What did XP really bring to the table that Windows 2000 didn't already have?
Elapsed time and eye candy. Windows 2000 was too soon to market; for most people Windows 98SE did everything Windows was supposed to do. Then Win2000 was upstaged almost immediately by XP in less than two years. Who would want 2000 when a new, flashier version of Windows was available?
This scenario is playing itself out again it appears, but this time I think the concern is with the business market, not the home market. Microsoft has to be worried about locking in business machines now running XP. For whatever complex of reasons that can be argued over incessantly, many IT departments did choose to stick with XP rather than upgrading to Vista. The release of another new version of Windows, one that appears to resolve Vista's problems, will make such a conservative strategy harder and harder to justify.
Releasing a new version of Windows while the economy is on a down-turn might seem like a poor decision, but Microsoft's clock in in sync with that of its corporate customers. After five or more years of Windows XP, it's going to be time to move along. That puts Windows 7 right on schedule.
One of the options on the box appears as "Open folder to view files" which might sound innocuous, but is actually an "autorun.inf" option created by Conficker that in reality runs the virus.
I may be dense, but why would you want to give untrusted programs control over what appears in the autorun dialog box? Shouldn't control over those options reside entirely with the OS? I suppose game manufacturers might want to put some icon next to "Play Game" or something like that, but that seems to create a rather big security hole when viewed in a larger context.
I plug devices into Linux/KDE and a dialog box pops up, too. AFAIK, the options I see are part of KDE's USB handlers?
This all assumes, of course, that autoplay itself makes sense. I don't see the reason for autoplay at all, though I do think there needs to be something put in front of the user when a device is connected. I just want it to under the control of the OS or DE, not some virus writer.
She bought a computer and expected it to work with the CD Verizon supplied and to have MS Word installed. That probably makes her no different than the vast majority of ordinary computer users out there. It wasn't that she had an unsupported modem or needed to use some obscure feature of MS Word. She wanted a computer that looked like every computer she and her friends had seen and used for years. She didn't get that computer and was upset. I'm not surprised.
Only on Slashdot would you get a +5 "Insightful" for this opinion.
Imagine for a moment that you're someone watching this TV news broadcast and your hear this story. Who's going to come out looking bad? Verizon? I think not. Instead the viewers will think that DELL is run a bunch of idiots who sell people computers that don't run Windows. Do you really think that ordinary folks are going to blame Verizon for sending her a disk to run in Windows? That somehow Verizon ought to be supporting some "operating system" (whatever that is) that has a funny name that no one's heard of?
You need to get out of the house a bit more.
I will say that I was a bit surprised at how clueless the TV station's "consumer reporter" is about all this. Reading his blog (Slashdotted at the moment) indicates he had never heard of Ubuntu, knew little about Linux, and was shocked to hear there were alternatives to Windows and Macs that are, gasp, free! For people who want to expand Linux usage, those are the types of people that need educating.
And Dell was stupid for not just sending her either a new machine with Windows, or an OEM Windows disk with their compliments and apologies. (I've been buying Dell products for years, too, so I'm not one of those Dell-haters we see here every now and then.)
Plus he doesn't fall into either category that is usually associated with cancellation of bail -- he's neither a flight risk, nor is he a threat to others. On top of that I heard this morning that every single item that leaves his apartment is examined to ensure he's not trying to smuggle out assets that might be seized in a restitution suit.
700 days with no backup tapes? Seems rather improbable to me.
I do think events like this will just continue to encourage politicians and staffers never to write things down. Then we'll be asking why some policy went wrong because no one took any notes at the meeting in the Oval Office and relied on their faulty memories.
Remember this is the same Administration whose Vice President now claims he's really a member of the legislative branch (because of his constitutional role as President of the Senate) so he's not covered by the archival rules that apply to the rest of the White House.
My clients don't get bogus UPS messages because they're caught by MailScanner. Of course, you can also implement SMTP-level scanning and only accept messages allegedly from someone@ups.com if they originate on UPS's own servers. Filtering based on From: addresses alone is meaningless since they're easily forged.
Most of the common viruses distributed by email or weblinks are executables, usually even.exe files. I don't let my clients get exe's by mail (MailScanner) or over the web (squid). The local IT people have rights to get them, but ordinary users, never.
Infections do happen, but usually it's because someone brings in a laptop or USB stick with something nasty on it.
One of the biggest reasons why the Massachusetts ODF initiative failed was that the state officials involved were poor politicians. Remember that this initiative originated under a Republican governor with few, if any, ties to the state employee unions. These unions represent the people who would actually be forced to switch to OpenOffice or some other then ODF-compliant software. At the time OO had rather limited support for people with disabilities, an area where Microsoft had invested considerable efforts. Microsoft's lobbyists enlisted these groups, and some sympathetic state representatives, to oppose the introduction of OpenOffice on the grounds that it would create substantial impediments to disabled state workers. (States usually have a much larger fraction of such workers than does private industry for reasons that should be fairly obvious.)
The moral of this story is that technical excellence is not so important as good political skills when it comes to working with government agencies. That's a lesson that should carry over to efforts to introduce FOSS into public education.
And some significant speed improvements that matter to people with older hardware. If you build the current version of mplayer from Subversion and run it on a machine that had trouble decoding HD H.264 in the past, you might be surprised at how much better it works now.
Fansubbed anime has been distributed as 720p/H.264/AAC in the Matroska container for at least a few years now. In fact, this is now the pretty much the standard format for most fansubs. So now that a commercial entity is doing the same thing it's somehow news?
there are many cases where you have to download software separately, compile it on your own, install it somehow.
Really? "Many cases?" Name me five programs that an ordinary office or home user would need to compile if they're running a recent distro like Fedora or Ubuntu. I've used Linux for a dozen years now, and lately the only things I need to compile are obscure server apps. I can't think of a single piece of software running on my and my daughter's Kubuntu (Intrepid) machines, nor on my Fedora 8 desktop, that I had to compile from source.
There's also the option of running a transparent web proxy that blocks access to malicious sites and dangerous filetypes. I install a transparent Squid proxy on Linux firewall routers for clients and make sure there are ACL entries to block things like.exe files. Blocking specific sites is also a no-brainer.
These days most offices scan emails for malware but apparently never think about blocking web access to the same types of infections. It's no wonder most of the scam emails I see include embedded URLs rather than attached files.
Indeed. Maybe get a superbowl commercial talking about how linux/open source/open office/etc break you free from microsoft yet are still backwards compatible with them.
Hmm. Who might be able to afford such a commercial? How about a certain entrepreneur and occasional space traveler who lives in Africa?
The other day I saw what is supposed the "BCS Computer" that determines which American college football teams get to go to which Bowl games. The "computer" was enclosed in a large metal box on wheels probably five feet high and three feet wide. Of course it had a screen, a keyboard, and a printer, and some number of black boxes. Since the BCS computer now plays such an important role in American sporting life, it obviously must be pretty big.
Remember that the database we're talking about here consists primarily of the results of the sixteen or so games played by a couple hundred teams. We speculated that the real computer consists of a dwarf running Linux on an EeePC.
For those of us who remember dozens of movies depicting mainframes that occupied floors of buildings with all those whizzing tape drives, it's hard to shed the notion that computers that do "important" things must be physically large. (I'm an "old dude," myself at 59. All my computers run Linux.)
My candidate for national CTO is Ed Felten of Princeton. Of course such an appointment would hardly be looked upon with favor in places like Hollywood or Redmond.
It seems to me you could accomplish the same thing without such a complex architecture. I'd build an intrusion robot that iterates over usernames and target IPs and sends each request out via a different compromised host. Imagine setting up TCP proxies or VPN tunnels on each compromised machine that connect it to hundreds of other compromised machines. Then the robot is assigned a target address to which it starts making ssh login attempts via the tunnels. After a while it switches to another target IP and begins iterating over usernames again. Someday in the future it resumes the attack on the original target with the next username in the list. You could further obfuscate your attack by routinely setting up a whole new array of tunnels every day.
This method seems to avoid the need to pass tokens around and fulfills your requirements. Maybe I've missed something?
The data from SANS Internet Storm Center shows significant recent increases in traffic on port 445. From this graph of traffic since January, we see an decline in traffic until September with the exception of a very large bump in late spring (some early testing of the exploit?).
Suddenly there was a big surge in port 445 traffic around September 1st. (The correlation between this event and the start of the school year is intriguing.) This surge looks suspiciously orchestrated to me. We also see a substantial, but short-lived decline in target traffic after Microsoft released its November 1st patch kit.
What's much more disturbing is the trend in sources which has spiked to incredibly high levels in the past week. This could represent a concerted attack on unpatched machines by those already infected. It also shows how many machines could really be infected but slumbering until needed.
A swift-boat styled advertisement appeared on both the Sunday Night and Monday Night Football games telecast nationally. It was sponsored by the "National Republican Trust" and pressed hard on Obama's ties to the Reverend Jeremiah Wright, closing with the slogan "Obama: Too Radical, Too Risky."
"The National Republican Trust has made enormous advertising buys to put the ad on several national television networks in the final days of the campaign. The group spent $1.2 million on Thursday and $2.5 million more on Friday." (Boston Globe)
A McCain spokeman said that McCain would not try to stop the Pennsylvania GOP and the National Republican Trust political action committee from airing the Wright ads. He added that McCain "is not going to be the traffic cop for every independent organization, state party, or state-level candidate that chooses to use these in advertising."
McCain himself chose not to raise the Wright issue despite constant pressure from Republican advisors and Sarah Palin.
For instance, [the PCI revision] clarifies that all operating systems associated with card processing have to run antivirus software, while many had thought this was only about Microsoft Windows.
"That sounds like a sensible piece of advice," says Sushila Nair, product manger at BT, who says organizations often deploy antivirus on Windows but erroneously believe Unix and Macs and other operating systems are somehow more invulnerable. However, she notes accommodating the clarified PCI rule on antivirus in many places will be "expensive."
So what would constitute compliance with this rule? Is running periodic ClamAV scans on my Linux server sufficient? Will saying that I have ClamAV installed on the audit form be sufficient to comply with the new rule?
This change seems to have as much to do with protecting the Windows franchise from erosion by *nix systems (in the name of "levelling the playing field") as it does with security. Not only does it ignore the very real differences in security among the various platforms, but it makes selling a Windows solution to upper management much easier than selling Linux. Of course a system with a Windows server and Norton or McAfee will pass muster. Linux+ClamAV? Who knows?
All the people I've set this up for have Blackberries through Verizon Wireless or ATT. They have mailboxes like johnsmith@vzw.blackberry.net or johnsmith@att.blackberry.net. I presume other providers have different arrangements with RIM.
Zimbra mobile and blackberry support are only available for the pay versions.
I support Blackberry users with a plain vanilla Linux box running sendmail/procmail/dovecot. You can either set up the Blackberry to connect to the server with SMTP/IMAP, or you can forward copies to the user's Blackberry account. I've got people using both methods. procmail is especially nice for the forwarding solution if you have any kind of spam filtering running. I just use a recipe in $HOME/.procmailrc like
:0 * ! ^Subject:.*Spam\? { :0 c ! user@host.blackberry.net }
which forward a copy of every message that doesn't contain MailScanner's "Spam?" tag in the subject line. (Damn, can't get indenting to work using either <tt> or <ecode> tags.)
Last I looked Zimbra used procmail as the local delivery agent and postfix as the SMTP relay. That was a while ago now, but if that's still true, you can roll your own Blackberry solution for free.
For me and some of my friends, live sports coverage is a big incentive for HD viewing. I'd agree that, for most movies and television programming, content is much more important than format. I watched some episodes of Alan Ball's Six Feet Under the other day upscaled on our PS3. Even though the upscaled DVD image was much better than I recall from watching the show originally on HBO in SD, it was still the story that mattered the most.
Live sports, on the other hand, benefits greatly from HD transmission. Everything looks much crisper and more realistic than it does in SD, and the added screen real estate helps with events like golf where you can see more of the holes and terrain. The remaining problem is the need for directors to work in a "4:3-safe" mode so the program can be center-cut for SD distribution.
Anime also has gained a lot from HD production; many fansubbed series are now captured in 720p, encoded with H.264, and distributed in the Matroska container. The added pixels makes the line art much sharper with better contrast.
Slashdot Mirror
What did XP really bring to the table that Windows 2000 didn't already have?
Elapsed time and eye candy. Windows 2000 was too soon to market; for most people Windows 98SE did everything Windows was supposed to do. Then Win2000 was upstaged almost immediately by XP in less than two years. Who would want 2000 when a new, flashier version of Windows was available?
This scenario is playing itself out again it appears, but this time I think the concern is with the business market, not the home market. Microsoft has to be worried about locking in business machines now running XP. For whatever complex of reasons that can be argued over incessantly, many IT departments did choose to stick with XP rather than upgrading to Vista. The release of another new version of Windows, one that appears to resolve Vista's problems, will make such a conservative strategy harder and harder to justify.
Releasing a new version of Windows while the economy is on a down-turn might seem like a poor decision, but Microsoft's clock in in sync with that of its corporate customers. After five or more years of Windows XP, it's going to be time to move along. That puts Windows 7 right on schedule.
One of the options on the box appears as "Open folder to view files" which might sound innocuous, but is actually an "autorun.inf" option created by Conficker that in reality runs the virus.
I may be dense, but why would you want to give untrusted programs control over what appears in the autorun dialog box? Shouldn't control over those options reside entirely with the OS? I suppose game manufacturers might want to put some icon next to "Play Game" or something like that, but that seems to create a rather big security hole when viewed in a larger context.
I plug devices into Linux/KDE and a dialog box pops up, too. AFAIK, the options I see are part of KDE's USB handlers?
This all assumes, of course, that autoplay itself makes sense. I don't see the reason for autoplay at all, though I do think there needs to be something put in front of the user when a device is connected. I just want it to under the control of the OS or DE, not some virus writer.
How about this one?
http://cyber.law.harvard.edu/research/opennet
None of the above.
She bought a computer and expected it to work with the CD Verizon supplied and to have MS Word installed. That probably makes her no different than the vast majority of ordinary computer users out there. It wasn't that she had an unsupported modem or needed to use some obscure feature of MS Word. She wanted a computer that looked like every computer she and her friends had seen and used for years. She didn't get that computer and was upset. I'm not surprised.
Because it is major egg on Verizon's face.
Only on Slashdot would you get a +5 "Insightful" for this opinion.
Imagine for a moment that you're someone watching this TV news broadcast and your hear this story. Who's going to come out looking bad? Verizon? I think not. Instead the viewers will think that DELL is run a bunch of idiots who sell people computers that don't run Windows. Do you really think that ordinary folks are going to blame Verizon for sending her a disk to run in Windows? That somehow Verizon ought to be supporting some "operating system" (whatever that is) that has a funny name that no one's heard of?
You need to get out of the house a bit more.
I will say that I was a bit surprised at how clueless the TV station's "consumer reporter" is about all this. Reading his blog (Slashdotted at the moment) indicates he had never heard of Ubuntu, knew little about Linux, and was shocked to hear there were alternatives to Windows and Macs that are, gasp, free! For people who want to expand Linux usage, those are the types of people that need educating.
And Dell was stupid for not just sending her either a new machine with Windows, or an OEM Windows disk with their compliments and apologies. (I've been buying Dell products for years, too, so I'm not one of those Dell-haters we see here every now and then.)
Plus he doesn't fall into either category that is usually associated with cancellation of bail -- he's neither a flight risk, nor is he a threat to others. On top of that I heard this morning that every single item that leaves his apartment is examined to ensure he's not trying to smuggle out assets that might be seized in a restitution suit.
700 days with no backup tapes? Seems rather improbable to me.
I do think events like this will just continue to encourage politicians and staffers never to write things down. Then we'll be asking why some policy went wrong because no one took any notes at the meeting in the Oval Office and relied on their faulty memories.
Remember this is the same Administration whose Vice President now claims he's really a member of the legislative branch (because of his constitutional role as President of the Senate) so he's not covered by the archival rules that apply to the rest of the White House.
My clients don't get bogus UPS messages because they're caught by MailScanner. Of course, you can also implement SMTP-level scanning and only accept messages allegedly from someone@ups.com if they originate on UPS's own servers. Filtering based on From: addresses alone is meaningless since they're easily forged.
Most of the common viruses distributed by email or weblinks are executables, usually even .exe files. I don't let my clients get exe's by mail (MailScanner) or over the web (squid). The local IT people have rights to get them, but ordinary users, never.
Infections do happen, but usually it's because someone brings in a laptop or USB stick with something nasty on it.
One of the biggest reasons why the Massachusetts ODF initiative failed was that the state officials involved were poor politicians. Remember that this initiative originated under a Republican governor with few, if any, ties to the state employee unions. These unions represent the people who would actually be forced to switch to OpenOffice or some other then ODF-compliant software. At the time OO had rather limited support for people with disabilities, an area where Microsoft had invested considerable efforts. Microsoft's lobbyists enlisted these groups, and some sympathetic state representatives, to oppose the introduction of OpenOffice on the grounds that it would create substantial impediments to disabled state workers. (States usually have a much larger fraction of such workers than does private industry for reasons that should be fairly obvious.)
The moral of this story is that technical excellence is not so important as good political skills when it comes to working with government agencies. That's a lesson that should carry over to efforts to introduce FOSS into public education.
Use of ffmpeg contrary to the GPL has become so common the developers now maintain a "hall of shame".
And some significant speed improvements that matter to people with older hardware. If you build the current version of mplayer from Subversion and run it on a machine that had trouble decoding HD H.264 in the past, you might be surprised at how much better it works now.
Fansubbed anime has been distributed as 720p/H.264/AAC in the Matroska container for at least a few years now. In fact, this is now the pretty much the standard format for most fansubs. So now that a commercial entity is doing the same thing it's somehow news?
I guess you missed seeing the ones with sexy adult vampires.
there are many cases where you have to download software separately, compile it on your own, install it somehow.
Really? "Many cases?" Name me five programs that an ordinary office or home user would need to compile if they're running a recent distro like Fedora or Ubuntu. I've used Linux for a dozen years now, and lately the only things I need to compile are obscure server apps. I can't think of a single piece of software running on my and my daughter's Kubuntu (Intrepid) machines, nor on my Fedora 8 desktop, that I had to compile from source.
There's also the option of running a transparent web proxy that blocks access to malicious sites and dangerous filetypes. I install a transparent Squid proxy on Linux firewall routers for clients and make sure there are ACL entries to block things like .exe files. Blocking specific sites is also a no-brainer.
These days most offices scan emails for malware but apparently never think about blocking web access to the same types of infections. It's no wonder most of the scam emails I see include embedded URLs rather than attached files.
Indeed. Maybe get a superbowl commercial talking about how linux/open source/open office/etc break you free from microsoft yet are still backwards compatible with them.
Hmm. Who might be able to afford such a commercial? How about a certain entrepreneur and occasional space traveler who lives in Africa?
The other day I saw what is supposed the "BCS Computer" that determines which American college football teams get to go to which Bowl games. The "computer" was enclosed in a large metal box on wheels probably five feet high and three feet wide. Of course it had a screen, a keyboard, and a printer, and some number of black boxes. Since the BCS computer now plays such an important role in American sporting life, it obviously must be pretty big.
Remember that the database we're talking about here consists primarily of the results of the sixteen or so games played by a couple hundred teams. We speculated that the real computer consists of a dwarf running Linux on an EeePC.
For those of us who remember dozens of movies depicting mainframes that occupied floors of buildings with all those whizzing tape drives, it's hard to shed the notion that computers that do "important" things must be physically large. (I'm an "old dude," myself at 59. All my computers run Linux.)
My candidate for national CTO is Ed Felten of Princeton. Of course such an appointment would hardly be looked upon with favor in places like Hollywood or Redmond.
It seems to me you could accomplish the same thing without such a complex architecture. I'd build an intrusion robot that iterates over usernames and target IPs and sends each request out via a different compromised host. Imagine setting up TCP proxies or VPN tunnels on each compromised machine that connect it to hundreds of other compromised machines. Then the robot is assigned a target address to which it starts making ssh login attempts via the tunnels. After a while it switches to another target IP and begins iterating over usernames again. Someday in the future it resumes the attack on the original target with the next username in the list. You could further obfuscate your attack by routinely setting up a whole new array of tunnels every day.
This method seems to avoid the need to pass tokens around and fulfills your requirements. Maybe I've missed something?
The data from SANS Internet Storm Center shows significant recent increases in traffic on port 445. From this graph of traffic since January, we see an decline in traffic until September with the exception of a very large bump in late spring (some early testing of the exploit?).
Suddenly there was a big surge in port 445 traffic around September 1st. (The correlation between this event and the start of the school year is intriguing.) This surge looks suspiciously orchestrated to me. We also see a substantial, but short-lived decline in target traffic after Microsoft released its November 1st patch kit.
What's much more disturbing is the trend in sources which has spiked to incredibly high levels in the past week. This could represent a concerted attack on unpatched machines by those already infected. It also shows how many machines could really be infected but slumbering until needed.
A swift-boat styled advertisement appeared on both the Sunday Night and Monday Night Football games telecast nationally. It was sponsored by the "National Republican Trust" and pressed hard on Obama's ties to the Reverend Jeremiah Wright, closing with the slogan "Obama: Too Radical, Too Risky."
"The National Republican Trust has made enormous advertising buys to put the ad on several national television networks in the final days of the campaign. The group spent $1.2 million on Thursday and $2.5 million more on Friday." (Boston Globe)
A McCain spokeman said that McCain would not try to stop the Pennsylvania GOP and the National Republican Trust political action committee from airing the Wright ads. He added that McCain "is not going to be the traffic cop for every independent organization, state party, or state-level candidate that chooses to use these in advertising."
McCain himself chose not to raise the Wright issue despite constant pressure from Republican advisors and Sarah Palin.
From TFA:
For instance, [the PCI revision] clarifies that all operating systems associated with card processing have to run antivirus software, while many had thought this was only about Microsoft Windows.
"That sounds like a sensible piece of advice," says Sushila Nair, product manger at BT, who says organizations often deploy antivirus on Windows but erroneously believe Unix and Macs and other operating systems are somehow more invulnerable. However, she notes accommodating the clarified PCI rule on antivirus in many places will be "expensive."
So what would constitute compliance with this rule? Is running periodic ClamAV scans on my Linux server sufficient? Will saying that I have ClamAV installed on the audit form be sufficient to comply with the new rule?
This change seems to have as much to do with protecting the Windows franchise from erosion by *nix systems (in the name of "levelling the playing field") as it does with security. Not only does it ignore the very real differences in security among the various platforms, but it makes selling a Windows solution to upper management much easier than selling Linux. Of course a system with a Windows server and Norton or McAfee will pass muster. Linux+ClamAV? Who knows?
All the people I've set this up for have Blackberries through Verizon Wireless or ATT. They have mailboxes like johnsmith@vzw.blackberry.net or johnsmith@att.blackberry.net. I presume other providers have different arrangements with RIM.
Zimbra mobile and blackberry support are only available for the pay versions.
I support Blackberry users with a plain vanilla Linux box running sendmail/procmail/dovecot. You can either set up the Blackberry to connect to the server with SMTP/IMAP, or you can forward copies to the user's Blackberry account. I've got people using both methods. procmail is especially nice for the forwarding solution if you have any kind of spam filtering running. I just use a recipe in $HOME/.procmailrc like
which forward a copy of every message that doesn't contain MailScanner's "Spam?" tag in the subject line. (Damn, can't get indenting to work using either <tt> or <ecode> tags.)
Last I looked Zimbra used procmail as the local delivery agent and postfix as the SMTP relay. That was a while ago now, but if that's still true, you can roll your own Blackberry solution for free.
For me and some of my friends, live sports coverage is a big incentive for HD viewing. I'd agree that, for most movies and television programming, content is much more important than format. I watched some episodes of Alan Ball's Six Feet Under the other day upscaled on our PS3. Even though the upscaled DVD image was much better than I recall from watching the show originally on HBO in SD, it was still the story that mattered the most.
Live sports, on the other hand, benefits greatly from HD transmission. Everything looks much crisper and more realistic than it does in SD, and the added screen real estate helps with events like golf where you can see more of the holes and terrain. The remaining problem is the need for directors to work in a "4:3-safe" mode so the program can be center-cut for SD distribution.
Anime also has gained a lot from HD production; many fansubbed series are now captured in 720p, encoded with H.264, and distributed in the Matroska container. The added pixels makes the line art much sharper with better contrast.