No one seems to have mentioned the problem with adaption of this is the restrictions on upload bandwidth. Even the highest speed home broadband service offer terrible upload speeds. I've got the best Comcast is beta-testing today (16M down/1M up) and it's WAY too slow to be keeping the 600 gigs of stuff on my HDs online. I regularly churn up to 20 gigs in a day. Even the Verizon FoIS is only 2M up at best.
When it takes X long to download that nifty video and then takes 16x as long to mirror it up to your GDrive and all the while your latency is shot to hell and even your Download speed is affected... not worth it. As others have noted: think XDrive or Yahoo Briefcase or other similar functions. Myself, I'm quite happy with the 2Gb SanDisk USB device I keep on my keychain...
AND, of course, there is that pesky privacy issue...
Congratulations on posting a comment, not suprisingly modded up, that was totally and completely devoid of any accurate or true facts (apart from MS did purchase Hotmail 'round about '97). You've managed to repeat every lie surrounding the Hotmail purchase and subsequent (successful) migration to a Windows 2000 server environment (all clearly documented, but you'd rather not both with the truth) and even manage to throw in some unsupported random Linux BS too. Hearsay? I'd say!
The original builders of the application created a two-tier architecture built around various UNIX systems. During June and July of 2000, the Hotmail site was converted from FreeBSD running Apache Web services to Windows 2000 Server running Microsoft Internet Information Services 5.0. The first and only time it was tried and, it worked... better.
The true story can be found here:
http://www.microsoft.com/technet/interopmigration/ case/hotmail/default.mspx
It's available and better than Playboy. Spice HD Theater is on DTV now. Shows everything except anal.
Re:Don't confuse SP2 RTM and Final (Gold) Versions
on
Latest SP2 News
·
· Score: 1
I'm sorry but you are wrong. SP2 is done. The code is final. They are working on SP1 for 2003. You are discussing release times.
Re:Don't confuse SP2 RTM and Final (Gold) Versions
on
Latest SP2 News
·
· Score: 1
Despite your great enthusiasm, this is just plain wrong. SP2 has been released and it's code is final. It is NOT still being working on or tweaked. The version on MSDN and RTM and RTW and sent to premiere customers and automatic update is identical. If you install a MSDN version and go to Windows Update it will NOT attempt to update you again, nor will automatic updates.
Re:Don't confuse SP2 RTM and Final (Gold) Versions
on
Latest SP2 News
·
· Score: 1
You could not be more completely wrong. The RTM (release to manufacture) code IS the fine "Gold" code. That's it. Period. One SP2.
And this is almost 4 years after Windows 2000 did it with ease. Of course, Windows XP/2003 are even more secure so...
What gets me is, if it's so expensive and time consuming to do this, why not go straight for level 4 certification? Unless it was unachievable... Vendors know ahead of time if they'll pass or not, all the criteria is there for the public to review. You don't submit until you are already sure you'll pass. Obviously Linux is not EAL 4 ready. Windows 2000 is not only EAL 4 but also augmented with ALC FLR 3.
Who is going to notice an effortless to achieve EAL 2?
It wasn't meant as an attack. It seems to me that they went with the "home team" - a sort of "anything but microsoft" approach to their solution. How else explain the VMWare use? I mean, you need Windows licenses and have the added cost of the VMWare and your users want Windows but only some beaurakraut somewhere decided to stick it to the US company - probably some kinda revenge for Iraq. I dunno... I don't even like beer.;)
Almost every version of linux has a remote root exploit in it - until it's found and patched against it.
Look, don't be lame eh? At the time of W2KSP3 the RPC exploit was unknown by all parties. It was discovered and patched before it was known by the public. I don't think you imagine that the version of SuSE that was certified was a.0 version that had no hotfixes or patches of any kind applied do you?
I did not lie and you know it. When you say "Linux" was certified - did I accuse you of lying when we all know that it's ONLY a very specific configuration of ONLY the SuSE distribution ONLY on very specific IBM hardware? Well, that's a fact but we are speaking a little more generally aren't we? Also, that half million, it came from IBM, not a "loose group of coders."
Fact: Windows 2000 has a higher security certification than SuSE Linux. Linux has been around longer than Windows 2000 and still took a year longer. Fact: No other Linux Distrib on any hardware has ever received a security certification.
It is good news though, it puts things in perspective. Windows 2000 is able to achieve a higher degree of security certification than SuSE Linux. The Germans can put that in their beer and drink it. Did anyone else not find it interesting that the Germans picked the big German distribution and not the US MS solution? Gosh, suprise? Lets not forget that all those Linux workstations are running VMWare to continue to run Windows applications. Not exactly a big win for "Linux"
Windows has had a higher level rating for over a year now. There are nice Word DOCs available to tell you exactly how to obtain the same (or higher) level of security as tested.
Linux was certified as providing only "low to moderate" security, compared with the same group's certification as "moderate to high" last year of the security of Microsoft's Windows 2000 software.
Now as windows advocates were forced to admit, a security rating is about as useful(/useless) as a TPC-C benchmark. It's a test under controlled circumstances and the real world is never this controlled - but it does compare apples to apples. No serious advocate of either would blindly consider the other to be utterly secure or unsecure; but I think the/. editors have jumped the gun both factually (it's not the highest rating possible, it's the lowest rating possible) and enthusiastically. I mean, would this story have made it if the headline read "Linux finally achieves a security rating lower than Windows 2000"?
Windows XP and 2003 are currently under testing but it takes time so please don't reveal your ignorance by announcing that Linux must be more secure than either of those since they haven't been certified yet. XP is every bit as secure and more than Windows 2000 and 2003 is far more secure than any other Windows release. That they'll be certified is not a question but just a matter of time.
Flame away - the karma rating here is meaningless as it's nearly effortless to get "Excellent" and maintain it.
Because we Americans still have our balls intact. We haven't had our gun rights (and other rights) stripped away by governments and by official who themselves can own guns and have body guards. We are not obsessed with our guns - we just like to have the OPTION to enjoy using a firearm IF *WE* CHOOSE to.
If I am to be accused of anything, by simply being an American and have "obsessed" thrown in there, then please treat me with the respect we deserve and ask "wow, aren't these Americans obsessed by their rights?" - because we are. We do not like having governments (especially not foreign ones) try to take away our rights. The rights that define our country as what freedom is.
Ask the English or Australians how their gun-rights are doing these days and what the net effect has been since losing them?
You recall incorrectly. The M16A2 is every bit as lethal, and possibly more, than the M16A1 or original M16.
And what you are sorta remembering is that in war it's better to seriously wound a soldier, enough that he cannot fight but not enough to die immediately so that his buddies have to help him and spend energy and supplies on saving him. An enemy that just dies is just one less enemy, no further cost really. But one that is wounded, oh man, now you gotta try to save them, then take him to medical care then fix him then wait for him to heal and give him a medal and medical care forever etc...
Wrong on all counts. The 5.56mm round is a VERY stable and accurate round. That it "tumble" after it hits something is not uncommon for ANY round but being lighter may provide for a bit more "bounce" if you will.
The M16A2 fires exactly the same round as the A1 and original M16.
A round that is more stable, hits and penetrate better, in my opinion, can only be MORE lethal.
NO MATTER HOW YOU SPIN IT they are saying "Do *something* #or else#" That's the dealeo. They are threatening to do something harmful if they do not get what they want from MS. It's called blackmail - look it up. And we can't wonder/supose if they will or won't - they already did!
Why do you not understand. It's very clear, let me help you:
They are telling MS, we want these things a.b.c.d. OR we'll release an exploit.
Simple as that. And forget the defense "they said they requested not demanded" - well that paper tiger went out the door as soon as today when they actually released the exploit as threatened.
Forget any analogies; they are attempting to blackmail MS to get what they want and now that MS didn't give in to there demands the babies are playing "we warned you!" and proving that they are exactly what they claim not to be; crackers and blackhat hackers. They are terrorists and give linux an even worse image.
You miss the obvious: "We request but do not demand" then they prove they are lying by stating they will release a damaging exploit if their demands (oh, sorry "requests") are not met. Plain and simple.
You ask, is not responding a valid business tactic? Lets consider this one: "Hey GM, I want the price of corvettes dropped by 90%" and you keep making that demand. Will you be suprised that GM won't do it? How about if you keep asking over and over that MS port Exchange to run under Linux. Do you expect they'll respond? Give them a solid business reason and maybe you can talk. Tell them unless they port Exchange to Linux you'll release a massive exploit usable against Exchange 2003 and you are a blackmailer or even a terrorist (if you wanna hang that label).
Yea yea, I'll probably be modded flamebait or troll but... come on! ANYTHING MS does is immediately evil? Look, for the first time ever last quarter they paid out 8 cents a share dividend, because it made financial sense. This time they have looked and, again, it made good solid financial sense to pay a dividend. It's good for the stockholders, it's good for the economy and, yea, it's good for Gates and other execs (because they believe enough in their company that they own shares in it too). How is it even remotely possible in any way, shape or form that MS giving it's shareholders money is anything but good for everyone? Indirectly, even non-stockholders benefit (think about it).
There IS such thing as logging too much. YOu can turn on so called "Informational Messages" for things like printing and, for example, DNS. These mention EVERY single thing done, like, user printed a document. DNS transfered a zone. Once a system is stable, do you need to know when a zone was transfered successfully? We don't. We DO need to (and do) know when a zone transfer failed or was requested outside of authorized IPs and THAT we do log.
Are you missing my points on purpose or purposely being difficult. I DO log, extensively. I told you that my logs are being archived off. I do NOT miss events. Ever. Period. Get it?
As for SPs, we apply them quickly as necessary. We do not apply them blindly. Do you apply patches blindly? Just trusting that every patch ever released works perfectly on every machine the first time? We test in a lab before rolling out the first one, then we wait and watch then roll out AS NEEDED.
Has code red, nimba and slammer taught us anything? Oh, hell yes. It taught us that every significant worm exploited a vulnerability that was patches months before the worm hit. We have never been affected by any of those. We're patched well before they hit.
And, again, when I say we log and audit, we log and audit everything including the security log for user auditing. Nothing different. We have them set large and they are copied to archive regularly. Get it?
I resisted posting comments on this because it had the eternal battle of Linux vs Microsoft in it and posting anything but blind praise for Linux and equally blind despite towards Microsoft will simply get you modded down in a forum as biased as this but... this is just too much to keep quiet about.
Look - you buy an XBox and take it home. Yep, it's yours and you are allowed to do ANYTHING you want with it. Burn it, bury it, run linux on it even. Hell, steal some System V code and copy it then run it and call it Linux and no one can bother you -- it's your box and you can do anything you want with it - including play games!
So, here comes these idiots. They have come up with some exploits. Yipee. They want to run Linux on their Xbox. Great - feel free guys. However, no, they want - no DEMAND that Microsoft sign their software to allow Linux to run the way they want. In other words folks, they, the end user, is DEMANDING that Microsoft do whatever they want -- or else. And there is an "or else" here. They have a damaging exploit and they have released it. Sure it'll be patched but the damage is done. Now, you have to seperate the two things here. They have an exploit -- did they work with MS to fix this? Nope. They wielded it as a weapon; "Do what we want or else." is what they've told MS. Now, had they simply campaigned with petitions or buying freezings or mass-mailings to get MS to sign a loader, fine. That's how it works. But, these buttheads have decided to threaten. "Do what we want or we'll release this exploit code we won't tell you anything about."
Folks that IS blackmail. Make all the excuses you want, put on your blinders for the holy linux cause but threatening to do something harmful unless you get what you want from someone - look it up, it's simple blackmail.
Like I wrote, you have every right to do whatever you want with YOUR Xbox. Nothing stops these guys from using their exploit to run linux on an unmodded Xbox. Hell, let them collect the $100K from wherever. Nothing illegal about that. But for them to threaten? Wrong!
Imagine: "Hello, GM?" Yea, I've bought a car from you, well, actually, I bought it used a few years back but anyway.. I've discovered a way to erase your entire financing database and give cars away for free but if you install a Corvette racing motor in my car I'll tell you about the bug before someone happens to read my notes I've left laying around here somewhere... maybe one of my rooms mates had it, he said he needed something to read while working the night shift at Kinkos..."
Or "Hello Walmart? Yea, I've discovered a way to alter the barcodes for prices on your products using a 20 cent marker that is utterly undetectable by any means -- so, if you just issue me a "Buy anything for free for a year" credit card to your stores I'll tell you about it -- but if you don't I'll post how to do this all over the Internet"
Give it a rest -- every non-advocate I've told this story to doesn't even blink as they say: "So, are they being arrested for blackmail?" The only ones even remotely considering this anything but unethical and illegal are linux advocates. Doesn't this say something very sad about the "linux ethic?" Think this will help promote the linux image in the board rooms of corporate America or even corporate Europe?
Slashdot Mirror
No one seems to have mentioned the problem with adaption of this is the restrictions on upload bandwidth. Even the highest speed home broadband service offer terrible upload speeds. I've got the best Comcast is beta-testing today (16M down/1M up) and it's WAY too slow to be keeping the 600 gigs of stuff on my HDs online. I regularly churn up to 20 gigs in a day. Even the Verizon FoIS is only 2M up at best.
When it takes X long to download that nifty video and then takes 16x as long to mirror it up to your GDrive and all the while your latency is shot to hell and even your Download speed is affected... not worth it. As others have noted: think XDrive or Yahoo Briefcase or other similar functions. Myself, I'm quite happy with the 2Gb SanDisk USB device I keep on my keychain...
AND, of course, there is that pesky privacy issue...
Congratulations on posting a comment, not suprisingly modded up, that was totally and completely devoid of any accurate or true facts (apart from MS did purchase Hotmail 'round about '97). You've managed to repeat every lie surrounding the Hotmail purchase and subsequent (successful) migration to a Windows 2000 server environment (all clearly documented, but you'd rather not both with the truth) and even manage to throw in some unsupported random Linux BS too. Hearsay? I'd say! The original builders of the application created a two-tier architecture built around various UNIX systems. During June and July of 2000, the Hotmail site was converted from FreeBSD running Apache Web services to Windows 2000 Server running Microsoft Internet Information Services 5.0. The first and only time it was tried and, it worked... better. The true story can be found here: http://www.microsoft.com/technet/interopmigration/ case/hotmail/default.mspx
A Win2K SP4 PC (not what I'd call unpatched but I'll assume you mean, no updates beyond just SP4) is not vulnerable to the Blaster worm.
It's available and better than Playboy. Spice HD Theater is on DTV now. Shows everything except anal.
I'm sorry but you are wrong. SP2 is done. The code is final. They are working on SP1 for 2003. You are discussing release times.
Despite your great enthusiasm, this is just plain wrong. SP2 has been released and it's code is final. It is NOT still being working on or tweaked. The version on MSDN and RTM and RTW and sent to premiere customers and automatic update is identical. If you install a MSDN version and go to Windows Update it will NOT attempt to update you again, nor will automatic updates.
You could not be more completely wrong. The RTM (release to manufacture) code IS the fine "Gold" code. That's it. Period. One SP2.
What gets me is, if it's so expensive and time consuming to do this, why not go straight for level 4 certification? Unless it was unachievable... Vendors know ahead of time if they'll pass or not, all the criteria is there for the public to review. You don't submit until you are already sure you'll pass. Obviously Linux is not EAL 4 ready. Windows 2000 is not only EAL 4 but also augmented with ALC FLR 3.
Who is going to notice an effortless to achieve EAL 2?
It wasn't meant as an attack. It seems to me that they went with the "home team" - a sort of "anything but microsoft" approach to their solution. How else explain the VMWare use? I mean, you need Windows licenses and have the added cost of the VMWare and your users want Windows but only some beaurakraut somewhere decided to stick it to the US company - probably some kinda revenge for Iraq. I dunno... I don't even like beer. ;)
That's not what I wrote or meant.
Actually, the patch was released simultaneously with the vulnerability being published - the discoverers did the "right thing" IMHO.
Almost every version of linux has a remote root exploit in it - until it's found and patched against it.
Look, don't be lame eh? At the time of W2KSP3 the RPC exploit was unknown by all parties. It was discovered and patched before it was known by the public. I don't think you imagine that the version of SuSE that was certified was a .0 version that had no hotfixes or patches of any kind applied do you?
Fact: Windows 2000 has a higher security certification than SuSE Linux. Linux has been around longer than Windows 2000 and still took a year longer. Fact: No other Linux Distrib on any hardware has ever received a security certification.
It is good news though, it puts things in perspective. Windows 2000 is able to achieve a higher degree of security certification than SuSE Linux. The Germans can put that in their beer and drink it. Did anyone else not find it interesting that the Germans picked the big German distribution and not the US MS solution? Gosh, suprise? Lets not forget that all those Linux workstations are running VMWare to continue to run Windows applications. Not exactly a big win for "Linux"
Now as windows advocates were forced to admit, a security rating is about as useful(/useless) as a TPC-C benchmark. It's a test under controlled circumstances and the real world is never this controlled - but it does compare apples to apples. No serious advocate of either would blindly consider the other to be utterly secure or unsecure; but I think the /. editors have jumped the gun both factually (it's not the highest rating possible, it's the lowest rating possible) and enthusiastically. I mean, would this story have made it if the headline read "Linux finally achieves a security rating lower than Windows 2000"?
Windows XP and 2003 are currently under testing but it takes time so please don't reveal your ignorance by announcing that Linux must be more secure than either of those since they haven't been certified yet. XP is every bit as secure and more than Windows 2000 and 2003 is far more secure than any other Windows release. That they'll be certified is not a question but just a matter of time.
Flame away - the karma rating here is meaningless as it's nearly effortless to get "Excellent" and maintain it.
Help me under the 900% increase in firearms related killings since the almost total ban on firearms then? Just that and you'll have a point.
If I am to be accused of anything, by simply being an American and have "obsessed" thrown in there, then please treat me with the respect we deserve and ask "wow, aren't these Americans obsessed by their rights?" - because we are. We do not like having governments (especially not foreign ones) try to take away our rights. The rights that define our country as what freedom is.
Ask the English or Australians how their gun-rights are doing these days and what the net effect has been since losing them?
And what you are sorta remembering is that in war it's better to seriously wound a soldier, enough that he cannot fight but not enough to die immediately so that his buddies have to help him and spend energy and supplies on saving him. An enemy that just dies is just one less enemy, no further cost really. But one that is wounded, oh man, now you gotta try to save them, then take him to medical care then fix him then wait for him to heal and give him a medal and medical care forever etc...
The M16A2 fires exactly the same round as the A1 and original M16.
A round that is more stable, hits and penetrate better, in my opinion, can only be MORE lethal.
NO MATTER HOW YOU SPIN IT they are saying "Do *something* #or else#" That's the dealeo. They are threatening to do something harmful if they do not get what they want from MS. It's called blackmail - look it up. And we can't wonder/supose if they will or won't - they already did!
They are telling MS, we want these things a.b.c.d. OR we'll release an exploit.
Simple as that. And forget the defense "they said they requested not demanded" - well that paper tiger went out the door as soon as today when they actually released the exploit as threatened.
Forget any analogies; they are attempting to blackmail MS to get what they want and now that MS didn't give in to there demands the babies are playing "we warned you!" and proving that they are exactly what they claim not to be; crackers and blackhat hackers. They are terrorists and give linux an even worse image.
You ask, is not responding a valid business tactic? Lets consider this one: "Hey GM, I want the price of corvettes dropped by 90%" and you keep making that demand. Will you be suprised that GM won't do it? How about if you keep asking over and over that MS port Exchange to run under Linux. Do you expect they'll respond? Give them a solid business reason and maybe you can talk. Tell them unless they port Exchange to Linux you'll release a massive exploit usable against Exchange 2003 and you are a blackmailer or even a terrorist (if you wanna hang that label).
Yea yea, I'll probably be modded flamebait or troll but... come on! ANYTHING MS does is immediately evil? Look, for the first time ever last quarter they paid out 8 cents a share dividend, because it made financial sense. This time they have looked and, again, it made good solid financial sense to pay a dividend. It's good for the stockholders, it's good for the economy and, yea, it's good for Gates and other execs (because they believe enough in their company that they own shares in it too). How is it even remotely possible in any way, shape or form that MS giving it's shareholders money is anything but good for everyone? Indirectly, even non-stockholders benefit (think about it).
There IS such thing as logging too much. YOu can turn on so called "Informational Messages" for things like printing and, for example, DNS. These mention EVERY single thing done, like, user printed a document. DNS transfered a zone. Once a system is stable, do you need to know when a zone was transfered successfully? We don't. We DO need to (and do) know when a zone transfer failed or was requested outside of authorized IPs and THAT we do log.
As for SPs, we apply them quickly as necessary. We do not apply them blindly. Do you apply patches blindly? Just trusting that every patch ever released works perfectly on every machine the first time? We test in a lab before rolling out the first one, then we wait and watch then roll out AS NEEDED.
Has code red, nimba and slammer taught us anything? Oh, hell yes. It taught us that every significant worm exploited a vulnerability that was patches months before the worm hit. We have never been affected by any of those. We're patched well before they hit.
And, again, when I say we log and audit, we log and audit everything including the security log for user auditing. Nothing different. We have them set large and they are copied to archive regularly. Get it?
Look - you buy an XBox and take it home. Yep, it's yours and you are allowed to do ANYTHING you want with it. Burn it, bury it, run linux on it even. Hell, steal some System V code and copy it then run it and call it Linux and no one can bother you -- it's your box and you can do anything you want with it - including play games!
So, here comes these idiots. They have come up with some exploits. Yipee. They want to run Linux on their Xbox. Great - feel free guys. However, no, they want - no DEMAND that Microsoft sign their software to allow Linux to run the way they want. In other words folks, they, the end user, is DEMANDING that Microsoft do whatever they want -- or else. And there is an "or else" here. They have a damaging exploit and they have released it. Sure it'll be patched but the damage is done. Now, you have to seperate the two things here. They have an exploit -- did they work with MS to fix this? Nope. They wielded it as a weapon; "Do what we want or else." is what they've told MS. Now, had they simply campaigned with petitions or buying freezings or mass-mailings to get MS to sign a loader, fine. That's how it works. But, these buttheads have decided to threaten. "Do what we want or we'll release this exploit code we won't tell you anything about."
Folks that IS blackmail. Make all the excuses you want, put on your blinders for the holy linux cause but threatening to do something harmful unless you get what you want from someone - look it up, it's simple blackmail.
Like I wrote, you have every right to do whatever you want with YOUR Xbox. Nothing stops these guys from using their exploit to run linux on an unmodded Xbox. Hell, let them collect the $100K from wherever. Nothing illegal about that. But for them to threaten? Wrong!
Imagine: "Hello, GM?" Yea, I've bought a car from you, well, actually, I bought it used a few years back but anyway.. I've discovered a way to erase your entire financing database and give cars away for free but if you install a Corvette racing motor in my car I'll tell you about the bug before someone happens to read my notes I've left laying around here somewhere... maybe one of my rooms mates had it, he said he needed something to read while working the night shift at Kinkos..."
Or "Hello Walmart? Yea, I've discovered a way to alter the barcodes for prices on your products using a 20 cent marker that is utterly undetectable by any means -- so, if you just issue me a "Buy anything for free for a year" credit card to your stores I'll tell you about it -- but if you don't I'll post how to do this all over the Internet"
Give it a rest -- every non-advocate I've told this story to doesn't even blink as they say: "So, are they being arrested for blackmail?" The only ones even remotely considering this anything but unethical and illegal are linux advocates. Doesn't this say something very sad about the "linux ethic?" Think this will help promote the linux image in the board rooms of corporate America or even corporate Europe?