subscribe to data feeds from the same. These can be paid subscription or free, third-party or supplied by the OS vendor. Instead of asking the user if he trusts each and every piece of software they want to install, you attempt to identify the software at install time. Once identified the software is assigned an ACL which can be supplied by the software itself, but is more likely a combination of ACLs from security vendors. If the software cannot be identified, (this should be rare) it is given a low level of trust and assigned a default ACL, or an ACL based upon the user specified software type (game, mail program, etc.). Then and only then should anything be user visible. You will be asked to rate your data sources (do you trust ClamAV or Microsoft or Symantec the most?). You might be asked to classify software, or you might be told the software is unknown, given a warning, and asked if the behaviors selected in the ACL that shipped with it are acceptable.

    Well, most of the education I meant was in knowing what to trust.

    The OS can make a lot of choices better than the average user. There is no reason Windows can't identify the signature of some program, verify the certificate, check to see if it is white or blacklisted, and provide sensible default restrictions for it.

    Do you trust that file that your friend sent you?

    A good first step would be verifying e-mail is actually from your friend. A good second step would be the OS making sure only input from the user to the authorized e-mail program is allowed to sign messages. That stops all the automated crap.

    Do you know enough to know that it might not be a picture just because it looks like one

    The user should never have this problem. OS's should make 100%, perfectly clear what is or is not a program. All this nonsense with file extensions and invisible file extensions has been an out of date disaster for long enough. If the OS shows you something that looks like it is a picture, it bloody well should be a picture. Further, if it is a corrupted picture intentionally designed to overflow your default image viewer, the OS should already have restrictions in place to keep your image viewer from accessing the internet, or any non-image files, or overwriting other programs, or pretty much anything other than opening and manipulating images.

    Better technical options would be nice, but you still have to know which option to choose.

    Currently the vast majority of the problem is the OS providing security that is not granular enough, via a very poorly designed UI, and giving users the choice of several bad options. Most of the choices users are given should never be user visible is

  18. Re:How bad will i get flamed for this? on New Botnet Dwarfs Storm · · Score: 1

    Signature-based detection is on its way out, and antivirus manufacturers are not adapting well. They have some heuristics that look for weird types of files, but they're not great.

    I agree heuristics are becoming more common and more popular (especially for network scanners). I disagree that signatures are going away entirely. Rather I think existing blacklists are still quite useful and I expect to see greylists combine a blacklist and a whitelist as well as granular ACLs coming to anti-malware over the next few years.

    UAC isn't really a solution, either. All it does is to train the monkeys that you have to click an extra time in order to get the banana.

    That is exactly what MS's horrible UI does most of the time. That does not mean it can't be done right though. The trick is to divorce the decision and the banana. Give the users better choices. (OK)(Cancel) is horrible. (Stop it from running)(let it run) is slightly better, but still not good enough. Give users the choice of (Run this but don't trust it)(Don't run it)(Run it and trust it completely)(Advanced). There is no technical reason why the OS can't run everything in its own sandbox and allow access to dummy files and resources if you don't trust something.

    Education is what's needed.

    I disagree. The first real step is divorcing trust and the ability to run software. The truth is all the software out there should be distrusted to some degree or another. We need to let users safely run software they don't trust, and I'm not talking about just trojans. I want to run Photoshop, but I don't really trust Adobe completely and I'm not too happy when I notice it trying to connect to some random ISP in Europe. I might want to run some random attachment in my e-mail. The OS should be facilitating my desire to run it without compromising my system and data. Until it does that you're just giving users two poor choices, don't run software or run it and take a big risk.

    As for education, computers are not good enough yet that a small amount of education is good enough. It takes a lot of work to safely run software you don't trust. Installing and configuring a VM, starting it, getting the installer into it, running it, saving the state or resetting the VM as is appropriate. Realistically, 99% of people are just going to take a risk instead and hope for the best. Education is great, but lets wait until we can cover everything the user needs to know to do what they want safely in an hour or so.

    Running without antivirus works to remove the perception of safe computing, making them actually think about the things that they're doing.

    Normal people are willing to take chances and they will and eventually they will bet wrong. I think modern antivirus is poorly designed. OS vendors should be providing all the plumbing and instead of installing one or more binaries that run randomly, we should be subscribing to feeds of data from one or more security companies. These should be more than just blacklists. They should be ACL parameters designed to let any given software run safely. I'm as interested in keeping Adobe from spying on me as I am in seeing if that othello game is really a trojan.

  19. Re:Designate Windows OS as Terrorist Tool on New Botnet Dwarfs Storm · · Score: 3, Interesting

    Of course, you could make code show what it will do upfront ("This program will create files in your home directory, but won't open any network ports, or modify any files it didn't create").

    Your argument here is interesting because of two points. First, generally restricting new programs so that they cannot do anything they want. The second and more focused point is preventing installers from writing files here there and everywhere. I think default ACLs to restrict programs are going to be very important to the future of computing. Keeping programs contained within a given part of the filesystem is also useful and I'd argue an approach that does well in this regard is the application packages used on OS X. It is a win in that it removes the need for installers in most cases (drag and drop beats running random code) and provides a folder where all an applications files can be stored. It allows applications to write to specific other locations, but just config files, not binaries and there are advantages to storing the config files outside the package.

    This is something that could be done (I think Microsoft's "managed code" is a valid template for this approach). But the UI is really hard to nail, and the user must still read and understand what's being proposed.

    I agree with this although I'd make a few points. MS's UI is a travesty. It is not just poor, but it makes the same UI mistake people have been complaining about for years. The "OK/Cancel flaw" has been well documented and explained by numerous experts. MS has little excuse for doing it all over again. Second, I think if you get to the point of asking users to authorize or deny specific activities it should only be as a last resort after several other passes that attempt to resolve the issue.

    Consider: "This program will modify system files and read any files on the system, and open network connections both on the local zone and the Internet", does the average user allow that to run? Perhaps not, but what if it's pron?!

    Has your OS certified this software is from a specific vendor? Has your antivirus provider certified this software as specifically safe or unsafe? Given that it is uncertified software from somewhere unknown I think it is very important to give the user good options. Don't give them buttons that say: (OK)(Cancel). Give them buttons that say: (Allow program_name to run, but restrict access)(Don't allow program_name to run)(Allow program_name to run and have complete control of the computer)(Advanced options). If they click the first option try running the software without letting it touch the network of system files and see what happens. If that fails automatically run it, but give it access to dummy files and network access. If that too fails, let it run in a clean VM with a bridge to the network (while watching that VM/network for potentially malicious behavior like running a mail server that sends a lot of traffic).

    Seriously, though - can an OS be secure, if it's users don't make rational choices?

    I think the key is to give the users good choices and only as a last resort after automated work by the experts has failed. Never give users cryptic choices. You have to avoid training users into thinking allowing access to programs equates to programs working. Right now clicking "OK" for most users is a conditioned response that people do like putting gas in a car. You click "OK" all the time to keep your computer running stuff. That association needs to be broken. Granting access should be a separate issue to whether or not a program will run. A user can validly want to run a program so they can look at porn, but still not trust that program. A secure OS should let them run it, but still not trust it. Let it connect to he internet and access a dummy address book file and take control of a dummy Webcam and install a keystroke logger in the VM and send that useless data to some third party. Then, the user can look at their porn and still be secure as much as possible.

  20. Re:Catch suspicious traffic at the ISP level on New Botnet Dwarfs Storm · · Score: 1

    Instead of filtering torrents, your local ISP should be redirecting their deep packet inspection efforts on thwarting spambots.

    ISPs do both, often with the same tool. The thing is, they can monetize detecting and filtering malware traffic for a customer by selling a premium service (which several ISPs do). What they don't do is sell that service to individuals, since the operational cost is higher than most users are willing to pay. Also, many network services don't sell a service based upon their cost plus a markup as would be expected in a free market. Instead they sell at prices designed to maximize profit. In most places you have no choice of cable providers, and that is currently the cheapest way to deliver broadband. Why would the cable company bother implementing a service that costs them money, but doesn't make them any more sales? Why would they offer this universally when it lessens the amount of transit traffic they are paid for? Why would they offer it universally when they can charge a premium to enterprises instead?

    With >90% of the internet being choked up with spam, shouldn't ISPs worry about spambots rather than P2P?

    The problem with malware traffic detection/filtering is not a technical issue, but a matter of profitable business plans. P2P costs them money because they over promise on bandwidth knowing most users won't notice or care. I say open up competition by reforming telcom regulations and they'll have this for individual in under a year.

    If spam is detected, a friendly email could be sent back to the source indicating that your PC is likely infected with malware.

    A lot of ISP subscribers don't use an e-mail account provided by their ISP. Ignoring that problem, such an e-mail would result in significant support costs as all the users called and asked them to remove the virus, or to argue that they don't. Also, most of the detection by ISPs is only granular to the level of a /24, not an individual IP, with NAT making it even more of a mess.

    Also, if more people ( not everybody ) switched to alternative operating systems such as Macs and Linux, (preferrably different distros) it would be much harder for malware to propogate, as they would have to split their efforts at hiding in many different targets and spreading between incompatible systems.

    True, but that is unlikely to happen. The US has not been enforcing antitrust laws against MS, and MS can artificially break other offering through intentional incompatibility and lock-in strategies.

  21. Re:Are you serious? on Comcast Blocks Web Browsing · · Score: 1

    National and state laws prevent cable operators from getting exclusive contracts. See 1996 Telecommunications Act.

    This is untrue in practice. The law as it is enforced prevents one cable company from being the only one allowed in a given zip code, but does not prevent two companies from each taking half of a given zip code and being the exclusive provider for that half. Attempts have been made to fix this in legislation, but none have passed so far.

    They are a de facto monopoly because of the cost of building the system.

    This is a large factor, but you have to take into account that taxpayers subsidized the cost of building those systems to the tune of hundreds of millions of dollars. Taxpayers are not subsidizing newcomers who want to build a competing system in the same location. To top it all off, the subsidized companies have completely ignored their promises they made to get those subsidies, because it is cheaper to donate to a campaign fund then it is to build out a system in the less profitable areas.

    Repeat after me: They do not get their monopoly powers from the government.

    Yes, I'm afraid they do. Try getting access to the last mile, public right of ways for homes. Just try to get permission in the average, medium sized american town. It just doesn't happen and often the regulations trying to create competition over the phone lines have failed. I tried to pay a third party to run a DSL line to my house and the law says Covad has to allow a third party to do it. Eventually said third party (Speakeasy) gave up and said they just didn't have the money to take the matter to court over an individual connection.

    They get it from being in a sector which is a natural monopoly.

    There is little or nothing "natural" about Cable companies' monopoly powers. In the early days anyone could string lines anywhere and it was ugly and lead to cascading failures of power lines, telegraph, and phone systems when a line fell down and took out everyone. Legislation to fix that problem basically ensured one set of power, phone and eventually cable lines in most geographical regions and that, combined with government subsidies that were given to only one entrant to a market have artificially created local monopolies.

    I'm not even trying to argue against the way the laws are intended to work. One system of lines that any party can sell services over makes a lot of sense. The problem is that Cable TV and internet access are very different things. One is a luxury and one has become a required service for doing business. Internet access should be regulated like access to electricity, and those laws enforced. Our current situation is because of corrupt politicians and lack of understanding/caring about those issues by the public.

  22. Re:Designate Windows OS as Terrorist Tool on New Botnet Dwarfs Storm · · Score: 4, Interesting

    Well, at least you have an opinion. It's really the mark of users that plain suck.

    I really wish this was the case, but OS vendors could do much much, much more to make their systems secure by default. As for the metric that users suck, sure they do. Last I read, however, compromises that had no user interaction were still responsible for more incidences than ones that have a user interaction component, There are a lot more trojans out there than worms that compromise machines silently, but the latter hit a lot more machines at a time and more often.

    Give all those same users who click on everything and anything that sounds vaguely interesting a nice, shiny new Ubuntu machine - ALL of the users mind you - so replace most people's Windows machines. See how long it takes those same people to be rooted.

    Actually, they would probably last a lot longer. The truth is, Linux is attacked less by automated worms so most users would fare better. It is not that Ubuntu is really much better for security than Windows (it is better in some ways, worse in others) but there is one big thing Ubuntu has going for it. Canonical does not have monopoly influence on the desktop OS market.

    Ubuntu currently has security that is appropriate to the threat posed by malware attacking it. Regardless if that security is currently better or worse than Windows, there is no reason to think Ubuntu would not continue to provide whatever level of security is desired by users. You see, Canonical sells services based around Ubuntu. Most of the contributors to Linux are users (either on a large or small scale) or are hired by users. If Canonical does not provide them with the security they want, they can and will go elsewhere. There are lots of Linux distros and companies selling services based upon it. In a worst case, Linux can fork to provide users what they need. Basically, is comes down to motivation. If Ubuntu is not good enough, Canonical loses money; ergo, Canonical will invest in security improvements so they can make more money.

    When Windows does not provide the appropriate level of security to make the average user happy, Microsoft does not lose significant money. In fact, in many cases machines are slowed down by malware such that the user does switch to a new vendor. The problem is, they switch computer vendors (from Dell to Lenovo for example) and Microsoft actually gets an extra sale out of it. Usually the influence MS wields in the desktop OS market makes switching to another OS vendor impractical or uneconomical, especially given MS's ability to break interoperability with other OS's and lock in user's via their data, applications, etc.

    Now what will you complain about? Their sucky OS?

    It is not even that Windows sucks on technical merits. They suck because they are the biggest target and they don't care. When I go down to the bar, I don't wear a bulletproof vest of any sort. When I browse the internet from a Mac or Linux machine I don't bother with sandboxing my browser or running it in a VM that resets every time I use it, or even running antivirus software scans. I don't need to. If, I take a business trip to Baghdad, I'll probably wear a vest. Most people would not think to do so. For someone at a tourist bureau in Baghdad to try to persuade people that Baghdad is a more secure place than Minneapolis is absurd. For them to argue that there are more troops protecting you in Baghdad than in Minneapolis is beside the point. For them to argue their are concrete emplacements and checkpoints to catch "bad guys" is likewise beside the point. The measures in place are insufficient to deal with the level of threat presented. This is true for Baghdad and Windows.

    And to answer your second question, if Ubuntu were regularly compromised in daily use, yeah I'd argue its security sucks. There is a lot of work that can be done to make every OS more secure for users, but for the most part only Windows has a big problem for normal

  23. Re:Are you serious? on Comcast Blocks Web Browsing · · Score: 5, Informative

    How come they still have customers?

    Their service is terrible and unreliable and they treat their customers like shit. This makes them a slightly better option than the local phone company.

    Are they a de facto monopoly?

    No. They are part of a government enforced duopoly. In most locations in the US only three companies have the legal right to use the right of ways that allow them to connect a line to your house. These companies are given an exclusive contract in most cases. They are:

    • The local power distribution monopoly. (Usually they stick to power but in a few cases they've started to roll out internet access over the power lines. The absurdity of such a plan speaks to how terrible the other options for internet in the U.S. are.
    • The local Cable company - provides cable TV and has expanded to internet access and phone service. In many places they are the only option for high speed internet. Right now I'm paying about $50/month for internet access from them and it comes with "free" cable TV. Of course it isn't free. In fact, internet without cable TV costs $60/month from them.
    • The local phone company - they have less coverage and the cheapest high speed DSL line I can get from them is $80 and comes with "free" local phone use. The phone company is the longest standing antitrust abuser and they treat all their customers like crap. Besides being more expensive they want you to give them all your personal information on a web form, just to see if they will provide service in your area. When I tried it, the Web form was broken and only worked in IE for Windows. Calling one the phone got me 20 minutes of muzac and then transferred to several people before anyone knew what DSL was.

    In short, internet access options in most of the US sucks. We've already paid more per person in tax subsidies to the network providers than many other countries. Sweden, for example has slightly less population density and had a huge embezzling scandal in their national internet drive. They paid half as much per person as people in the US, have on average ten times faster connections, better uptime, and pay about half as much per month as US citizens.

    The phone companies and the cable companies have lobbyists who legally bribe our politicians with campaign contributions. As a result, the good of the people isn't even considered. It is just a battle of whether a given law will give money to the cable company or the phone company. Either way citizens get the shaft.

    Where are the class action lawsuits...

    There are numerous ones making their slow progress through the courts, usually to end in a private settlement. One might actually go through sometime this decade, but the politicians has also been working on passing laws to grant retroactive immunity to network operators for malicious, illegal abuses under the guise of national security. There is little hope.

    ...and the antitrust regulations then?

    The antitrust regulators are appointed by the executive branch. Both candidate's parties in the last two elections received huge donations from hundreds of private companies and for some reason antitrust regulators i the US show little or no interest in prosecuting even blatant antitrust abuses. (In the case of Microsoft, they had already been convicted and the new appointees, changed the punishment from being broken up, to a small fine and a pat on the back.)

  24. Re:ISO dead, blog at 11 on OOXML Rumored to be Approved, Announcement Wednesday · · Score: 1

    The "science of computing?" You mean making computers easier for people to use?

    No. I mean advancing the state of the art in the field of computing. That includes all the software and hardware subsets, many of which have been retarded by MS's actions.

    As far as illegal business practices, they seem to have followed all the rules for the ISO standard submission process.

    What does that have to do with it? You can follow all the rules of any private organization you want, but that doesn't make your actions any more legal if you also happen to be violating antitrust law.

    It's been certified as an ISO standard.. so.. how exactly is that not a standard?

    If ISO certified that ostrich are geese, would that make it so? Standards exist with or without ISO. ISO used to be a body to help create and certify standards, and in this case they failed.

    Others can now implement it. ODF has it's failings as well; some even complain it doesn't describe the standard in enough detail to implement.

    Others can't implement it now because no version with the required changes has yet been published. Even then, others will never be able to implement all of it and there are portions that still reference closed code only MS has access to.

    Sorry, I didn't see any rulings that MS Office has a monopoly on office productivity software. Such a trial would be a big deal, just like the OS monopoly trial was.

    Maybe you should be more informed. MS lost such a case against the state of California in 2003 and had to pay 1.1 billion. They settled with the state of Minnesota in 2004. They settled with Novell (over abuses disadvantaging WordPerfect) for 536 million, also in 2004. I could go one, but those were three of the highest profile cases that included MS Office as one of the abuses.

    Also, Office didn't get to where it is becaue it was bundled. People have been paying money for it from the beginning.

    You seem to have some wrongheaded ideas about antitrust abuse. It doesn't matter how one gains a monopoly. Antitrust law is about preventing leveraging that monopoly into other markets and bundling is only one way. MS abused their monopolies by including support for .doc in Windows by default, strong-arming OEMs into bundling trial copies of Word, by using nonpublic APIs to make Word run faster and with more memory that WordPerfect and even refusing to reveal what those APIs were when developers from Corel tried to get MS to reveal them so they could get the same advantages in WordPerfect. All of those actions were pretty clearly illegal, and MS has settled numerous cases, for large sums of money as a result.

    So there's a huge install base because people want it.

    The problem is, some people don't want it, and would rather use something else, including freeware. MS, however, has taken actions which introduce artificial problems with those competitors. Secret file formats and formats that cannot be implemented by others such that documents can be assured to not "break" when opened in another program are one way MS has done this. Another, was refusing to take part in the creation of a document standards and waiting until all the competing companies had put a lot of work into ODF before creating their own, different standard for the same purpose. Both of those are abuse of their monopoly position to make it hard for people to use something else or switch from their product.

    Well, I suggest you get over it. Lots of inferior standards have displaced suprior ones. See TCP vs. the OSI stack.

    Ahh, but that particular example did not involve any illegal actions. This one quite clearly has.

    Besides, now that OOXML is a standard...

    This is called an "implicit statement." OOXML is not a standard and your asserting it is, does not make it one.

  25. Re:Seems to be up now. on A Screenshot Review of KDE 4 · · Score: 1

    Let me summarise the thread for you:

    Gee, it sure does seem easier for you to make up a fictionalized "summary" of our discussion rather than answer the questions I asked or respond to the many points where you were factually incorrect.

    Your line however that Linux copies only from Windows & not from OS X however is horseshit - pure & simple.

    I never said "Linux" doesn't copy from OS X. I said Linux on the desktop distributions have not only failed to successfully copy OS X, but in many cases seem to intentionally avoid including such features. I also suggested that OS X developers have done a reasonable job of copying Linux features. I further suggested that most people trying to compare OS X and Linux on features are ignorant of one or the other.

    You've done nothing to convince me otherwise, especially given the number of mistakes you've made in trying to assert otherwise and your refusal to back up your assertions. Claiming that "features" which aren't actually able to be used without installing third party software or compiling your own code using experimental projects should "count" is bunk. I don't count third party package managers in OS X's favor, because for the most part they are not very useful (because they are not included by default). The same goes for Linux.