The NSA released documents on how to secure WinXP and Win2K server not too long ago
I'm glad they did that. It was nice public service, IMHO.
However, for practical use, the 105 page guide is a bit prolix for me. I'm installing, patching and trying to harden a home Win2K system (got removable drives and SuSE 8.1 on the other) and found other, shorter guides (ArsTechnica, I think) for Win2K security to be quicker and easier to use.
I got educated on an earlier Slashdot story of how (a) how nice and easy it was to set up an encrypted tunnel using ssh instead of IPSec or a weird proprietary VPN product, (b) how TCP over TCP is a fundamentally bad idea and people were compensating by periodically restarting the tunnel service afresh to work around it.
How's the performance of this setup and does it address any of those problems?
I agree that Scott's made some bad decisions, but the severity of the effects are magnified by the business environment he's in. It's the same one that did in DEC, IMHO.
Apple can count on a niche market of zealots that are willing to buy a really nice system for prices that are higher than the equivalent x86 based PC.
The RISC UNIX vendors have been competing with one another for a couple of decades, but now that x86 Linux is here and Fabs cost billions of dollars, almost no one can afford to play the game anymore. Sun was late with UltraSPARC III. They will never sell the volume that Intel or even AMD can. Their chips will cost more and they can't afford to do the development and help finance 90 nanometer, copper, SOI fabs on 300mm wafers.
Sun has traditionally been a hardware company as much as a software company, a culture that it shares with Apple. But it can't keep it's UNIX market captive in the same way that Apple can keep its fans captive. UNIX users will hop from OSF/1 to Solaris to HP/UX to AIX to Linux a lot more easily than Apple users will hop to Windows.
The market for pieces of software that sell 50 million copies will decline, as it should. Anything that 50 million people have to depend upon should benefit from a competitive marketplace, with reductions in cost and increases in quality. Something that only comes from having more than one vendor.
So, given that Microsoft's business model is no longer a growth model, and that no one except MS can occupy its currently enviable position in terms of cost of revenue anyway, what is left, you ask?
First, specialty ware, something that sells to a specialty market (eg, butterfly collection organizing software).
Second, custom business software. BigCorp wants someone to figure out how to do new things to big databases, or someone to write VB macros to fill in spreadsheets.
Third, scientific applications. Someone wants to simulate protein folding for their new drugs.
Fourth, special purpose hardware needs special purpose application software. Software to run pacemakers, coffeemakers, routers, cell phones and integrated facial recognition cameras.
Fifth, maintenance. The unloved stepchild. A lot of software needs to be maintained and breaks from periodically. Some folks like the old creaky ware anyway, because it's built up 20 years of trust - the devil you know and all that. Unglamorous, to be sure, but a reality.
Local Google on MyComputer will be the future. I'm convinced of it.
Given how much people's data has grown, I think Longhorn's SQL based filesystem is really an important development, one that will turn out to be incredibly useful.
I'd like to see something that could offer equivalent utility under Linux.
So I wonder how combinations such as ReiserFS and glimpse would or could fill this niche?
And the best thing is that the public is buying it!
They're only buying what they've been sold.
And the sellers point to the events of Sep 11 to make their case. Something over 40% of Americans believe that "almost all" the 9/11 hijackers were from Iraq and that Saddam Hussein was responsible for their actions. President Bush's speech mentioned 9/11 more than half a dozen times, even though he was nominally explaining why Iraq and Saddam Hussein needed to be taken out.
It'd sure be nice if people did some comparison shopping, checking prices and quality before they bought into their political views.
If current conditions persist, I can see the beginnings of a vicious feedback loop, where more vehement anti-American sentiment causes more terrorist actions, which in turn, can be used to sell more overseas military ventures which will reinforce those anti-American sentiments even further.
SCO has a much stronger case than most people realize. The proceedings will take IBM and the rest of the open source community completely by storm.
To wit, when their lawyers reveal specific lines of code from the linux kernel that are absolutely identical to what is in the SCO code base, a jaw-dropping silence will overtake the courtroom.
Your honor, may it please the bench to observe Exhibit A:
for(;;) {
and there will be some additional fearsome evidence where loop variable names were changed from i to j.
It's little wonder that the lawyers from IBM are so nervous.
Walk into any shopping mall, find where they sell CDs, for almost $20 a piece, look who's buying them, how they found out about them, and you'll start to get the picture.
You'll get an even clearer picture if start asking the people manning the store if they'd be willing to sell some copies of your garage band's latest CD.
In the same way, flavored sugar water of a few particular brands is sold in the supermarket for incredibly high markup. Great-tasting, lesser-known off brands are sold in lesser volume for higher prices than the big name brands.
There is a market for shelf space (slotting fees) that is not a paradigm of the best features of a free market in action.
Has anyone here used any of these high res projectors to put movies and TV in their homes?
[I'm not talking about rear projection TV's, but rather where you hang one of these down from the ceiling, point it at the wall/screen, and get a big picture.]
My brother had a friend that said it works great, but had two drawbacks: price was still kind of high, and you had to tolerate the low ambient lighting necessary for the projected image not to appear washed out.
You make a good point. MyCorp has a group that does this kind of testing, too.
It's one thing for MS to bring out patches and to test them with a handful of recent applications. (Lessee, works with the latest IE, Office, IIS, - I think we're good to go!)
It's a local burden most companies face, using a range of applications and systems, testing the exact same patches to make sure they don't inadvertently break an important local application.
I have to believe that if MS made good, hard, well-defined, well-behaved, well-documented interfaces in their software that needs for local patch compatibility testing would be less than what they are.
Uh, excuse me, but if the formats were fully documented, then why did reverse engineering of MS Office file formats even need to be done?
From what I understand, there is a signficantly large mysterious black box called Word that transforms these "documented formats" into displayable form on screen or to paper. That publicly documented transformation of various flavors of.doc into displayed form is what's missing for Word users and it's what can be found by examining OpenOffice source code as much as you like.
Using OpenOffice doesn't make you beholden to a large corporation; Sun can't hold your document hostage by saying that you have to run OpenOffice and you can only do that on Sun's operating system.
If you don't like the direction Sun is pushing OpenOffice with its StarOffice work, then you're copy the entire source code base and start making MoreOpenOffice even better. Shoot, if you have great ideas for improving OO and present them to the OO developers, they might even help you do it.
easy to take care of. Simply make sure no one has physical access to your keyboard. It's impossible to install a keysniffer on a keyboard that you don't have physical access to.
Yes, but.
I'm probably not the only person that feels their PGP key provides significantly greater protection than the lock on the front door of the house.
If I lock my house and activate my cheapo burglar alarm, that will prevent most unauthorized access, but is insufficient to deter an expert with more resources intent on installing a keyboard sniffer. It's an arms race where anyone with lesser money and knowledge is at a severe disadvantage.
Physical access is now the weaker link since PGP (or GPG) is readily available for negligible cost.
I certainly don't have the kind of money available to bring up the security level of my physical perimeter to the same level of security that PGP provides. I have some knowledge, too, but since I have to work for a living I don't have the kind of time it takes to become an expert on physical perimeter protection.
In New York, I've had cabbies pull over and ask if I wanted a ride when I was just standing there.
I don't know if it's true anymore, but it used to be that the number of taxicabs in New York was artificially capped.
Getting into the business required that one purchase a "medallion", whose price I had heard was about US$100K. (Sounds a lot like the market for liquor licenses in many places.)
The pressures of this distorted market resulted in the rise of alternative "limousine services", IIRC.
Disney can do just fine by re-releasing it's old stuff in newer formats, even digital video.
As a corporation, they're pretty greedy and paranoid, but the fact is that people will buy Disney DVDs even if they own the VHS tape of the exactly the same movie.
Later, when HDTV's start becoming really popular (i.e., when their price dips below about $1000) and we all gripe about crummy 480p output from the back of the old DVD player, a new, higher resolution format will become available, and people will flock to stores, snapping up copies of Snow White for a third time.
As long as the price of the media isn't too high and as long as most houses don't have bidirectional high bandwidth connections, this business model will keep them and other movie producers in cash for years to come (but not decades).
Despite all the spam and trash on usenet, there's still a lot of good questions that get answered there.
If I've got a questions about weird new hardware that I'm thinking of buying or have already bought and am trying to get work under Linux, then I frequently go over to Google Groups (fka Deja Gnus) to see if someone else in the world has worried about the issue before. Often they have.
But I do worry about who and where are the sites willing to archive usenet, because that archive is genuinely useful, despite the high volume of trash that gets in it.
Another thing, of course, is that giving out your real email address on usenet invites spam, so I lose some touch with individual responses to questions because I don't always check my throwaway free email account for responses to questions I pose on Usenet under a pseudonym.
Ironically, the one-on-one responders with answers are probably using their real email addresses, but don't want to post them to usenet to minimize their spambot exposure.
might provide a bit of tweaking to get the game to run under WineX
With only about 5% of the market, (Apple, anyone?), the developers will devote about that much concern to whether their games will run under WineX.
But if WineX comptability is even on the radar, that's a good thing.
And if some company in Taiwan releases a very inexpensive PC-like box for gaming via WineX, a box that sells millions of units, then the future of WineX compatibility is assured.
It's a long way off, but a great milepost metric for real success of WineX would be if game developers started to badger both MS and WineX developers to get together to advance the APIs; maybe even MS would lower itself to devoting manpower working on the WineX codebase. Not that I expect all that anytime soon....
Yes, but you will get better performance if other peers can connect to you. By default, BitTorrent listens on port 6881, trying incrementially higher ports if it's unable to bind. It gives up after 6889 (the port range is configurable.) It's up to you to figure out how to poke a hole in your firewall/NAT.
It seems like introducing a new service with new ports is kind of a big step to take for Mozilla from that standpoint that users behind NAT and proxies will have difficulty using it; the use of variable high number ports for service sounds a lot like what the X windowing system does - dunno if anyone has tried to push "x://" URLs:)
OTOH, if someone does integrate BitTorrent into Mozilla and the service starts taking off in popularity (could see this happening), then the NAT proxy tools will be flexed accordingly so users demanding the service can be satisfied. If BT's there and unused, then it's no skin off any user's nose; if the Moz networking code jungles become impenetrable because of the addition of this P2P protocol, then maybe that suggests some overall redesign may be in order.
It's silly to still be manacled to this outdated, ridiculous technology.
Yes. Right. Absolutely. Correct.
In real life, though, when your computer starts to sink beneath the waves, when you're almost ready to believe you have bad hardware, you'll grow to love that manacle to the life preserver floppy.
It's an ugly piece of trash, to be sure, but it does float.
A few years ago Sun was touting various sizes of Java, including a JVM that could be run in something as small as a smartcard. I don't know what the prices of licensing a commercial JVM for your application, but it's possible that a free one might work if you you're willing to take some lumps in footprint, performance.
Slashdot Mirror
The NSA released documents on how to secure WinXP and Win2K server not too long ago
I'm glad they did that. It was nice public service, IMHO.
However, for practical use, the 105 page guide is a bit prolix for me. I'm installing, patching and trying to harden a home Win2K system (got removable drives and SuSE 8.1 on the other) and found other, shorter guides (ArsTechnica, I think) for Win2K security to be quicker and easier to use.
I got educated on an earlier Slashdot story of how (a) how nice and easy it was to set up an encrypted tunnel using ssh instead of IPSec or a weird proprietary VPN product, (b) how TCP over TCP is a fundamentally bad idea and people were compensating by periodically restarting the tunnel service afresh to work around it.
How's the performance of this setup and does it address any of those problems?
I agree that Scott's made some bad decisions, but the severity of the effects are magnified by the business environment he's in. It's the same one that did in DEC, IMHO.
Apple can count on a niche market of zealots that are willing to buy a really nice system for prices that are higher than the equivalent x86 based PC.
The RISC UNIX vendors have been competing with one another for a couple of decades, but now that x86 Linux is here and Fabs cost billions of dollars, almost no one can afford to play the game anymore. Sun was late with UltraSPARC III. They will never sell the volume that Intel or even AMD can. Their chips will cost more and they can't afford to do the development and help finance 90 nanometer, copper, SOI fabs on 300mm wafers.
Sun has traditionally been a hardware company as much as a software company, a culture that it shares with Apple. But it can't keep it's UNIX market captive in the same way that Apple can keep its fans captive. UNIX users will hop from OSF/1 to Solaris to HP/UX to AIX to Linux a lot more easily than Apple users will hop to Windows.
It's still alive.
However, it's in a state of flux.
The market for pieces of software that sell 50 million copies will decline, as it should. Anything that 50 million people have to depend upon should benefit from a competitive marketplace, with reductions in cost and increases in quality. Something that only comes from having more than one vendor.
So, given that Microsoft's business model is no longer a growth model, and that no one except MS can occupy its currently enviable position in terms of cost of revenue anyway, what is left, you ask?
First, specialty ware, something that sells to a specialty market (eg, butterfly collection organizing software).
Second, custom business software. BigCorp wants someone to figure out how to do new things to big databases, or someone to write VB macros to fill in spreadsheets.
Third, scientific applications. Someone wants to simulate protein folding for their new drugs.
Fourth, special purpose hardware needs special purpose application software. Software to run pacemakers, coffeemakers, routers, cell phones and integrated facial recognition cameras.
Fifth, maintenance. The unloved stepchild. A lot of software needs to be maintained and breaks from periodically. Some folks like the old creaky ware anyway, because it's built up 20 years of trust - the devil you know and all that. Unglamorous, to be sure, but a reality.
Local Google on MyComputer will be the future. I'm convinced of it.
Given how much people's data has grown, I think Longhorn's SQL based filesystem is really an important development, one that will turn out to be incredibly useful.
I'd like to see something that could offer equivalent utility under Linux.
So I wonder how combinations such as ReiserFS and glimpse would or could fill this niche?
And the best thing is that the public is buying it!
They're only buying what they've been sold.
And the sellers point to the events of Sep 11 to make their case. Something over 40% of Americans believe that "almost all" the 9/11 hijackers were from Iraq and that Saddam Hussein was responsible for their actions. President Bush's speech mentioned 9/11 more than half a dozen times, even though he was nominally explaining why Iraq and Saddam Hussein needed to be taken out.
It'd sure be nice if people did some comparison shopping, checking prices and quality before they bought into their political views.
If current conditions persist, I can see the beginnings of a vicious feedback loop, where more vehement anti-American sentiment causes more terrorist actions, which in turn, can be used to sell more overseas military ventures which will reinforce those anti-American sentiments even further.
Reminds me of some small corners of U.S. history, such as the contention over where to draw the boundary in the Pacific Northwest.
In the U.S., a lot of indignant fellow Americans distilled their argument into the ever memorable slogan:
There was also some earlier attempt to invade Canada under the pretext of attacking the British. It didn't work, from what I recall.
Absolutely.
SCO has a much stronger case than most people realize. The proceedings will take IBM and the rest of the open source community completely by storm.
To wit, when their lawyers reveal specific lines of code from the linux kernel that are absolutely identical to what is in the SCO code base, a jaw-dropping silence will overtake the courtroom.
Your honor, may it please the bench to observe Exhibit A:
and there will be some additional fearsome evidence where loop variable names were changed from i to j.It's little wonder that the lawyers from IBM are so nervous.
Exactly.
Walk into any shopping mall, find where they sell CDs, for almost $20 a piece, look who's buying them, how they found out about them, and you'll start to get the picture.
You'll get an even clearer picture if start asking the people manning the store if they'd be willing to sell some copies of your garage band's latest CD.
In the same way, flavored sugar water of a few particular brands is sold in the supermarket for incredibly high markup. Great-tasting, lesser-known off brands are sold in lesser volume for higher prices than the big name brands.
There is a market for shelf space (slotting fees) that is not a paradigm of the best features of a free market in action.
With the recent adoption of the iSCSI standard, I'd expect to see a lot more inexpensive network storage solutions from commercial providers RSN.
If you have to have it now, then you have to have it now. But if you can wait a bit, you'll probably get a lot more for your money in a few months.
Damn straight.
That's why I always quote my gasoline mileage in inverse acres.
Has anyone here used any of these high res projectors to put movies and TV in their homes?
[I'm not talking about rear projection TV's, but rather where you hang one of these down from the ceiling, point it at the wall/screen, and get a big picture.]
My brother had a friend that said it works great, but had two drawbacks: price was still kind of high, and you had to tolerate the low ambient lighting necessary for the projected image not to appear washed out.
You make a good point. MyCorp has a group that does this kind of testing, too.
It's one thing for MS to bring out patches and to test them with a handful of recent applications. (Lessee, works with the latest IE, Office, IIS, - I think we're good to go!)
It's a local burden most companies face, using a range of applications and systems, testing the exact same patches to make sure they don't inadvertently break an important local application.
I have to believe that if MS made good, hard, well-defined, well-behaved, well-documented interfaces in their software that needs for local patch compatibility testing would be less than what they are.
They are both fully documented,
Uh, excuse me, but if the formats were fully documented, then why did reverse engineering of MS Office file formats even need to be done?
From what I understand, there is a signficantly large mysterious black box called Word that transforms these "documented formats" into displayable form on screen or to paper. That publicly documented transformation of various flavors of .doc into displayed form is what's missing for Word users and it's what can be found by examining OpenOffice source code as much as you like.
Using OpenOffice doesn't make you beholden to a large corporation; Sun can't hold your document hostage by saying that you have to run OpenOffice and you can only do that on Sun's operating system.
If you don't like the direction Sun is pushing OpenOffice with its StarOffice work, then you're copy the entire source code base and start making MoreOpenOffice even better. Shoot, if you have great ideas for improving OO and present them to the OO developers, they might even help you do it.
I'm all in favor of these things getting fixed so I can run the new 2.6 kernel.
Any, uh, realistics care to venture when all this might be done?
easy to take care of. Simply make sure no one has physical access to your keyboard. It's impossible to install a keysniffer on a keyboard that you don't have physical access to.
Yes, but.
I'm probably not the only person that feels their PGP key provides significantly greater protection than the lock on the front door of the house.
If I lock my house and activate my cheapo burglar alarm, that will prevent most unauthorized access, but is insufficient to deter an expert with more resources intent on installing a keyboard sniffer. It's an arms race where anyone with lesser money and knowledge is at a severe disadvantage.
Physical access is now the weaker link since PGP (or GPG) is readily available for negligible cost.
I certainly don't have the kind of money available to bring up the security level of my physical perimeter to the same level of security that PGP provides. I have some knowledge, too, but since I have to work for a living I don't have the kind of time it takes to become an expert on physical perimeter protection.
In New York, I've had cabbies pull over and ask if I wanted a ride when I was just standing there.
I don't know if it's true anymore, but it used to be that the number of taxicabs in New York was artificially capped.
Getting into the business required that one purchase a "medallion", whose price I had heard was about US$100K. (Sounds a lot like the market for liquor licenses in many places.)
The pressures of this distorted market resulted in the rise of alternative "limousine services", IIRC.
Disney can do just fine by re-releasing it's old stuff in newer formats, even digital video.
As a corporation, they're pretty greedy and paranoid, but the fact is that people will buy Disney DVDs even if they own the VHS tape of the exactly the same movie.
Later, when HDTV's start becoming really popular (i.e., when their price dips below about $1000) and we all gripe about crummy 480p output from the back of the old DVD player, a new, higher resolution format will become available, and people will flock to stores, snapping up copies of Snow White for a third time.
As long as the price of the media isn't too high and as long as most houses don't have bidirectional high bandwidth connections, this business model will keep them and other movie producers in cash for years to come (but not decades).
With regard to any great new MS technology:
You can play with it earlier, but you'll be a beta tester, helping to iron out bugs, performance bottlenecks, desperately needed new features, etc.Some people like living in that world for the rush, some people don't have the patience for it.
Despite all the spam and trash on usenet, there's still a lot of good questions that get answered there.
If I've got a questions about weird new hardware that I'm thinking of buying or have already bought and am trying to get work under Linux, then I frequently go over to Google Groups (fka Deja Gnus) to see if someone else in the world has worried about the issue before. Often they have.
But I do worry about who and where are the sites willing to archive usenet, because that archive is genuinely useful, despite the high volume of trash that gets in it.
Another thing, of course, is that giving out your real email address on usenet invites spam, so I lose some touch with individual responses to questions because I don't always check my throwaway free email account for responses to questions I pose on Usenet under a pseudonym.
Ironically, the one-on-one responders with answers are probably using their real email addresses, but don't want to post them to usenet to minimize their spambot exposure.
might provide a bit of tweaking to get the game to run under WineX
With only about 5% of the market, (Apple, anyone?), the developers will devote about that much concern to whether their games will run under WineX.
But if WineX comptability is even on the radar, that's a good thing.
And if some company in Taiwan releases a very inexpensive PC-like box for gaming via WineX, a box that sells millions of units, then the future of WineX compatibility is assured.
It's a long way off, but a great milepost metric for real success of WineX would be if game developers started to badger both MS and WineX developers to get together to advance the APIs; maybe even MS would lower itself to devoting manpower working on the WineX codebase. Not that I expect all that anytime soon....
Quoting from the bit torrent faq:
It seems like introducing a new service with new ports is kind of a big step to take for Mozilla from that standpoint that users behind NAT and proxies will have difficulty using it; the use of variable high number ports for service sounds a lot like what the X windowing system does - dunno if anyone has tried to push "x://" URLs:)
OTOH, if someone does integrate BitTorrent into Mozilla and the service starts taking off in popularity (could see this happening), then the NAT proxy tools will be flexed accordingly so users demanding the service can be satisfied. If BT's there and unused, then it's no skin off any user's nose; if the Moz networking code jungles become impenetrable because of the addition of this P2P protocol, then maybe that suggests some overall redesign may be in order.
It's silly to still be manacled to this outdated, ridiculous technology.
Yes. Right. Absolutely. Correct.
In real life, though, when your computer starts to sink beneath the waves, when you're almost ready to believe you have bad hardware, you'll grow to love that manacle to the life preserver floppy.
It's an ugly piece of trash, to be sure, but it does float.
A few years ago Sun was touting various sizes of Java, including a JVM that could be run in something as small as a smartcard. I don't know what the prices of licensing a commercial JVM for your application, but it's possible that a free one might work if you you're willing to take some lumps in footprint, performance.
ssh has the advantage of having very little setup and is uber portable. problem is, you can't encrypt an entire line easily,
The cheapo VPN solution that springs to mind in this case is something like running PPPoE on the ssh connection like this.
I haven't done this, so I don't know whether this is easy or hard to setup. Someone here must know.