Never having used Debian, and being a bit of a noob on Linux (although I used to admin HP-UX a long time back), I don't seem to have it as easy as you do for updates.
I'm using Suse 9.2, and while the auto-updates in YaSt seem to work very well and only occasionaly ask for a reboot, they don't update things like Firefox with any patches I can see at all. I wanted to go from the included beta release to the 1.01 awhile back and had the damndest time installing it to somewhere where I could find it and run it. (I admit, it gets easier as I get used to it). However, I think just clicking on the EXE in Windows and having the newer firefox install run is a hell of a lot easier; it's less steps even for people who are experts.
For the things that Windows Update does patch (Windows, Exchange, SQL, Office, etc. shortly as they are almost ready to release from Beta the Microsoft Update) it does pretty well - but lots of reboots.
As I mentioned on my Suse - YaSt does well, and rarely has me reboot (I think twice so far).
But, the thing is - patching stuff like GIMP, Firefox, etc. doesn't seem to be as automatic and easy under Linux as it does under Windows. Hell, I was running PaperPort on my Wife's Windows machine the other night and it automatically updated itself to 10SP1. Until more of the FOSS ones can do that, I think patching of applications outside of the OS is easier on Windows than on Linux.
So... What are you doing to keep Office patched? Whatever you are doing there is what you would do to keep OpenOffice or Firefox patched (well, updated anyway since you can't actually patch firefox, you just have to install new one).
Larger organizations use something like SMS or Tivolli or something to send out patches for Office, etc. Yes, you'll be able to patch MS Office using WSUS (the SUS 2.0) that will ship in a month or so (it's in RC now). However, that really doesn't give you a full flegded patching solution either as it leaves out anything else you want to patch (your student information system, etc.). So look into a distribution system like an SMS, Tivolli, Altiris, etc. - you need one.
That's pretty funny. IE the file manager... 7 years and still some people think "Internet Explorer" and "Windows Explorer" are the same thing. They're NOT and there is a shell extension API for Windows Explorer that is probably much better suited for this code to use (so that it could plug itself into "My Computer" and/or "My Network Places" in Windows Explorer. Internet Explorer add-ins (spyware or just plain crap ((most IE add-ins anyway are crap))) are another animal altogether...
This makes sense. Remember, if you talk to anyone at Microsoft about it - the BSOD's are mostly all caused by 'Bad Drivers'.
So, if car crashes are caused by 'Bad Drivers' too, then this would be a natural. Remove the drivers from the equation and neither cars, nor Windows crashes...
I hear you; you make sense. However, it seems that many of these people re-offend. Something needs to protect people from them. What do you do, convict their parole board of "shouldn'ta let'em out"? I have no solid answer, but in the case of some of these offenders - you let them out and you know they will do it again...
People who are actually stupid enough (or just brainwashed by their parents enough) to believe this God crap can get to such positions of importance where they can cause problems with schools, etc.?
It seems that the ignorant shouldn't end up in theses positions. Is our society organized in such a way as to actually promote folks who are ignorant over those who aren't?
I watched an MS presentation on secure startup last week. You have no idea what it is. It doesn't have anything to do with Palladium really. It is just the encryption of the hard drive using the TPM.
For example - when will you be able to send more than 8K in a single packet using a Java Socket on Windows XP Service Pack 2
Maybe once Ethernet supports a packet bigger than 1518 (physical) and 1500 (IP max packet)? If you meant "a single send" then say so. You said a single packet and that just isn't going to happen on current ethernet...
The dual-boot scenario is one I have wondered about too. Although to be fair - secure startup is an opt in thing (and can be turned off). So, for those (like me actually - dual booting Suse and XP) that dual boot there should be no problem - just don't turn on secure startup.
How about reading about secure startup first? If you did, you would see that it has absolutely nothing to do with what you were talking about. I hate DRM as much as the next person, but secure startup is only about protecting the machine from some hacker kiddie taking you data by booting WinPE or some Linux LiveCD. Great for notebooks, since when they get stolen you can look your CIO in the eye and tell them that yes, everything on it was encrypted.
File system level encryption does solve this if you are talking about Pointsec, Mobile Armor or a product in that Genre. However, these products typically have a real problem: their pre-boot environments for authenticating to the encryption system lack the ability to expand the range of authentication methods (for example most of them do not work with Smart Cards today - the ones that do, work only with a limited set and maybe not with PCCard readers only USB. They also tend to not have a network connection in pre-boot so that they cant check CRL's on certificates. Decide to add biometrics and you are just out). So this will subsume the feature into windows such that the pre-boot is a thing of the past and any supported authentication method will work for the encryption as well as the OS. Long overdue.
Not un-recoverable. Just not recoverable by the thief who took your machine. The only folks that will be turning this feature on are enterprises (like the one I work in) where many machines are stolen (yes, even desktops - we had an entire small office in south Africa burglarized recently - took 29 desktops). We lose many notebooks per year and nobody really knows what files were in temp, etc. For us, there will be the ability to do recovery keys, and even re-install windows (using a trusted mechanizm - not something easy to do for the thief on the street). All the IBM notebooks have had TPM modules for a couple of years. The HP 7600 is shipping with one. About time we make use of this stuff.
If you would have turned on the built in XP firewall (and YES, there was one before SP2 - it was just less configurable) when you had built the machine this would not have happened.
So you actually think we have admins out there so lame that they will ignore all of the warnings and their supposed training, install this in a production environment, and then not upgrade to the production code when it ships?
If so, they need to be fired and get a real admin. This stuff is for test labs only at this point. Anyone placing it in production now deserves what they get.
We participated in the private betas for months and months. Found several bugs and app compat issues - got them either resolved or worked around. Shipped it to our users, and are currently at 90% of our 60,000 machines. I can't claim that there have been no problems. There have been some web sites that need work (due to some of the new restrictions in IE) and some apps that are used by only a few users that have some problems - but in the main, this has gone extremely well. I honestly can't figure out why people are waiting on this.
It seems incredibly disingenous of people to on the one hand say, "Windows is full of holes, help us here Microsoft, we are bleeding." and on the other hand say, "well, that's nice but I'd rather keep bleeding than spend the time and effort to apply the fix."
Get with the program IT Admins! Work with the vendors of the apps if you have to, get the firewall exceptions in and SHIP this already!
Damn! I've been needing that for months and it was just so well hidden I hadn't found it.
However, in testing it, I find that I need to specify every damn site (we have thousands of servers/sites). Is there no way to do something like http://*.somecompany.com? It doesn't seem to work when I try that.
I think that is the whole point. The content ISN'T yours. It belongs to the group that produced it. Too many people think it IS theirs, so they come up with the DRM crap to make sure people don't use it like it is theirs. A bad deal all around - but, when people act like the stuff is free and steal it - what should we expect? DRM sucks, thieves suck...
Slashdot Mirror
Never having used Debian, and being a bit of a noob on Linux (although I used to admin HP-UX a long time back), I don't seem to have it as easy as you do for updates.
I'm using Suse 9.2, and while the auto-updates in YaSt seem to work very well and only occasionaly ask for a reboot, they don't update things like Firefox with any patches I can see at all. I wanted to go from the included beta release to the 1.01 awhile back and had the damndest time installing it to somewhere where I could find it and run it. (I admit, it gets easier as I get used to it). However, I think just clicking on the EXE in Windows and having the newer firefox install run is a hell of a lot easier; it's less steps even for people who are experts.
For the things that Windows Update does patch (Windows, Exchange, SQL, Office, etc. shortly as they are almost ready to release from Beta the Microsoft Update) it does pretty well - but lots of reboots.
As I mentioned on my Suse - YaSt does well, and rarely has me reboot (I think twice so far).
But, the thing is - patching stuff like GIMP, Firefox, etc. doesn't seem to be as automatic and easy under Linux as it does under Windows. Hell, I was running PaperPort on my Wife's Windows machine the other night and it automatically updated itself to 10SP1. Until more of the FOSS ones can do that, I think patching of applications outside of the OS is easier on Windows than on Linux.
So... What are you doing to keep Office patched? Whatever you are doing there is what you would do to keep OpenOffice or Firefox patched (well, updated anyway since you can't actually patch firefox, you just have to install new one).
Larger organizations use something like SMS or Tivolli or something to send out patches for Office, etc. Yes, you'll be able to patch MS Office using WSUS (the SUS 2.0) that will ship in a month or so (it's in RC now). However, that really doesn't give you a full flegded patching solution either as it leaves out anything else you want to patch (your student information system, etc.). So look into a distribution system like an SMS, Tivolli, Altiris, etc. - you need one.
Tricorder...
right, but is it legal to burn broadcast flags?
Trivialize any security bug in OSS as no big deal and "theoretical". Call any MS bug horrible and say "OMG everyone should switch".
Doesn't anyone else find this hilarious?
They won't eat my lunch; it is a McDonald's hamburger...
That's pretty funny. IE the file manager... 7 years and still some people think "Internet Explorer" and "Windows Explorer" are the same thing. They're NOT and there is a shell extension API for Windows Explorer that is probably much better suited for this code to use (so that it could plug itself into "My Computer" and/or "My Network Places" in Windows Explorer. Internet Explorer add-ins (spyware or just plain crap ((most IE add-ins anyway are crap))) are another animal altogether...
This makes sense. Remember, if you talk to anyone at Microsoft about it - the BSOD's are mostly all caused by 'Bad Drivers'.
So, if car crashes are caused by 'Bad Drivers' too, then this would be a natural. Remove the drivers from the equation and neither cars, nor Windows crashes...
It's brilliant.
I hear you; you make sense. However, it seems that many of these people re-offend. Something needs to protect people from them. What do you do, convict their parole board of "shouldn'ta let'em out"? I have no solid answer, but in the case of some of these offenders - you let them out and you know they will do it again...
Just move to Georgia where the age of consent is 16.
People who are actually stupid enough (or just brainwashed by their parents enough) to believe this God crap can get to such positions of importance where they can cause problems with schools, etc.?
It seems that the ignorant shouldn't end up in theses positions. Is our society organized in such a way as to actually promote folks who are ignorant over those who aren't?
I watched an MS presentation on secure startup last week. You have no idea what it is. It doesn't have anything to do with Palladium really. It is just the encryption of the hard drive using the TPM.
He can boot your OS. Does he have your SmartCard and PIN to logon? Since he can't boot to ERD commander or some Knoppix CD - no access.
For example - when will you be able to send more than 8K in a single packet using a Java Socket on Windows XP Service Pack 2
Maybe once Ethernet supports a packet bigger than 1518 (physical) and 1500 (IP max packet)? If you meant "a single send" then say so. You said a single packet and that just isn't going to happen on current ethernet...
The dual-boot scenario is one I have wondered about too. Although to be fair - secure startup is an opt in thing (and can be turned off). So, for those (like me actually - dual booting Suse and XP) that dual boot there should be no problem - just don't turn on secure startup.
How about reading about secure startup first? If you did, you would see that it has absolutely nothing to do with what you were talking about. I hate DRM as much as the next person, but secure startup is only about protecting the machine from some hacker kiddie taking you data by booting WinPE or some Linux LiveCD. Great for notebooks, since when they get stolen you can look your CIO in the eye and tell them that yes, everything on it was encrypted.
File system level encryption does solve this if you are talking about Pointsec, Mobile Armor or a product in that Genre. However, these products typically have a real problem: their pre-boot environments for authenticating to the encryption system lack the ability to expand the range of authentication methods (for example most of them do not work with Smart Cards today - the ones that do, work only with a limited set and maybe not with PCCard readers only USB. They also tend to not have a network connection in pre-boot so that they cant check CRL's on certificates. Decide to add biometrics and you are just out). So this will subsume the feature into windows such that the pre-boot is a thing of the past and any supported authentication method will work for the encryption as well as the OS. Long overdue.
Not un-recoverable. Just not recoverable by the thief who took your machine. The only folks that will be turning this feature on are enterprises (like the one I work in) where many machines are stolen (yes, even desktops - we had an entire small office in south Africa burglarized recently - took 29 desktops). We lose many notebooks per year and nobody really knows what files were in temp, etc. For us, there will be the ability to do recovery keys, and even re-install windows (using a trusted mechanizm - not something easy to do for the thief on the street). All the IBM notebooks have had TPM modules for a couple of years. The HP 7600 is shipping with one. About time we make use of this stuff.
I always thought the horn was to attact the virgins... Wait, maybe that was the other way around...
I don't CARE! My commute to work is 45 minutes to get there (early AM) and 1.5 hours to get back home.
This could make my commute be 25 minutes or less both ways. More time with the family and kids.
If you would have turned on the built in XP firewall (and YES, there was one before SP2 - it was just less configurable) when you had built the machine this would not have happened.
So you actually think we have admins out there so lame that they will ignore all of the warnings and their supposed training, install this in a production environment, and then not upgrade to the production code when it ships?
If so, they need to be fired and get a real admin. This stuff is for test labs only at this point. Anyone placing it in production now deserves what they get.
We participated in the private betas for months and months. Found several bugs and app compat issues - got them either resolved or worked around. Shipped it to our users, and are currently at 90% of our 60,000 machines. I can't claim that there have been no problems. There have been some web sites that need work (due to some of the new restrictions in IE) and some apps that are used by only a few users that have some problems - but in the main, this has gone extremely well. I honestly can't figure out why people are waiting on this.
It seems incredibly disingenous of people to on the one hand say, "Windows is full of holes, help us here Microsoft, we are bleeding." and on the other hand say, "well, that's nice but I'd rather keep bleeding than spend the time and effort to apply the fix."
Get with the program IT Admins! Work with the vendors of the apps if you have to, get the firewall exceptions in and SHIP this already!
Damn! I've been needing that for months and it was just so well hidden I hadn't found it.
However, in testing it, I find that I need to specify every damn site (we have thousands of servers/sites). Is there no way to do something like http://*.somecompany.com? It doesn't seem to work when I try that.
I think that is the whole point. The content ISN'T yours. It belongs to the group that produced it. Too many people think it IS theirs, so they come up with the DRM crap to make sure people don't use it like it is theirs. A bad deal all around - but, when people act like the stuff is free and steal it - what should we expect? DRM sucks, thieves suck...