Hmmm... I feel safer killing insurgents in their backyard rather than killing them here, but I am probably strange that way.
They aren't 'insurgents' if you aren't in their backyard.
Are YOU an insurgent? Are you actively bent on killing any foreign nationals right now? Probably not. Unless you happen to be an american soldier you probably have relatively normal peaceful life.
But if [insert country] invaded your backyard, and you fought back, to preserve your way of life, and your national pride, etc, etc... and guess what then YOU'D be an insurgent.
Can you imagine how stupid you'd think it would be if the invader you were fighting told you one day that they'd prefer to fight insurgents like you in your backyard, rather then theirs?
Wouldn't the OBVIOUS response be... "If you hadn't invaded us, I wouldn't be an insurgent, and we wouldn't be fighting!!"
Now if there were a credible threat that Iraq was actually on the verge of attacking the US, sure, maybe it might be worth attacking them first... but seriously... there was NEVER any credible threat of anything like an Iraqi invasion on US soil. Its a laughable.
What the hell are you on about? How exactly is it theatre to require elevation to perform system modifying actions? Linux does it. Apple does it.
The ONLY reason Vista's is more 'annoying' is that a PILE of software that was written prior to UAC, and needlessly alters the system is still in use while pretty much everything for OSX and Linux that anybody uses today has been written to live in user space.
Once Vista's been around long enough for most legacy software to be upgraded or discarded UAC will be no more of a hassle than elevating Apple or Linux.
It's so unusable that it's clear that any serious user will disable it.
That's the dumbest possible thing you can do. If you ever want your OS to be as secure as Linux or OSX you've got to erect that barrier between user and root, and pressure software vendors to work within that limitation.
The article points a valid reason: liability. Micrsoft can't keep your system highly safe without a great cost to them (re-architect the OS and severely damage backwards compatiblility).
That's absurd. MS did re-architect it, and it did severely damage backwards compatibility. That's the whole reason you are moaning about UAC. UAC isn't annoying unless you are running legacy software.
If you use software designed with Vista in mind, the only UAC prompt you generally ever see is during the initial install, and again if and when you uninstall it. No intellgent person should turn of UAC to run an application. If you've got something that requires UAC off to run, put up with elevating it, don't run it and get something else, or run it in a VM on a legacy Windows OS.
You wouldn't disable all your security in Linux just to run some legacy app would you? You shouldn't in Windows either.
The only time I ever see a UAC prompt is to install/uninstall software or to mess with the system settings. Which isn't annoying and indeed is as is it should be. I do have some legacy apps, most work fine without elevation. A couple that were constantly tried doing things that UAC disallowed I've discarded and found Vista friendly alternatives for. And a couple I run in a VM while i wait for upgraded versions or alternatives to present themselves.
You CAN'T have it both ways. You can't run all software as root and be safe at the same time. So if a pile of your software needs root to run, you can't be safe. Its not Microsofts fault if you insist on running software that needs root. An intelligent person would stop using that software, not disable their security.
I don't know that it's all too common to rail on and on about the data collection. I see it all the time on Slashdot, but never anywhere else either on the internet or in my normal life.
Out of sight out of mind.
The housing market crash. Enron. The Tech-bubble. The real world has an amazing ability not to look deeper into massive problems right at the end of their noses.
I suspect it's not as big a problem as you think it is.
As long as google doesn't actually show you how much data they've got on you, its not a problem right? As long as you only see friendly web apps with whimsical logos and small contextual ads everything will be peachy.
What if they -did- show you? And showed you what they could infer and predicted from that information as well. You'd probably be astonished with what is possible given the amount of data they are collecting from everyone about everything.
Everything from your age, race, language, skin colour, religion, marital status, where you work, what you drive, your education level, your income level, where you went to school, who your friends are, where you vacation, where you shop, your taste in movies, your taste in porn, your taste in books, your politics, whether you have kids... they might even know your face.
Its a surveillance wet dream.
Would you have filled all that into a form in exchange for 'free webmail'?
And yet they have it all anyway. Bit by bit you handed it all over by letting them watch where you went and who you associated with, and let them read what you wrote, and who you wrote it to.
Maybe they haven't mined their data that completely yet. But they are working on it. And right now its primarily being commercialized by selling demographics and ad placement to advertisers.
But as the data set grows and the mining techniques become more refined they will be an invaluable resource to employers who want to know more about canditates, for banks to generate credit ratings, to insurance companies assessing risk, for governments seeking criminals, dissidents, or just dirt...
And you can't even opt out. They can track you by proxy...even if you never visit their sites... By who you communicate with that uses gmail, by sites you visit using their adsense/analytics/etc, by content you've put up about yourself, or that other people have put up about you (or even about themselves that you were involved in...)
Nobody has the 'expectation' of privacy when they go out in public: people might see us, hear us, even incidently record us... and we accept that.
If I were to stand in a public space filming everyone coming and going, recording everything I see and hear, filing it all away, linking people together, and linking what individuals have said each day, and analysing it to make additional inferences... And then I set up cameras up all over the place, and everytime I saw or heard you on any of them I'd add it to your file. And then I'd make deals with the local shops in exchange they'd hand over information on when you entered and left, and I'd that to your file too. And then I'd offer to host your friends photos, and I'd read the captions and see who was in them, and where it was and I'd add all that to my file on you. And I'd offer to give him free phone service, in exchange for listening in, and adding any conversations he has with you or about you to your file...
Isn't that stalking? Is it any less stalking simply because I'm doing it to everyone I see instead of just you?
Well you wouldn't have 1TB of data to back up every day in 99% of cases.
I dunno. I do daily incremental backups, but once a month, I'd like to take a complete snapshot of our servers. So for me its 1/30th the time... or around 97% of the time I don't need a full backup, but that 3% is still a killer PITA.
Well that's just the dilemma. I use Google Analytics on all my sites, and sort of use the information to see what keywords are effective and most common. I don't then turn around and use that information to focus my content on those areas like any smart person would, but I don't really care if someone stumbles across my blog either (much more interesting are HeatMaps, not that I use that information in a meaningful way either).
The real bullshit is that you used to be able to BUY urchin fairly reasonably, and host it on your own server, and get nearly the same reports, and analytics, and without having to give up your data, and letting google track all your visitors from site to site.
Someone needs to reverse engineer analyitics and make an open source version of it... wish I had the time. And sadly, the only people who'd ever use it are those concerned about the ramifications of feeding google data... which is surprisingly few. If it were Microsoft doing this, people would be up in arms... when will people wake up and realize that Google is the new Microsoft. They aren't the underdog fighting the 800lb gorilla. They are the 800lb gorilla. But instead of bending people over with embrace and extend and rapacious licensing, they get you insidiously with endless stream of "free product"... and all it costs you is a little data... and there's no harm in a little anyonymous data......until it reaches a critical mass and suddenly its not a little data anymore, nor is it anonymous, it all fits together to give a more complete composite picture of you than you EVER would have agreed to...
I don't find wal-mart to be particularly worse than the vast majority of stores in terms of amount of crappy Chinese goods. The others, for whatever reason, make people feel good for paying more for the same crap they could have gotten for 20% less (and a different brand stuck on said products coming off the same assembly line with the same materials).
Sometimes yes they are the same.
Sometimes the materials going in aren't quite the same quality. (using lower quality steel, or cheaper plastics, or whatever...)
Sometimes the goods coming out are held to lower standards. (ie stuff that would have been rejected for the 'premium brand' is good enough for the 'walmart brand'.
I recall film in particular was like this some years ago. The brand name stuff and the generic stuff was indeed made in the same factory on the same line from the same stuff. But QC on the brand name stuff was higher. Flaws in batches that didn't meet the brand's QC levels but were still 'ok' were sold under the generic brand.
Bottom line, knowing a product came from the same factory and even assembly line as product X means squat. It might be the same product. Or it might be highly inferior.
I think it's obvious to anyone with common sense that this Wii Fit can hardly be considered a workout.
Is yoga a 'workout'? Is pilates a 'workout'? If you consider that to be a part of your workout routine, then the Fit is a part of that. And if it accomplishes the same thing as working along with a yoga/pilates video and is more fun, then that would be a win.
Nobody is saying that a Wii fit is a replacement for cardio, or weight training. But it may well be a perfectly legitimate to compliment yoga/ pilates/ and stretching exercises.
Besides, after the buzz wears down, anyone doing these "exercises" will quickly discover there are no results to be had, and the balancing board will end up in the closet with the rest of the rubber bands, abdominizors, and exercises dvds.
Unless its engaging and fun. Which a lot of people think it is, and who will play it regardless of whether they get 'results' or not.
And no matter how you spin it, its better for you than sitting on the couch.
So while Wii fit may not melt fat off, at least its not part of the problem.
It's always easy to think there are better places, but I've been around the world a lot and the United States is the best place in the world.
Its a better place to live relative to that VAST majority of the world.
And, yeah, as long as you stay on the upper side of the class divide you avoid most of the US's biggest shortcomings. And maybe for some people the US truly is the best fit in the world.
I really can't imagine a lawyer being happier anywhere else.;)
But -most- people would be better off in places like Canada, Australia, Norway, Iceland, etc than they would be in the US. Not everybody. But most people.
Seeing that made me think of the movie title "Gattaca", at which point I realized that "Gattaca" was actually deliberately named using only a,t,c,g on purpose... digging in wikipedia confirms that it was named for an enzyme, EcoRI, that cuts "GAATTC"
I'd never really thought about the significance of the title before. Makes an already great movie, just a little bit better. Thanks for that epiphany...
You have unrestricted access at that point of time. You may want unrestricted access forever.
If you want to install a root kit, just do it.
The point of this 'hack' seems to be, that hey, if you can boot a live Cd, you can use this hack to get into vista, and then from there you can install rootkit or keylogger, or whatever, but that's just a needless step. You can install the rootkit or keylogger into the startup directly from the live cd without ever booting into vista.
Another possible fix would be to store a checksum for the accessibility helper program within the logon process, and verify the binary it's about to execute matches that checksum. Or embed the helper within the logon process.
Nope. Worthless. You'd just swap in a patched version of the 'logon process' with the necessary checksum. Or with the code to check the checksum removed. And if it checks itself, or something else checks it first to detect this tampering... you just keep going backwards. Sooner or later something loads 'first'. And if -that- is compromised, game over.
Any code of this sort needs to be thoroughly audited to ensure there's no bugs that can be exploited by the user to run things they're not supposed to be able to.
That's true. But no amount of auditing can prevent someone with physical access to the machine from replacing the logon software itself with their own, that does whatever they want it to do.
The only way to do that is to have the whole 'trusted computing platform' where a tamper proofed bios will only run signed code -- like what we have with game consoles. Where going 'back to the first process that does checking' (as described above) is the hardware itself. Where, if its done well and exploitable software bugs can't be found, you'd have to physically modify the hardware itself, e.g. solder in a 'modchip' to get it to boot/run something that isn't authorized, or bruteforce the digital signing keys... or something like that.
Obviously, but this simple of an attack -- just renaming a file -- would allow someone to be in and out very quickly, with no more advance preparation besides having a linux live cd handy, and I usually have several on me for just such an occasion.
Unless BIOS was password protected, and the hard drive was the only boot option set therein. Then you'd be reduced to cracking open the case to try and reset or swap the bios... no more 'in and out very quickly'.
The story HERE isn't that Windows security is shit, but that the physical PC's security was SHIT, and that the features of the PC and of Windows that would have shut this attack down completely weren't in use.
Alternatively and additionally you can encrypt the boot drive. That too would make a linux boot disk worthless.
So you can install a rootkit/keylogger and get back in when the OS is running.
You ALREADY have unrestricted access to the drive by booting into an alternative OS with R/W access to the unencrypted HD. You want to install a rootkit or keylogger, just do it. You don't need to boot windows at all.
This is possible in any OS. Windows, OSX, Linux.... hell even OS9.
The thing I mentioned at Disney is free for example (unless you pay per text messages which I'm not sure many people do anymore).
I don't consider much of anything 'free'. Whether or not you pay directly or otherwise you always pay. With Disney especially you always pay.
That aside, beleive it or not, most people still pay for text messages in North America. Its true they are bundled into a number of packages and feature packs aimed at teens and younger adults, and anyone who wants to use much text will surely have a text-included plan... but the majority actually do not. Additionally, Pay-as-you go customers do not have free text nor any option to get "free" text.
But that's beside the point too. A lot of these 'txt in for whatever' programs charge you for the 'service'. I'm sure you've seen the annoying adds for texting 'love' to xxyyzz to get daily pickup lines/blond jokes/sex tips/whatever... and those are charged at 1.50 to 3.00 per message they send you added directly to your phone bill regardless of whether you 'free unlimited text' or not. (They are also notorious for being difficult to unsubscribe to, racking up $100 month or more for their 'service'.
Now when you vote or respond via text on some program or other it may or may not be set up the same way... it might just coast you whatever it costs you to send a txt (be it 25cents, 15cents, 10cents, or free)... or they might send back a 'notification/confirmation' to let you know whether you've won or 'please try again' or whatever and THAT message could be free, or it might cost a few bucks. Read the fine print. Some are free, some aren't.
----
But at the end of the day, its not about whether or not it costs money, I simply find it bloody annoying, even when its 'free'. If I'm watching a drama I don't want it to beg me to visit some internet site in the middle of it, nor send txt messages to vote, nor compete in some demented game... maybe the american idol demographic thrives on that... but I find it offensive.
The TV equivalent of internet popups. (Well... that and TV's newer game of overlaying commercials right on top of the program... not 'product placement within the show', but when the network simply overlays the bottom 3rd of the screen obscuring what you are watching with some distracting animated announcement.)
So they find a balance that's acceptable to both sides, that's called compromise.
The scales have been broken for a long time now. Have you been on the internet lately? You think a balance has been struck? A compromise? Or do you run firefox with at least one of adblock, flashblock, and noscript while dodging incessant 'offers' to add a toolbar to your browser everytime you install something... just to bring the noiselevel down to an acceptabe level?
Instead they should be going the other way, and......see how they can integrate mobile devices into the "fun" they are offering...."see how they can make mobile devices a source of revenue."
There. Fixed that for you.
Like when you are watching TV and they implore you to text an answer to a quiz, or vote, or some other MORONIC activity during the show. Send in your answer now! Every entry gives a chance to win a ringtone!!! Send in your answer now, send in your answer often! Only $1.99 per TXT.
Personally I despise that shit. Its enough to make me stop watching a show. Is that really something anyone wants more of in their life?
I think the web-hosting market is quite saturated.. Unless you have some brilliant idea or you have superior hardware and very cheap price, you will not attract customers.
You simply aren't going to be able to compete with a $4.00/month multi-gigabyte hosting plan of which there are several. So don't try. Might as well try to open an independant drug store next to walmart.
Go the other way, find a niche that's NOT served by those guys and go for that. Go after the people who need something unique and specialize in it.
(On that point when will which ever god or other deity is responsible for our design fix the bloody faulty memory unit and start using error correcting cells?)
Perhaps its a survival mechanism that keeps you from going insane and killing yourself before you reach age 10. The ability to forget might be the only thing keeping us sane.
Or maybe its a performance optimization - keeping the dataset smaller makes retrieval faster.
Or part of a disaster recovery system, enabling you not to be permanently traumatised after seeing the goatse guy.;)
until the mid 90's the method of studios recuping rental revenue was to have a different pricepoint for VHS videocasettes that were sold as licensed/ allowed to be rented, vs private home use casettes sold at Kmart Etc.
They didn't have a different price-point for rentals, they just released them first with insanely high prices, that they only marketed to rental outlets.
This first release was =intended= to be sold to rental outlets, the model of doing it this way was specifically designed to wring extra money out rental outlets. But to do it they had to hold off on releasing it at lower price. And they were allowed to sell them at retail, if they could find anyone to buy them, but of course, the retail market for $120-200 VHS tapes that would available at 90% off in 3-12months was pretty much nil. But most video stores would order and sell you a copy during that window if you 'just had to have it', although at the time, 'selling videos' was in its infancy.
Once window was up and it was released at the lower 'consumer price' video outlets could buy additional copies at the lower price too... but why would they? The movies were 3 to 12 months old, and were no longer in high demand as rentals... the shelves were filled with new new releases, and they were probably already looking to unload most of the copies they had as previously viewed.
small video stores would literally pay 5-8times the price for a copy destined to be rented repeatedly.
They were 'effectively' trapped paying 5-10x as much for movies if they wanted to be competitive and have the latest new releases.
But, for example if you were opening a new video store, you only had to shell out the big money for 'new releases' (because it was either that or not having any), but you could stock up your 'weekly rentals' with movies you bought used, or at kmart, or from your own collection...
If a human had to review the proof, then sure, this will never work, but if you're using proof-carrying code in a relatively formal language, the verification can be an automatic part of the process.
Suppose I were to write a traffic light decision program, and my program logic were flawed -- it returns go for red, slow for yellow, and stop for green. There is nothing preventing a stupid or malicious or overtired verifier to write a formal spec based on reading the source code that essentially says it behave as it behaves. The automated verifier will declare it provably correct, and horrible car accidents will ensue.
There is just no way around it. You can only trust code as much as you trust the people that wrote it and verified it. The automated verifier only tells you that someone managed to get the program and the specification to match... but that doesn't tell you that either is actually correct.
I'm not sure you've got the right end of the stick, here. "formal verification" doesn't mean "code review by some officially-sanctioned third party". It means "verification using formal methods".
As such, the only cost is time. People already volunteer their time to work on open source projects; there's no particular reason [other than mind-numbing tedium] why they wouldn't volunteer time for this too.
Well the mind-numbing tedium for one thing.:) But the real issue isn't lack of volunteers, its that volunteers are just as likely to turn in bad proofs as they are to turn in bad code.
If you wanted to build a bridge and some volunteer on the internet submitted a design, along with some structural analysis by other volunteers from the internet declaring that it was a sound design, would you just accept it and build the bridge? Or would you want some "officially sanctioned engineers" to review it first?
The issue with requiring that code be provably correct is the same; the proofs have to be done by people that are demonstrably competent at formal methods, and the proofs themselves must be reviewed by people who are demonstrably competent at formal methods. So even if the internet volunteers perform verification using formal methods -- no one will have any confidence that it was done right.
And of course, the number of volunteers capable of proving code (who understand the mathematics and what not behind the methods) and who interested in doing so is VASTLY outstripped by the number of volunteers capable and interested in writing code.
So even if the volunteers COULD satisfy the formal verification requirement -- OSS would be utterly hamstrung due to the back log getting new code volunteer verified.
... and this bug.. is it not time we started acting like engineers and started building software in a way where we can show it is correct.
As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.
The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.
Lock it all up tight, and make sure every line of code being executed is signed and certified.
And given how difficult it is to right correct code, I'm not sure a 'formal verification' would be worth that much. I mean, you think Windows is expensive NOW?
Not sure OSS could even exist in a world like that. After all, 'formal verification' isn't free. And you wouldn't be allowed to modify your own source... the liability issues alone!
Most of my friends that play this type of game never even considered Vanguard for the same reason.
Being forced into groups can make the 'grindfest' tolerable, even fun. Because you aren't sitting their watching your xp bar, you are hanging out with other people. The key is finding groups of competent social people. (and being one yourself.)
The -best- way for a 'group-centric' game to work, is to brutally force players together into groups. Give no quarter to solers, and stick to your guns no matter how much they whine about it.
1) It weeds out the anti-social people who just want to solo. The game simply isn't fun for them, because they can't accomplish squat. So they go play WoW or something else.
2) That means the players that are left ARE sociable people and looking to group. That right there is a big help.
3) It ensures that the vast majority of upper level players are reasonably competent in group settings. You aren't going to have a 70th level priest that's never combat healed "someone else" before or who measures his worth in dps, who hasn't bothered to buy his group heal spells.
Sure there are going to be lousy players, but fewer of them, and the harder the game is, the more they'll get weeded out because fewer groups will carry players that keep getting them killed due to incompetence.
It may sound 'elitist' but its not really, not more than any team sport is, at least, for example. And I'm not saying soloers can't have their games... but I think for a game to be truly good for 'group' oriented players it should exclude soloers rather than try to be all things to all people. Encouraging solo players just frustrates the groupers, and makes soloing the path of least resistance. Despite the fact that I, at least, find soloing to be the most absurd waste of time imaginable, given the mindlessly repetitive gameplay -- for me if you take away the grouping from a mmorpg... there isn't anything worthwhile left. But again, that's me, and people like me... soloers can have their games, but 'small groupers' should have theirs too.
Similarly I don't think too heavy a focus on the 'raid game' is productive for a group-oriented game.
Imagine it the other way around, though; There have been many times where I have been on the phone to somebody like yourself, having already performed ALL of the troubleshooting tips you'll go through (having done them at least three times before on seperate calls), yet you still WILL NOT proceed with escalating a call until you've been through them ONE MORE TIME to make sure we've done it right.
And if they don't and they escalate it 'on your word' and it turns out your network cable was loose?
Don't say it doesn't happen, because it does, with a stunningly ridiculous frequency.
I have a friend in ISP support, and one of the worst categories of customer is the so-called 'IT expert' the one that calls up and says "My internet is down, I've already done everything at this end, i restarted the modem, the PC, I modified my MTU, reinstalled TCP/IP, manually set my ip address, updated my routers bios, and it still doesn't work...
And half the time its still a bonehead fix like a loose cable.
The worst though its when it really was just a brief outage at the ISP name servers or DHCP servers, and now this dickwad has totally screwed up his system... his routers configured wrong, his tcp/ip is configured wrong, or when by reinstalling tcp/ip he's gone and mangled up his firewall software...
My all time favorite was the moron who plugged his router into the same power strip as his lamp. So every time he went into the room with the router in it to check, he turned on the lamp (and router) on his way in checked all the cables and lights, and then turned off the lamp (and router) and his way back to the room with his computer.
You mean you've never hear of inexpensive USB hubs? You've never heard of USB TV recorders such as the Eye TV? Our eye TV works great with an old G4 mini connected to our 47" LCD TV. I suppose there are no Bluray units or external hard drives with a USB output either. You can get a 500GB USB hard drive for $125-$130 if your multimedia files get too voluminous.
Ah, so now I've got a pile of crap that should be in my computer spread out all over my desk, each with its own power supply. Is that what people buying into the sleekness of the imac are looking for?
Hmmm... I feel safer killing insurgents in their backyard rather than killing them here, but I am probably strange that way.
They aren't 'insurgents' if you aren't in their backyard.
Are YOU an insurgent? Are you actively bent on killing any foreign nationals right now?
Probably not. Unless you happen to be an american soldier you probably have relatively normal peaceful life.
But if [insert country] invaded your backyard, and you fought back, to preserve your way of life, and your national pride, etc, etc... and guess what then YOU'D be an insurgent.
Can you imagine how stupid you'd think it would be if the invader you were fighting told you one day that they'd prefer to fight insurgents like you in your backyard, rather then theirs?
Wouldn't the OBVIOUS response be... "If you hadn't invaded us, I wouldn't be an insurgent, and we wouldn't be fighting!!"
Now if there were a credible threat that Iraq was actually on the verge of attacking the US, sure, maybe it might be worth attacking them first... but seriously... there was NEVER any credible threat of anything like an Iraqi invasion on US soil. Its a laughable.
Security theatre in it's finest.
What the hell are you on about? How exactly is it theatre to require elevation to perform system modifying actions? Linux does it. Apple does it.
The ONLY reason Vista's is more 'annoying' is that a PILE of software that was written prior to UAC, and needlessly alters the system is still in use while pretty much everything for OSX and Linux that anybody uses today has been written to live in user space.
Once Vista's been around long enough for most legacy software to be upgraded or discarded UAC will be no more of a hassle than elevating Apple or Linux.
It's so unusable that it's clear that any serious user will disable it.
That's the dumbest possible thing you can do. If you ever want your OS to be as secure as Linux or OSX you've got to erect that barrier between user and root, and pressure software vendors to work within that limitation.
The article points a valid reason: liability. Micrsoft can't keep your system highly safe without a great cost to them (re-architect the OS and severely damage backwards compatiblility).
That's absurd. MS did re-architect it, and it did severely damage backwards compatibility. That's the whole reason you are moaning about UAC. UAC isn't annoying unless you are running legacy software.
If you use software designed with Vista in mind, the only UAC prompt you generally ever see is during the initial install, and again if and when you uninstall it. No intellgent person should turn of UAC to run an application. If you've got something that requires UAC off to run, put up with elevating it, don't run it and get something else, or run it in a VM on a legacy Windows OS.
You wouldn't disable all your security in Linux just to run some legacy app would you? You shouldn't in Windows either.
The only time I ever see a UAC prompt is to install/uninstall software or to mess with the system settings. Which isn't annoying and indeed is as is it should be. I do have some legacy apps, most work fine without elevation. A couple that were constantly tried doing things that UAC disallowed I've discarded and found Vista friendly alternatives for. And a couple I run in a VM while i wait for upgraded versions or alternatives to present themselves.
You CAN'T have it both ways. You can't run all software as root and be safe at the same time. So if a pile of your software needs root to run, you can't be safe. Its not Microsofts fault if you insist on running software that needs root. An intelligent person would stop using that software, not disable their security.
I don't know that it's all too common to rail on and on about the data collection. I see it all the time on Slashdot, but never anywhere else either on the internet or in my normal life.
Out of sight out of mind.
The housing market crash. Enron. The Tech-bubble. The real world has an amazing ability not to look deeper into massive problems right at the end of their noses.
I suspect it's not as big a problem as you think it is.
As long as google doesn't actually show you how much data they've got on you, its not a problem right? As long as you only see friendly web apps with whimsical logos and small contextual ads everything will be peachy.
What if they -did- show you? And showed you what they could infer and predicted from that information as well. You'd probably be astonished with what is possible given the amount of data they are collecting from everyone about everything.
Everything from your age, race, language, skin colour, religion, marital status, where you work, what you drive, your education level, your income level, where you went to school, who your friends are, where you vacation, where you shop, your taste in movies, your taste in porn, your taste in books, your politics, whether you have kids... they might even know your face.
Its a surveillance wet dream.
Would you have filled all that into a form in exchange for 'free webmail'?
And yet they have it all anyway. Bit by bit you handed it all over by letting them watch where you went and who you associated with, and let them read what you wrote, and who you wrote it to.
Maybe they haven't mined their data that completely yet. But they are working on it. And right now its primarily being commercialized by selling demographics and ad placement to advertisers.
But as the data set grows and the mining techniques become more refined they will be an invaluable resource to employers who want to know more about canditates, for banks to generate credit ratings, to insurance companies assessing risk, for governments seeking criminals, dissidents, or just dirt...
And you can't even opt out. They can track you by proxy...even if you never visit their sites... By who you communicate with that uses gmail, by sites you visit using their adsense/analytics/etc, by content you've put up about yourself, or that other people have put up about you (or even about themselves that you were involved in...)
Nobody has the 'expectation' of privacy when they go out in public: people might see us, hear us, even incidently record us... and we accept that.
If I were to stand in a public space filming everyone coming and going, recording everything I see and hear, filing it all away, linking people together, and linking what individuals have said each day, and analysing it to make additional inferences... And then I set up cameras up all over the place, and everytime I saw or heard you on any of them I'd add it to your file. And then I'd make deals with the local shops in exchange they'd hand over information on when you entered and left, and I'd that to your file too. And then I'd offer to host your friends photos, and I'd read the captions and see who was in them, and where it was and I'd add all that to my file on you. And I'd offer to give him free phone service, in exchange for listening in, and adding any conversations he has with you or about you to your file...
Isn't that stalking? Is it any less stalking simply because I'm doing it to everyone I see instead of just you?
Well you wouldn't have 1TB of data to back up every day in 99% of cases.
I dunno. I do daily incremental backups, but once a month, I'd like to take a complete snapshot of our servers. So for me its 1/30th the time... or around 97% of the time I don't need a full backup, but that 3% is still a killer PITA.
Well that's just the dilemma. I use Google Analytics on all my sites, and sort of use the information to see what keywords are effective and most common. I don't then turn around and use that information to focus my content on those areas like any smart person would, but I don't really care if someone stumbles across my blog either (much more interesting are HeatMaps, not that I use that information in a meaningful way either).
...until it reaches a critical mass and suddenly its not a little data anymore, nor is it anonymous, it all fits together to give a more complete composite picture of you than you EVER would have agreed to...
The real bullshit is that you used to be able to BUY urchin fairly reasonably, and host it on your own server, and get nearly the same reports, and analytics, and without having to give up your data, and letting google track all your visitors from site to site.
Someone needs to reverse engineer analyitics and make an open source version of it... wish I had the time. And sadly, the only people who'd ever use it are those concerned about the ramifications of feeding google data... which is surprisingly few. If it were Microsoft doing this, people would be up in arms... when will people wake up and realize that Google is the new Microsoft. They aren't the underdog fighting the 800lb gorilla. They are the 800lb gorilla. But instead of bending people over with embrace and extend and rapacious licensing, they get you insidiously with endless stream of "free product"... and all it costs you is a little data... and there's no harm in a little anyonymous data...
Google is a death by a thousand tiny cuts.
I don't find wal-mart to be particularly worse than the vast majority of stores in terms of amount of crappy Chinese goods. The others, for whatever reason, make people feel good for paying more for the same crap they could have gotten for 20% less (and a different brand stuck on said products coming off the same assembly line with the same materials).
Sometimes yes they are the same.
Sometimes the materials going in aren't quite the same quality. (using lower quality steel, or cheaper plastics, or whatever...)
Sometimes the goods coming out are held to lower standards. (ie stuff that would have been rejected for the 'premium brand' is good enough for the 'walmart brand'.
I recall film in particular was like this some years ago. The brand name stuff and the generic stuff was indeed made in the same factory on the same line from the same stuff. But QC on the brand name stuff was higher. Flaws in batches that didn't meet the brand's QC levels but were still 'ok' were sold under the generic brand.
Bottom line, knowing a product came from the same factory and even assembly line as product X means squat. It might be the same product. Or it might be highly inferior.
I think it's obvious to anyone with common sense that this Wii Fit can hardly be considered a workout.
Is yoga a 'workout'? Is pilates a 'workout'? If you consider that to be a part of your workout routine, then the Fit is a part of that. And if it accomplishes the same thing as working along with a yoga/pilates video and is more fun, then that would be a win.
Nobody is saying that a Wii fit is a replacement for cardio, or weight training. But it may well be a perfectly legitimate to compliment yoga/ pilates/ and stretching exercises.
Besides, after the buzz wears down, anyone doing these "exercises" will quickly discover there are no results to be had, and the balancing board will end up in the closet with the rest of the rubber bands, abdominizors, and exercises dvds.
Unless its engaging and fun. Which a lot of people think it is, and who will play it regardless of whether they get 'results' or not.
And no matter how you spin it, its better for you than sitting on the couch.
So while Wii fit may not melt fat off, at least its not part of the problem.
It's always easy to think there are better places, but I've been around the world a lot and the United States is the best place in the world.
;)
Its a better place to live relative to that VAST majority of the world.
And, yeah, as long as you stay on the upper side of the class divide you avoid most of the US's biggest shortcomings. And maybe for some people the US truly is the best fit in the world.
I really can't imagine a lawyer being happier anywhere else.
But -most- people would be better off in places like Canada, Australia, Norway, Iceland, etc than they would be in the US. Not everybody. But most people.
but just like CD's are cheaper to produce than cassettes, that doesn't mean the cost will ever come down.
When were you ever able to buy 100 blank cassettes for 20$?
ATTTACAGATTAC
Seeing that made me think of the movie title "Gattaca", at which point I realized that "Gattaca" was actually deliberately named using only a,t,c,g on purpose... digging in wikipedia confirms that it was named for an enzyme, EcoRI, that cuts "GAATTC"
I'd never really thought about the significance of the title before. Makes an already great movie, just a little bit better. Thanks for that epiphany...
You have unrestricted access at that point of time.
You may want unrestricted access forever.
If you want to install a root kit, just do it.
The point of this 'hack' seems to be, that hey, if you can boot a live Cd, you can use this hack to get into vista, and then from there you can install rootkit or keylogger, or whatever, but that's just a needless step. You can install the rootkit or keylogger into the startup directly from the live cd without ever booting into vista.
Another possible fix would be to store a checksum for the accessibility helper program within the logon process, and verify the binary it's about to execute matches that checksum. Or embed the helper within the logon process.
Nope. Worthless. You'd just swap in a patched version of the 'logon process' with the necessary checksum. Or with the code to check the checksum removed. And if it checks itself, or something else checks it first to detect this tampering... you just keep going backwards. Sooner or later something loads 'first'. And if -that- is compromised, game over.
Any code of this sort needs to be thoroughly audited to ensure there's no bugs that can be exploited by the user to run things they're not supposed to be able to.
That's true. But no amount of auditing can prevent someone with physical access to the machine from replacing the logon software itself with their own, that does whatever they want it to do.
The only way to do that is to have the whole 'trusted computing platform' where a tamper proofed bios will only run signed code -- like what we have with game consoles. Where going 'back to the first process that does checking' (as described above) is the hardware itself. Where, if its done well and exploitable software bugs can't be found, you'd have to physically modify the hardware itself, e.g. solder in a 'modchip' to get it to boot/run something that isn't authorized, or bruteforce the digital signing keys... or something like that.
Obviously, but this simple of an attack -- just renaming a file -- would allow someone to be in and out very quickly, with no more advance preparation besides having a linux live cd handy, and I usually have several on me for just such an occasion.
Unless BIOS was password protected, and the hard drive was the only boot option set therein. Then you'd be reduced to cracking open the case to try and reset or swap the bios... no more 'in and out very quickly'.
The story HERE isn't that Windows security is shit, but that the physical PC's security was SHIT, and that the features of the PC and of Windows that would have shut this attack down completely weren't in use.
Alternatively and additionally you can encrypt the boot drive. That too would make a linux boot disk worthless.
So you can install a rootkit/keylogger and get back in when the OS is running.
You ALREADY have unrestricted access to the drive by booting into an alternative OS with R/W access to the unencrypted HD. You want to install a rootkit or keylogger, just do it. You don't need to boot windows at all.
This is possible in any OS. Windows, OSX, Linux.... hell even OS9.
The thing I mentioned at Disney is free for example (unless you pay per text messages which I'm not sure many people do anymore).
I don't consider much of anything 'free'. Whether or not you pay directly or otherwise you always pay. With Disney especially you always pay.
That aside, beleive it or not, most people still pay for text messages in North America. Its true they are bundled into a number of packages and feature packs aimed at teens and younger adults, and anyone who wants to use much text will surely have a text-included plan... but the majority actually do not. Additionally, Pay-as-you go customers do not have free text nor any option to get "free" text.
But that's beside the point too. A lot of these 'txt in for whatever' programs charge you for the 'service'. I'm sure you've seen the annoying adds for texting 'love' to xxyyzz to get daily pickup lines/blond jokes/sex tips/whatever... and those are charged at 1.50 to 3.00 per message they send you added directly to your phone bill regardless of whether you 'free unlimited text' or not. (They are also notorious for being difficult to unsubscribe to, racking up $100 month or more for their 'service'.
Now when you vote or respond via text on some program or other it may or may not be set up the same way... it might just coast you whatever it costs you to send a txt (be it 25cents, 15cents, 10cents, or free)... or they might send back a 'notification/confirmation' to let you know whether you've won or 'please try again' or whatever and THAT message could be free, or it might cost a few bucks. Read the fine print. Some are free, some aren't.
----
But at the end of the day, its not about whether or not it costs money, I simply find it bloody annoying, even when its 'free'. If I'm watching a drama I don't want it to beg me to visit some internet site in the middle of it, nor send txt messages to vote, nor compete in some demented game... maybe the american idol demographic thrives on that... but I find it offensive.
The TV equivalent of internet popups. (Well... that and TV's newer game of overlaying commercials right on top of the program... not 'product placement within the show', but when the network simply overlays the bottom 3rd of the screen obscuring what you are watching with some distracting animated announcement.)
So they find a balance that's acceptable to both sides, that's called compromise.
The scales have been broken for a long time now. Have you been on the internet lately? You think a balance has been struck? A compromise? Or do you run firefox with at least one of adblock, flashblock, and noscript while dodging incessant 'offers' to add a toolbar to your browser everytime you install something... just to bring the noiselevel down to an acceptabe level?
Instead they should be going the other way, and... ...see how they can integrate mobile devices into the "fun" they are offering. ..."see how they can make mobile devices a source of revenue."
There. Fixed that for you.
Like when you are watching TV and they implore you to text an answer to a quiz, or vote, or some other MORONIC activity during the show. Send in your answer now! Every entry gives a chance to win a ringtone!!! Send in your answer now, send in your answer often! Only $1.99 per TXT.
Personally I despise that shit. Its enough to make me stop watching a show. Is that really something anyone wants more of in their life?
I think the web-hosting market is quite saturated.. Unless you have some brilliant idea or you have superior hardware and very cheap price, you will not attract customers.
You simply aren't going to be able to compete with a $4.00/month multi-gigabyte hosting plan of which there are several. So don't try. Might as well try to open an independant drug store next to walmart.
Go the other way, find a niche that's NOT served by those guys and go for that.
Go after the people who need something unique and specialize in it.
(On that point when will which ever god or other deity is responsible for our design fix the bloody faulty memory unit and start using error correcting cells?)
;)
Perhaps its a survival mechanism that keeps you from going insane and killing yourself before you reach age 10. The ability to forget might be the only thing keeping us sane.
Or maybe its a performance optimization - keeping the dataset smaller makes retrieval faster.
Or part of a disaster recovery system, enabling you not to be permanently traumatised after seeing the goatse guy.
until the mid 90's the method of studios recuping rental revenue was to have a different pricepoint for VHS videocasettes that were sold as licensed/ allowed to be rented, vs private home use casettes sold at Kmart Etc.
They didn't have a different price-point for rentals, they just released them first with insanely high prices, that they only marketed to rental outlets.
This first release was =intended= to be sold to rental outlets, the model of doing it this way was specifically designed to wring extra money out rental outlets. But to do it they had to hold off on releasing it at lower price. And they were allowed to sell them at retail, if they could find anyone to buy them, but of course, the retail market for $120-200 VHS tapes that would available at 90% off in 3-12months was pretty much nil. But most video stores would order and sell you a copy during that window if you 'just had to have it', although at the time, 'selling videos' was in its infancy.
Once window was up and it was released at the lower 'consumer price' video outlets could buy additional copies at the lower price too... but why would they? The movies were 3 to 12 months old, and were no longer in high demand as rentals... the shelves were filled with new new releases, and they were probably already looking to unload most of the copies they had as previously viewed.
small video stores would literally pay 5-8times the price for a copy destined to be rented repeatedly.
They were 'effectively' trapped paying 5-10x as much for movies if they wanted to be competitive and have the latest new releases.
But, for example if you were opening a new video store, you only had to shell out the big money for 'new releases' (because it was either that or not having any), but you could stock up your 'weekly rentals' with movies you bought used, or at kmart, or from your own collection...
If a human had to review the proof, then sure, this will never work, but if you're using proof-carrying code in a relatively formal language, the verification can be an automatic part of the process.
Suppose I were to write a traffic light decision program, and my program logic were flawed -- it returns go for red, slow for yellow, and stop for green. There is nothing preventing a stupid or malicious or overtired verifier to write a formal spec based on reading the source code that essentially says it behave as it behaves. The automated verifier will declare it provably correct, and horrible car accidents will ensue.
There is just no way around it. You can only trust code as much as you trust the people that wrote it and verified it. The automated verifier only tells you that someone managed to get the program and the specification to match... but that doesn't tell you that either is actually correct.
I'm not sure you've got the right end of the stick, here. "formal verification" doesn't mean "code review by some officially-sanctioned third party". It means "verification using formal methods".
:)
As such, the only cost is time. People already volunteer their time to work on open source projects; there's no particular reason [other than mind-numbing tedium] why they wouldn't volunteer time for this too.
Well the mind-numbing tedium for one thing.
But the real issue isn't lack of volunteers, its that volunteers are just as likely to turn in bad proofs as they are to turn in bad code.
If you wanted to build a bridge and some volunteer on the internet submitted a design, along with some structural analysis by other volunteers from the internet declaring that it was a sound design, would you just accept it and build the bridge? Or would you want some "officially sanctioned engineers" to review it first?
The issue with requiring that code be provably correct is the same; the proofs have to be done by people that are demonstrably competent at formal methods, and the proofs themselves must be reviewed by people who are demonstrably competent at formal methods. So even if the internet volunteers perform verification using formal methods -- no one will have any confidence that it was done right.
And of course, the number of volunteers capable of proving code (who understand the mathematics and what not behind the methods) and who interested in doing so is VASTLY outstripped by the number of volunteers capable and interested in writing code.
So even if the volunteers COULD satisfy the formal verification requirement -- OSS would be utterly hamstrung due to the back log getting new code volunteer verified.
... and this bug.. is it not time we started acting like engineers and started building software in a way where we can show it is correct.
As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.
The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.
Lock it all up tight, and make sure every line of code being executed is signed and certified.
And given how difficult it is to right correct code, I'm not sure a 'formal verification' would be worth that much. I mean, you think Windows is expensive NOW?
Not sure OSS could even exist in a world like that. After all, 'formal verification' isn't free. And you wouldn't be allowed to modify your own source... the liability issues alone!
Be careful what you wish for.
Most of my friends that play this type of game never even considered Vanguard for the same reason.
Being forced into groups can make the 'grindfest' tolerable, even fun. Because you aren't sitting their watching your xp bar, you are hanging out with other people. The key is finding groups of competent social people. (and being one yourself.)
The -best- way for a 'group-centric' game to work, is to brutally force players together into groups. Give no quarter to solers, and stick to your guns no matter how much they whine about it.
1) It weeds out the anti-social people who just want to solo. The game simply isn't fun for them, because they can't accomplish squat. So they go play WoW or something else.
2) That means the players that are left ARE sociable people and looking to group. That right there is a big help.
3) It ensures that the vast majority of upper level players are reasonably competent in group settings. You aren't going to have a 70th level priest that's never combat healed "someone else" before or who measures his worth in dps, who hasn't bothered to buy his group heal spells.
Sure there are going to be lousy players, but fewer of them, and the harder the game is, the more they'll get weeded out because fewer groups will carry players that keep getting them killed due to incompetence.
It may sound 'elitist' but its not really, not more than any team sport is, at least, for example. And I'm not saying soloers can't have their games... but I think for a game to be truly good for 'group' oriented players it should exclude soloers rather than try to be all things to all people. Encouraging solo players just frustrates the groupers, and makes soloing the path of least resistance. Despite the fact that I, at least, find soloing to be the most absurd waste of time imaginable, given the mindlessly repetitive gameplay -- for me if you take away the grouping from a mmorpg... there isn't anything worthwhile left. But again, that's me, and people like me... soloers can have their games, but 'small groupers' should have theirs too.
Similarly I don't think too heavy a focus on the 'raid game' is productive for a group-oriented game.
Imagine it the other way around, though; There have been many times where I have been on the phone to somebody like yourself, having already performed ALL of the troubleshooting tips you'll go through (having done them at least three times before on seperate calls), yet you still WILL NOT proceed with escalating a call until you've been through them ONE MORE TIME to make sure we've done it right.
And if they don't and they escalate it 'on your word' and it turns out your network cable was loose?
Don't say it doesn't happen, because it does, with a stunningly ridiculous frequency.
I have a friend in ISP support, and one of the worst categories of customer is the so-called 'IT expert' the one that calls up and says "My internet is down, I've already done everything at this end, i restarted the modem, the PC, I modified my MTU, reinstalled TCP/IP, manually set my ip address, updated my routers bios, and it still doesn't work...
And half the time its still a bonehead fix like a loose cable.
The worst though its when it really was just a brief outage at the ISP name servers or DHCP servers, and now this dickwad has totally screwed up his system... his routers configured wrong, his tcp/ip is configured wrong, or when by reinstalling tcp/ip he's gone and mangled up his firewall software...
My all time favorite was the moron who plugged his router into the same power strip as his lamp. So every time he went into the room with the router in it to check, he turned on the lamp (and router) on his way in checked all the cables and lights, and then turned off the lamp (and router) and his way back to the room with his computer.
You mean you've never hear of inexpensive USB hubs? You've never heard of USB TV recorders such as the Eye TV? Our eye TV works great with an old G4 mini connected to our 47" LCD TV. I suppose there are no Bluray units or external hard drives with a USB output either. You can get a 500GB USB hard drive for $125-$130 if your multimedia files get too voluminous.
Ah, so now I've got a pile of crap that should be in my computer spread out all over my desk, each with its own power supply. Is that what people buying into the sleekness of the imac are looking for?