When Microsoft improves their OS to disallow silent installation of software and other administator-level access to the system, all tweakers and other "helpful sites" fall over eachother explaining how this mechanism can be defeated. This happened with XP SP2, and it happens again with Vista.
Most Linux users seem to understand that it is unwise to surf while logged in as root, but at the same time they setup the Windows systems at their friends homes to do so, because "it would be too much of a hassle to use separate accounts for admin and working".
As long as the situation remains like this, there is little Microsoft can do. But of course, the whole idea that userfriendlyness is more important than security is out of their hat.
I have difficulty picturing a topology to interconnect dumb switches (without spanning tree) where 1 uplink port is not enough. But I have read many times about the havoc caused by inadvertently looping a cable between two automatic switchports, and also have seen it happen one time in our own network at work.
Must be big fun having that kind of people in your office! What happens when they plug a wire between two ports on the same subnet? In the past, this often was no problem because the wire is straight and would not build a connection between two switchports. But unfortunately, short-sighted network equipment manufacturers have bowed to some imaginary demand to automatically detect the link direction, and connecting two ports on a switch leads to a nice broadcast storm. I still don't understand what this stupid "auto MDI/MDI-X" feature is ever useful for, and it has the potential to cause a lot of mishap.
Well, of course it can be used to coerce customers into buying the next higher line of switches where the feature can be turned off via a management interface, and/or there are mechanisms to detect storms and/or disconnect looped ports.
Interesting to see that it works that way in your country. Over here, the banks are a little more security-aware, and they also want to keep up the image that the security is good, so when bad things happen they cover the cost for the customer.
Recent example: a few hundred shop customers got ripped because someone modified a PIN terminal to copy all magstripe data and used a security camera to capture the entered pincodes. This is an example where multifactor authentication is not yet used, and a weak security system is in place. The customers got reimbursed.
Banks don't want a publicity story that tells that security is weak and the customer will be the victim. It would cause a loss of confidence in the system that they make their money from.
But a reasonable bank would use multifactor authentication. Is the bank of america still relying on a simple username/password authentication? Then they deserve to become victim of such attacks.
This is why I always wonder why manufacturers are so dumb to implement "automatic mdi/mdi-x" on all ports of unmanaged switches. You see this all the time today. There are almost no situations where it is useful. There is only one common situation where you need a crossover cable or port: when connecting two switches. In the past, there usually was a small switch near port 24 to select mdi/mdi-x (crossover) and it always was sufficient. Even when they want to automated that, it could have been done on a single port.
Switches with auto mdi/mdi-x on all ports make it very easy to crash the network. Just plug a cable between two wall-outlets (accidentally or not). This was not a problem before this feature was introduced.
Why not? They have the software infrastructure in place to download only those updates that your system requires. So when all critical updates released in half a year would be merged into one big package, those that install the OS after that update is released will download and install the single big package, and those that already downloaded the 25 separate updates will download nothing. This already happens today with service packs and with "updates that replace an earlier update". No problem. The only thing missing is the merge of all those separate updates into a single package. And it has been done in the past, and called "rollup". Do don't know why you doubt that it would work.
You seem to forget that most keys constructed that way are not valid. After all, you want to reject the attempt to just use 77777-77777-77777-77777-77777 as a key (which worked in an older version).
If only one in 1e+30 keys is valid, you run out after 8e+8 copies.
I am really glad that the days of NT and SP6a are gone. I never liked the idea that you had to re-install the SP (and reboot the system) every time you did something that changed the system. Or at least, you were never sure if you had to re-install the SP.
At least with 2000 and later you install the SP and it also fixes the features that you are not yet using.
Ah! THAT must be the reason! Hundreds of thousands of people use Linux at home but have to use Windows at work, and so the statistics are worth nothing.
I guess there must be more Apple systems being used at work than at home, but somehow this reasoning does not work out well for THEM.
The software is being written by their own IT department. Probably using tools that allow cross-platform development. But the cost for development and testing on multiple platforms will always be higher. This is no problem if it somehow can be justified, but as it is now this probably is difficult.
I have not written (and have not read) that the government intends to stop supporting Apple and Linux for tax forms. I only want to indicate that the actual user base for those systems is so astonishingly small, that it would not be sensible for a commercial company to pay any attention to it. Probably even a public institution can rightly claim that it is not worth the tax money to maintain a separate version of the software that is only being used by one promille of the population. This was also written on the newssites that published this press release, and it was generally found to be a disturbing situation. Apparently there exists no competition in the OS market, and Microsoft has a near complete monopoly.
And indeed, when looking at formal statements by banks, most internet providers, and other similar commercial services the standpoint usually is "we only support Windows, but you may be able to use your Mac or Linux system at your own risk. don't bother calling us when it doesn't work".
For TV, the situation is a bit different here. We don't have a public TV distribution network anymore. The old analog TV transmission network has been shut down last year. There are public broadcasters, but they lease the distribution facilities from private companies (cable, terrestrial DVB, satellite DVB). The networks have subscription fees and you need to choose one to watch TV, you could consider the cost of the subscription a TV license fee (the formal TV license fee has been abandoned a couple of years ago and moved over to general taxes, to save on collection cost for a fee that nearly everyone had to pay). In this situation, a large-scale Internet TV system will probably be outsourced to a commercial company as well, and paid for in a similar way. That company again is free to choose whatever platform it thinks is appropriate. There are already some small-scale experiments being run by the public broadcast company itself (on-demand re-runs at low quality, some theme channels), and they use Microsoft formats as well. DRM is not yet used, however. We have to resort to semi-legal ways to watch these on a Linux system, but it works.
This application can be either downloaded as an autopackage installer (which I did not do either, because it is unclear what happens inside that black box), or one can simply download a tar file, unpack it in a subdirectory of your home directory, and run the executable. No need to be root.
I think you over-estimate the effect of this installation hurdle. Even if only one in 10 Linux users would want to take this step and 9 out of 10 would instead install it under Windows (instead of some virtualized Linux environment), we would have an embarassingly low number of Linux users of only 1%. Now it is 1 promille.
And please note this is a country where Linux is quite popular. You can buy distributions at bookstores for over 10 years already, the magazines cover it, there are several user groups, businesses use it, etc.
- this was not a count based on browser but on actual use of their application, which comes in different versions for Windows, Mac, or Linux.
- the count is not anonymous but directly tied to the SOFI number of each citizen filing a tax form.
- there has been demand from user groups to please make versions for other systems than Windows, and it would be unnatural to then use the Windows version instead of the special version for Mac or Linux because one somehow feels more familiar or secure with that. Those that asked for it, of course will use it and probably will encourage others to do the same, if only to show that this was a well-motivated demand.
Of course you can stick you head in the sand and claim that even under these circumstances there can be one to two million Linux users in the 7 million working population, but they all are clever or tricking or have some reason to hide their presence. But that just doesn't make sense. There probably are more Linux users than indicated by these results, but not very much. The linux counter says there are 3135 users in the Netherlands, which of course is a too low count because many don't bother to register. This count is higer, and more accurate because it is not anonymous and there are no real reasons to cheat.
The majority of workers have to file a tax form here, which already can be seen looking at the number of forms returned electronically (5.7 million) versus the working population (about 7 million). There is no need to use virtualization software, the tax form software is downloadable in different versions.
You get a letter telling you that you have to file the form, and that you can either download an application at a website or ask for a paper form or a floppy to be sent to you. On the website, you are asked if you want to download a version for Windows, Mac or Linux. You download and run the program, and it either sends your form back via Internet or it writes out a floppy that you send by post.
Of course the program puts program and OS version in the data sent back. So they have an accurate count of OS users that is not biased by browser or whatever. You are free to choose and there is nothing like "Windows is the default and you need to make extra effort for Linux".
There is double-counting because a working couple may be using a single PC to send back two forms. And a family with a PC and a Mac might choose to use the PC to do administrative tasks and the Mac to to their gaming and arts work.
On the other hand, there has been a lot of pressure on the agency to make software for other systems than Windows, and one would expect the advocates of Linux to express their appreciation by using the Linux version now that they have the choice.
This year in the Netherlands, the following figures were published by the department of finance, for the number of income tax forms returned electronically. This should represent the number of "home users" for the different operating systems. The absolute number would be a bit higher because it is still possible to use a paper form, but one would expect that the group not using a computer but a paper form would not likely be potential Linux users.
Windows users: 5.7 million Mac users: 41653 Linux users: 6589
In such a market, it is not surprising that only Windows is supported.
I don't know much about semi-automatic install, but we use a fully-automatic install from the network (PXE) using unattend.txt and it has an option to add custom directories with drivers to the default search path, and automatically install drivers. These directories get copied to the harddisk and it also works when the devices are added later (like a scanner, camera etc).
But you are right, those things never work correctly first-time. It is easy to make a mistake, and the functionality provided isn't exactly intuitive or well designed. (for example, when you make a DRIVERS directory and add several subdirectories with different drivers in them, you have to include all names in the search path. I.e. it won't search a tree starting from a specified location, it only searches the explicitly named directories for.inf files)
Those folks must really like ISA:-) I am still using an older board from that series (with 3 ISA, 3 PCI and 1 AGP) that I bought in 2003 when I had lots of ISA cards but all standard systems came with only PCI. It was difficult to get (via an embedded-systems engineering company that was not equipped to sell to individuals), but works very well. In fact, there is still a card in it that is used all day: a Boca 6-port serial card that controls all kind of external devices with proprietary protocols.
When I upgrade this, I either need to find a PCI multi-serial card (probably difficult by now) or switch to USB serial cables (inferior timing).
I will try to boot it up (first attempt failed as my system apparently won't boot from USB key so I will try something else) to see which sources are available. I understood the workings of the parity disk, let's see if that is implemented in the kernel like RAID or if the whole thing lives in the userspace application. It might be possible to just port over the parity idea to my existing server (which is running SuSE 10.0 from a 512MB IDE-FLASH disk)
Of course with this idea, each write will transform into two reads and two writes (to re-calc and update parity) so write performance probably suffers. Read should be as fast as a single drive, unless the method of implementation slows it down.
I think it is not mainly because Hans Reiser is in jail. The relation between Hans and the kernel developers has been difficult all the time.
Some time ago, maintenance on version 3.6 has been abandoned by Hans Reiser in favor of working on the 4.0 version. A few people at SuSE continued to work on it, but received negative comments from Reiser (who accused them of introducing new bugs). Of course the environment at SuSE has changed as well, and there has been an announcement that they will stop as well. That leaves the 3.6 version without maintenance. We can only guess for how long it will survive in a changing kernel without becoming unstable or before it even no longer compiles.
The new version 4 has not been accepted into the official kernel, and the situation around Reiser likely has not increased the chance that it will be. The developers state that EXT3 has been improved and will be further improved. That is probably the most used native Linux filesystem.
And of course other alternatives (ported from other systems) are becoming available.
All in all it is a bit sad, ReiserFS was a fast filesystem and I have good experience with it. But I am using Linux for nearly 15 years now, and if there is one thing I have learned it is that it is useless to row against the flow. When official support for something is being dropped, you have to look for an alternative.
Slashdot Mirror
When Microsoft improves their OS to disallow silent installation of software and other administator-level access to the system, all tweakers and other "helpful sites" fall over eachother explaining how this mechanism can be defeated.
This happened with XP SP2, and it happens again with Vista.
Most Linux users seem to understand that it is unwise to surf while logged in as root, but at the same time they setup the Windows systems at their friends homes to do so, because "it would be too much of a hassle to use separate accounts for admin and working".
As long as the situation remains like this, there is little Microsoft can do.
But of course, the whole idea that userfriendlyness is more important than security is out of their hat.
I have difficulty picturing a topology to interconnect dumb switches (without spanning tree) where 1 uplink port is not enough.
But I have read many times about the havoc caused by inadvertently looping a cable between two automatic switchports, and also have seen it happen one time in our own network at work.
Must be big fun having that kind of people in your office!
What happens when they plug a wire between two ports on the same subnet?
In the past, this often was no problem because the wire is straight and would not build a connection between two switchports.
But unfortunately, short-sighted network equipment manufacturers have bowed to some imaginary demand to automatically detect the link direction, and connecting two ports on a switch leads to a nice broadcast storm.
I still don't understand what this stupid "auto MDI/MDI-X" feature is ever useful for, and it has the potential to cause a lot of mishap.
Well, of course it can be used to coerce customers into buying the next higher line of switches where the feature can be turned off via a management interface, and/or there are mechanisms to detect storms and/or disconnect looped ports.
Interesting to see that it works that way in your country.
Over here, the banks are a little more security-aware, and they also want to keep up the image that the security is good, so when bad things happen they cover the cost for the customer.
Recent example: a few hundred shop customers got ripped because someone modified a PIN terminal to copy all magstripe data and used a security camera to capture the entered pincodes. This is an example where multifactor authentication is not yet used, and a weak security system is in place. The customers got reimbursed.
Banks don't want a publicity story that tells that security is weak and the customer will be the victim. It would cause a loss of confidence in the system that they make their money from.
But a reasonable bank would use multifactor authentication. Is the bank of america still relying on a simple username/password authentication? Then they deserve to become victim of such attacks.
This is why I always wonder why manufacturers are so dumb to implement "automatic mdi/mdi-x" on all ports of unmanaged switches.
You see this all the time today. There are almost no situations where it is useful. There is only one common situation where you need a crossover cable or port: when connecting two switches. In the past, there usually was a small switch near port 24 to select mdi/mdi-x (crossover) and it always was sufficient.
Even when they want to automated that, it could have been done on a single port.
Switches with auto mdi/mdi-x on all ports make it very easy to crash the network. Just plug a cable between two wall-outlets (accidentally or not).
This was not a problem before this feature was introduced.
Why not? They have the software infrastructure in place to download only those updates that your system requires.
So when all critical updates released in half a year would be merged into one big package, those that install the OS after that update is released will download and install the single big package, and those that already downloaded the 25 separate updates will download nothing.
This already happens today with service packs and with "updates that replace an earlier update". No problem.
The only thing missing is the merge of all those separate updates into a single package. And it has been done in the past, and called "rollup". Do don't know why you doubt that it would work.
You seem to forget that most keys constructed that way are not valid.
After all, you want to reject the attempt to just use 77777-77777-77777-77777-77777 as a key (which worked in an older version).
If only one in 1e+30 keys is valid, you run out after 8e+8 copies.
In case you haven't noticed, after installing a copy of XP SP2, there are still quite a lot of patches to be downloaded
About 100, in fact. I think it is ridiculous. They should merge them together into some new package every 6 months or so.
I am really glad that the days of NT and SP6a are gone.
I never liked the idea that you had to re-install the SP (and reboot the system) every time you did something that changed the system.
Or at least, you were never sure if you had to re-install the SP.
At least with 2000 and later you install the SP and it also fixes the features that you are not yet using.
Ah! THAT must be the reason! Hundreds of thousands of people use Linux at home but have to use Windows at work, and so the statistics are worth nothing.
I guess there must be more Apple systems being used at work than at home, but somehow this reasoning does not work out well for THEM.
The software is being written by their own IT department. Probably using tools that allow cross-platform development.
But the cost for development and testing on multiple platforms will always be higher. This is no problem if it somehow can be justified, but as it is now this probably is difficult.
I have not written (and have not read) that the government intends to stop supporting Apple and Linux for tax forms. I only want to indicate that the actual user base for those systems is so astonishingly small, that it would not be sensible for a commercial company to pay any attention to it. Probably even a public institution can rightly claim that it is not worth the tax money to maintain a separate version of the software that is only being used by one promille of the population.
This was also written on the newssites that published this press release, and it was generally found to be a disturbing situation. Apparently there exists no competition in the OS market, and Microsoft has a near complete monopoly.
And indeed, when looking at formal statements by banks, most internet providers, and other similar commercial services the standpoint usually is "we only support Windows, but you may be able to use your Mac or Linux system at your own risk. don't bother calling us when it doesn't work".
For TV, the situation is a bit different here. We don't have a public TV distribution network anymore. The old analog TV transmission network has been shut down last year.
There are public broadcasters, but they lease the distribution facilities from private companies (cable, terrestrial DVB, satellite DVB). The networks have subscription fees and you need to choose one to watch TV, you could consider the cost of the subscription a TV license fee (the formal TV license fee has been abandoned a couple of years ago and moved over to general taxes, to save on collection cost for a fee that nearly everyone had to pay).
In this situation, a large-scale Internet TV system will probably be outsourced to a commercial company as well, and paid for in a similar way. That company again is free to choose whatever platform it thinks is appropriate.
There are already some small-scale experiments being run by the public broadcast company itself (on-demand re-runs at low quality, some theme channels), and they use Microsoft formats as well. DRM is not yet used, however. We have to resort to semi-legal ways to watch these on a Linux system, but it works.
This application can be either downloaded as an autopackage installer (which I did not do either, because it is unclear what happens inside that black box), or one can simply download a tar file, unpack it in a subdirectory of your home directory, and run the executable. No need to be root.
I think you over-estimate the effect of this installation hurdle. Even if only one in 10 Linux users would want to take this step and 9 out of 10 would instead install it under Windows (instead of some virtualized Linux environment), we would have an embarassingly low number of Linux users of only 1%. Now it is 1 promille.
And please note this is a country where Linux is quite popular. You can buy distributions at bookstores for over 10 years already, the magazines cover it, there are several user groups, businesses use it, etc.
What you fail to realize is that:
- this was not a count based on browser but on actual use of their application, which comes in different versions for Windows, Mac, or Linux.
- the count is not anonymous but directly tied to the SOFI number of each citizen filing a tax form.
- there has been demand from user groups to please make versions for other systems than Windows, and it would be unnatural to then use the Windows version instead of the special version for Mac or Linux because one somehow feels more familiar or secure with that. Those that asked for it, of course will use it and probably will encourage others to do the same, if only to show that this was a well-motivated demand.
Of course you can stick you head in the sand and claim that even under these circumstances there can be one to two million Linux users in the 7 million working population, but they all are clever or tricking or have some reason to hide their presence. But that just doesn't make sense.
There probably are more Linux users than indicated by these results, but not very much. The linux counter says there are 3135 users in the Netherlands, which of course is a too low count because many don't bother to register. This count is higer, and more accurate because it is not anonymous and there are no real reasons to cheat.
The majority of workers have to file a tax form here, which already can be seen looking at the number of forms returned electronically (5.7 million) versus the working population (about 7 million).
There is no need to use virtualization software, the tax form software is downloadable in different versions.
You get a letter telling you that you have to file the form, and that you can either download an application at a website or ask for a paper form or a floppy to be sent to you.
On the website, you are asked if you want to download a version for Windows, Mac or Linux.
You download and run the program, and it either sends your form back via Internet or it writes out a floppy that you send by post.
Of course the program puts program and OS version in the data sent back. So they have an accurate count of OS users that is not biased by browser or whatever.
You are free to choose and there is nothing like "Windows is the default and you need to make extra effort for Linux".
There is double-counting because a working couple may be using a single PC to send back two forms. And a family with a PC and a Mac might choose to use the PC to do administrative tasks and the Mac to to their gaming and arts work.
On the other hand, there has been a lot of pressure on the agency to make software for other systems than Windows, and one would expect the advocates of Linux to express their appreciation by using the Linux version now that they have the choice.
This year in the Netherlands, the following figures were published by the department of finance, for the number of income tax forms returned electronically.
This should represent the number of "home users" for the different operating systems. The absolute number would be a bit higher because it is still possible to use a paper form, but one would expect that the group not using a computer but a paper form would not likely be potential Linux users.
Windows users: 5.7 million
Mac users: 41653
Linux users: 6589
In such a market, it is not surprising that only Windows is supported.
I don't think the difference between 2000 and XP is that big that a PC can work like a charm in 2000 and be maddingly slow in XP.
Probably you just need to turn off a few of the eyecandy effects.
I don't know much about semi-automatic install, but we use a fully-automatic install from the network (PXE) using unattend.txt and it has an option to add custom directories with drivers to the default search path, and automatically install drivers.
.inf files)
These directories get copied to the harddisk and it also works when the devices are added later (like a scanner, camera etc).
But you are right, those things never work correctly first-time. It is easy to make a mistake, and the functionality provided isn't exactly intuitive or well designed.
(for example, when you make a DRIVERS directory and add several subdirectories with different drivers in them, you have to include all names in the search path. I.e. it won't search a tree starting from a specified location, it only searches the explicitly named directories for
There still exists a board that can use it: http://www.ibasetechnology.net/mb886.html
:-)
Those folks must really like ISA
I am still using an older board from that series (with 3 ISA, 3 PCI and 1 AGP) that I bought in 2003 when I had lots of ISA cards but all standard systems came with only PCI. It was difficult to get (via an embedded-systems engineering company that was not equipped to sell to individuals), but works very well.
In fact, there is still a card in it that is used all day: a Boca 6-port serial card that controls all kind of external devices with proprietary protocols.
When I upgrade this, I either need to find a PCI multi-serial card (probably difficult by now) or switch to USB serial cables (inferior timing).
Even then, the Acrobat process would need write-access to system files. On a decently managed system, it hasn't.
But what if you (as any sensible person would do) simply block anything that is executable from being received via mail?
I will try to boot it up (first attempt failed as my system apparently won't boot from USB key so I will try something else) to see which sources are available.
I understood the workings of the parity disk, let's see if that is implemented in the kernel like RAID or if the whole thing lives in the userspace application.
It might be possible to just port over the parity idea to my existing server (which is running SuSE 10.0 from a 512MB IDE-FLASH disk)
Of course with this idea, each write will transform into two reads and two writes (to re-calc and update parity) so write performance probably suffers. Read should be as fast as a single drive, unless the method of implementation slows it down.
I think it is not mainly because Hans Reiser is in jail. The relation between Hans and the kernel developers has been difficult all the time.
Some time ago, maintenance on version 3.6 has been abandoned by Hans Reiser in favor of working on the 4.0 version. A few people at SuSE continued to work on it, but received negative comments from Reiser (who accused them of introducing new bugs). Of course the environment at SuSE has changed as well, and there has been an announcement that they will stop as well.
That leaves the 3.6 version without maintenance. We can only guess for how long it will survive in a changing kernel without becoming unstable or before it even no longer compiles.
The new version 4 has not been accepted into the official kernel, and the situation around Reiser likely has not increased the chance that it will be.
The developers state that EXT3 has been improved and will be further improved. That is probably the most used native Linux filesystem.
And of course other alternatives (ported from other systems) are becoming available.
All in all it is a bit sad, ReiserFS was a fast filesystem and I have good experience with it. But I am using Linux for nearly 15 years now, and if there is one thing I have learned it is that it is useless to row against the flow. When official support for something is being dropped, you have to look for an alternative.