I think you've described advertising a little bit more insidius than it usually is. Most advertising is nothing more than brand or product awareness, as the prior poster excellently described (and it is why banner ads have been a failure), and it doesn't take a giant multinational corporation with evil motives to understand the value of ads : Say you're a lawn care company in the tri-city area (there are countless "tri-cities" out there it seems, so it's my blanket:-]) and you're getting about 10% of the lawn care business, sharing it equally with 9 other companies: You need a way so that when someone thinks "lawn care" you're the first one they remember. This isn't brainwashing, nor is it evil, it's simple association. You achieve it by making a catchy little tune and blanketing local TV stations with your ads (repetition often is used not to pummel the same person with ads until they're broken, but because they know that a lot of people go to the washroom during ads, or channel surf, so to get the entire target market it takes repetition, though there will be the odd person who will have been subjected to the same ad 20 times in an hour). Maybe you get cute little cars (i.e. the "New" Beetle) with banners on the side advertising your company. This isn't to brain wash someone into evil lawn care motives, but simply to be the most convenient name they can think of when they do decide to look up a lawn care company. Product awareness are more informational when the brand is already in place: i.e. the new McRonalds Bacon Fat WrapTM.
Adverising also sometimes is associated with "success" : i.e. "Well that lawn care company advertises a lot, so they must be successful, so they must be good". I use exactly that thought process when I look up some esoteric business in the yellow pages: My criteria is "have I heard of them before?".
One of the biggest areas where directed consumerism occurs is in car ads: Small cars are shown with young people (the one, and very stand-out, commercial that bucks this trend is Suzuki with their Aerio commercial. Although I can't stand that commercial, I find it fascinating that they put a late 20s/early 30s professional woman as the driver of the `economy' Aerio, versus the standard 16 year old talking about how their friends want to buy it. It legitimizing that car for older people), luxury cars are show with late 30s/early 40s men, etc. This is to imbue the pubic with the idea that there is a car `progression of life', and if you're a 35 year old with a Hyundai Accent, well then what sort of loser are you? Instead of a public that buys into cars for utility, practicality and economy, people buy into the car that conveys their lifestyle/success as per the car marketing departments.
It's getting very similar to that in North America, with the major networks seemingly coordinating commercial breaks for exactly that reason. Personally I'm a "non-channel surfer" (people need to mellow a bit I think) and I can't stand when I constantly miss 2 minutes after each commercial because someone is flicking around.
He's talking about 802.11a though, which operates at 5Ghz and is far less polluted (not to mention much faster, and with a comparable range in real life tests).
Offtopic: I have "s" as a nickname for Slashdot in Opera (so I enter s in the address bar and it brings me to Slashdot), but every now and then I forget to hit F2 and put "s" in Google (which happens to be my homepage). I find the first result (searching on the letter "s") rather hilarious given the context...conspiracy?
One of the requirements of sql server is that the account it runs under needs to be a local admin
? Since when? I've installed countless SQL Server installs in my time, and never (I barely remember the 6.5 and prior days, so I'm talking 7.0+) has there been an admin requirement of SQL Server's service account (quite contrary actually, and I've actually gone the opposite direction. Apart from "log on as a service", I've revoked virtually all other rights from that account apart from over its own registry entries, and the file tree specifically for SQL Server. There is no reason for SQL Server to be a local admin.
Does the spell checker apply to textarea sections and such? I took a look at Netscape 7, but it seemed that the spell checking only applied to editing newly created HTML pages.
While this may be true, what of the rest of the operating system? This is where, IMO, firewalls are important. You can restrict access to the system running SQL Server by only allowing port 1433 accesses through. In the event of, say a remote exploit involving one of the "simple services" (echo, time, etc.), the box is still protected.
I believe that in essence we're agreeing, but just to extrapolate on this a bit: With most UNIX style operating systems you thankfully have the complete ability to configure every service that is listening and servicing through IP, allowing you to actually secure the system (again because securing against the Internet at large is false security, because that weak echo service would still be vulnerable internally): Turning the service off easily beats just masking packets going to it.
Having said that, there are occasionally things beyond your control, such as the fact that Microsoft insists upon enabling dozens of services masked in other services, meaning that even a heavily shuttered down install will show a dozen+ listening ports on netstat -a -n. This is unacceptable, and again I think it's because of the firewall mentality that Microsoft has gotten away with this: I don't want to filter packets going to the system, but rather I'd like to know specifically WHAT is listening and why it's listening, with the ability to shut it down if necessary.
The point was not accessibility of the password file, but rather it just happened to be a easy method of testing against passwords : The same thing could be done remotely by slamming against an authentication server with username/password combos.
Actually, truth be told they are over dramatising somewhat : Whilst (tribute to the other reply:-]) you can slam a password file several million times a second, you can authenticate against a reasonably configured server maybe three times against an account before the account will be locked out for a prescribed period of time (often permanently until someone in the IT department can figure out if you're just a moron with CAPS LOCKS on and reeneable your account), so such brute force attacks are irrelevant. I wonder if the hooplah about easily guessed password might be more drama than anything else. Admin accounts don't get locked out (the obvious reason being a DOS by continually locking you out of your own machine) so they would still require a very strong password and active security monitoring.
I'm not going to bother going down the road of metaphors as that's a useless path and solves nothing.
The point of my message is that a firewall is not, and has NEVER BEEN, a real "security" tool : A firewall is a short term solution when the security of your system is negligent, and to many it is a horrible crutch that they hobble around on, sure that any solution can be solved by putting up a firewall. SQL Server, when configured properly, should be fully accessible to the net at large with zero ramifications or negative effects on security. The reality when it comes to security, and it boggles me how many people fail to see this, is that firstly most "cracks" come from the inside anyways: Disgruntled employees, contractors, or even via a trojan on a user's home PC that VPNd in. Additionally countless trojans get inside corporate walls every day, and if I were a trojan or worm writer I would love the fact that so many people use the firewall excuse : All you need to do is get it to one of the employees through some social engineering, and bam you own the company.
I've seen solutions that put a "middle man" between SQL Server and the client application (usually a "web service", albiet minus conforming to SOAP or the other web RPC standards), and almost universally they add more faults than they solve (my favourite are ones that do string insertions to create commands, and then run that under a db_owner account. i.e. "SELECT * FROM MY_TABLE WHERE NAME="+Request.QueryString("WANTED_USER") : I can see a million ways to horribly exploit that in an instant)
Desktop edition is completely the same as the standard edition (including the MMC snap-in for administration), apart from some detuning which will throttle back the performance if more than 5 users are connected, as well as only allowing 2GB databases, etc. Basically it's the same as the MSDE, but adds the management console. Anyways CAL for SQL Server can also be used to install the desktop edition which can be very powerful for detached sales systems.
First of all, if you attempt to set a blank admin password for SQL Server it gives you a warning that doing so is a very bad idea.
In previous versions of SQL Server, while it did ask for an sa password (I just installed SQL Server 7 by chance and it DID have a page for the admin password, and a choice to use mixed or NT mode authentication. I agree that MSDE and auto-installed SQL Servers could be installed without the prompt, but a normal install does prompt for an sa password) it happily allowed you not to set one. The current security toolkits from Microsoft do check to ensure that SQL Server has a sa password (encouraging you to switch to NT mode as well) so there really is no excuse for well managed shops, and again this is sort of a "survival of the fit" darwinism taking place in the computing world. You can disable the sa account by switching SQL Server to NT Authentication mode versus Mixed Mode (mixed mode is when SQL Server has its own authentication model), and this has been the recommended configuration for some time.
Secondly, as has already been pointed out here, your database server should not be exposed to the net in general. There is usually very little reason to do so. If you need to let other machines access the SQL box from abroad, create an IP Security filter that only allows port 1433 for a specific subnet or ip address.
This is false security and shouldn't be used as a defense or mask of the problem with SQL Server. What happens when one of your users (inside the firewalls) opens an email with a trojan that then scans your internal network (falsely believed to be safe) and infects the servers from the inside? A firewall should never be considered more than a pleasant convenience, but it shouldn't even be considered relevant when doing a security analysis.
Don't complain that you got rooted when your login is root/root.
It should be noted that contrary to much of the belief on here, most SQL Server installs run with a SQL Server specific account (versus an admin accounts) : In my case this is one of the LEAST priviledged accounts on the system, with extremely limited rights and file accessibility: You could accomplish very little outside of the db if you "rooted" my SQL Server box and started running xp_cmdshell commands, though of course having rights to all the data in the db could be a problem
You know this sort of anti-MCSE apparent jealousy is common on Slashdot, but I'd love to see some correlation with reality versus this manufactured/. take on things. It would be my conclusion, based on industry knowledge, that more often than not the people who actually took the initiative and got their MCSE or MCDBA would be the last person vulnerable to a basic admin fault like this. The most vulnerable would be the Linux guru who asserts his knowledge over all things computer related by assuring all around him that he is a M$ l337 d00d too, even though he hates them, so he can show them what they need to know and can get 'em set up.
And for those who would say "Oh, but I know a guy who's an MCSE and he's so dumb..." : You can say this about anything, be it a professional engineer designation, a phd, a masters, etc - There are people who slip through the cracks, however given the choice between someone just declaring themself an expert at MS software, and someone who actually took the initiative and demonstrated their knowledge, I'll give the MCSE guy some credit.
First of all, a DB should never be outside a firewall. It's not necessary.
Says who? The preferred route is that users VPN or IPSec in first, but for convenience reasons some situations stipulate that you can't do that, and SQL Server's low bandwidth usage client/server model works wonderfully for WAN or Internet deployed clients. Saying "put it behind a firewall" isn't a fair solution because SQL Server should be impervious even if publicly accessible.
Mind you firstly anyone who has SQL Server installed with a blank sa password is an idiot, and moreso SQL Server should always be running in NT Authentication mode (versus mixed mode) where the security infrastructure of NT can come into play (account lockouts, etc.).
So your complaint is that Microsoft should allow you to benefit from their monopoly, rather than they themselves benefit from it? Either way it doesn't sound appealing. If your business offer[s|ed] a real value, then surely you could just advertise a plug-in for the available browsers rather than tagging along with IE because of friends in high places. I personally think that there is some merit in what RealNames offer[s|ed] (especially for finding businesses and corporations : I found it brilliant when I first got one of the newer IEs and entering my banks name brought me right to it, as they at the time had a rather odd URL that led to time consuming searches). However some of the profiteering that I've heard about in the early days of Realnames is quite truly sickening, but then again I think even the domain name fees are ridiculous (the only way these guys can get away with charging $25US / year for a single row lookup is because they became a defacto monopoly. If this were actually competitive with varying root DNS', people would do it for pennies)
Though because NAI hadn't been keeping it up, with each iteration of Outlook it fell further behind. For it to work with current versions of Outlook you have to specially configure PGP 7.0.3 to have a workable scenario, and even then quirks abound.
I agree entirely with what you said, however I should point out that it is not so much the common person, or a "lowest common denominator" set of skills, but rather the security versus the convenience ration : I like using encrypted emails simply because it's no one elses business, but if it wasn't as convenient, and if I had to copy/paste between apps in a big time consuming process, I likely wouldn't bother except for messages which have to remain private (and one of the tenets of strong encryption is that encryption shouldn't be limited to only the highly confidential because it gives a very directed target, and can imply guilt to some screwed up types).
The google cache of the directory in question (that incited NAI to send the cease and desist) can be found at http://www.google.ca/search?q=cache:2PdJtPM6n0QC:c rypto.radiusnet.net/archive/pgp/+&hl=en. Immediately I see products that were in the NAI distribution of PGP (commercial) but aren't in the freeware version (such as PGP Disk). Is this just a case of a copyright violation (and possible outright piracy to the tune of "warez" sites) being defended as something else? I could be very much mistaken, but not all of PGP was made freeware, and even no longer sold products maintain intellectual property that the company has every right to maintain control of for future use.
So which version was being hosted that led to NAI sending out the copyright violation notice? Was this a commercial version that truly was a `pirate' copy, or was it the same version hosted at pgpi.com? (http://www.pgpi.org/products/pgp/versions/freewar e/) The pgpi site doesn't seem to have any information regarding this, and you would think they would given the impact of it to them.
A while back Slashdot started linking any potentially unfamilar terms to everything2, however this raised the ire of several who felt that this was an abuse of the Everything2 service (which didn't make an awful lot of sense as that's specifically what the service is for)
What isn't "escapism"? Anything apart from perhaps work (of course all of us put on "business faces" and play a role during the day. One could say that the game of business is escapism, because it certainly doesn't conform to any utopian dream), there are two types of entertainment: Passive and active. Active entertainment is things like gardening, or spending hours on your lawn to have a super gold green (now those people I think don't have a life, but hey c'est la vie), or working out at the gym, or writing or playing computer games. Passive entertainment is things like reading a book or watching TV. Personally on the grand scale I'd put active entertainment FAR above passive entertainment any day of the week (despite the elitist "read a book" BS. Books are someone else's imagination, not your own. If you really want to use the book elitism, at least say write a book which is something that anyone is capable of doing once they're literate), and I'd certainly give kudos to the person creating a universe in The Sims over someone running to catch the latest pop action flick from George Lucas, or the latest episode of Friends.
Wasn't Halo originally supposed to be a Mac game (highlighted at a Mac trade show), followed by being a PC game, however Microsoft's acquisition of Bungie switched gears to it being a console game first. Of course as a console game probably 99% of the people playing the game are playing legitimate copies, versus the average computer game where I doubt more than 25% are playing legit copies. For all of the anti-copy protection babbling on Slashdot, the fruits of the rampant piracy on the PC is publishers who will only support the safest PC game (such as The Sims).
Actually, I entirely agree: Indeed, often when hiring agents specify "university degree" (particularly here in Canada. In Canada there is a very clear separation between "college" and "university"), they do so because of the flawed notion that those with a university degree naturally correlate with the upper echelons of intelligence and/or problem solving abilities, when statistical analysis (though there is little because obviously there is an academic machine that doesn't want to lose its relevance) shows that that is not the case. I recall once Mensa of Canada did a study and found that the average university graduate has a 112 IQ (which isn't really something to write home about, and probably falls into the lower realms of computer workers, for instance).
I guess in the end it comes down to this: There are two camps-> One that believes that hard work and "gumption" should be what separates the deserving and the undeserving, and another that believes that true knowledge and ability should be the qualification. The former cries to see courses marked as 80% projects and essays, and 20% tests, whereas the former would like to be able to show up for just the tests, with filler work given the purpose that its supposed to have (which is giving you the knowledge to do well on the tests, otherwise why not give "study marks" for every hour spent studying?). I'm firmly of the latter camp, and because of that I'm a true believer in standardized testing, etc: I believe that it is ability that counts, not the level of martyrdom or personal sacrifice.
I've met, and worked with, several Phd holders who could best be described as "morons", and whose ability to solve problems was limited to applying their hammer in a manner that presumed that everything is a nail. Again: I have no doubt that there are some brilliant Phd holders (often in exclusive fields however), just as I know that there are some brilliant non-Phd holders, however blanket claiming that one title indicates a superior being is ridiculous, and I'd love to see an intelligence and "cleverness" ranking between Phd holders and general comp. sci. grads.
I find this comment a little bit insulting as it implies a "higher than thou" intelligence or cleverness about those holding or pursuing a Ph.D. I'd love to see some stats on the intelligence and/or problem solving ability of Ph.D.s, and intuition tells me that it will fall within the norm of intelligence workers, with at best a slightly higher dedication.
Are you serious in trying to play Sony/Nintendo as the poor underdogs against big mean Microsoft? The browser comment was particularly telling: Netscape functionally was effectively a free browser (did you pay for it in the Netscape 3 days? I'll bet you didn't, as did about 99.999% of the population. This was pre-IE), and in being so it killed the commercial browser market.
Slashdot Mirror
I think you've described advertising a little bit more insidius than it usually is. Most advertising is nothing more than brand or product awareness, as the prior poster excellently described (and it is why banner ads have been a failure), and it doesn't take a giant multinational corporation with evil motives to understand the value of ads : Say you're a lawn care company in the tri-city area (there are countless "tri-cities" out there it seems, so it's my blanket :-]) and you're getting about 10% of the lawn care business, sharing it equally with 9 other companies: You need a way so that when someone thinks "lawn care" you're the first one they remember. This isn't brainwashing, nor is it evil, it's simple association. You achieve it by making a catchy little tune and blanketing local TV stations with your ads (repetition often is used not to pummel the same person with ads until they're broken, but because they know that a lot of people go to the washroom during ads, or channel surf, so to get the entire target market it takes repetition, though there will be the odd person who will have been subjected to the same ad 20 times in an hour). Maybe you get cute little cars (i.e. the "New" Beetle) with banners on the side advertising your company. This isn't to brain wash someone into evil lawn care motives, but simply to be the most convenient name they can think of when they do decide to look up a lawn care company. Product awareness are more informational when the brand is already in place: i.e. the new McRonalds Bacon Fat WrapTM.
Adverising also sometimes is associated with "success" : i.e. "Well that lawn care company advertises a lot, so they must be successful, so they must be good". I use exactly that thought process when I look up some esoteric business in the yellow pages: My criteria is "have I heard of them before?".
One of the biggest areas where directed consumerism occurs is in car ads: Small cars are shown with young people (the one, and very stand-out, commercial that bucks this trend is Suzuki with their Aerio commercial. Although I can't stand that commercial, I find it fascinating that they put a late 20s/early 30s professional woman as the driver of the `economy' Aerio, versus the standard 16 year old talking about how their friends want to buy it. It legitimizing that car for older people), luxury cars are show with late 30s/early 40s men, etc. This is to imbue the pubic with the idea that there is a car `progression of life', and if you're a 35 year old with a Hyundai Accent, well then what sort of loser are you? Instead of a public that buys into cars for utility, practicality and economy, people buy into the car that conveys their lifestyle/success as per the car marketing departments.
It's getting very similar to that in North America, with the major networks seemingly coordinating commercial breaks for exactly that reason. Personally I'm a "non-channel surfer" (people need to mellow a bit I think) and I can't stand when I constantly miss 2 minutes after each commercial because someone is flicking around.
He's talking about 802.11a though, which operates at 5Ghz and is far less polluted (not to mention much faster, and with a comparable range in real life tests).
Offtopic: I have "s" as a nickname for Slashdot in Opera (so I enter s in the address bar and it brings me to Slashdot), but every now and then I forget to hit F2 and put "s" in Google (which happens to be my homepage). I find the first result (searching on the letter "s") rather hilarious given the context...conspiracy?
One of the requirements of sql server is that the account it runs under needs to be a local admin
? Since when? I've installed countless SQL Server installs in my time, and never (I barely remember the 6.5 and prior days, so I'm talking 7.0+) has there been an admin requirement of SQL Server's service account (quite contrary actually, and I've actually gone the opposite direction. Apart from "log on as a service", I've revoked virtually all other rights from that account apart from over its own registry entries, and the file tree specifically for SQL Server. There is no reason for SQL Server to be a local admin.
Does the spell checker apply to textarea sections and such? I took a look at Netscape 7, but it seemed that the spell checking only applied to editing newly created HTML pages.
While this may be true, what of the rest of the operating system? This is where, IMO, firewalls are important. You can restrict access to the system running SQL Server by only allowing port 1433 accesses through. In the event of, say a remote exploit involving one of the "simple services" (echo, time, etc.), the box is still protected.
I believe that in essence we're agreeing, but just to extrapolate on this a bit: With most UNIX style operating systems you thankfully have the complete ability to configure every service that is listening and servicing through IP, allowing you to actually secure the system (again because securing against the Internet at large is false security, because that weak echo service would still be vulnerable internally): Turning the service off easily beats just masking packets going to it.
Having said that, there are occasionally things beyond your control, such as the fact that Microsoft insists upon enabling dozens of services masked in other services, meaning that even a heavily shuttered down install will show a dozen+ listening ports on netstat -a -n. This is unacceptable, and again I think it's because of the firewall mentality that Microsoft has gotten away with this: I don't want to filter packets going to the system, but rather I'd like to know specifically WHAT is listening and why it's listening, with the ability to shut it down if necessary.
The point was not accessibility of the password file, but rather it just happened to be a easy method of testing against passwords : The same thing could be done remotely by slamming against an authentication server with username/password combos.
:-]) you can slam a password file several million times a second, you can authenticate against a reasonably configured server maybe three times against an account before the account will be locked out for a prescribed period of time (often permanently until someone in the IT department can figure out if you're just a moron with CAPS LOCKS on and reeneable your account), so such brute force attacks are irrelevant. I wonder if the hooplah about easily guessed password might be more drama than anything else. Admin accounts don't get locked out (the obvious reason being a DOS by continually locking you out of your own machine) so they would still require a very strong password and active security monitoring.
Actually, truth be told they are over dramatising somewhat : Whilst (tribute to the other reply
I'm not going to bother going down the road of metaphors as that's a useless path and solves nothing.
The point of my message is that a firewall is not, and has NEVER BEEN, a real "security" tool : A firewall is a short term solution when the security of your system is negligent, and to many it is a horrible crutch that they hobble around on, sure that any solution can be solved by putting up a firewall. SQL Server, when configured properly, should be fully accessible to the net at large with zero ramifications or negative effects on security. The reality when it comes to security, and it boggles me how many people fail to see this, is that firstly most "cracks" come from the inside anyways: Disgruntled employees, contractors, or even via a trojan on a user's home PC that VPNd in. Additionally countless trojans get inside corporate walls every day, and if I were a trojan or worm writer I would love the fact that so many people use the firewall excuse : All you need to do is get it to one of the employees through some social engineering, and bam you own the company.
I've seen solutions that put a "middle man" between SQL Server and the client application (usually a "web service", albiet minus conforming to SOAP or the other web RPC standards), and almost universally they add more faults than they solve (my favourite are ones that do string insertions to create commands, and then run that under a db_owner account. i.e. "SELECT * FROM MY_TABLE WHERE NAME="+Request.QueryString("WANTED_USER") : I can see a million ways to horribly exploit that in an instant)
Desktop edition is completely the same as the standard edition (including the MMC snap-in for administration), apart from some detuning which will throttle back the performance if more than 5 users are connected, as well as only allowing 2GB databases, etc. Basically it's the same as the MSDE, but adds the management console. Anyways CAL for SQL Server can also be used to install the desktop edition which can be very powerful for detached sales systems.
First of all, if you attempt to set a blank admin password for SQL Server it gives you a warning that doing so is a very bad idea.
In previous versions of SQL Server, while it did ask for an sa password (I just installed SQL Server 7 by chance and it DID have a page for the admin password, and a choice to use mixed or NT mode authentication. I agree that MSDE and auto-installed SQL Servers could be installed without the prompt, but a normal install does prompt for an sa password) it happily allowed you not to set one. The current security toolkits from Microsoft do check to ensure that SQL Server has a sa password (encouraging you to switch to NT mode as well) so there really is no excuse for well managed shops, and again this is sort of a "survival of the fit" darwinism taking place in the computing world. You can disable the sa account by switching SQL Server to NT Authentication mode versus Mixed Mode (mixed mode is when SQL Server has its own authentication model), and this has been the recommended configuration for some time.
Secondly, as has already been pointed out here, your database server should not be exposed to the net in general. There is usually very little reason to do so. If you need to let other machines access the SQL box from abroad, create an IP Security filter that only allows port 1433 for a specific subnet or ip address.
This is false security and shouldn't be used as a defense or mask of the problem with SQL Server. What happens when one of your users (inside the firewalls) opens an email with a trojan that then scans your internal network (falsely believed to be safe) and infects the servers from the inside? A firewall should never be considered more than a pleasant convenience, but it shouldn't even be considered relevant when doing a security analysis.
Don't complain that you got rooted when your login is root/root.
It should be noted that contrary to much of the belief on here, most SQL Server installs run with a SQL Server specific account (versus an admin accounts) : In my case this is one of the LEAST priviledged accounts on the system, with extremely limited rights and file accessibility: You could accomplish very little outside of the db if you "rooted" my SQL Server box and started running xp_cmdshell commands, though of course having rights to all the data in the db could be a problem
You know this sort of anti-MCSE apparent jealousy is common on Slashdot, but I'd love to see some correlation with reality versus this manufactured /. take on things. It would be my conclusion, based on industry knowledge, that more often than not the people who actually took the initiative and got their MCSE or MCDBA would be the last person vulnerable to a basic admin fault like this. The most vulnerable would be the Linux guru who asserts his knowledge over all things computer related by assuring all around him that he is a M$ l337 d00d too, even though he hates them, so he can show them what they need to know and can get 'em set up.
And for those who would say "Oh, but I know a guy who's an MCSE and he's so dumb..." : You can say this about anything, be it a professional engineer designation, a phd, a masters, etc - There are people who slip through the cracks, however given the choice between someone just declaring themself an expert at MS software, and someone who actually took the initiative and demonstrated their knowledge, I'll give the MCSE guy some credit.
First of all, a DB should never be outside a firewall. It's not necessary.
Says who? The preferred route is that users VPN or IPSec in first, but for convenience reasons some situations stipulate that you can't do that, and SQL Server's low bandwidth usage client/server model works wonderfully for WAN or Internet deployed clients. Saying "put it behind a firewall" isn't a fair solution because SQL Server should be impervious even if publicly accessible.
Mind you firstly anyone who has SQL Server installed with a blank sa password is an idiot, and moreso SQL Server should always be running in NT Authentication mode (versus mixed mode) where the security infrastructure of NT can come into play (account lockouts, etc.).
So your complaint is that Microsoft should allow you to benefit from their monopoly, rather than they themselves benefit from it? Either way it doesn't sound appealing. If your business offer[s|ed] a real value, then surely you could just advertise a plug-in for the available browsers rather than tagging along with IE because of friends in high places. I personally think that there is some merit in what RealNames offer[s|ed] (especially for finding businesses and corporations : I found it brilliant when I first got one of the newer IEs and entering my banks name brought me right to it, as they at the time had a rather odd URL that led to time consuming searches). However some of the profiteering that I've heard about in the early days of Realnames is quite truly sickening, but then again I think even the domain name fees are ridiculous (the only way these guys can get away with charging $25US / year for a single row lookup is because they became a defacto monopoly. If this were actually competitive with varying root DNS', people would do it for pennies)
Though because NAI hadn't been keeping it up, with each iteration of Outlook it fell further behind. For it to work with current versions of Outlook you have to specially configure PGP 7.0.3 to have a workable scenario, and even then quirks abound.
I agree entirely with what you said, however I should point out that it is not so much the common person, or a "lowest common denominator" set of skills, but rather the security versus the convenience ration : I like using encrypted emails simply because it's no one elses business, but if it wasn't as convenient, and if I had to copy/paste between apps in a big time consuming process, I likely wouldn't bother except for messages which have to remain private (and one of the tenets of strong encryption is that encryption shouldn't be limited to only the highly confidential because it gives a very directed target, and can imply guilt to some screwed up types).
The google cache of the directory in question (that incited NAI to send the cease and desist) can be found at http://www.google.ca/search?q=cache:2PdJtPM6n0QC:c rypto.radiusnet.net/archive/pgp/+&hl=en. Immediately I see products that were in the NAI distribution of PGP (commercial) but aren't in the freeware version (such as PGP Disk). Is this just a case of a copyright violation (and possible outright piracy to the tune of "warez" sites) being defended as something else? I could be very much mistaken, but not all of PGP was made freeware, and even no longer sold products maintain intellectual property that the company has every right to maintain control of for future use.
So which version was being hosted that led to NAI sending out the copyright violation notice? Was this a commercial version that truly was a `pirate' copy, or was it the same version hosted at pgpi.com? (http://www.pgpi.org/products/pgp/versions/freewar e/) The pgpi site doesn't seem to have any information regarding this, and you would think they would given the impact of it to them.
A while back Slashdot started linking any potentially unfamilar terms to everything2, however this raised the ire of several who felt that this was an abuse of the Everything2 service (which didn't make an awful lot of sense as that's specifically what the service is for)
What isn't "escapism"? Anything apart from perhaps work (of course all of us put on "business faces" and play a role during the day. One could say that the game of business is escapism, because it certainly doesn't conform to any utopian dream), there are two types of entertainment: Passive and active. Active entertainment is things like gardening, or spending hours on your lawn to have a super gold green (now those people I think don't have a life, but hey c'est la vie), or working out at the gym, or writing or playing computer games. Passive entertainment is things like reading a book or watching TV. Personally on the grand scale I'd put active entertainment FAR above passive entertainment any day of the week (despite the elitist "read a book" BS. Books are someone else's imagination, not your own. If you really want to use the book elitism, at least say write a book which is something that anyone is capable of doing once they're literate), and I'd certainly give kudos to the person creating a universe in The Sims over someone running to catch the latest pop action flick from George Lucas, or the latest episode of Friends.
Wasn't Halo originally supposed to be a Mac game (highlighted at a Mac trade show), followed by being a PC game, however Microsoft's acquisition of Bungie switched gears to it being a console game first. Of course as a console game probably 99% of the people playing the game are playing legitimate copies, versus the average computer game where I doubt more than 25% are playing legit copies. For all of the anti-copy protection babbling on Slashdot, the fruits of the rampant piracy on the PC is publishers who will only support the safest PC game (such as The Sims).
Actually, I entirely agree: Indeed, often when hiring agents specify "university degree" (particularly here in Canada. In Canada there is a very clear separation between "college" and "university"), they do so because of the flawed notion that those with a university degree naturally correlate with the upper echelons of intelligence and/or problem solving abilities, when statistical analysis (though there is little because obviously there is an academic machine that doesn't want to lose its relevance) shows that that is not the case. I recall once Mensa of Canada did a study and found that the average university graduate has a 112 IQ (which isn't really something to write home about, and probably falls into the lower realms of computer workers, for instance).
I guess in the end it comes down to this: There are two camps-> One that believes that hard work and "gumption" should be what separates the deserving and the undeserving, and another that believes that true knowledge and ability should be the qualification. The former cries to see courses marked as 80% projects and essays, and 20% tests, whereas the former would like to be able to show up for just the tests, with filler work given the purpose that its supposed to have (which is giving you the knowledge to do well on the tests, otherwise why not give "study marks" for every hour spent studying?). I'm firmly of the latter camp, and because of that I'm a true believer in standardized testing, etc: I believe that it is ability that counts, not the level of martyrdom or personal sacrifice.
I've met, and worked with, several Phd holders who could best be described as "morons", and whose ability to solve problems was limited to applying their hammer in a manner that presumed that everything is a nail. Again: I have no doubt that there are some brilliant Phd holders (often in exclusive fields however), just as I know that there are some brilliant non-Phd holders, however blanket claiming that one title indicates a superior being is ridiculous, and I'd love to see an intelligence and "cleverness" ranking between Phd holders and general comp. sci. grads.
I find this comment a little bit insulting as it implies a "higher than thou" intelligence or cleverness about those holding or pursuing a Ph.D. I'd love to see some stats on the intelligence and/or problem solving ability of Ph.D.s, and intuition tells me that it will fall within the norm of intelligence workers, with at best a slightly higher dedication.
That isn't a paraphrase: It's a verbatim copy.
Are you serious in trying to play Sony/Nintendo as the poor underdogs against big mean Microsoft? The browser comment was particularly telling: Netscape functionally was effectively a free browser (did you pay for it in the Netscape 3 days? I'll bet you didn't, as did about 99.999% of the population. This was pre-IE), and in being so it killed the commercial browser market.