"It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election.", N3Roaster
"Thompson said, he typed five lines of computer code -- and switched 5,000 votes from one candidate to another."
"Electronic voting machines in Florida may have awarded George W. Bush up to 260,000 more votes than he should have received"
"Bill Lockyer, California's attorney general, said Diebold officials misled state leaders about the security and certification of its products to get payments from the state"
"The GUI: It didn't take me long to get used to it. It is super smooth, even on the cheap Mac Mini.. It makes Windows XP look very late-nineties."
"It's Unix!: You've got a very, very nice GUI but under the hood is good ole' Unix"
"It is only when you open the Terminal and get to a shell that you see all the ancient Unix directory structures, combined with Apple's more hip and happening directory names like Applications, System, etc"
"Notice I didn't say anything about viruses, trojans, spy-ware? I haven't been infected in three months on the Apple.. I don't run as an administrator. This simple action protects you from about 99% of malicious software. It is a simple fact."
"unless you are a rabid freedom-fighter it is a step above any Linux distribution out there. KDE and GNOME are still a long way away from achieving the polish that Apple has delivered with Mac OS X"
Doesn't sound like a messed up link. According to this dozens of users were kicked off the system. How does a messed up link cause them to login as 'presenters'?
Microsoft finally called an online briefing.. Fifteen minutes into the much-anticipated briefing, dozens of the security companies were kicked off line and could not connect again
"There were problems with the audio and video. We could not get back on."
A Microsoft spokesman explained the crash was due to "technical problems" and an extra briefing would be set for Monday
'Alex Eckelberry.. said.. participants signed on as presenters. "Which, if you've ever used Live Meeting, is an invitation to chaos".'
Did the users actually sign on as 'presenters' and how would this crash Live Meeting?
"What would be neat is if you could swap out flash drives.. I'd be more interested in that than a permanently integrated flash drive",VitrosChemistryAnaly
Wouldn't it be neet to keep parts of your mind on an external USB device:)
"Vista supports a feature called ReadyBoost, which can use just about any flash memory device", Phroggy
"Adding system memory (RAM) is often the best way to improve your PC's performance.. upgrading memory is not always easy.. and open your computer.. can invalidate your support agreement"
More memory is the simplest solution. A Gegabyte is standard nowadays. Except you can't take the lid off.
"SuperFetch understands which applications you use most, and preloads these applications into memory"
Apart from the moniker I don't see the innovation. Back when Dos couldn't see extended memory, to speed up access, you allocated this memory to a ramdrive and loaded commonly used executables into it. Apart from the names what is new and innovative here. Has ReadyBoost been patented?
SuperFetch = keep apps loaded in memory.
Sticky bit = keep apps loaded in memory.
ReadyBoost = use an external cache.
ReadyDrive = hybernate to flashram.
"This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released."
But I thought IE7 was a brand new browser that didn't use and of the buggy old IE6 code.
"Actually Firefox has a similar vulnerability, which has been unpatched for months (as a design decision - there is no way to patch it without breaking useful stuff)"
Could you give us a pointer to the Firefox bug and what stuff does it break.
"This is a new report of a old vulnerability which isn't serious"
Could you give us a pointer to the original report.
"Doesn't it seem like obsoleting most successful software business models all at once, making it harder to make a living as a programmer", would lead to a net loss in software development?", nine-times
re obsoleting: If that were true we wouldn't have any Open Source software, as where's the money for the programer. The answer is that companies make money selling Open Source solutions and pay the programmers. Most sucessful?. Where do these huge profits come from. Have you factored in the cost of viruses.
Looking back I say we will look at the current situation as an aberation of the market. The only reason you see the huge profits is that once a company 'licenses' a proprietary product and puts all their records on it, they've effectively given away all their IP to a software company. They are locked in to the sofware company for life. The software company issues free lifetime upgrades but only until the next version comes out, at which point your 'license' becomes void and you have to buy a new 'license'.
"Obviously there would still be software, and there might be a long-term gain in pushing towards all software being open-sourced over time, but it's not a simple issue.", nine-times
It has always been able to copyright software. Why all the need for IP legislation. The answer being that if I only use 'proprietary' software I am bound to these IP clauses and am compelled to pay for a license to use the protocols, a guaranted revenue stream into perpetuity. The only obstacle to all this is Open Source. That certain people would like to reduce this to a discussion of 'software' is understandable. Lets see some quote from the ISC letter:
"the more information we [ISC] can gather.. the more coherent and better understood the software
ecosystem can become.
For monoculture->insert, ecosystem. For globalwarming->insert climate change
"the study does add more information to this complex issue. It does not holistically reflect the full dynamics now occuring in the vibrant software marketplace."
Vibrant?. 'software' is a drain on a companies balance sheet. On average one fifth of revenue is going up the pyramed. It's a net negative on the balance sheet. No one ever made money out of buying software 'licenses'.
"It must reiterated that FLOSS is merely a business model for distributing software,"
Untrue, you would like us to merely think so. FLOSS according to the FSF is freedom to distribure and further modify the software as well as a developement and collaberation model.
"the proprietary model is supported to a large extent by a complex system of rights (i.e. IPR).. it is an intricate and market-oriented stimulation of innovation that clearly works"
translation: We will give you bits of paper and you will give us money. You see having achieved such strangle hold on the market through the use of IP legislation and cross-licensing-do-not-sue-agreements that's there's no point going Open Source.
"The marginal protection of the anti-virus was not worth the cost.. What are the chances this will be on the 'safe side' and slow things down enough to where only the highest power hardware allows for productivity."
On a clients machine installing AV software slowed the machine down tremendously. I removed it, set up a standard user, set wordviewer as the default. Installed Firefox and OpenOffice. Advised the client that using IExplorer, Outlook and msWord in combination was not a good idea.
It sounds like Vista is already bloated and this is an additional drag on the system.
Install clean Vista with all the bug fixes.. er service packs. Install all the apps. Put all user data on drive D:. Make a backup image to a hidden partition on the harddrive. Modify the bios so this image is reloaded at every boot. Modify the bios so this can't be bypasssed and write access to the image is disabled. The Vista users can have full reign knowing that every thing is back to normal at next boot.
If you're on a big network setup an Image server and have two cat5 sockets per desktop. One for the regular network and one for the image server. Which is exactly how the big companies do it. Then reinstall Exchange Profile... reinstall Exchange Profile... Oh I forgot what was it we did before spending all day reinstalling Windows.
I'm glad that Microsoft is being more open, and co-operating more. But I believe the real security improvements are from Microsoft, and the McAffees and Nortons of the world are becoming less relevant"
They are becoming less relevent but not for the reasons you suggest. With Vista arriving with OneCare already installed they all will go the same way as Netscape and Wordperfect. Some of the new innovative security features in Vista are Patchlock that works by preventing third party software modifying the kernel and Code Integrity that runs check-sums on code.
.
"I installed the latest McAfee "security center" on my mother in-law's PC and the system performance was cut damn near in half. The experience has cemented in my mind that an up to date version of Windows with the latest security patches is the right way to go"
Call me a cynic, but when someone injects a little personal anecdote to bolster an argument I suspect the whole story. It's as in the effort to convince yourself, you over compensate
"and that these third party tools are bloatware, and resource hogs.. So why waste the time, and money on these things anyway?"
Ah, I once saw as through a glass darkly, but now I see the light, amen. By the way, those little dot dot dots are a bit of a give away...
I would have no objection to to MS totally taking security in house. Locking down the kernel and only allowing API access would eliminate most of the defects in Vistos. The only difference is the end use pays MS a yearly subscription instead of McAfee $274.5, Symantec $4.14 billion) and the rest. Of course charging after the fact for defects in the product is a very odd way of doing business. Myself don't plan to pay either of them a cent for 'security'.
What's needed is for someone like NY Attorney General Elliot Spitzer to charge Microsoft with reckless endangerment for knowingly, willfully, and negligently distributing and continuing to distribute systems vulnerable to such attacks.
Sue the IRC networks first; that's what makes it dumb shit easy for these guys to set up their botnets.
What OS are the vast majority of the nodes on these botnets running? How would botnets be possible without a readily available supply of easly compromised Desktops.
"Next time you download a.. program.. realize that it was distributed, most likely, by a group that hacked unix systems"
It's not necessary to hack an IRC server to set up a botnet just set up your own channel. Tell us what are the names of these hacked Unix servers running botnets.
"Jobs does have his own bits of doublespeak. When he says that customers aren't asking for compatibility he's either defining his terms VERY carefully or he's in denial."
Like, where's this big outcry. How many times am I going to change player. If it works good enough people wil stick with the ipod. The music companies can sell songs to other manufacturers as well. So where's the restriction.
"On the other hand he can't say.."
You making up fake quotes to only knock them down doesn't really count.
"YouTube.. a company which appears to be a giant liability.. it won't suprise me if the recording industries take a more hostile approach to YouTube"
Just hours before Google announced a $1.6 billion acquisition of YouTube on Monday, both companies separately revealed agreements with major music labels for offering music videos on their respective sites.
"Quite frankly, I still fail to see how Google can have such a huge market cap.. Google is and has always looked like a huge Enron-type sort of operation"
By any chance are you typing that BS out of Redmond? Google generated 2.25 billion in the first quarter to March 31, 2006. Google doesn't perform bugus trades between a number of fake companies. It has never been accused or been in court for such thing. To suggest it here suggests to me that you are a trolling.
"No firewall can keep all hackers out." With these words, security consultant Bob Toxen began his sermon, or workshop, on the "seven deadly sins" of Linux security. Any IT manager who commits one of these sins will "get nailed sooner or later,"
"Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers"
'"Enumerating Badness" is the idea behind a huge number of security products and systems, from anti-virus to intrusion detection, intrusion prevention, application security, and "deep packet inspection" firewalls'
I don't think the computer industry is any more cause of marital strife than any other industry. Generally it's the non-techie managers who are the cause of the problem. Hiding information and buying the wrong/cheep equipment over the advise of their own IT dept. The thing is that in IT you're trying to fix something while putting up with this corporate BS. You usually find out what new direction your company is going by reading about it in the tech press. Usually announced at an awards seremony where some PHB awards himself an award for 'Internet visionary', what ever the heck that is. You're best bet to a happy marrage is to get a qualification in systems analysis, that way you don't actually have to do real work and get paid a lot more.
Slashdot Mirror
Re:sample source code ..
"It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election.", N3Roaster
"Thompson said, he typed five lines of computer code -- and switched 5,000 votes from one candidate to another."
"Electronic voting machines in Florida may have awarded George W. Bush up to 260,000 more votes than he should have received"
"Bill Lockyer, California's attorney general, said Diebold officials misled state leaders about the security and certification of its products to get payments from the state"
was Re:Open source & Availability
char candidate[] = "Bush";
int bush.count = 10000;
int other.candidate = -9999999999;
char vote[] = "";
cin >> vote;
if (strcmp(vote, candidate == 0)
{
delete.vote();
}
else
bush.count = bush.count + 10;
}
But this is a great way to generate comments.
:Must be a slow news day
What's bad about discussing someone who made the switch?
was
"The GUI: It didn't take me long to get used to it. It is super smooth, even on the cheap Mac Mini .. It makes Windows XP look very late-nineties."
.. I don't run as an administrator. This simple action protects you from about 99% of malicious software. It is a simple fact."
"It's Unix!: You've got a very, very nice GUI but under the hood is good ole' Unix"
"It is only when you open the Terminal and get to a shell that you see all the ancient Unix directory structures, combined with Apple's more hip and happening directory names like Applications, System, etc"
"Notice I didn't say anything about viruses, trojans, spy-ware? I haven't been infected in three months on the Apple
"unless you are a rabid freedom-fighter it is a step above any Linux distribution out there. KDE and GNOME are still a long way away from achieving the polish that Apple has delivered with Mac OS X"
it meant that everyone had control of the meeting, Alex Eckelberry
"Live Meeting enables multiple presenters to work together in a meeting with one presenter assigned as the Active Presenter"
Doesn't sound like a messed up link. According to this dozens of users were kicked off the system. How does a messed up link cause them to login as 'presenters'?
.. Fifteen minutes into the much-anticipated briefing, dozens of the security companies were kicked off line and could not connect again
.. said .. participants signed on as presenters. "Which, if you've ever used Live Meeting, is an invitation to chaos".'
Microsoft finally called an online briefing
"There were problems with the audio and video. We could not get back on."
A Microsoft spokesman explained the crash was due to "technical problems" and an extra briefing would be set for Monday
'Alex Eckelberry
Did the users actually sign on as 'presenters' and how would this crash Live Meeting?
"What would be neat is if you could swap out flash drives .. I'd be more interested in that than a permanently integrated flash drive",VitrosChemistryAnaly
:)
.. upgrading memory is not always easy .. and open your computer .. can invalidate your support agreement"
Wouldn't it be neet to keep parts of your mind on an external USB device
"Vista supports a feature called ReadyBoost, which can use just about any flash memory device", Phroggy
"Adding system memory (RAM) is often the best way to improve your PC's performance
More memory is the simplest solution. A Gegabyte is standard nowadays. Except you can't take the lid off.
"SuperFetch understands which applications you use most, and preloads these applications into memory"
Apart from the moniker I don't see the innovation. Back when Dos couldn't see extended memory, to speed up access, you allocated this memory to a ramdrive and loaded commonly used executables into it. Apart from the names what is new and innovative here. Has ReadyBoost been patented?
SuperFetch = keep apps loaded in memory.
Sticky bit = keep apps loaded in memory.
ReadyBoost = use an external cache.
ReadyDrive = hybernate to flashram.
was Re:Ship time (Score:5, Stating the obvious)
Why don't they make Vista out of the same stuff that WGA is made of, that way you wouldn't have any security issues.
"It's not really news that there are security issues in IE 7.
I thought IE7 and Vist were going to eliminate such 'issues'. It does work the same under Vista?
"Problem is there are security issues in so much these days that it's really just about what has been found so far."
What a waste it is to lose ones mind. Or not to have a mind is being very wasteful. How true that is. T. Danford Quayle.
Score: 5, brain damage
"This exploit exists in IE6. It just means MS didn't fix it in IE7. It's not like it's a new exploit that was quickly discovered within the few hours after IE7 was released."
But I thought IE7 was a brand new browser that didn't use and of the buggy old IE6 code.
Score:5, yet more damage control)
"Actually Firefox has a similar vulnerability, which has been unpatched for months (as a design decision - there is no way to patch it without breaking useful stuff)"
Could you give us a pointer to the Firefox bug and what stuff does it break.
"This is a new report of a old vulnerability which isn't serious"
Could you give us a pointer to the original report.
Score: 5, Damage control
"Doesn't it seem like obsoleting most successful software business models all at once, making it harder to make a living as a programmer", would lead to a net loss in software development?", nine-times
.. the more coherent and better understood the software
ecosystem can become.
.. it is an intricate and market-oriented stimulation of innovation that clearly works"
re obsoleting: If that were true we wouldn't have any Open Source software, as where's the money for the programer. The answer is that companies make money selling Open Source solutions and pay the programmers. Most sucessful?. Where do these huge profits come from. Have you factored in the cost of viruses.
Looking back I say we will look at the current situation as an aberation of the market. The only reason you see the huge profits is that once a company 'licenses' a proprietary product and puts all their records on it, they've effectively given away all their IP to a software company. They are locked in to the sofware company for life. The software company issues free lifetime upgrades but only until the next version comes out, at which point your 'license' becomes void and you have to buy a new 'license'.
"Obviously there would still be software, and there might be a long-term gain in pushing towards all software being open-sourced over time, but it's not a simple issue.", nine-times
It has always been able to copyright software. Why all the need for IP legislation. The answer being that if I only use 'proprietary' software I am bound to these IP clauses and am compelled to pay for a license to use the protocols, a guaranted revenue stream into perpetuity. The only obstacle to all this is Open Source. That certain people would like to reduce this to a discussion of 'software' is understandable. Lets see some quote from the ISC letter:
"the more information we [ISC] can gather
For monoculture->insert, ecosystem. For globalwarming->insert climate change
"the study does add more information to this complex issue. It does not holistically reflect the full dynamics now occuring in the vibrant software marketplace."
Vibrant?. 'software' is a drain on a companies balance sheet. On average one fifth of revenue is going up the pyramed. It's a net negative on the balance sheet. No one ever made money out of buying software 'licenses'.
"It must reiterated that FLOSS is merely a business model for distributing software,"
Untrue, you would like us to merely think so. FLOSS according to the FSF is freedom to distribure and further modify the software as well as a developement and collaberation model.
"the proprietary model is supported to a large extent by a complex system of rights (i.e. IPR)
translation: We will give you bits of paper and you will give us money. You see having achieved such strangle hold on the market through the use of IP legislation and cross-licensing-do-not-sue-agreements that's there's no point going Open Source.
re Re:I, too, am convinced
Standby for the usual 'quality' commercial software versus some amateur stuff made in someones bedroom.
"The marginal protection of the anti-virus was not worth the cost .. What are the chances this will be on the 'safe side' and slow things down enough to where only the highest power hardware allows for productivity."
.. er service packs. Install all the apps. Put all user data on drive D:. Make a backup image to a hidden partition on the harddrive. Modify the bios so this image is reloaded at every boot. Modify the bios so this can't be bypasssed and write access to the image is disabled. The Vista users can have full reign knowing that every thing is back to normal at next boot.
On a clients machine installing AV software slowed the machine down tremendously. I removed it, set up a standard user, set wordviewer as the default. Installed Firefox and OpenOffice. Advised the client that using IExplorer, Outlook and msWord in combination was not a good idea.
It sounds like Vista is already bloated and this is an additional drag on the system.
Install clean Vista with all the bug fixes
If you're on a big network setup an Image server and have two cat5 sockets per desktop. One for the regular network and one for the image server. Which is exactly how the big companies do it. Then reinstall Exchange Profile... reinstall Exchange Profile... Oh I forgot what was it we did before spending all day reinstalling Windows.
I'm glad that Microsoft is being more open, and co-operating more. But I believe the real security improvements are from Microsoft, and the McAffees and Nortons of the world are becoming less relevant"
.. So why waste the time, and money on these things anyway?"
They are becoming less relevent but not for the reasons you suggest. With Vista arriving with OneCare already installed they all will go the same way as Netscape and Wordperfect. Some of the new innovative security features in Vista are Patchlock that works by preventing third party software modifying the kernel and Code Integrity that runs check-sums on code.
. "I installed the latest McAfee "security center" on my mother in-law's PC and the system performance was cut damn near in half. The experience has cemented in my mind that an up to date version of Windows with the latest security patches is the right way to go"
Call me a cynic, but when someone injects a little personal anecdote to bolster an argument I suspect the whole story. It's as in the effort to convince yourself, you over compensate
"and that these third party tools are bloatware, and resource hogs
Ah, I once saw as through a glass darkly, but now I see the light, amen. By the way, those little dot dot dots are a bit of a give away...
was Re:Good news, but not great news...
I would have no objection to to MS totally taking security in house. Locking down the kernel and only allowing API access would eliminate most of the defects in Vistos. The only difference is the end use pays MS a yearly subscription instead of McAfee $274.5, Symantec $4.14 billion) and the rest. Of course charging after the fact for defects in the product is a very odd way of doing business. Myself don't plan to pay either of them a cent for 'security'.
What OS are the vast majority of the nodes on these botnets running? How would botnets be possible without a readily available supply of easly compromised Desktops.
"Next time you download a
It's not necessary to hack an IRC server to set up a botnet just set up your own channel. Tell us what are the names of these hacked Unix servers running botnets.
re Re:Sue/address the IRC networks, first.
"Jobs does have his own bits of doublespeak. When he says that customers aren't asking for compatibility he's either defining his terms VERY carefully or he's in denial."
.."
Like, where's this big outcry. How many times am I going to change player. If it works good enough people wil stick with the ipod. The music companies can sell songs to other manufacturers as well. So where's the restriction.
"On the other hand he can't say
You making up fake quotes to only knock them down doesn't really count.
was Re:Doublespeak he can't avoid... score 5 fud
Why don't they start selling their own software. Why didn't they move into other product areas. What's stopping them
_ japan_trouble/ S uit+Claims+Microsoft+Soaked+Partners/171923_1.aspx l
http://www.theregister.co.uk/2004/07/13/microsoft
http://www.thechannelinsider.com/article/Tangent+
http://slashdot.org/articles/02/04/27/231221.shtm
http://www.usdoj.gov/atr/cases/f212700/212766.htm
re Re:Nice to see a competitive open environment
How about having system prompts popping up in tha status bar instead of popup. And put the contents of the Bookmarks on the menu at the top.
"YouTube .. a company which appears to be a giant liability .. it won't suprise me if the recording industries take a more hostile approach to YouTube"
Just hours before Google announced a $1.6 billion acquisition of YouTube on Monday, both companies separately revealed agreements with major music labels for offering music videos on their respective sites.
was Re:I think it is interesting...
"Quite frankly, I still fail to see how Google can have such a huge market cap .. Google is and has always looked like a huge Enron-type sort of operation"
By any chance are you typing that BS out of Redmond? Google generated 2.25 billion in the first quarter to March 31, 2006. Google doesn't perform bugus trades between a number of fake companies. It has never been accused or been in court for such thing. To suggest it here suggests to me that you are a trolling.
was Re:Hot air buys more hot air
"No firewall can keep all hackers out." With these words, security consultant Bob Toxen began his sermon, or workshop, on the "seven deadly sins" of Linux security. Any IT manager who commits one of these sins will "get nailed sooner or later,"
"Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers"
'"Enumerating Badness" is the idea behind a huge number of security products and systems, from anti-virus to intrusion detection, intrusion prevention, application security, and "deep packet inspection" firewalls'
I don't think the computer industry is any more cause of marital strife than any other industry. Generally it's the non-techie managers who are the cause of the problem. Hiding information and buying the wrong/cheep equipment over the advise of their own IT dept. The thing is that in IT you're trying to fix something while putting up with this corporate BS. You usually find out what new direction your company is going by reading about it in the tech press. Usually announced at an awards seremony where some PHB awards himself an award for 'Internet visionary', what ever the heck that is. You're best bet to a happy marrage is to get a qualification in systems analysis, that way you don't actually have to do real work and get paid a lot more.