Isn't this the ultimate 'fixed in documentation' issue?
Apple can reprint boxes with a line like 'For Apple Brand Computers ONLY!' on the outside.
Case closed.
Of course, if a user buys a copy, reads the EULA, and returns it, woop. It's a return. Currrently, you can try to make a case that you didn't know. Put the conditiokn on the outside of the box, and let the resellers charge a stocking fee, since there wasn't anything wrong with the product.
...like the client I had for five years. They finally got me out of there, despite my boss assuring me he had my back, no problem keeping the contract, blahblahblah. My first meeting with the incoming brand-newly-created CIO started off with him explaining that he would be replaciong me with his own staff as soon as humanely possible. It took him 5 months. His second in command was a true class act, once agreeing to a plan, changing his mind, forcing a completely untested and foreign solution. All in one two-hour meeting. Only I objected, and he left it that I should not be surprised, after all my ideas had all failed. This was a *new* project. I hadn't screwed this one up, as it hadn't gotten past the design stage before he dismembered it...
My only solace; I heard 3 years later that he and the CIO were *escorted* from the building by Security. Probably they got caught taking kickbacks from vendors. That's what happened at their last place, where they were allowed to go quietly in the night rather than 'disgrace' a government agency.
The article got it right. Sometimes you gotta just go. He was up against a dev team manager that was an asshat, a CIO that tolerated that style, and nowhere to turn for sanity. I suspect the dev team was spectacularly unproductive there...
NetWare? Since v4.01, it has had TCP/IP available, and GroupWise, Border Manager, iFolder, and a few other services running on it. v3.11 would run various mail servers, Mercury being the favorite if I remember right.
GroupWise had an announced vulnerability that was patched before exploited, but suffered from many possible spam exploits similar to what Exchange would crumble under up to v5.5, I think.
There are some Apache exploits out there (I ran a NAMP about a week after I first heard the LAMP concept...). And some report of a NetWare Web Server exploit via Perl around 2002-2003. Maybe those count.
I really am unaware of a NetWare exploit right into the OS via the network. Most advertised exploits seem to focus on file access, of course, and eDirectory listing. So maybe NetWare doesn't qualify. And most old exploits of IPX/SPX require you be inside the firewall. Which you could do by hijacking a Windows machine:-)
Let's not go into Vines, or IRIX, they seem to be obsolete for purposes of this example... But NetWare is still in use, albeit a sliver of market share.
And no, no one that I am aware of knows of a root hack or even executables that could be loaded on a NetWare server. Not many developers bothered to write NLMs for 'legitimate' purposes, so the crackers generally didn't bother either.
No, silly. You take the reasonable precaution of formatting unknown media. You don't really know where it's been.
And I haven't fried anything with a bad USB-whatever in my career. I may live a sheltered life, but usually USB ports survive really bad stuff plugged into them, with spectacular exceptions I'm sure.
It's just not prudent to believe your new storage media is clean as whistle. Even hard drives.
Surprisingly, much of the software Hannaford settled on using is jut plain Windows. They did use some Sun for certain things, but the store servers were almost all Windows.
I'm unaware of any settlement software available for *nix. There must be some, but I haven't look so hard for it. And Hannaford isn't unique in the industry for using Windows.
It wasn't long ago that Blockbuster used Alpha-based servers at the stores, running customized SCO SysV. nasty, but it worked really well. Sadly, Alpha CPUs are hard to come by, and I bet they have moved to Windows. But that environment would move to Lunix very well. Other businesses need to build the entire Linux infrastructure, from development environments to remote management. Windows makes it too easy.
And the bottom line here is that the malware got inside the firewall. Most likely, IMHO, via a support tech either browsing or on media, obviously. And they were certified PCI-compliant. Darn.
Frankly, I suspect even a Linux server system could be pwned. I've had to scrape out some very tough trojans from my servers over the years. It ain't easy. 80% of the time I reinstalled clean. Why bother.
I see a story about Hannaford Bros (supermarket chain in the Northeast U.S.) servers being pwned, sending credit card numbers all over. And they passed PCI, seeming to be secure enough for the card industry. Darn, pwnage is so sucky, especially when your SERVERS are compromised.
Now I see this story about HP accidentally selling branded keys with worms pre-installed. Darn, selling malware is so sucky, especially when you sell it to your favorite customers, for example server customers.
Any chance not just Hannaford, but other HP customers are nailed by this?
The takeaway from this episode, for those of you who aren't quite getting this:
- When you buy a USB key, be sure your machine(s) have functional antivirus and antispyware running,and it's updated.
- Look around for instructions on keeping stuff like USB keys from autorunning. Make it so.
- Format that rascal USB key immediately. Immediately. IMMEDIATELY.
- Don't buy USB keys cause they have cool software preloaded. Pointless to CHOOSE to risk infection. make the manufacturers pay for this by avoiding/refusing this crap. Just sell me a simple key, ok? Sheesh...
And trust no one and no thing.
Amazing, is all I can say. And yes, I wonder if these were manufactured and loaded in China. Bet they are.
We are in so much trouble. Mark my words, soon, 'Made in China' will really mean 'Pwned by China'. If ti doesn't already.
I've had success in the past using HP's USB tools to create floppy-formatted USB keys and install drivers with that. It's worked on several ProLiant servers... Well before this particular gaffe, and not HP-branded keys. The servers passed all their security checks 2 years ago.
You can do it without the HP keys, just use their software to prep the stick.
...where 'we' are offended that Microsoft makes calculating and obviously self-serving moves to court open-source applications to run on Windows.
But, we applaud the efforts of the FOSS community to make every effort to run Windows apps on *nix operating systems.
And I think both approaches are equally sel-serving. We understand and support it in FOSS, since we assume FOSS is the underdog, righting wrongs, giving us choice, and generally being a hero.
But Microsoft is trying not to be the underdog in open-source serving, giving us a choice, and generally being as self-preservationist as any *nix vendor. And there are, indeed, *nix vendors. Not just Sun, Red Hat, Novell, but others much smaller that carve out their niches and do very well, thank you. And they, mySQL for example, are not displeased that they also serve a Microsoft customer or two.
Trust Microsoft to not try and hijack FOSS? Of course not. Assume they want to play nice with FOSS? No, probably not. Condemn them for doing what their competitors are doing? just to pile on, IMHO.
If only Microsoft had done this when Novell was advancing the art of PC servers. But that's another tale for another day. Back then, the market was up for grabs. MS won, Novell lost. Today, I don't see Microsoft destroying the *nix marketplace any time soon. Too much momentum, too much good stuff out there. Microsoft thrives when they can identify a limited range of competitors. It's not like that any more.
Most developers don't bother to write properly, forcing users to have elevated privileges to run their applications. Viruses love this.
Windows/Outlook Express/IE together are 8still* the most efficient virus/worm/trojan/malware delivery system available currently. OLE, DCOM, etc. all make Windows cool, but also allow malicious software to run through the system like grease through a goose. MS has patched XP in particular, and Outlook/IE/Office/etc to the point that I suspect there is more patched code than original, all in an effort to prevent what should never be allowed; malware jumping the barriers, taking advantage of the interoperability and usability features, and infecting everything.
And then there's the kernel again, allowing stuff to run so hidden nothing can find it. Even MS's own security chief admits reformatting is sometimes the only option.
If Win7 resolves some of this with a truly secure kernel (let it be a microkernel if they want), proper security features, fix UAC into something that isn't so annoying it gets ignored, and manage processes so they don't let the malware pwn everything, then I'll probably buy it.
On the other hand, if Win7 does break with previous Windows apps, then the desktop Linux effort has a window of opportunity - If you're going to have to move to new apps anyways, why not clean break?
I don't think MS will abandon previous Windows apps. Too much risk. Even Apple had an OS9 compatibility layer for a while. And an OS7 layer before that.
Fear not. Win7 will run Office 2003, I betcha.
Now a radical Win7 architecture would be virtualization. Let the kernel run VMs for everything. Inter-Vm communication would be monitored, and viruses that infected one VM could be handled by killing the VM and restarting. Possibly we could see an Office 2k9 that supported this, and certainly a browser that could restart when it got pwned. Notice I say *when*. Not an inconsequential effort, but hey, it's theory for me.
"Eg; writing a game engine with a video thread, audio thread and an input thread still leaves 13 cores idle. You really cant thread those much farther (the ridiculously parallel problem of rendering is handled by the GPU)."
Woopsie. I think you presume that games don't need more processing before the GPU so much.
What if you could thread out, and preprocess the video? We don't know, cause it's not yet practical. The tools to write that software don't exist.
Actually, if we get enough cores as CPU, when do we start to need less GPU? The real question will be if the multi-cored CPU feeding the GPU frames is the answer, or is Intel's http://www.pcper.com/article.php?aid=534&type=expert&pid=3 GPU vision the answer?
I suspect we could turn video card development on its head by processing the raster on a 16-32 core CPU array, leaving 1 core for audio, 1 core for game engine, 1 core for AI, and 1 core+ for physics.
But the bottom line is that games will drive multicore development, with imaging/graphics/video (same thing as games, really) also on board.
But workstations are the most obvious target, and permitting users to install anything they see around the Net is asking for trouble. It's bad enough that we have to watch over Outlook and make sure it doesn't install with default 'view attachments' or 'execute'... Another reason to lock down the workstation, since if we let the user reinstall Office components on their own, will they get it right? what if they decide to install the latest anti-spyware gizmo cause it's the best'...
It depends on your level of paranoia, and responsibility. If you work for a firm that needs strict controls, that pretty much settles that. if your firm is littered with competent users, like a Google, well your job is that much easier.
Until somebody screws up bigtime. Then your job is hell, satisfying your bosses who want this to 'never happen again', and your users who will proclaim themselves 'smarter than that', despite recent evidence to the contrary.
and all this is in addition to the usual antivirus/malwere filters, firewalls, intrusion detection, auditing, blah blah blah.
Really, your business needs drive the level of lockdown.
My point is simple. Focusing on your last mile link is seriously inadequate. You need to know how your ISP is provisioned along the way out. Or more precisely, it doesn't much matter if I have GB at the house if my ISP can't funnel much more than 200MB at their NAPs. And that being shared...
Speed tests help with this. DOCSIS systems can throttle bandwidth, so you're looking to get close to what your ISP claims. But I wonder how Grambo in Korea does on DSLReports... does she get any speed test close to 100MB? I kinda doubt it, since that would take a lot of horsepower at the other end.
Now, a BitTorrent speed tester gizmo, with a buncha well-tiered seeds, that would be fun.
For the real-world application of this, consider HD video, which is certainly going to be a future service. If it were delivered Torrent-style, then your last mile might be the choke point. But not many DOCSIS 2.x systems will provide >9MB/s to a subscriber. And how many viewers in your neighborhood would it take to choke your local ring? Not many, I bet, so watching the Super Bowl will be a challenge over the cable modem.
Ah, we should be petitioning for proper Multicast support, too. Wonder if that would solve the problem...
And if there are 2 seeds, and neither has more than 2MB upload bandwidth?
It's not about your local pipe. The source needs to be able to deliver, and the intervening nets also. This is why content delivery systems use distributed serves, to overcome the limitations of single-source systems. And BitTorrent uses many, many sources to overcome the bandwidth limitations of any one.
But if I serve up a single seed of a torrent, no matter how fast your link is, you cannot download an faster than I can upload. And if I get a few hundred seeds out there, none of this means a thing if your ISP is lame enough to not be able to handle the trafic of your torrent, many others, YouTube/CNN/MySpace and other high-bandwidth services, all at once. Either the ISP builds out their NAP to handle the traffic, or they 'manage' the demand (ala Comcast), or they shut you off for 'hogging' bandwidth.
Or they ignore you. The most common tactic.
So Grambo in Korea ain't getting GB downloads unless everything in between can handle the traffic.
I America, we are deficient in the 'everthing in between' area, right down to the ISP's NAP.
ps- DOCSIS 3.0 doesn't fix this. It just ensures your packets are dropped faster, unless the cable co upgrades their connections out as well.
It isn't federal law that is the issue. Stringing FTTH requires hanging it off of poles in most of the country. Paying for access to the right-of-way. Even burying requires ROW. Local communities control most of this, while common carriers usually have a deal with the local authorities also. In Maine, most of the poles were owned by the power cos., and everyone paid them for access. The local community took a cut of the action. To go into business as a FTTH ISP, you'd need to pay for the pole rights. That DSL competitor leased lines from Verizon as a CLEC.
Wireless sucks. In a state like Maine, vegetation makes the number of access points skyrocket, and the system is too expensive to deploy. Philadelphia learned this - similar topology. Even in Tempe, Arizona, the real performace of WiFi ends up being too darned expensive.
In Maine, the calbe co has good market penetration (+20% at least), if you define the market as those wanting internet service. If you define the market as all housholds, well, not so good. And the Telco and all DSL providers lag only slightly. Dialup is not so prevalent.
In America, there is *no* nationwide market for broadband. The local constraints on laying fiber prevent that.
Back in the day I worked for an ISP/consultancy. I was at a client site which was also our POP, and had dual T-1s, and I shared that with our users. It was blazing fast for the day. Then I got RoadRunner (one of the early users in our city) and damn, that was fast. I would mirror vendor FTP sites overnight, swapping 1GB/hr one night. Woot!
Today, my cable service is the equal of what I had back then, but the download speeds suck. Why?
Demand, and of course backbone capacity.
So, does that nice Korean grandmother with the GB Ethernet connection get GB BitTorrent downloads? It's not up to the last mile how fast your connection is. It's the source(s) and the backbone. And your ISP's gateways, of course.
Our broadband problem in the U.S. doesn't seem to be, IMHO, the last mile. It's the ISP's gateways, just inside the gateways, and the backbones.
How do they fix this? Well, for most ISPs, they ignore the capacity issue as long as possible, either waiting for the next generation of switching equipment or a capital infusion to spend some money on the NOC. This takes years either way.
I just saw a story on Nokia apparently offering changes to GPRS, doubling and then increasing again data speeds. this might be a software change, which while not free would be cheaper than new boxes. Sounds like they wanna keep GPRS alive and competitive with EV-DO, HSPDA, et al. This sort of competition is not working in the landline/wired ISP business.
For a while, a DSL provider in Southern Maine was advertising that they offered faster connections than the cable company did. Oh, man, the cable co threatened to sue for false advertising. And the DSL provider basically said 'bring it on'. They could back their claims. In none of this did the telco, Verizon, ever speak up about *their* speeds, Cause their speeds sucked. That little spark of competition is not happening over much of the nation. The incumbents are so entrenched there is no getting past them.
Perhaps wireless gives us a hope to get past the incumbents, but with the C Block auction going to the highest bidders^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H incumbents, we're probably not going to get any more there. The 'open network' spec is a joke. Any device will operate on the 700MHz band, it will just operate at the pokey, laggy speed every other device works at. Nice. I have no hope that the bidders will build out their networks to accomodate the potential demand of true broadband - BitTorrent, 1080p, large file transfers for online storage/backup are the drivers for this.
We need to change things at the FCC, open up the marketplace, and let someone/something come on and deliver what is wanted.
Flexible screen - folds out for full-sized scrren when I have the room, stays slid into the top cover for a half-size screen when I don't. This is probably an OLED device, shough Sharp at least is working on this sort of display. Note to self, recommend a cell phone with this, so I can have a useful browsing experience in something shirt-pocket sized.
Jackable to a desktop-style keyboard/mouse/monitor setup wherever I am. Like libraries, work, home office, McDonalds (since by then Starbucks will be passé, and MD's coffee will be better.
Truly fast wireless - 100MB bi-directional. This is not within sight, WiMax and all are not gpoing to get it done.
Expandable keyboard - Starts out as slightly compressed notebook size, but pull on two corners and the keyboard expands out to full-size, if I wanna. Think IBM's ThinkPad 'butterfly' keyboard but in both dimensions, not just width. Keys are overlapping with flexible edges and of course debounced so you can strike one and get what you wanted, ignoring the nearby slower, partial presses. You can have the *)(&ing patent, just make this for me, ok?
Anti-theft alarm - Unless you deactivate it when you pick it up, you get a 120dB+ squeal. For a long time. And off and on forever, or until I enter the right combination of keys, buttons, and gestures. Wait, make that 140dB+. This might make it undesireable to snarf one off my table at McD's...
Fuel cell or chemical power source - A butane fuel cell would be sweet, but there may be other alternatives. I won't ask for the plutonium pellet lifetime battery yet, too many people aren't ready for true progress.
Can I have this by 2015, please? Ok, 2018? Never? Hmm...
Another Old media trick. Buy your competitors. Make them look like another entity.
Well, actually that's pretty much business as war theory. But you will soon be seeing YouTube looking less like Google, I suspect, when in fact it *is* more like Google.
Steering searches to ad partners is abusive^H^H^H^H^H^H^Hevil.
It is only a matter of time before something like MySpace or YouTube can directly monetize their offering, and Google shares drop another increment.
Google and the like should invest in wireless Internet that really works in the real world. By real world, I mean such interesting topologies as Philadelphia, Dalls, Portland Me, Tempe, and Seattle. Oh, and the other 25-30% of Americans that don't live in an easily-servied area. When the current evil ISPs figure out how to shape traffic without easy detection, they will steer search to *other* providers. Woops, they're already doing it, aren't they? Google et al will need their own access to you.
Because, the Commercialized Internet is not so much about your access to it, but 'its' access to YOU. Sort of like going to the supermarket. Store brands are well-placed. Everyone else pays for the spot on the shelf. Miraculously, around Thanksgiving you can't find those favorite-brand fried onion rings you love to drizzle on top of your green bean casserole. Plenty of store-brand avaialble though. You have been steered. Google does this all the time, and we consider it a service. We are being used, of course.
The dystopian Blade Runner-esque world is closer and closer. It doesn't look very pretty to me, just fascinating, until it becomes reality.
If Google actually 'did no evil', they wouldn't do some of the things they make money on now. Too late, GOOG. You are already evil. Darn.
My family used to have a number just 3 off from a very popular pharmacy in town. We got wrong numbers on a regular basis, but shrugged it off.
One night, very late, someone called and was quite upset that not only weren't we the pharmacy, but that we couldn't transfer their call to the pharmacist. This in the days when yoh could choose pluse or tone dial phones. My mom lost her cool and gave the caller quite a talking to.
The pharmacy owner called the next day and began to chew me out (I was home sick, sheesh) for being so rude to callers that had made such an innocent mistake. I shared with him what my mom said the caller said. And I let him know that I'd have my mom call him as soon as she got in.
We know the pharmacist's home numnber. He's on the City Council. Needless to say, my mom didn't call him until a little later in the evening. And he was both rude and upset. Especially when he realizes that he actually knows my mom from business dealings (ok,ok, she represented several manufacturing firms). We (I was her partner in crome a lot) attend the next Council meeting. He spies us.
Never heard from him again. We had that number for 12 years. He got over it. People still called all hours of the day and night. We usually just hung up after that.
Isn't this the ultimate 'fixed in documentation' issue?
Apple can reprint boxes with a line like 'For Apple Brand Computers ONLY!' on the outside.
Case closed.
Of course, if a user buys a copy, reads the EULA, and returns it, woop. It's a return. Currrently, you can try to make a case that you didn't know. Put the conditiokn on the outside of the box, and let the resellers charge a stocking fee, since there wasn't anything wrong with the product.
Just the user.
...like the client I had for five years. They finally got me out of there, despite my boss assuring me he had my back, no problem keeping the contract, blahblahblah. My first meeting with the incoming brand-newly-created CIO started off with him explaining that he would be replaciong me with his own staff as soon as humanely possible. It took him 5 months. His second in command was a true class act, once agreeing to a plan, changing his mind, forcing a completely untested and foreign solution. All in one two-hour meeting. Only I objected, and he left it that I should not be surprised, after all my ideas had all failed. This was a *new* project. I hadn't screwed this one up, as it hadn't gotten past the design stage before he dismembered it...
My only solace; I heard 3 years later that he and the CIO were *escorted* from the building by Security. Probably they got caught taking kickbacks from vendors. That's what happened at their last place, where they were allowed to go quietly in the night rather than 'disgrace' a government agency.
The article got it right. Sometimes you gotta just go. He was up against a dev team manager that was an asshat, a CIO that tolerated that style, and nowhere to turn for sanity. I suspect the dev team was spectacularly unproductive there...
NetWare? Since v4.01, it has had TCP/IP available, and GroupWise, Border Manager, iFolder, and a few other services running on it. v3.11 would run various mail servers, Mercury being the favorite if I remember right.
:-)
GroupWise had an announced vulnerability that was patched before exploited, but suffered from many possible spam exploits similar to what Exchange would crumble under up to v5.5, I think.
There are some Apache exploits out there (I ran a NAMP about a week after I first heard the LAMP concept...). And some report of a NetWare Web Server exploit via Perl around 2002-2003. Maybe those count.
I really am unaware of a NetWare exploit right into the OS via the network. Most advertised exploits seem to focus on file access, of course, and eDirectory listing. So maybe NetWare doesn't qualify. And most old exploits of IPX/SPX require you be inside the firewall. Which you could do by hijacking a Windows machine
Let's not go into Vines, or IRIX, they seem to be obsolete for purposes of this example... But NetWare is still in use, albeit a sliver of market share.
And no, no one that I am aware of knows of a root hack or even executables that could be loaded on a NetWare server. Not many developers bothered to write NLMs for 'legitimate' purposes, so the crackers generally didn't bother either.
No, silly. You take the reasonable precaution of formatting unknown media. You don't really know where it's been.
And I haven't fried anything with a bad USB-whatever in my career. I may live a sheltered life, but usually USB ports survive really bad stuff plugged into them, with spectacular exceptions I'm sure.
It's just not prudent to believe your new storage media is clean as whistle. Even hard drives.
Easy for you to spew.
Surprisingly, much of the software Hannaford settled on using is jut plain Windows. They did use some Sun for certain things, but the store servers were almost all Windows.
I'm unaware of any settlement software available for *nix. There must be some, but I haven't look so hard for it. And Hannaford isn't unique in the industry for using Windows.
It wasn't long ago that Blockbuster used Alpha-based servers at the stores, running customized SCO SysV. nasty, but it worked really well. Sadly, Alpha CPUs are hard to come by, and I bet they have moved to Windows. But that environment would move to Lunix very well. Other businesses need to build the entire Linux infrastructure, from development environments to remote management. Windows makes it too easy.
And the bottom line here is that the malware got inside the firewall. Most likely, IMHO, via a support tech either browsing or on media, obviously. And they were certified PCI-compliant. Darn.
Frankly, I suspect even a Linux server system could be pwned. I've had to scrape out some very tough trojans from my servers over the years. It ain't easy. 80% of the time I reinstalled clean. Why bother.
I see a story about Hannaford Bros (supermarket chain in the Northeast U.S.) servers being pwned, sending credit card numbers all over. And they passed PCI, seeming to be secure enough for the card industry. Darn, pwnage is so sucky, especially when your SERVERS are compromised.
Now I see this story about HP accidentally selling branded keys with worms pre-installed. Darn, selling malware is so sucky, especially when you sell it to your favorite customers, for example server customers.
Any chance not just Hannaford, but other HP customers are nailed by this?
The takeaway from this episode, for those of you who aren't quite getting this:
- When you buy a USB key, be sure your machine(s) have functional antivirus and antispyware running,and it's updated.
- Look around for instructions on keeping stuff like USB keys from autorunning. Make it so.
- Format that rascal USB key immediately. Immediately. IMMEDIATELY.
- Don't buy USB keys cause they have cool software preloaded. Pointless to CHOOSE to risk infection. make the manufacturers pay for this by avoiding/refusing this crap. Just sell me a simple key, ok? Sheesh...
And trust no one and no thing.
Amazing, is all I can say. And yes, I wonder if these were manufactured and loaded in China. Bet they are.
We are in so much trouble. Mark my words, soon, 'Made in China' will really mean 'Pwned by China'. If ti doesn't already.
I've had success in the past using HP's USB tools to create floppy-formatted USB keys and install drivers with that. It's worked on several ProLiant servers... Well before this particular gaffe, and not HP-branded keys. The servers passed all their security checks 2 years ago.
You can do it without the HP keys, just use their software to prep the stick.
WinVNC
I rarely waste two hours of my life on a bad movie. If it's in the theatre, I go out for a popcorn refill and return to a different screen.
If it's home, I leave it on in the background and run 14 loops for another RoTP. What the heck...
Can you pwn the kernel in XP?
Can you circumvent the kernel in XP?
Can you run your malware on XP without detection?
I think you can x3.
I don't believe the XP kernel can be secured. And it can be circumvented.
If I can open it without a key, or get around it, without damaging it, the lock is insecure.
I'm obviously not an expert. So is there an expert opinion that can accurately state that the XP kernel is secure?
And more to the overall point, does it matter? XP has so many security issues, even a secure kernel might not save it.
...where 'we' are offended that Microsoft makes calculating and obviously self-serving moves to court open-source applications to run on Windows.
But, we applaud the efforts of the FOSS community to make every effort to run Windows apps on *nix operating systems.
And I think both approaches are equally sel-serving. We understand and support it in FOSS, since we assume FOSS is the underdog, righting wrongs, giving us choice, and generally being a hero.
But Microsoft is trying not to be the underdog in open-source serving, giving us a choice, and generally being as self-preservationist as any *nix vendor. And there are, indeed, *nix vendors. Not just Sun, Red Hat, Novell, but others much smaller that carve out their niches and do very well, thank you. And they, mySQL for example, are not displeased that they also serve a Microsoft customer or two.
Trust Microsoft to not try and hijack FOSS? Of course not. Assume they want to play nice with FOSS? No, probably not. Condemn them for doing what their competitors are doing? just to pile on, IMHO.
If only Microsoft had done this when Novell was advancing the art of PC servers. But that's another tale for another day. Back then, the market was up for grabs. MS won, Novell lost. Today, I don't see Microsoft destroying the *nix marketplace any time soon. Too much momentum, too much good stuff out there. Microsoft thrives when they can identify a limited range of competitors. It's not like that any more.
'Fixing' XP/2000 is not an option.
The kernel is fundamentally insecure, period.
Most developers don't bother to write properly, forcing users to have elevated privileges to run their applications. Viruses love this.
Windows/Outlook Express/IE together are 8still* the most efficient virus/worm/trojan/malware delivery system available currently. OLE, DCOM, etc. all make Windows cool, but also allow malicious software to run through the system like grease through a goose. MS has patched XP in particular, and Outlook/IE/Office/etc to the point that I suspect there is more patched code than original, all in an effort to prevent what should never be allowed; malware jumping the barriers, taking advantage of the interoperability and usability features, and infecting everything.
And then there's the kernel again, allowing stuff to run so hidden nothing can find it. Even MS's own security chief admits reformatting is sometimes the only option.
If Win7 resolves some of this with a truly secure kernel (let it be a microkernel if they want), proper security features, fix UAC into something that isn't so annoying it gets ignored, and manage processes so they don't let the malware pwn everything, then I'll probably buy it.
On the other hand, if Win7 does break with previous Windows apps, then the desktop Linux effort has a window of opportunity - If you're going to have to move to new apps anyways, why not clean break?
I don't think MS will abandon previous Windows apps. Too much risk. Even Apple had an OS9 compatibility layer for a while. And an OS7 layer before that.
Fear not. Win7 will run Office 2003, I betcha.
Now a radical Win7 architecture would be virtualization. Let the kernel run VMs for everything. Inter-Vm communication would be monitored, and viruses that infected one VM could be handled by killing the VM and restarting. Possibly we could see an Office 2k9 that supported this, and certainly a browser that could restart when it got pwned. Notice I say *when*. Not an inconsequential effort, but hey, it's theory for me.
"Eg; writing a game engine with a video thread, audio thread and an input thread still leaves 13 cores idle. You really cant thread those much farther (the ridiculously parallel problem of rendering is handled by the GPU)."
Woopsie. I think you presume that games don't need more processing before the GPU so much.
What if you could thread out, and preprocess the video? We don't know, cause it's not yet practical. The tools to write that software don't exist.
Actually, if we get enough cores as CPU, when do we start to need less GPU? The real question will be if the multi-cored CPU feeding the GPU frames is the answer, or is Intel's http://www.pcper.com/article.php?aid=534&type=expert&pid=3 GPU vision the answer?
I suspect we could turn video card development on its head by processing the raster on a 16-32 core CPU array, leaving 1 core for audio, 1 core for game engine, 1 core for AI, and 1 core+ for physics.
But the bottom line is that games will drive multicore development, with imaging/graphics/video (same thing as games, really) also on board.
The first reason for locking down user PCs isn't piracy. It's malware.
Your organizaiton is at great risk from all sorts of malware. Look at the http://www.informationweek.com/news/showArticle.jhtml?articleID=207001073&subSection=News Hannaford incident, though it isn't precisely on point - their SERVERS were compromised. I wonder if the vector was actually a workstation, though...
But workstations are the most obvious target, and permitting users to install anything they see around the Net is asking for trouble. It's bad enough that we have to watch over Outlook and make sure it doesn't install with default 'view attachments' or 'execute'... Another reason to lock down the workstation, since if we let the user reinstall Office components on their own, will they get it right? what if they decide to install the latest anti-spyware gizmo cause it's the best'...
It depends on your level of paranoia, and responsibility. If you work for a firm that needs strict controls, that pretty much settles that. if your firm is littered with competent users, like a Google, well your job is that much easier.
Until somebody screws up bigtime. Then your job is hell, satisfying your bosses who want this to 'never happen again', and your users who will proclaim themselves 'smarter than that', despite recent evidence to the contrary.
and all this is in addition to the usual antivirus/malwere filters, firewalls, intrusion detection, auditing, blah blah blah.
Really, your business needs drive the level of lockdown.
...supply others with the ability to do what they want.
/. install the 'ironic captcha' system?
Let their evil be on their heads, eh? Works for me. Besides, paying customers are very nice.
My captcha is 'virtuous'. So when did
My point is simple. Focusing on your last mile link is seriously inadequate. You need to know how your ISP is provisioned along the way out. Or more precisely, it doesn't much matter if I have GB at the house if my ISP can't funnel much more than 200MB at their NAPs. And that being shared...
Speed tests help with this. DOCSIS systems can throttle bandwidth, so you're looking to get close to what your ISP claims. But I wonder how Grambo in Korea does on DSLReports... does she get any speed test close to 100MB? I kinda doubt it, since that would take a lot of horsepower at the other end.
Now, a BitTorrent speed tester gizmo, with a buncha well-tiered seeds, that would be fun.
For the real-world application of this, consider HD video, which is certainly going to be a future service. If it were delivered Torrent-style, then your last mile might be the choke point. But not many DOCSIS 2.x systems will provide >9MB/s to a subscriber. And how many viewers in your neighborhood would it take to choke your local ring? Not many, I bet, so watching the Super Bowl will be a challenge over the cable modem.
Ah, we should be petitioning for proper Multicast support, too. Wonder if that would solve the problem...
And if there are 2 seeds, and neither has more than 2MB upload bandwidth?
It's not about your local pipe. The source needs to be able to deliver, and the intervening nets also. This is why content delivery systems use distributed serves, to overcome the limitations of single-source systems. And BitTorrent uses many, many sources to overcome the bandwidth limitations of any one.
But if I serve up a single seed of a torrent, no matter how fast your link is, you cannot download an faster than I can upload. And if I get a few hundred seeds out there, none of this means a thing if your ISP is lame enough to not be able to handle the trafic of your torrent, many others, YouTube/CNN/MySpace and other high-bandwidth services, all at once. Either the ISP builds out their NAP to handle the traffic, or they 'manage' the demand (ala Comcast), or they shut you off for 'hogging' bandwidth.
Or they ignore you. The most common tactic.
So Grambo in Korea ain't getting GB downloads unless everything in between can handle the traffic.
I America, we are deficient in the 'everthing in between' area, right down to the ISP's NAP.
ps- DOCSIS 3.0 doesn't fix this. It just ensures your packets are dropped faster, unless the cable co upgrades their connections out as well.
Ah, so many issues, so little time...
It isn't federal law that is the issue. Stringing FTTH requires hanging it off of poles in most of the country. Paying for access to the right-of-way. Even burying requires ROW. Local communities control most of this, while common carriers usually have a deal with the local authorities also. In Maine, most of the poles were owned by the power cos., and everyone paid them for access. The local community took a cut of the action. To go into business as a FTTH ISP, you'd need to pay for the pole rights. That DSL competitor leased lines from Verizon as a CLEC.
Wireless sucks. In a state like Maine, vegetation makes the number of access points skyrocket, and the system is too expensive to deploy. Philadelphia learned this - similar topology. Even in Tempe, Arizona, the real performace of WiFi ends up being too darned expensive.
In Maine, the calbe co has good market penetration (+20% at least), if you define the market as those wanting internet service. If you define the market as all housholds, well, not so good. And the Telco and all DSL providers lag only slightly. Dialup is not so prevalent.
In America, there is *no* nationwide market for broadband. The local constraints on laying fiber prevent that.
Back in the day I worked for an ISP/consultancy. I was at a client site which was also our POP, and had dual T-1s, and I shared that with our users. It was blazing fast for the day. Then I got RoadRunner (one of the early users in our city) and damn, that was fast. I would mirror vendor FTP sites overnight, swapping 1GB/hr one night. Woot!
Today, my cable service is the equal of what I had back then, but the download speeds suck. Why?
Demand, and of course backbone capacity.
So, does that nice Korean grandmother with the GB Ethernet connection get GB BitTorrent downloads? It's not up to the last mile how fast your connection is. It's the source(s) and the backbone. And your ISP's gateways, of course.
Our broadband problem in the U.S. doesn't seem to be, IMHO, the last mile. It's the ISP's gateways, just inside the gateways, and the backbones.
How do they fix this? Well, for most ISPs, they ignore the capacity issue as long as possible, either waiting for the next generation of switching equipment or a capital infusion to spend some money on the NOC. This takes years either way.
I just saw a story on Nokia apparently offering changes to GPRS, doubling and then increasing again data speeds. this might be a software change, which while not free would be cheaper than new boxes. Sounds like they wanna keep GPRS alive and competitive with EV-DO, HSPDA, et al. This sort of competition is not working in the landline/wired ISP business.
For a while, a DSL provider in Southern Maine was advertising that they offered faster connections than the cable company did. Oh, man, the cable co threatened to sue for false advertising. And the DSL provider basically said 'bring it on'. They could back their claims. In none of this did the telco, Verizon, ever speak up about *their* speeds, Cause their speeds sucked. That little spark of competition is not happening over much of the nation. The incumbents are so entrenched there is no getting past them.
Perhaps wireless gives us a hope to get past the incumbents, but with the C Block auction going to the highest bidders^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H incumbents, we're probably not going to get any more there. The 'open network' spec is a joke. Any device will operate on the 700MHz band, it will just operate at the pokey, laggy speed every other device works at. Nice. I have no hope that the bidders will build out their networks to accomodate the potential demand of true broadband - BitTorrent, 1080p, large file transfers for online storage/backup are the drivers for this.
We need to change things at the FCC, open up the marketplace, and let someone/something come on and deliver what is wanted.
Fat chance.
Flexible screen - folds out for full-sized scrren when I have the room, stays slid into the top cover for a half-size screen when I don't. This is probably an OLED device, shough Sharp at least is working on this sort of display. Note to self, recommend a cell phone with this, so I can have a useful browsing experience in something shirt-pocket sized.
Jackable to a desktop-style keyboard/mouse/monitor setup wherever I am. Like libraries, work, home office, McDonalds (since by then Starbucks will be passé, and MD's coffee will be better.
Truly fast wireless - 100MB bi-directional. This is not within sight, WiMax and all are not gpoing to get it done.
Expandable keyboard - Starts out as slightly compressed notebook size, but pull on two corners and the keyboard expands out to full-size, if I wanna. Think IBM's ThinkPad 'butterfly' keyboard but in both dimensions, not just width. Keys are overlapping with flexible edges and of course debounced so you can strike one and get what you wanted, ignoring the nearby slower, partial presses. You can have the *)(&ing patent, just make this for me, ok?
Anti-theft alarm - Unless you deactivate it when you pick it up, you get a 120dB+ squeal. For a long time. And off and on forever, or until I enter the right combination of keys, buttons, and gestures. Wait, make that 140dB+. This might make it undesireable to snarf one off my table at McD's...
Fuel cell or chemical power source - A butane fuel cell would be sweet, but there may be other alternatives. I won't ask for the plutonium pellet lifetime battery yet, too many people aren't ready for true progress.
Can I have this by 2015, please? Ok, 2018? Never? Hmm...
Precisely. You get it, right?
Another Old media trick. Buy your competitors. Make them look like another entity.
Well, actually that's pretty much business as war theory. But you will soon be seeing YouTube looking less like Google, I suspect, when in fact it *is* more like Google.
It's not just consolidation. Deeper than that.
Serving text ads is passé.
Steering searches to ad partners is abusive^H^H^H^H^H^H^Hevil.
It is only a matter of time before something like MySpace or YouTube can directly monetize their offering, and Google shares drop another increment.
Google and the like should invest in wireless Internet that really works in the real world. By real world, I mean such interesting topologies as Philadelphia, Dalls, Portland Me, Tempe, and Seattle. Oh, and the other 25-30% of Americans that don't live in an easily-servied area. When the current evil ISPs figure out how to shape traffic without easy detection, they will steer search to *other* providers. Woops, they're already doing it, aren't they? Google et al will need their own access to you.
Because, the Commercialized Internet is not so much about your access to it, but 'its' access to YOU. Sort of like going to the supermarket. Store brands are well-placed. Everyone else pays for the spot on the shelf. Miraculously, around Thanksgiving you can't find those favorite-brand fried onion rings you love to drizzle on top of your green bean casserole. Plenty of store-brand avaialble though. You have been steered. Google does this all the time, and we consider it a service. We are being used, of course.
The dystopian Blade Runner-esque world is closer and closer. It doesn't look very pretty to me, just fascinating, until it becomes reality.
If Google actually 'did no evil', they wouldn't do some of the things they make money on now. Too late, GOOG. You are already evil. Darn.
My family used to have a number just 3 off from a very popular pharmacy in town. We got wrong numbers on a regular basis, but shrugged it off.
One night, very late, someone called and was quite upset that not only weren't we the pharmacy, but that we couldn't transfer their call to the pharmacist. This in the days when yoh could choose pluse or tone dial phones. My mom lost her cool and gave the caller quite a talking to.
The pharmacy owner called the next day and began to chew me out (I was home sick, sheesh) for being so rude to callers that had made such an innocent mistake. I shared with him what my mom said the caller said. And I let him know that I'd have my mom call him as soon as she got in.
We know the pharmacist's home numnber. He's on the City Council. Needless to say, my mom didn't call him until a little later in the evening. And he was both rude and upset. Especially when he realizes that he actually knows my mom from business dealings (ok,ok, she represented several manufacturing firms). We (I was her partner in crome a lot) attend the next Council meeting. He spies us.
Never heard from him again. We had that number for 12 years. He got over it. People still called all hours of the day and night. We usually just hung up after that.
Ah, the good old days of rotary dial.
In Hong Kong, we would already be dead.
Didn't see that coming...