Does this have the potential to significantly impact any case other than Zomba v Does 1-11? I would love to see some precedents set that were based in actual technical fact rather than the typical RIAA pixie dust fantasy world.
Wish I had seen this earlier, but you describe almost exactly the use case for data loss prevention software. Specifically the endpoint protection vector. There are several companies that sell software to protect data at the endpoint, Vontu (now part of Symantec), Vericept, Websense, RSA and Orchestria to name a few.
There are three vectors generally protected by data loss prevention software suites: data in motion - at the network border over email or web traffic; data at rest - stored data in repositories such as file shares and databases; and data in use - data stored on endpoint laptops and workstations. They are content aware applications that will monitor and alter the allowed usage of sensitive data.
I've got news for you - ALL of these products that are worth the price they charge also have the option to monitor your web browsing.
Think you're safe using webmail at work? Not necessarily. Many webmail services only encrypt the login information, not your actual email. And since it is web based, these products can pick up your personal email if you send them over your corporate connection. Heck, even if your choosen webmail service does use SSL for all of your traffic, some of the more advanced products can make use of man-in-the-middle proxies that can and will actually intercept your SSL certificates and replace them with their own. Granted if this DOES happen, you or your browser should at least be able to recognize what is going on.
Your best bet (unless you are friendly with the guy who reads your email) is to tunnel your traffic through a home based SSH server, and even that isn't perfect.
Particularly for the Slashdot crowd? Hell, a portion of the readership is probably responsible for helping to implement such measures.
Guilty as charged.
On the whole good advice. In my experience most large companies use data loss prevention (DLP) products chiefly to monitor for personally identifiable information (PII) such as SSNs, credit card numbers, drivers license number, bank account numbers, etc. If your email doesn't contain a recognizable piece of PII, it generally does not get logged. DLP products certainly can be used to monitor "Acceptable Use" violations, but most companies I've seen would rather stick their heads in the sand than have to deal with every employee that writes a dirty email to his wife.
Rogue vs unauthorized software is a big distinction. I've worked closely with the information security group of a major US bank and I can reliably say that many of these people use firefox - which is unauthorized software. I don't consider firefox to be 'rogue', but they only officially support IE6 because help desk just doesn't have the capacity to fix 2 types of browsers when users call up and complain.
You're assuming that the functionality required is included in the functionality set of the authorized software.
In my experience that rarely happens.
I for one, along with the majority of my coworkers in my specific business area, would find a massive productivity slowdown without or so-called 'power-tools' which are all unauthorized. Tabs and plugins in firefox, shell access with putty (this functionality plain out doesn't EXIST in authorized software, yet my job requires me to be able to use ssh), a notepad replacement (are you serious, you want me to use notepad? come on now), GIMP (Paint? Ya, sure, that will work just fine...ha), WinSCP, a Print-to-PDF driver, and the list goes on.
Can't be bothered to learn something new? Hardly. I don't care if you learn every pixel of the notepad interface, it is still not going to be a very good program for text editing. MS Paint sucks, and many companies don't provide the pricey Photoshop as an option, yet still want the colorful marketing pictures. Blame the IT department, or blame procurement if you want. I don't care who is to blame, the end result is that there is functionality that I need to accomplish my job within the time constraints expected of me which does not exist within the authorized software catalog. So I largely turn to OSS to avoid licensing issues.
Besides... most of the alternative software I use is because MS provides free junk software which the IT department expects you to use like a good little soldier.
Here's where the law and logic don't add up for me. I'm not going to argue since I agreed with the original point and you sound like you know what you are talking about with your explanation, however this brings up another point - when does the law go overboard?
In this situation, it is technically possible for the RIAA to go after the original uploader and each of her downloading friends, and down the tree as far as they can trace. At each level in the tree, they can claim damages for everyone at a lower level in that branch of the tree. It has been too long since my last discrete math class, but for the sake of argument lets just agree to use the phrase "exponentially" - Wouldn't then the gain from the RIAA be exponentially greater than the actual value of the perceived loss? I thought fairness was a concept inherent with the law, by this logic how is it fair that this organization can conceivably claim millions in lost revenue for one $.99 song?
Part of my point is - where do you draw that arbitrary line? In this situation why is it drawn where it is - which seams to me to be in obvious favor of the RIAA?
Hypothetically, what if a defendant could prove beyond a reasonable doubt that the only two people who uploaded a single song from her turned around and immediately deleted it without ever transferring the file to anyone else? Does she deserve to be charged more than the cost of lost revenue from 3 downloads (I'll even grant you the addition of attorney fees and punitive damages) This is part hypothetical, part curiosity... I really would like to find out the reasons why this law exists this way instead of just accepting that it is just and true. This case just doesn't make logical sense to me.
While I almost agree with your reasoning, I want to play devil's advocate quickly here.
If she uploads to two friends, shouldn't her liability end with that, and the liability of her two friends begin with that? IMO the RIAA should only be paid for each upload once, if they get it from her then should her friends be let off the hook? If they get it from her friends, shouldn't she be partially let off the hook? It seems the equivalent to getting pulled over for doing 85 in a 65, even if you were going with the rest of traffic, and being ticketed for all of the cars on the highway because "they only have one hook."
Charging her the fine for HER violations, not for the violations of countless other users. The exception being if they can prove beyond a doubt that she was the originator of the content leak - like the person who first uploads the latest leaked pre-release movie to bittorrent. And I don't see that happening often, even in today's world.
Old news I know, but this once again brings up the issue of trust. I am only familiar with the TOR protocol/Onion routing at a high level, but is it possible to somehow revamp the protocol and include a trusted node-ranking system? Think slashdot style mod points applied to a TOR server. Obvious DOS attacks exist with this method, but refined a little it may work.
Even so, I'd still try to browse using HTTPS everywhere I go. (Granted that doesn't stop people from knowing what sites you browsed...)
I graduated from public high school in 2002, my brother from the same high school in 2005, and now my sister is in that same high school as a sophomore. Looking at the differences in my experience, my brother's experience, and now my sister's experience... I can assert that a computer with an internet connection is rapidly becoming a required resource. During my time, I occasionally had an assignment that required going online, now my sister has assignments for *english* class that require creating a web page or an online blog! I repeat - ENGLISH class, not a web design or tech or even typing class. History looks like it is heading in the same direction by requiring a minimum number of resources be from online sources. Math & Gym will probably eventually be the only subjects that want to keep you off the computer.
The internet IS a requirement these days for most school kids in my experience, and I pity the parent that doesn't have a computer-savy resource at hand to monitor their kids. Think, if you can hide slashdot from your boss with a ctrl+tab or an alt+tab or other quick movement... don't you think your average teenager can also hide myspace from their parents?
Actually I would guess that now TJX stores will be one of the safest to shop in. This isn't to say that they are perfect, but I'd guess that their current system would beat out 99% of the rest of resellers in terms of security. After all, if a second breach were to occur at the same company in the next 5-10 years, they might as well file bankruptcy now. I know it's sad that the industry is such that they get even one 'get out of jail free' card, but that is the way things are right now.
The company says the hackers may even have lifted bank-card information as customers making purchases waited for their transactions to be approved. TJX transmitted that data to banks "without encryption," it acknowledged in an SEC filing.
Wait one minute here... what the hell happened to PCI standards? Wouldn't this be a huge violation...(never mind the fact they had a wireless access point with WEP encryption attached to a cardholder environment)? This so-called "standard" needs to be seriously reviewed and updated, and any company found not to be in compliance needs to be held accountable and have their card-using privileges revoked.
At that point, TJX hired forensics experts from International Business Machines Corp. and General Dynamics Corp. and notified the U.S. Secret Service, which spent a month trying to catch the hackers in the act.
So you take no responsibility for your own systems, and you have no internal expertise? Wonderful.
Being as their 'internal expertise' did such a wonderful job the first time around, wouldn't you be happy that they brought in 3 outside sources that have at least SOME experience in the security field? I know you are angry about the whole situation, but let's be realistic here - would you want them to handle this internally?
I work in a large professional services firm where they give every employee a laptop. Because of the nature of our work where we are often traveling and working at various client sites, my company would be hard pressed to effectively restrict access to webmail, so they don't even try. My company finds it is more productive to allow its employees to be able use any available internet connection (eg. wireless at the local coffee shop, a client's network, hotel modem, etc) so unless you choose to VPN into the internal network, they have little or no control over what you access on your laptop.
Presumably you are concerned about one or both of two issues with webmail: 1.) files coming IN to your network and bypassing security controls you have in place or 2.) files going OUT of your network that you have no control over, no record of, and no ability to monitor.
I would suggest that #2 should be a greater concern than #1. Files leaving your network is indeed a concern - confidential information needs to remain confidential for a host of reasons (lawsuits, regulatory requirements, company image/brand destruction to name a few). But as has been stated... unless you duplicate the great firewall of china - which may be appropriate depending on what industry and company you are working with - you have little or no prayer of actually stopping a determined user from leaving with company secrets.
sidenote: if this is a concern, I would recommend looking into Vontu - I have used it and it is a great product for monitoring and/or stopping outgoing data...although it still can't deal with https and it is expensive as all hell. I am in no way affiliated with Vontu, I just highly recommend it to a company with this problem.
If you are more concerned with files coming IN to the network... well you have larger issues that should be dealt with first. Webmail is only one of MANY areas to worry about. Have you taken similar measures against USB drives? CDs? The entire downloadable inter-pipe-tubes? My point is - if VBS files are at the top of your list of concerns, it might be time to re-think your approach to security.
Kevin Carmony has repeatedly demonstrated a preference for short term results, and reckless disregard for copyright law. That said, I find some justice the world -- he's now in charge of a company to fix the problem he helped cause with mp3.com.
mp3.com's demise seems to me to be more of a result of a broken copyright system. That argument can only lead to more flamebait and I dont want to get into it here and now.
As for a preference for short term results, I don't know what you are referring to and would love to be enlightened. It seems to me that standardizing the traditionally fragmented and troublesome area of program delivery/installation with CNR is a Good Thing - no matter what he did in the past.
I'm starting to really like Kevin Carmony - the Linspire CEO. First the Desktop Linux Summit, then CNR for all major Linux distros, now this partnership with Ubuntu. Anyone else get the feeling that Carmony is taking all the right steps to setup linux as a viable alternative to M$?
I'll take it one step further. Linux needs to meet certain 'benchmarks' in order to succeed in the markets you mentioned. Specifically:
#1 Server segment - Linux needs to interoperate with Microsoft before it can fully tackle the enterprise administration server market. Active Directory and Outlook are the 2 major players for Microsoft here, Linux needs to be compatible or companies will not fully make the switch. As you said, the desktop comes after the server market, so in order for the server market to succeed, all of those corporate desktops need to work with linux servers.
#2 Corporate/government desktop market - It will be a huge help if Munich succeeds. Applications are the key here, specifically office applications. Open Office is great, but it still has a long way to go in some areas before I would feel comfortable doing away with MSOffice entirely. A working Powerpoint replacement is a must, as is a fully featured Excel replacement. Writer is relatively solid for most uses. Open formats will be a key contributer to advances in office applications.
#3 The home (non-gamer) market - The only reason this will not happen before the corporate/government market is because the OEMs have much to gain by ignoring linux and a lot to lose by embracing it as long as MS has enough market dominance to throw their weight around. A solid web-browser, a decent office application, and a usable movie/music player are all that is truly needed by this market - and they all already exist. The only thing stopping is the OEMs not pre-loading linux in favor of MS.
#4 the gamer market - You hit the nail on the head on this one. Drivers Drivers Drivers. If #3 succeeds, game makers will naturally focus more on their linux customers, but only if they have compatible hardware.
Unfortunately most of us slashdotters want to jump straight to #3-4. That simply isn't going to happen until microsoft's influence is already weakened from some other area such as corporate or government use of linux.
As everyone on slashdot will readily tell you, Google is good, MS is bad.
If I were Google, I would want to push the positives of web-based office products. Google is a web-based software company at its core. Microsoft is a desktop software company at its core. So far, IMHO Google has been releasing better products in the web arena, while MS has released better products in the desktop arena (Before you shout, note that the last I checked, google did not have an operating system or an office suite to its name, microsoft has both - therefore by their simple existence MS's are better than Google's)
Also of note is that each company is trying to make inroads into the other's area of expertise. MS is trying to improve its web-based products, and Google is trying to develop more desktop products sidenote: I just got the Google Desktop sidebar... and I love it
It seems to me that it is in Google's interest to make desktop software as obsolete as possible. Their goal should be for you to need nothing more than a web browser (translation: Firefox,Opera,Safari, anything but IE) to accomplish nearly all of your everyday tasks. In Google's perfect world of the future - Microsoft software becomes obsolete because everything is available online.
Dumb terminals with web-browsers may very well be the way of the future - Microsoft on its current track would obviously be seriously hurt where Google has the potential to thrive... *Successful* office products online would be a giant step in Google's favor.
You bring up a great point. Throughout this whole terrorism/war/middle east conflict of ideals I've attempted to maintain some semblance of fairness in my opinions of Muslims and the Muslim world. I've always said that it was only a smaller percentage of idiots that thought Islam meant "blow up anything that isn't a Muslim"
With this latest response to a friggin cartoon, I wonder how long I can keep up the idea that only a small fraction of Muslims are idiots with bombs in their turbans. More and more I am inching to the same conclusion that you apparently did: that the Muslim world of today is comprised of a bunch of barbaric savages. This is a huge shame, because from all accounts Islam is at its core a peaceful religion, and probably instructs a 'good' way of life. It has just been corrupted by extremists and oppression. It would appear to me that the majority of Muslims lack a good education that is not tainted by religion law and totalitarian governments and therefore are not able to think in moderation. This leads to international rioting and death over cartoons.
One might also thing that with the rigor with which they defend Al-Jazeera, some Muslims could at least understand freedom of the press. Just a thought...
Do it in terms of levels of computer literacy.
Get your grandmothers to try and accomplish something on both gnome and kde.
Then go for windows users. Not "power" users, anyone who knows how to view file extensions is too smart for this step.
Then see if you can get some children involved - they seem to be naturally good at this sort of thing.
Then test your average college student (skipping engineers and computer-type majors)
Lastly test your tech-types. (Aka almost anyone who is reading this right now)
(Notice placement of children and microsoft users)
What questions to ask exactly? I have no idea, but I would start on your basics - try to go to a specific website, try to play solitaire, try to play a music CD, try to type and print a very simple letter - and I would eventually move up to changing system settings, accessing logs, etc.
I am currently a senior CS major at Umass Amherst (The place where i2hub was born thanks to graduate Wayne Chang) and as such I have witnessed the evolution of file sharing here at Umass in the past few years.
As a freshman there was a program called winscan and if my memory serves me correctly, it basically was an index of all windows netbios publicly available shares on campus. Obviously not the best method for so many reasons, but it worked well enough.
Then winscan stopped working and flatlan appeared on the grid, which basically seemed to work the same way, just with a flashier interface and a website to go with it. (I have a feeling flatlan was just winscan v2, but don't hold me to it I was only a freshman.) Something tells me that either winscan or flatlan or both was written by a student from RPI who was shut down by **AA at some point, but I don't feel like cross checking that comment for accuracy.
Sophomore year saw the rise of DC++. I no longer remember the name of the server, but there was basically a limited version of i2hub available to only those on the umass campus network. By the end of sophomore year this server had at least started its merge with another campus network server, and slowly the networks allowed into the server began to increase. First to other colleges in the area, and eventually into something resembling what used to be i2hub.
Junior year i2hub really sprang to life, rapidly gaining its own momentum and making the news on more than one occasion. The traditional DC Connect and DC++ programs were discarded in favor the the i2hub ad-ridden interface, new colleges and people joined daily, and subscriptions became available.
Then disaster struck. The RIAA started going after students on i2hub.
Midway through fall-semester of senior year: RIP i2hub.
My point? These networks at Umass have grown from small to big since I've been here. There have also effectively been 4 different filesharing/p2p networks since I've been here. All have dissappeared for various reasons, but a new one always popped up in its place. For a few years the trend was to grow larger and larger and become more and more public, but I expect in the next few years whatever new network pops up to replace i2hub will remain more private and centralized, possibly restricting use to only the Umass network once again.
I'd be willing to bet that some student is already hard at work on converting bittorrent or an old gnutella client or maybe dc++ (again) to restrict the network to users with internet2 addresses only. Hopefully this student will not make the same mistake as Wayne Chang made - going public with i2hub. As soon as I saw i2hub mentioned in the news and on slashdot, I knew it would be eventually doomed by some *AA.
I'm envisioning a future of invitation-only networks, limited to a certain 'degree of kevin bacon' mixed in somehow. Think facebook + p2p. The only people that can see you and your files are your friends, your friends' friends, your friends' friends' friends... etc to a specified depth level. This would have some limiting effects on availability but would *reduce* (not solve) the problem of trust. Add some basic crypto in there somewhere if you are really paranoid and the *AA lawyer trolls can kiss my @$$
Slashdot Mirror
Does this have the potential to significantly impact any case other than Zomba v Does 1-11? I would love to see some precedents set that were based in actual technical fact rather than the typical RIAA pixie dust fantasy world.
Wish I had seen this earlier, but you describe almost exactly the use case for data loss prevention software. Specifically the endpoint protection vector. There are several companies that sell software to protect data at the endpoint, Vontu (now part of Symantec), Vericept, Websense, RSA and Orchestria to name a few.
There are three vectors generally protected by data loss prevention software suites: data in motion - at the network border over email or web traffic; data at rest - stored data in repositories such as file shares and databases; and data in use - data stored on endpoint laptops and workstations. They are content aware applications that will monitor and alter the allowed usage of sensitive data.
I've got news for you - ALL of these products that are worth the price they charge also have the option to monitor your web browsing.
Think you're safe using webmail at work? Not necessarily. Many webmail services only encrypt the login information, not your actual email. And since it is web based, these products can pick up your personal email if you send them over your corporate connection. Heck, even if your choosen webmail service does use SSL for all of your traffic, some of the more advanced products can make use of man-in-the-middle proxies that can and will actually intercept your SSL certificates and replace them with their own. Granted if this DOES happen, you or your browser should at least be able to recognize what is going on.
Your best bet (unless you are friendly with the guy who reads your email) is to tunnel your traffic through a home based SSH server, and even that isn't perfect.
Guilty as charged.
On the whole good advice. In my experience most large companies use data loss prevention (DLP) products chiefly to monitor for personally identifiable information (PII) such as SSNs, credit card numbers, drivers license number, bank account numbers, etc. If your email doesn't contain a recognizable piece of PII, it generally does not get logged. DLP products certainly can be used to monitor "Acceptable Use" violations, but most companies I've seen would rather stick their heads in the sand than have to deal with every employee that writes a dirty email to his wife.
I have to admit, I also emulate video game behavior.
Every time I see a zombie, I shoot it in the face with a shotgun.
MOD PARENT UP.
Back up the shadow file - chances are good that he uses some of the same passwords on his system and on his gmail and myspace accounts.
Use a LiveCD, make a copy of the shadow file and you can at least attempt to run a password cracker on it.
Then you can play with resetting the root password in single user mode.
I put on my robe and wizard hat...
Rogue vs unauthorized software is a big distinction. I've worked closely with the information security group of a major US bank and I can reliably say that many of these people use firefox - which is unauthorized software. I don't consider firefox to be 'rogue', but they only officially support IE6 because help desk just doesn't have the capacity to fix 2 types of browsers when users call up and complain.
You're assuming that the functionality required is included in the functionality set of the authorized software.
In my experience that rarely happens.
I for one, along with the majority of my coworkers in my specific business area, would find a massive productivity slowdown without or so-called 'power-tools' which are all unauthorized. Tabs and plugins in firefox, shell access with putty (this functionality plain out doesn't EXIST in authorized software, yet my job requires me to be able to use ssh), a notepad replacement (are you serious, you want me to use notepad? come on now), GIMP (Paint? Ya, sure, that will work just fine...ha), WinSCP, a Print-to-PDF driver, and the list goes on.
Can't be bothered to learn something new? Hardly. I don't care if you learn every pixel of the notepad interface, it is still not going to be a very good program for text editing. MS Paint sucks, and many companies don't provide the pricey Photoshop as an option, yet still want the colorful marketing pictures. Blame the IT department, or blame procurement if you want. I don't care who is to blame, the end result is that there is functionality that I need to accomplish my job within the time constraints expected of me which does not exist within the authorized software catalog. So I largely turn to OSS to avoid licensing issues.
Besides... most of the alternative software I use is because MS provides free junk software which the IT department expects you to use like a good little soldier.
Here's where the law and logic don't add up for me. I'm not going to argue since I agreed with the original point and you sound like you know what you are talking about with your explanation, however this brings up another point - when does the law go overboard?
In this situation, it is technically possible for the RIAA to go after the original uploader and each of her downloading friends, and down the tree as far as they can trace. At each level in the tree, they can claim damages for everyone at a lower level in that branch of the tree. It has been too long since my last discrete math class, but for the sake of argument lets just agree to use the phrase "exponentially" - Wouldn't then the gain from the RIAA be exponentially greater than the actual value of the perceived loss? I thought fairness was a concept inherent with the law, by this logic how is it fair that this organization can conceivably claim millions in lost revenue for one $.99 song?
Part of my point is - where do you draw that arbitrary line? In this situation why is it drawn where it is - which seams to me to be in obvious favor of the RIAA?
Hypothetically, what if a defendant could prove beyond a reasonable doubt that the only two people who uploaded a single song from her turned around and immediately deleted it without ever transferring the file to anyone else? Does she deserve to be charged more than the cost of lost revenue from 3 downloads (I'll even grant you the addition of attorney fees and punitive damages) This is part hypothetical, part curiosity... I really would like to find out the reasons why this law exists this way instead of just accepting that it is just and true. This case just doesn't make logical sense to me.
While I almost agree with your reasoning, I want to play devil's advocate quickly here.
If she uploads to two friends, shouldn't her liability end with that, and the liability of her two friends begin with that? IMO the RIAA should only be paid for each upload once, if they get it from her then should her friends be let off the hook? If they get it from her friends, shouldn't she be partially let off the hook? It seems the equivalent to getting pulled over for doing 85 in a 65, even if you were going with the rest of traffic, and being ticketed for all of the cars on the highway because "they only have one hook."
Charging her the fine for HER violations, not for the violations of countless other users. The exception being if they can prove beyond a doubt that she was the originator of the content leak - like the person who first uploads the latest leaked pre-release movie to bittorrent. And I don't see that happening often, even in today's world.
Old news I know, but this once again brings up the issue of trust. I am only familiar with the TOR protocol/Onion routing at a high level, but is it possible to somehow revamp the protocol and include a trusted node-ranking system? Think slashdot style mod points applied to a TOR server. Obvious DOS attacks exist with this method, but refined a little it may work.
Even so, I'd still try to browse using HTTPS everywhere I go. (Granted that doesn't stop people from knowing what sites you browsed...)
I graduated from public high school in 2002, my brother from the same high school in 2005, and now my sister is in that same high school as a sophomore. Looking at the differences in my experience, my brother's experience, and now my sister's experience... I can assert that a computer with an internet connection is rapidly becoming a required resource. During my time, I occasionally had an assignment that required going online, now my sister has assignments for *english* class that require creating a web page or an online blog! I repeat - ENGLISH class, not a web design or tech or even typing class. History looks like it is heading in the same direction by requiring a minimum number of resources be from online sources. Math & Gym will probably eventually be the only subjects that want to keep you off the computer.
The internet IS a requirement these days for most school kids in my experience, and I pity the parent that doesn't have a computer-savy resource at hand to monitor their kids. Think, if you can hide slashdot from your boss with a ctrl+tab or an alt+tab or other quick movement... don't you think your average teenager can also hide myspace from their parents?
Actually I would guess that now TJX stores will be one of the safest to shop in. This isn't to say that they are perfect, but I'd guess that their current system would beat out 99% of the rest of resellers in terms of security. After all, if a second breach were to occur at the same company in the next 5-10 years, they might as well file bankruptcy now. I know it's sad that the industry is such that they get even one 'get out of jail free' card, but that is the way things are right now.
The company says the hackers may even have lifted bank-card information as customers making purchases waited for their transactions to be approved. TJX transmitted that data to banks "without encryption," it acknowledged in an SEC filing.Wait one minute here... what the hell happened to PCI standards? Wouldn't this be a huge violation...(never mind the fact they had a wireless access point with WEP encryption attached to a cardholder environment)? This so-called "standard" needs to be seriously reviewed and updated, and any company found not to be in compliance needs to be held accountable and have their card-using privileges revoked.
At that point, TJX hired forensics experts from International Business Machines Corp. and General Dynamics Corp. and notified the U.S. Secret Service, which spent a month trying to catch the hackers in the act. So you take no responsibility for your own systems, and you have no internal expertise? Wonderful.Being as their 'internal expertise' did such a wonderful job the first time around, wouldn't you be happy that they brought in 3 outside sources that have at least SOME experience in the security field? I know you are angry about the whole situation, but let's be realistic here - would you want them to handle this internally?
I work in a large professional services firm where they give every employee a laptop. Because of the nature of our work where we are often traveling and working at various client sites, my company would be hard pressed to effectively restrict access to webmail, so they don't even try. My company finds it is more productive to allow its employees to be able use any available internet connection (eg. wireless at the local coffee shop, a client's network, hotel modem, etc) so unless you choose to VPN into the internal network, they have little or no control over what you access on your laptop.
Presumably you are concerned about one or both of two issues with webmail: 1.) files coming IN to your network and bypassing security controls you have in place or 2.) files going OUT of your network that you have no control over, no record of, and no ability to monitor.
I would suggest that #2 should be a greater concern than #1. Files leaving your network is indeed a concern - confidential information needs to remain confidential for a host of reasons (lawsuits, regulatory requirements, company image/brand destruction to name a few). But as has been stated... unless you duplicate the great firewall of china - which may be appropriate depending on what industry and company you are working with - you have little or no prayer of actually stopping a determined user from leaving with company secrets.
sidenote: if this is a concern, I would recommend looking into Vontu - I have used it and it is a great product for monitoring and/or stopping outgoing data...although it still can't deal with https and it is expensive as all hell. I am in no way affiliated with Vontu, I just highly recommend it to a company with this problem.
If you are more concerned with files coming IN to the network... well you have larger issues that should be dealt with first. Webmail is only one of MANY areas to worry about. Have you taken similar measures against USB drives? CDs? The entire downloadable inter-pipe-tubes? My point is - if VBS files are at the top of your list of concerns, it might be time to re-think your approach to security.
mp3.com's demise seems to me to be more of a result of a broken copyright system. That argument can only lead to more flamebait and I dont want to get into it here and now.
As for a preference for short term results, I don't know what you are referring to and would love to be enlightened. It seems to me that standardizing the traditionally fragmented and troublesome area of program delivery/installation with CNR is a Good Thing - no matter what he did in the past.
I'm starting to really like Kevin Carmony - the Linspire CEO. First the Desktop Linux Summit, then CNR for all major Linux distros, now this partnership with Ubuntu. Anyone else get the feeling that Carmony is taking all the right steps to setup linux as a viable alternative to M$?
Your ideas intrigue me... I would like to subscribe to your newsletter.
Here are some links to screenshots of the artwork in question:
P lan/Polish/Incoming/ P lan/Polish/Directions/
https://wiki.ubuntu.com/Artwork/Specs/EdgyArtwork
https://wiki.ubuntu.com/Artwork/Specs/EdgyArtwork
is the one sitting in the NSA cracking all your passwords right now.
I'll take it one step further. Linux needs to meet certain 'benchmarks' in order to succeed in the markets you mentioned. Specifically:
#1 Server segment - Linux needs to interoperate with Microsoft before it can fully tackle the enterprise administration server market. Active Directory and Outlook are the 2 major players for Microsoft here, Linux needs to be compatible or companies will not fully make the switch. As you said, the desktop comes after the server market, so in order for the server market to succeed, all of those corporate desktops need to work with linux servers.
#2 Corporate/government desktop market - It will be a huge help if Munich succeeds. Applications are the key here, specifically office applications. Open Office is great, but it still has a long way to go in some areas before I would feel comfortable doing away with MSOffice entirely. A working Powerpoint replacement is a must, as is a fully featured Excel replacement. Writer is relatively solid for most uses. Open formats will be a key contributer to advances in office applications.
#3 The home (non-gamer) market - The only reason this will not happen before the corporate/government market is because the OEMs have much to gain by ignoring linux and a lot to lose by embracing it as long as MS has enough market dominance to throw their weight around. A solid web-browser, a decent office application, and a usable movie/music player are all that is truly needed by this market - and they all already exist. The only thing stopping is the OEMs not pre-loading linux in favor of MS.
#4 the gamer market - You hit the nail on the head on this one. Drivers Drivers Drivers. If #3 succeeds, game makers will naturally focus more on their linux customers, but only if they have compatible hardware.
Unfortunately most of us slashdotters want to jump straight to #3-4. That simply isn't going to happen until microsoft's influence is already weakened from some other area such as corporate or government use of linux.
As everyone on slashdot will readily tell you, Google is good, MS is bad.
If I were Google, I would want to push the positives of web-based office products. Google is a web-based software company at its core. Microsoft is a desktop software company at its core. So far, IMHO Google has been releasing better products in the web arena, while MS has released better products in the desktop arena (Before you shout, note that the last I checked, google did not have an operating system or an office suite to its name, microsoft has both - therefore by their simple existence MS's are better than Google's)
Also of note is that each company is trying to make inroads into the other's area of expertise. MS is trying to improve its web-based products, and Google is trying to develop more desktop products
sidenote: I just got the Google Desktop sidebar... and I love it
It seems to me that it is in Google's interest to make desktop software as obsolete as possible. Their goal should be for you to need nothing more than a web browser (translation: Firefox,Opera,Safari, anything but IE) to accomplish nearly all of your everyday tasks. In Google's perfect world of the future - Microsoft software becomes obsolete because everything is available online.
Dumb terminals with web-browsers may very well be the way of the future - Microsoft on its current track would obviously be seriously hurt where Google has the potential to thrive... *Successful* office products online would be a giant step in Google's favor.
You bring up a great point. Throughout this whole terrorism/war/middle east conflict of ideals I've attempted to maintain some semblance of fairness in my opinions of Muslims and the Muslim world. I've always said that it was only a smaller percentage of idiots that thought Islam meant "blow up anything that isn't a Muslim"
With this latest response to a friggin cartoon, I wonder how long I can keep up the idea that only a small fraction of Muslims are idiots with bombs in their turbans. More and more I am inching to the same conclusion that you apparently did: that the Muslim world of today is comprised of a bunch of barbaric savages. This is a huge shame, because from all accounts Islam is at its core a peaceful religion, and probably instructs a 'good' way of life. It has just been corrupted by extremists and oppression. It would appear to me that the majority of Muslims lack a good education that is not tainted by religion law and totalitarian governments and therefore are not able to think in moderation. This leads to international rioting and death over cartoons.
One might also thing that with the rigor with which they defend Al-Jazeera, some Muslims could at least understand freedom of the press. Just a thought...
Do it in terms of levels of computer literacy. Get your grandmothers to try and accomplish something on both gnome and kde. Then go for windows users. Not "power" users, anyone who knows how to view file extensions is too smart for this step. Then see if you can get some children involved - they seem to be naturally good at this sort of thing. Then test your average college student (skipping engineers and computer-type majors) Lastly test your tech-types. (Aka almost anyone who is reading this right now) (Notice placement of children and microsoft users) What questions to ask exactly? I have no idea, but I would start on your basics - try to go to a specific website, try to play solitaire, try to play a music CD, try to type and print a very simple letter - and I would eventually move up to changing system settings, accessing logs, etc.
I am currently a senior CS major at Umass Amherst (The place where i2hub was born thanks to graduate Wayne Chang) and as such I have witnessed the evolution of file sharing here at Umass in the past few years.
As a freshman there was a program called winscan and if my memory serves me correctly, it basically was an index of all windows netbios publicly available shares on campus. Obviously not the best method for so many reasons, but it worked well enough.
Then winscan stopped working and flatlan appeared on the grid, which basically seemed to work the same way, just with a flashier interface and a website to go with it. (I have a feeling flatlan was just winscan v2, but don't hold me to it I was only a freshman.) Something tells me that either winscan or flatlan or both was written by a student from RPI who was shut down by **AA at some point, but I don't feel like cross checking that comment for accuracy.
Sophomore year saw the rise of DC++. I no longer remember the name of the server, but there was basically a limited version of i2hub available to only those on the umass campus network. By the end of sophomore year this server had at least started its merge with another campus network server, and slowly the networks allowed into the server began to increase. First to other colleges in the area, and eventually into something resembling what used to be i2hub.
Junior year i2hub really sprang to life, rapidly gaining its own momentum and making the news on more than one occasion. The traditional DC Connect and DC++ programs were discarded in favor the the i2hub ad-ridden interface, new colleges and people joined daily, and subscriptions became available.
Then disaster struck. The RIAA started going after students on i2hub.
Midway through fall-semester of senior year: RIP i2hub.
My point? These networks at Umass have grown from small to big since I've been here. There have also effectively been 4 different filesharing/p2p networks since I've been here. All have dissappeared for various reasons, but a new one always popped up in its place. For a few years the trend was to grow larger and larger and become more and more public, but I expect in the next few years whatever new network pops up to replace i2hub will remain more private and centralized, possibly restricting use to only the Umass network once again.
I'd be willing to bet that some student is already hard at work on converting bittorrent or an old gnutella client or maybe dc++ (again) to restrict the network to users with internet2 addresses only. Hopefully this student will not make the same mistake as Wayne Chang made - going public with i2hub. As soon as I saw i2hub mentioned in the news and on slashdot, I knew it would be eventually doomed by some *AA.
I'm envisioning a future of invitation-only networks, limited to a certain 'degree of kevin bacon' mixed in somehow. Think facebook + p2p. The only people that can see you and your files are your friends, your friends' friends, your friends' friends' friends... etc to a specified depth level. This would have some limiting effects on availability but would *reduce* (not solve) the problem of trust. Add some basic crypto in there somewhere if you are really paranoid and the *AA lawyer trolls can kiss my @$$