The problem is that to an ISP, you're just a $50 check every month.
They're a common carrier. They shouldn't be passing judgement on what hosts do, although it would be nice if they alerted users to malware to make the problem more visible. If you want there to be a real financial motive to solve this problem, don't target the ISPs, target Microsoft. The root of this problem is their insecure OS not designed to cope with the internet ecosystem and most users needs. Break up Microsoft and this problem will be solved in short order because OS companies will have direct financial consequences to offering a product that does not do what customers want. And the best thing is all we have to do is enforce the laws already on the books instead of looking the other way and ignoring their abuses.
I don't see how blocking this is such a problem. If a machine suddenly starts pumping out email, the ISP cuts its net connection and phones the owner and asks about it.
...and half the time the customer switches to a different service that is not broken and the ISP loses money. If you want to solve this problem, there needs to be financial motivation to solve it. ISPs are common carriers. It is not their job to monitor what a customer is sending and restrict it. The real problem is that Windows machines are so easy to compromise and don't let their users know what is happening or give them the tools to stop it while still performing the tasks they want to do. Most customers would be happy to buy a computer that is more resistant to malware and does not slow down after a little while. The trick is reestablishing the free market so they have that choice.
It's a program. The user downloads it and runs it. It opens ports and talks over them, a user-level activity. Even OpenBSD would allow this to happen. It wouldn't happen in reality because the kind of people who run OpenBSD aren't going to run Trojans and may even have systrace policies.
OpenBSD has TrustedBSD to lock down untrusted programs from the internet. Most people don't use it and it is not the default setup, but do you have any doubt that if the trojan problem on Windows was suddenly just as common on OpenBSD that OS wouldn't make it the default right away?
Nothing short of capability-based OSes or Trusted Computing lockdown to approved software is going to stop this kind of thing. It's exploiting humans, and trying to protect the computer from its owner is an area where angels fear to tread.
Linux has SELinux. OS X is getting the same capabilities in 10.5. The BSDs have jails. Solaris has containers. The foundation is there, it just needs to be brought to the masses. While you phrase it as protecting the computer form its owner, that is a little glib. The truth is, most owners don't know what their computer is doing and don't understand that they are working in an all or nothing trust situation. Try explaining it to the average Windows user. Most of the them are incredulous and disbelieving. They just don't believe that clicking on something that appears as nudepic.jpg can install a program that takes silently over their computer completely and starts sending spam e-mails to the people in their address book. They don't believe it for a good reason. It is idiotic to have such a system given the state of Windows malware.
By default new software should run in a sandbox. It should have access to nothing but its own directory and the files it creates there and maybe a few official well crafted services.
I guess they might just be relying on MAD, but it seems to me that the holders of the 2 largest software patent portfolios would want more assurance than that.
IBM holds the largest patent portfolio in the US as far as I know, but I don't think Microsoft is even on the top 10 list. I've worked with several companies that do a lot of business with both of them and with former employees of both of them and I've never even heard a rumor of a patent agreement between them. That doesn't mean there is no such agreement, but I'm not sure I'd call it likely.
I'd still rather have implemented the cool OS X feature even if nobody can see the source code.
Okay, suppose you work for some random contract company and write the code to let OS X do fast user switching. Would you rather that code was released as open source and implemented in OS X and possibly other OS's as well, or would you rather it was released as closed source, guaranteeing it only is released on OS X? Because as a developer for hire, those are the main options. Sure some clients will require open or closed source, but while closed source might lead to more opportunity for you to rewrite the same code, open source is more likely to make given code widely distributed. For another analogy, assuming you wrote OS X's zeroconf implementation, would you rather it was closed and only on OS X or open and used on OS X and then copied into Linux distros and Solaris and ported to Windows?
The problem isn't "Windows is insecure", the problem is that people are given a general-purpose computing instrument and they want a web & email appliance.
Sort of. People want a little more than the web and e-mail. They want word processing, games, and maybe a few other applications. But OS's are not designed to meet the needs of the common user, and they should be set up with defaults that make sense.
Most of this stuff is not installed because of security exposures in that allow stealh installations because of exposures in email readers and web browsers. It is installed the same way the user would install any other "desired" program.
Actually, the majority of infections are the result of worms that have no user interaction, but this particular threat is a trojan. Trojan's can be mitigated but it requires more finely grained security, a better UI, and better defaults. For the average user, no program not pre-instaled should have access to send mail or access your e-mail address book without the user specifically enabling that behavior.
They user just doesn't know they don't want it.
The user does want it. People want to run untrusted executables. They want to open random, untrusted data. The problem is that Windows does not properly tell them what is data and does not let them easily run untrusted programs in a restricted sandbox. Ask the average user if double clicking on "nekkidladies.jpg" lets something send thousands of e-mails from their computer. Most think it can't. Most think nekkidladies.jpg.exe should be shown as a program instead of data. Most think even if it is a program it should not be able to send e-mail without the OS telling them that is what it is doing and giving them the option to stop it. This is the failure of the Windows. It should restrict these behaviors by default for unsigned/verified applications downloaded from the internet.
Solution? Give people appliances not general-purpose computers.
It won't work. People want to run random programs and games and whatnot. The solution is not to remove functionality, but to restrict functionality by default and present options to the user with real information and a well made GUI. People should have a choice of e-mail clients, but at the same time they should be given a choice whenever a program they install wants to start sending e-mail. "Program 'Verious 2.7' wants to access your e-mail address book and send e-mail messages (stop it from accessing my addresses and sending mail)(let it access his data and send mail once)(Let it access my addresses and send mail always)(Advanced options)."
The average user can understand that and make reasonable choices. OS's need to be coded to give them that info and that granularity of choices with a good UI.
I don't see why the government doesnt go after companies using spam as a selling technique. They still have to recieve money somehow and that can be traced.
In the case of this trojan, it is advertising for stocks, which some people invest in. People who get the spams as well as the scammers. The stock goes up, they sell (along with some random people and some who got the spam). The stock crashes back down and most people lose money. How do you know which investors were scammers, scammed, or had nothing to do with the scam?
For scams advertising products, sure most of them are done on behalf of the company, but without proof you can't go after them. Otherwise, I could just send spam advertising your company and they would arrest you despite no wrongdoing on your part.
Seeing the complexity of a botnet like this is scary. The people responsible for this kind of thing are intelligent, always evolving and don't care about any of the repercussions of their actions.
Yeah, but you should see the security guys... way smarter.
It seems that any proposed solution we can come up with to combat spam will just be worked around shortly after it is implemented.
That depends upon the nature of the solution. This is not an unsolvable problem. It is mostly a matter of motivation.
The software uses proxy servers to avoid blacklisting bot IP addresses, harvests email addresses from the infected machines and randomly changes images used in image-based spam to throw off anti-spam technologies. The people behind this are clever. How can we compete effectively?
Two days ago a large number of enterprises and ISPs were handed a signature that lets them find and monitor this trojan on their networks. I can pull up a list of infected hosts for a class A right now. The problem is the effort needed to fix all these machines and make them harder to compromise in the first place. That begins with fixing Windows.
Now don't get me wrong. Windows is not that much worse than average for trojan detection and containment. But, most other OS's don't have much of a problem with them, so they aren't really driven to implement solutions that might inconvenience them in other ways. Also, some of the UI choices in Windows are very poor and make creating a real solution harder. Make no mistake, this is a security problem with a very large user interaction component. The normal half-assed UIs MS creates won't cut it. MS should have implemented a system to mitigate this problem in 2000 at the latest. They haven't because they are not motivated to do so. It just doesn't cost them many sales.
My solution to this problem is simple. Use the free market to motivate the creation of several solutions and let the best one win. Just enforce the antitrust laws against MS and break them into several companies forbidden from any unmonitored communication or collusion. At least two companies should have complete rights to the Windows source code and IP. Greed will take care of the rest. The one to give customers what they want will get a lot more sales and since interoperability will no longer be a lock-in mechanism other OS's like Linux, OS X, and newcomers will be able to take market share as well. This will not only spur innovative solutions to this problem, but it will shatter the monoculture that makes exploiting huge numbers of machines with one hole so easy.
This will happen about the time our electoral process is reformed and the legalized bribes in the form of campaign contributions and lobbying are declared treason and punishable by death for both the politician and lobbyist. That is to say, this will probably never happen.
So, if there is "infringing" IP in Linux, is there a liklihood that similar infringements have been made in Apple's code?
Yes.
It sounds like Ballmer is saying that MS has so much of the system tied up in IP that effectively everybody who writes an OS which can interact with MS software is infringing.
Yup, but the same is true for Apple's IP, IBM's IP, Sun's IP, etc. Patent wars are sort of a mutually assured destruction option. Imagine if all of those companies were simultaneously stopped by the courts from distributing their OS's. Our patent system, especially with software patents, is an absurd mess.
Does Apple have cross licensing?
Apple does have some agreements with MS, including a license to the Windows API as of 2000, I believe. I don't think this is important. Companies that actually make things generally have patents and are infringing patents and know better than to actually sue, rather than just threaten. The real danger is from patent litigation companies who own patents, but make nothing. They can sue confident that they are not infringing other patents. MS would be moronic to actually sue, rather than just hint they might as a PR move.
I'd like to see IBM counter with a publicized statement that says "Windows appears to be infringing 12,440 of our patents, (or whatever number they can pull together on short notice) and IBM is considering our litigation options. We're not saying we'll get an injunction to stop Vista from shipping, but we haven't ruled out that possibility. Oh, and the Xbox 360 is infringing 130 patents and we're going to court over them right now."
IBM has more patents than god and the legal muscle to cause a big hurt on anyone. If they rattled their saber in response and maybe took a quick jab at a peripheral project of MS's, like the Xbox, MS would probably shut the hell up in short order.
The American Gaming Assocation (MGM, Harrahs etc) is opposed to federal restrictions on online gambling... so who was lobbying for the casinos ?
I believe in this case it was a consortium of native american casinos, which are much more numerous than the AMA's interests and also benefit a lot more from location than brand, making online gambling more of a danger to them.
False dichotomy. Would you rather be the one to develop the fast user switching graphics code for OS X which gets seen and admired by millions or the guy who writes some obscure Drupal plugin to let you rate image uploads that will only be seen by a handful of nerds?
No, it isn't a false dichotomy. How many people have seen the code for the respective features?
Gambling at casinos is very tightly regulated by the government.
This is true for native reservation casinos, but I'm not sure it applies to casinos within regular land. Vegas, for example, answers mostly to the Nevada gaming commission, not the feds.
Though, that said, I have to say that I personally think the real reason the government now forbids online gambling is because they don't get the tax revenue from it.
I don't think you understand how our government works. It doesn't act in the best interests of the government, per se, but in the best interests of the individuals running it. The government is happy to give away billions in subsidies if it means they get a few hundred grand donated to the party campaign fund.
If you've been following the news maybe you've heard about the recent lobbying scandal where a lobbyist who works for many different groups including a consortium of casinos was busted for bribing members of congress. Hmmm, what could those casinos be bribing members of congress to do? What is it they might want? Maybe outlawing the competition?
Does our government have any constitutional right to outlaw gambling? And even if they do, doesn't the lottery exhibit gross hypocrisy?
No they don't have any right. This is simply the result of successful lobbying by the casinos. Since when does it matter if it is unconstitutional?
The same can be said of prostitution and many other illegal things.
You chose a bad example. Prostitution is not illegal in the US. Most states have made it illegal, but that is a different topic.
Really, our government should be protecting our rights, however trivial, unless there is an obvious, and scientifically-supported public health/safety reason to do otherwise.
Yeah, if only here was a method we could use to elect people that would do that. Unfortunately, the majority of people no longer value freedom. This includes both democrats and republicans. Most people think it is perfectly fine to pass laws that take away the rights of others if other people are doing things they disapprove of. The last time I pointed out freedom for individuals to make choices I was told "you're afraid of the democratic process." Freedom is dead as cultural value. It lives on only for a tiny minority and as a buzzword for corrupt politicians trying to pass another law to remove more of it.
And what... exactly... is it that microsoft is the only supplier of?
They were found guilty of having monopoly influence on the market for desktop operating systems. This is not to say they are necessarily the only supplier, merely that they have enough influence in that market to bypass normal competitive forces.
Maybe.... Desktop OS? wrong.
Interesting. Congratulations you've been promoted to the position of CEO ate Gateway computers. In building your computer systems you need to acquire an OS to pre-install if you're going to get any sales. What choices do you have that won't (put you out of business / get you fired)? That would be Windows.
By saying that my analogy is wrong because it doesnt include a monopoly means that you believe Microsoft IS a monopoly, in which case I would have to ask you why you dont feel that open source software can compete with Microsoft.
Yup Microsoft is a monopoly, that has been pretty well established in courts around the world by now. In building computers Linux is not a viable option because most software won't run on it, people can't use their old software on it, and most ISPs won't (support it/hook it up).
Why do you feel that Mac cant compete with Microsoft?
We're talking about the OS market, not the computer system market. Apple won't sell their OS to Dell or Gateway, so they are not in that market. Instead they maintain a complete vertical chain of supply and compete in the computer market.
I don't know why you copied a chunk of my post and put it at the end of yours without any comment, but whatever. Did that clarify anything for you? Arguing that MS is not a monopoly is about 5 years out of date. They are. Courts around the world have agreed. Every respectable economist agrees. Give it up.
How about it's cheaper because the quality is less than 1/10 of that of a CD, let alone a SACD or DVDA?
You're thinking along the same lines as the HD-DVD and Blu-ray people. The fact is, most people don't notice or care about the minor difference in quality of the signal. I can't tell the difference between a FLAC and a 192 MP4 on my car stereo, especially with wind and road noise. Even on my fairly nice stereo setup, the difference between them is not a deal killer. If you're talking about my analog wireless, outdoor speakers by the hot tub, forget about it.
And while download bandwidth costs money, it is mostly the convenience that people want. They'd rather have it fast and now, even with some minimal DRM than wait to buy it in a store in person or even wait hours for a perfect quality download. The same is going to hold true for video.
I don't see his logic. Americans might demand faster connections and more storage space, but they're not going to get it before the Blu Ray and HD DVD player become mainstream.
Look at ti this way. HD-DVD and Blu-ray provide more space for higher definition video and a few other features. Internet download movies currently provide convenience of acquisition and storage and potentially lower prices. The market is demanding the latter more than the former. Faster connections are becoming much more common, more in other countries than the US, but the trend is clear. I think this will lead to movies via download gaining more acceptance than movies via new disk formats. Really, not that many people are willing to invest so much for such a minor improvement in video quality, but they are wiling to invest in not having to go anywhere or swap out disks.
There are a number of things I could write about and slap them up on the internet for people to read, and while they would be quite factual and well written, someone not familiar with the subject would have a hard time telling if that were the case. After all, there's no reason to trust me -- most people haven't a clue who I am. And even if I were to add references, I could either make them to general works, or to obscure works that most people wouldn't bother to track down for verification. The problem is even worse when you're dealing with sites like wikipedia. Some of the articles are indeed authoritative, some are utter crap, and some are in between. And of course there's the problem of authoritative articles that have been made subtly inaccurate.
What you say is entirely true, but it also applies to printed works and academic papers. The problem is, how much effort goes into verifying the accuracy of some information. This is why the trust process of peer reviewing is so important, but even that can be undermined. Quite simply, don't believe what you read or hear or see. Operate under the assumption that anything might be staged or faked and then act based upon your estimates of the probability of that.
*Most* people are terrible at critical reading. Just terrible. For that matter, most people don't really like to read at all.
I find this entire thread greatly entertaining. I think most people are very poor at critical thinking, including critical reading skills because it is not taught in most public schools. Logic, reasoning, critical thinking, and the rhetorical method should be foundations for much of eduction, but they aren't and I have a number of hypothesis as to why. First, students equipped with such skills would quickly overwhelm the average underpaid teacher with questions they could not answer. Second, it is hard to do mass testing on students to determine their ability in these areas, especially compared to short term memorization, the primary skill taught and tested today.
Bringing this back to the current topic, did anyone who read the article critically notice that is was part of an attempt by a company that sells testing services to demonstrate the need for a new test they have constructed? So without the methodology of the test explained, I'm not sure how much credence to give to this particular "study."
MS has never been prosecuted by the DOJ under criminal law. Look it up.
Well, according to the DoJ Web site they were in 1995, with regard to different monopoly abuse... but for the most part you're right. The main case was the DoJ suing MS in civil courts for breaking criminal law, using the aforementioned voodoo.
The Thai information minister is right in that the motivation in closed source software to write good code (read code that sells better) is generally higher than that of open source software (even though there are very many exceptions of course).
I disagree. Most closed source software is written for sale to a given group of users. Most of these coders have little or no benefit since most places they don't make more money if the company does. Most open source software is coded by users. There is a lot more motivation to code something well when you are going to have to use it.
And, in general, companies like closed source for the simple fact that they have known support and someone they can blame in the case of a disaster. But he is also awfully wrong as to why this is.
I don't know where you work, but we buy support for both open and closed source software as we need it. I don't think we've ever had a problem finding someone to support OSS and usually have a selection of several companies as opposed to just one which is the norm for closed software.
As for Thai companies providing good code, they may do so in Thailand for the Thai market, since localization to Thai is probably not high on many companies' priorities (it's ironic that Open Source support Thai better than most closed source software packages do), but they certainly don't have much say in the market outside Thailand.
OSS generally has better internationalization because people who are interested in making it work in their native language can do so, as opposed to having only one company with limited resources that can do the work. Also, since a lot of poorer countries do not enforce copyright laws, those countries are ignored by a given company as unprofitable and they don't bother with localization, which is not a problem for OSS.
If this official gets anything, it seems to be that making absurd statements can get him press and might be a way to leverage that PR into "donations" from closed source software companies.
Bad analogy. Open source is like painting the Sistine Chapel and, with the click of a button, others can duplicate this painting on their own chapels without involving you at all. Wealthy people who want their own painting like that don't need to pay you since you've given away the means to have this painted at no cost to them. Sure you can sell painting support services, but 99.9% of people just want the standard painting. [How may pay to customize the Apache web server?]
Closed source is like painting the Sistine Chapel but putting up a sign saying "If you want yours painted like this, please contact Michelangelo's Painting Blueprints at 1-800-ARTWORK". Since you haven't given away the means to have it painted at no cost to them, you can make more money. You can still sell painting support services, but your main income comes from simply duplicating the blueprints at little cost to you and profiting huge.
I think you missed the point of the previous post. He was talking about original, commissioned artwork as an analogy to contract coding. Non-original artwork is fairly worthless compared to originals. Ask any wealth person if they want a reprint of some painting or an original one in their bedroom. Sure you could spread the cost of the commission across thousands of people, licensing your code to each of them, but that is a lot of overhead and you're likely to be undercut by an open source project. Most people who write software don't retain the copyright themselves. Most developers work for a development shop making part of something and the copyright is held by that shop.
So sure, you can start your own business if its small and try to sell software, but realistically you're looking at working for a salary whether you're coding open source or not, so it doesn't make too much difference. The choice is, would you rather have less widely distributed code, giving you and everyone else more potential work redoing the same thing... or would you rather have more widely distributed work that gains you a reputation and instead work on new things all the time?
Almost all of the money made by open source has been made by exploiting open source.
How does this stuff get modded up? Using open source software is not exploiting it. Selling open source software is not exploiting it.
Yes most of the internet runs on OSS. But how many of the billions if not trillions of dollars has made it back to the pockets of the developers of the big parts like Apache?
What billion/trillion of dollars are you talking about? Do you think a shoe manufacturer should get a cut of every industry that profits from people in footware?
I would guess not much since even Apache has a 'donations' link on their site.
Most of the people who work on Apache get paid a salary to do so. Others work on contract. We use Apache here and even sell servers with it pre-installed. We've contributed back a handful of fixes and improvements that were things we needed to work. The developers who did so did it during their normal work day and got paid quite well. Thousands of other companies are in the same boat. It's collaboration, but it isn't exploitation. I just don't think you understand the open source model. Sure, it makes it hard to gouge users for huge profits, but the developers usually are the users or are paid directly by them. It's not like the people who do the work aren't getting a good salary for what they do.
What improvements? IBM or HP can easily slap the software on a box and make money from selling the box or services that use it, as is, and use OSS only as a value-add to make that hardware or those services more valuable. Like them, I too can setup a company that provides consulting services, or even hardware-based-solutions, all using a standard LAMP stack, with no "improvements" needed, and no need to give anything back at all. In which case the GPL prevents nothing.
Sure you can set up a company and sell hardware with GPL'ed software included. So what happens when you customer has a bug and wants it fixed. You say, "screw you" and let them deal with it? You competitor says, "I'm on it" and codes up a minor fix rolls out a patch to them and it gets rolled into the GPL software. Who wins in the market? Your competitor does. Why would they want to buy hardware and support/service from two places when they can get it from one?
Practically speaking, your theoretical company is going to be screwed if it can't make fixes and if you make fixes and distribute them to your customers, then you have to give those back for GPL licensed software you're patching.
The problem is that to an ISP, you're just a $50 check every month.
They're a common carrier. They shouldn't be passing judgement on what hosts do, although it would be nice if they alerted users to malware to make the problem more visible. If you want there to be a real financial motive to solve this problem, don't target the ISPs, target Microsoft. The root of this problem is their insecure OS not designed to cope with the internet ecosystem and most users needs. Break up Microsoft and this problem will be solved in short order because OS companies will have direct financial consequences to offering a product that does not do what customers want. And the best thing is all we have to do is enforce the laws already on the books instead of looking the other way and ignoring their abuses.
I don't see how blocking this is such a problem. If a machine suddenly starts pumping out email, the ISP cuts its net connection and phones the owner and asks about it.
...and half the time the customer switches to a different service that is not broken and the ISP loses money. If you want to solve this problem, there needs to be financial motivation to solve it. ISPs are common carriers. It is not their job to monitor what a customer is sending and restrict it. The real problem is that Windows machines are so easy to compromise and don't let their users know what is happening or give them the tools to stop it while still performing the tasks they want to do. Most customers would be happy to buy a computer that is more resistant to malware and does not slow down after a little while. The trick is reestablishing the free market so they have that choice.
It's a program. The user downloads it and runs it. It opens ports and talks over them, a user-level activity. Even OpenBSD would allow this to happen. It wouldn't happen in reality because the kind of people who run OpenBSD aren't going to run Trojans and may even have systrace policies.
OpenBSD has TrustedBSD to lock down untrusted programs from the internet. Most people don't use it and it is not the default setup, but do you have any doubt that if the trojan problem on Windows was suddenly just as common on OpenBSD that OS wouldn't make it the default right away?
Nothing short of capability-based OSes or Trusted Computing lockdown to approved software is going to stop this kind of thing. It's exploiting humans, and trying to protect the computer from its owner is an area where angels fear to tread.
Linux has SELinux. OS X is getting the same capabilities in 10.5. The BSDs have jails. Solaris has containers. The foundation is there, it just needs to be brought to the masses. While you phrase it as protecting the computer form its owner, that is a little glib. The truth is, most owners don't know what their computer is doing and don't understand that they are working in an all or nothing trust situation. Try explaining it to the average Windows user. Most of the them are incredulous and disbelieving. They just don't believe that clicking on something that appears as nudepic.jpg can install a program that takes silently over their computer completely and starts sending spam e-mails to the people in their address book. They don't believe it for a good reason. It is idiotic to have such a system given the state of Windows malware.
By default new software should run in a sandbox. It should have access to nothing but its own directory and the files it creates there and maybe a few official well crafted services.
I guess they might just be relying on MAD, but it seems to me that the holders of the 2 largest software patent portfolios would want more assurance than that.
IBM holds the largest patent portfolio in the US as far as I know, but I don't think Microsoft is even on the top 10 list. I've worked with several companies that do a lot of business with both of them and with former employees of both of them and I've never even heard a rumor of a patent agreement between them. That doesn't mean there is no such agreement, but I'm not sure I'd call it likely.
I'd still rather have implemented the cool OS X feature even if nobody can see the source code.
Okay, suppose you work for some random contract company and write the code to let OS X do fast user switching. Would you rather that code was released as open source and implemented in OS X and possibly other OS's as well, or would you rather it was released as closed source, guaranteeing it only is released on OS X? Because as a developer for hire, those are the main options. Sure some clients will require open or closed source, but while closed source might lead to more opportunity for you to rewrite the same code, open source is more likely to make given code widely distributed. For another analogy, assuming you wrote OS X's zeroconf implementation, would you rather it was closed and only on OS X or open and used on OS X and then copied into Linux distros and Solaris and ported to Windows?
I am sure IBM and MS have cross licensing deals.
As far as I know, they don't have any such deals. Can you cite something?
The problem isn't "Windows is insecure", the problem is that people are given a general-purpose computing instrument and they want a web & email appliance.
Sort of. People want a little more than the web and e-mail. They want word processing, games, and maybe a few other applications. But OS's are not designed to meet the needs of the common user, and they should be set up with defaults that make sense.
Most of this stuff is not installed because of security exposures in that allow stealh installations because of exposures in email readers and web browsers. It is installed the same way the user would install any other "desired" program.
Actually, the majority of infections are the result of worms that have no user interaction, but this particular threat is a trojan. Trojan's can be mitigated but it requires more finely grained security, a better UI, and better defaults. For the average user, no program not pre-instaled should have access to send mail or access your e-mail address book without the user specifically enabling that behavior.
They user just doesn't know they don't want it.
The user does want it. People want to run untrusted executables. They want to open random, untrusted data. The problem is that Windows does not properly tell them what is data and does not let them easily run untrusted programs in a restricted sandbox. Ask the average user if double clicking on "nekkidladies.jpg" lets something send thousands of e-mails from their computer. Most think it can't. Most think nekkidladies.jpg.exe should be shown as a program instead of data. Most think even if it is a program it should not be able to send e-mail without the OS telling them that is what it is doing and giving them the option to stop it. This is the failure of the Windows. It should restrict these behaviors by default for unsigned/verified applications downloaded from the internet.
Solution? Give people appliances not general-purpose computers.
It won't work. People want to run random programs and games and whatnot. The solution is not to remove functionality, but to restrict functionality by default and present options to the user with real information and a well made GUI. People should have a choice of e-mail clients, but at the same time they should be given a choice whenever a program they install wants to start sending e-mail. "Program 'Verious 2.7' wants to access your e-mail address book and send e-mail messages (stop it from accessing my addresses and sending mail)(let it access his data and send mail once)(Let it access my addresses and send mail always)(Advanced options)."
The average user can understand that and make reasonable choices. OS's need to be coded to give them that info and that granularity of choices with a good UI.
I don't see why the government doesnt go after companies using spam as a selling technique. They still have to recieve money somehow and that can be traced.
In the case of this trojan, it is advertising for stocks, which some people invest in. People who get the spams as well as the scammers. The stock goes up, they sell (along with some random people and some who got the spam). The stock crashes back down and most people lose money. How do you know which investors were scammers, scammed, or had nothing to do with the scam?
For scams advertising products, sure most of them are done on behalf of the company, but without proof you can't go after them. Otherwise, I could just send spam advertising your company and they would arrest you despite no wrongdoing on your part.
Seeing the complexity of a botnet like this is scary. The people responsible for this kind of thing are intelligent, always evolving and don't care about any of the repercussions of their actions.
Yeah, but you should see the security guys... way smarter.
It seems that any proposed solution we can come up with to combat spam will just be worked around shortly after it is implemented.
That depends upon the nature of the solution. This is not an unsolvable problem. It is mostly a matter of motivation.
The software uses proxy servers to avoid blacklisting bot IP addresses, harvests email addresses from the infected machines and randomly changes images used in image-based spam to throw off anti-spam technologies. The people behind this are clever. How can we compete effectively?
Two days ago a large number of enterprises and ISPs were handed a signature that lets them find and monitor this trojan on their networks. I can pull up a list of infected hosts for a class A right now. The problem is the effort needed to fix all these machines and make them harder to compromise in the first place. That begins with fixing Windows.
Now don't get me wrong. Windows is not that much worse than average for trojan detection and containment. But, most other OS's don't have much of a problem with them, so they aren't really driven to implement solutions that might inconvenience them in other ways. Also, some of the UI choices in Windows are very poor and make creating a real solution harder. Make no mistake, this is a security problem with a very large user interaction component. The normal half-assed UIs MS creates won't cut it. MS should have implemented a system to mitigate this problem in 2000 at the latest. They haven't because they are not motivated to do so. It just doesn't cost them many sales.
My solution to this problem is simple. Use the free market to motivate the creation of several solutions and let the best one win. Just enforce the antitrust laws against MS and break them into several companies forbidden from any unmonitored communication or collusion. At least two companies should have complete rights to the Windows source code and IP. Greed will take care of the rest. The one to give customers what they want will get a lot more sales and since interoperability will no longer be a lock-in mechanism other OS's like Linux, OS X, and newcomers will be able to take market share as well. This will not only spur innovative solutions to this problem, but it will shatter the monoculture that makes exploiting huge numbers of machines with one hole so easy.
This will happen about the time our electoral process is reformed and the legalized bribes in the form of campaign contributions and lobbying are declared treason and punishable by death for both the politician and lobbyist. That is to say, this will probably never happen.
So, if there is "infringing" IP in Linux, is there a liklihood that similar infringements have been made in Apple's code?
Yes.
It sounds like Ballmer is saying that MS has so much of the system tied up in IP that effectively everybody who writes an OS which can interact with MS software is infringing.
Yup, but the same is true for Apple's IP, IBM's IP, Sun's IP, etc. Patent wars are sort of a mutually assured destruction option. Imagine if all of those companies were simultaneously stopped by the courts from distributing their OS's. Our patent system, especially with software patents, is an absurd mess.
Does Apple have cross licensing?
Apple does have some agreements with MS, including a license to the Windows API as of 2000, I believe. I don't think this is important. Companies that actually make things generally have patents and are infringing patents and know better than to actually sue, rather than just threaten. The real danger is from patent litigation companies who own patents, but make nothing. They can sue confident that they are not infringing other patents. MS would be moronic to actually sue, rather than just hint they might as a PR move.
I'd like to see IBM counter with a publicized statement that says "Windows appears to be infringing 12,440 of our patents, (or whatever number they can pull together on short notice) and IBM is considering our litigation options. We're not saying we'll get an injunction to stop Vista from shipping, but we haven't ruled out that possibility. Oh, and the Xbox 360 is infringing 130 patents and we're going to court over them right now."
IBM has more patents than god and the legal muscle to cause a big hurt on anyone. If they rattled their saber in response and maybe took a quick jab at a peripheral project of MS's, like the Xbox, MS would probably shut the hell up in short order.
The American Gaming Assocation (MGM, Harrahs etc) is opposed to federal restrictions on online gambling ... so who was lobbying for the casinos ?
I believe in this case it was a consortium of native american casinos, which are much more numerous than the AMA's interests and also benefit a lot more from location than brand, making online gambling more of a danger to them.
False dichotomy. Would you rather be the one to develop the fast user switching graphics code for OS X which gets seen and admired by millions or the guy who writes some obscure Drupal plugin to let you rate image uploads that will only be seen by a handful of nerds?
No, it isn't a false dichotomy. How many people have seen the code for the respective features?
"A lottery is but a tax on fools" - Unknown.
I've always herd it as, "The lottery is a tax on people who can't do math."
Gambling at casinos is very tightly regulated by the government.
This is true for native reservation casinos, but I'm not sure it applies to casinos within regular land. Vegas, for example, answers mostly to the Nevada gaming commission, not the feds.
Though, that said, I have to say that I personally think the real reason the government now forbids online gambling is because they don't get the tax revenue from it.
I don't think you understand how our government works. It doesn't act in the best interests of the government, per se, but in the best interests of the individuals running it. The government is happy to give away billions in subsidies if it means they get a few hundred grand donated to the party campaign fund.
If you've been following the news maybe you've heard about the recent lobbying scandal where a lobbyist who works for many different groups including a consortium of casinos was busted for bribing members of congress. Hmmm, what could those casinos be bribing members of congress to do? What is it they might want? Maybe outlawing the competition?
Does our government have any constitutional right to outlaw gambling? And even if they do, doesn't the lottery exhibit gross hypocrisy?
No they don't have any right. This is simply the result of successful lobbying by the casinos. Since when does it matter if it is unconstitutional?
The same can be said of prostitution and many other illegal things.
You chose a bad example. Prostitution is not illegal in the US. Most states have made it illegal, but that is a different topic.
Really, our government should be protecting our rights, however trivial, unless there is an obvious, and scientifically-supported public health/safety reason to do otherwise.
Yeah, if only here was a method we could use to elect people that would do that. Unfortunately, the majority of people no longer value freedom. This includes both democrats and republicans. Most people think it is perfectly fine to pass laws that take away the rights of others if other people are doing things they disapprove of. The last time I pointed out freedom for individuals to make choices I was told "you're afraid of the democratic process." Freedom is dead as cultural value. It lives on only for a tiny minority and as a buzzword for corrupt politicians trying to pass another law to remove more of it.
And what... exactly... is it that microsoft is the only supplier of?
They were found guilty of having monopoly influence on the market for desktop operating systems. This is not to say they are necessarily the only supplier, merely that they have enough influence in that market to bypass normal competitive forces.
Maybe.... Desktop OS? wrong.
Interesting. Congratulations you've been promoted to the position of CEO ate Gateway computers. In building your computer systems you need to acquire an OS to pre-install if you're going to get any sales. What choices do you have that won't (put you out of business / get you fired)? That would be Windows.
By saying that my analogy is wrong because it doesnt include a monopoly means that you believe Microsoft IS a monopoly, in which case I would have to ask you why you dont feel that open source software can compete with Microsoft.
Yup Microsoft is a monopoly, that has been pretty well established in courts around the world by now. In building computers Linux is not a viable option because most software won't run on it, people can't use their old software on it, and most ISPs won't (support it/hook it up).
Why do you feel that Mac cant compete with Microsoft?
We're talking about the OS market, not the computer system market. Apple won't sell their OS to Dell or Gateway, so they are not in that market. Instead they maintain a complete vertical chain of supply and compete in the computer market.
I don't know why you copied a chunk of my post and put it at the end of yours without any comment, but whatever. Did that clarify anything for you? Arguing that MS is not a monopoly is about 5 years out of date. They are. Courts around the world have agreed. Every respectable economist agrees. Give it up.
How about it's cheaper because the quality is less than 1/10 of that of a CD, let alone a SACD or DVDA?
You're thinking along the same lines as the HD-DVD and Blu-ray people. The fact is, most people don't notice or care about the minor difference in quality of the signal. I can't tell the difference between a FLAC and a 192 MP4 on my car stereo, especially with wind and road noise. Even on my fairly nice stereo setup, the difference between them is not a deal killer. If you're talking about my analog wireless, outdoor speakers by the hot tub, forget about it.
And while download bandwidth costs money, it is mostly the convenience that people want. They'd rather have it fast and now, even with some minimal DRM than wait to buy it in a store in person or even wait hours for a perfect quality download. The same is going to hold true for video.
I don't see his logic. Americans might demand faster connections and more storage space, but they're not going to get it before the Blu Ray and HD DVD player become mainstream.
Look at ti this way. HD-DVD and Blu-ray provide more space for higher definition video and a few other features. Internet download movies currently provide convenience of acquisition and storage and potentially lower prices. The market is demanding the latter more than the former. Faster connections are becoming much more common, more in other countries than the US, but the trend is clear. I think this will lead to movies via download gaining more acceptance than movies via new disk formats. Really, not that many people are willing to invest so much for such a minor improvement in video quality, but they are wiling to invest in not having to go anywhere or swap out disks.
There are a number of things I could write about and slap them up on the internet for people to read, and while they would be quite factual and well written, someone not familiar with the subject would have a hard time telling if that were the case. After all, there's no reason to trust me -- most people haven't a clue who I am. And even if I were to add references, I could either make them to general works, or to obscure works that most people wouldn't bother to track down for verification. The problem is even worse when you're dealing with sites like wikipedia. Some of the articles are indeed authoritative, some are utter crap, and some are in between. And of course there's the problem of authoritative articles that have been made subtly inaccurate.
What you say is entirely true, but it also applies to printed works and academic papers. The problem is, how much effort goes into verifying the accuracy of some information. This is why the trust process of peer reviewing is so important, but even that can be undermined. Quite simply, don't believe what you read or hear or see. Operate under the assumption that anything might be staged or faked and then act based upon your estimates of the probability of that.
*Most* people are terrible at critical reading. Just terrible. For that matter, most people don't really like to read at all.
I find this entire thread greatly entertaining. I think most people are very poor at critical thinking, including critical reading skills because it is not taught in most public schools. Logic, reasoning, critical thinking, and the rhetorical method should be foundations for much of eduction, but they aren't and I have a number of hypothesis as to why. First, students equipped with such skills would quickly overwhelm the average underpaid teacher with questions they could not answer. Second, it is hard to do mass testing on students to determine their ability in these areas, especially compared to short term memorization, the primary skill taught and tested today.
Bringing this back to the current topic, did anyone who read the article critically notice that is was part of an attempt by a company that sells testing services to demonstrate the need for a new test they have constructed? So without the methodology of the test explained, I'm not sure how much credence to give to this particular "study."
MS has never been prosecuted by the DOJ under criminal law. Look it up.
Well, according to the DoJ Web site they were in 1995, with regard to different monopoly abuse... but for the most part you're right. The main case was the DoJ suing MS in civil courts for breaking criminal law, using the aforementioned voodoo.
The Thai information minister is right in that the motivation in closed source software to write good code (read code that sells better) is generally higher than that of open source software (even though there are very many exceptions of course).
I disagree. Most closed source software is written for sale to a given group of users. Most of these coders have little or no benefit since most places they don't make more money if the company does. Most open source software is coded by users. There is a lot more motivation to code something well when you are going to have to use it.
And, in general, companies like closed source for the simple fact that they have known support and someone they can blame in the case of a disaster. But he is also awfully wrong as to why this is.
I don't know where you work, but we buy support for both open and closed source software as we need it. I don't think we've ever had a problem finding someone to support OSS and usually have a selection of several companies as opposed to just one which is the norm for closed software.
As for Thai companies providing good code, they may do so in Thailand for the Thai market, since localization to Thai is probably not high on many companies' priorities (it's ironic that Open Source support Thai better than most closed source software packages do), but they certainly don't have much say in the market outside Thailand.
OSS generally has better internationalization because people who are interested in making it work in their native language can do so, as opposed to having only one company with limited resources that can do the work. Also, since a lot of poorer countries do not enforce copyright laws, those countries are ignored by a given company as unprofitable and they don't bother with localization, which is not a problem for OSS.
If this official gets anything, it seems to be that making absurd statements can get him press and might be a way to leverage that PR into "donations" from closed source software companies.
Bad analogy. Open source is like painting the Sistine Chapel and, with the click of a button, others can duplicate this painting on their own chapels without involving you at all. Wealthy people who want their own painting like that don't need to pay you since you've given away the means to have this painted at no cost to them. Sure you can sell painting support services, but 99.9% of people just want the standard painting. [How may pay to customize the Apache web server?]
Closed source is like painting the Sistine Chapel but putting up a sign saying "If you want yours painted like this, please contact Michelangelo's Painting Blueprints at 1-800-ARTWORK". Since you haven't given away the means to have it painted at no cost to them, you can make more money. You can still sell painting support services, but your main income comes from simply duplicating the blueprints at little cost to you and profiting huge.
I think you missed the point of the previous post. He was talking about original, commissioned artwork as an analogy to contract coding. Non-original artwork is fairly worthless compared to originals. Ask any wealth person if they want a reprint of some painting or an original one in their bedroom. Sure you could spread the cost of the commission across thousands of people, licensing your code to each of them, but that is a lot of overhead and you're likely to be undercut by an open source project. Most people who write software don't retain the copyright themselves. Most developers work for a development shop making part of something and the copyright is held by that shop.
So sure, you can start your own business if its small and try to sell software, but realistically you're looking at working for a salary whether you're coding open source or not, so it doesn't make too much difference. The choice is, would you rather have less widely distributed code, giving you and everyone else more potential work redoing the same thing... or would you rather have more widely distributed work that gains you a reputation and instead work on new things all the time?
Almost all of the money made by open source has been made by exploiting open source.
How does this stuff get modded up? Using open source software is not exploiting it. Selling open source software is not exploiting it.
Yes most of the internet runs on OSS. But how many of the billions if not trillions of dollars has made it back to the pockets of the developers of the big parts like Apache?
What billion/trillion of dollars are you talking about? Do you think a shoe manufacturer should get a cut of every industry that profits from people in footware?
I would guess not much since even Apache has a 'donations' link on their site.
Most of the people who work on Apache get paid a salary to do so. Others work on contract. We use Apache here and even sell servers with it pre-installed. We've contributed back a handful of fixes and improvements that were things we needed to work. The developers who did so did it during their normal work day and got paid quite well. Thousands of other companies are in the same boat. It's collaboration, but it isn't exploitation. I just don't think you understand the open source model. Sure, it makes it hard to gouge users for huge profits, but the developers usually are the users or are paid directly by them. It's not like the people who do the work aren't getting a good salary for what they do.
What improvements? IBM or HP can easily slap the software on a box and make money from selling the box or services that use it, as is, and use OSS only as a value-add to make that hardware or those services more valuable. Like them, I too can setup a company that provides consulting services, or even hardware-based-solutions, all using a standard LAMP stack, with no "improvements" needed, and no need to give anything back at all. In which case the GPL prevents nothing.
Sure you can set up a company and sell hardware with GPL'ed software included. So what happens when you customer has a bug and wants it fixed. You say, "screw you" and let them deal with it? You competitor says, "I'm on it" and codes up a minor fix rolls out a patch to them and it gets rolled into the GPL software. Who wins in the market? Your competitor does. Why would they want to buy hardware and support/service from two places when they can get it from one?
Practically speaking, your theoretical company is going to be screwed if it can't make fixes and if you make fixes and distribute them to your customers, then you have to give those back for GPL licensed software you're patching.