496 posts • joined 12 Mar 2007
No way to force?
"In all cases, however, an attacker would have no way to force users to visit such websites."
What about compromised sites?
What about sites with flaws like cross site scripting that allow insertion of code or redirects to other sites etc?
There's plenty of ways an attacker can get their exploit code to your browser...
A windows version for arm will be just like windows for alpha, ppc, mips and ia64... Absolutely useless because there will be little or no native software for it.
Most applications for windows are closed source and will be compiled for x86, so you won't get them running on arm.
You would probably be able to get open source server software running on windows/arm without too much difficulty, but virtually all such software also runs on linux and has already been built for linux/arm.
Linux/arm is also tried and tested, whereas windows/arm is new, and you also have no guarantee it wont suffer the same fate as the other non x86 versions of windows and get abandoned in short order.
Re: Microsoft embracing Linux?
But what are the percentages for amazon and google? I would imagine most people intending to deploy linux based servers would specifically avoid azure, so it should have a much lower percentage than other providers.
Re: Is it so confusing?
The windows brand and the false idea of a "unified platform" was poisonous for the old windows mobile (and windows ce)... I knew many people who bought them under the false belief they would be able to run the same programs as their windows desktop as thats what much of the advertising implied. Needless to say they were severely disappointed.
Well if everything is in the cloud, it doesn't matter what your client device is... Thus a cheaper client device running Linux is a no brainer.
Aside from that, many hosting providers charge per port so having lights out on a separate nic would increase hosting costs.
Most IPMI controllers let you tag the traffic to put it on another VLAN, but again that depends on the hosting provider to configure their switches accordingly and in that case the host itself can still access the VLAN in question so if you compromise one box you can start attacking all the other IPMI devices (which are likely to be even more badly configured on the assumption they cant be directly reached from the internet).
Also if you have a box hosted far away from your physical location, having lights out is absolutely essential incase anything goes wrong... Most hosting providers offer a remote hands service but they are expensive and often not very capable.
Re: Don't forget the design
The problem is that a complex permissions system means that many people don't know how to use it, and most of those that do can't be bothered to do so.
For most use cases the standard unix permissions are not only more than adequate, they are also easy to understand and easy to manage. There's a reason that very few people enable the more advanced ACLs.
Re: Don't forget the design
Even if you remove the "gui", your just removing the frontend management programs, the actual graphics stack is all still there and used to display a command prompt in a movable resizable window. Your not truly running without a gui, your just running with a crippled one. It would be like running X11 on linux with a basic window manager and then only using it to run xterm.
Re: Sorry: Not impressed with aircraft industry rants
Licence enforcement code
Another example of where licence enforcement code causes a denial of service to paying customers... All of this licence enforcement crap is basically companies distrusting and screwing their own customers, these functions provide no benefit whatsoever to the actual customers and they don't harm the pirates who will simply apply a crack to remove them.
The fact that companies will go to significant extra effort to implement functions purely for their own benefit and to the detriment of their paying customers is ridiculous. If only they spent that time fixing bugs instead.
It's the so called "victims" that need to toughen up...
What ever happened to "sticks and stones may break my bones but words can never hurt me". We were always taught to ignore verbal/written taunting in school as it was harmless, and the same with anything said online - someone insults you, insult them back or ignore them. It's not worth expending any effort, if the most someone can do is write something offensive about you from behind a computer screen then they really are utterly harmless.
For most people, the "windows" branding is toxic, it brings up associations with an unfashionable, boring and unreliable product that is only really tolerated because most people are unaware that anything else exists in its core market.
Re: How about ....
This is mostly what's happening, gradually...
Most new applications are browser (or at least java) based these days, and will usually run on linux even if they don't officially support doing so.
Once you have cross platform apps, the client lock-in is gone and you can choose the client devices which provide the best value on a level playing field - there is very little if any reason to choose windows in this situation.
Phones are reported stolen more quickly because they are used more frequently... You only look at your card when you come to use it, which could be several days apart depending on how busy you are.
And ofcourse with a system like this, the thieves can just steal your phone and wallet at the same time (which many probably do already if they can).
Account lockouts are a bad thing, if you implement them then you open yourself up to malicious parties who will intentionally try to get all your users locked out - causing an absolute nightmare for support.
And account lockouts will be ineffective at stopping account compromises... As pointed out, lots of users have very common passwords like "password", so rather than try thousands of passwords against 1 account a hacker is going to try "password" against thousands of accounts and in doing so won't trigger any account lockouts because he only makes 1 attempt per account.
BT were one of the pioneers of ipv6, they even used to run a free ipv6 tunnel service a few years ago... I wonder what's happened since those days.
Access to data
"no Google staff would be able to access the data"
WTF? of course they would! how naive are people?
Just because no member of google staff would have an account on the frontend application that's typically used to access the data, doesn't mean they don't have administrative access to the underlying server on which the data is stored or even physical access to the servers/drives its stored on.
It is obvious that any number of google staff could gain access to the data if they wanted to, and to claim otherwise is ridiculous.
Any gains he made might have occurred in the most recent tax year for which he hasn't filed yet... And even if he does, he would also be able to offset the losses against anything he made, so he might even be down overall and thus not liable to pay any tax.
Because MS always seem to get a free pass...
Any other vendor with such onerous licensing terms, poor security and dangerous level of lock-in would be excluded from any remotely sensible tendering process.
Various security standards have over the years been relaxed to accommodate MS, and in some cases actually require non-ms systems to comply with a much higher standard.
Kids will learn better when they are motivated, and are learning about something they are genuinely interested in...
That said, learning the basics of coding is really just an extension of maths and language.. And while the majority of people will never use these skills once they leave school, the same is true of many other subjects.
On the other hand IT related teaching is badly in need of reform... Teaching kids how to use specific versions of mundane applications is extremely counter productive. By the time they leave school the software they have learnt will no longer be in use having been replaced by newer versions or even by something else entirely (when i was in school we were taught wordperfect for dos).
What's needed is to teach general concepts in a multitude of different applications, so that people can easily adapt to different applications.
Re: ...they can be persuaded to switch to a Mac
Simple tasks like writing an occasional letter is all 99% of people ever do, why would they waste 300 for msoffice when libreoffice does the job for free?
Vulnerable behind the firewall
Most organisations are like this, they use the firewall as their one and only line of defence against external attack, and do absolutely nothing about internal threats. Once you're behind the firewall at 99% of organisations you can rip through the network trivially.
And this is EXACTLY why these documents should be preserved in fully documented file formats. Storing them in proprietary formats is extremely dangerous, as you have no control and no way to properly diagnose any corruption that might (And does) occur.
The idea of using PDF isn't for making content impossible to edit, in fact that's an impossible and therefore pointless goal, as there will always be ways to edit data.
The purpose of PDF is for data that isn't intended to be edited, and thus the format doesn't include metadata that is unnecessary for simply viewing and is only useful if you want to edit. A similar analogy would be providing the document on paper, or providing a program in precompiled form.
Re: Lessons learned
The postal system is also unreliable, and i have had various things not turn up over the years...
But the fact is you know your bill is due every month, so if you don't receive a statement you should have noticed this and contacted the bank to find out why.
Re: Dedicated mining ASIC chips etc won't crack passwords without modification
// The real question is how secure is the authentication DB on an AD server...
Not very... and windows passwords don't even need to be cracked, you can authenticate using the encrypted hash without ever knowing the plaintext.
You have it backwards, only geeks need a full OS...
For the average user, a minimal system controlled by someone else (ie someone actually technically literate to manage a computer) is what they need. End users don't want the complexity or risks involved with a full blown OS, they just want to get stuff done. This is also why ipads and games consoles are popular.
What we do need however, are alternatives to chromebooks which aren't controlled by google (but are still controlled by someone, since most end users are not capable of managing their own internet connected computers).
Re: Verizon USA knows your passwords
Several memorable words strung together is relatively easy for a password cracking tool with a dictionary, have a look at the -rules option of john the ripper for instance.
Mozilla CTO Eich: If your browser isn't open source (ahem, ahem, IE, Chrome, Safari), DON'T TRUST IT
Re: Open source is safe...
Nothing is safe...
Open source has a better change of being safer than closed source.
Nothing is perfect, but i'll take the best available option.
Re: Translation from MS speak
I still use 'xv', which was written in 1994... Because it comes with sourcecode i've been able to compile it on everything from ARM or SPARC based linux to x86-64 based MacOS...
It does what its supposed to do, and is fast and stable. The only patches i have on it are patches to support newer image formats which didnt exist in 1994.
Re: Laughie Charlie Translation from MS speak
There isn't much availability of ARM in the server market, believe me i've been looking...
I can buy a proper 1U x86 box with a quad core cpu and lights out management for a few hundred, for ARM i have a choice between phones, dev boards and expensive boxes with lots of cpus from the likes of calxeda. Where are the sub £1000 1u ARM rackmount servers?
IA64 had pretty good Linux support, and if your workload was entirely based on open source software then there was no technical reason you couldn't run it on IA64... If you depended on any closed source software then IA64 was typically not an option, as most closed source vendors would typically not port their stuff to IA64.
The problem boiled down to price, all of the IA64 hardware that was available cost more and consumed more power than comparably performing x86 and x86-64. I would have seriously considered IA64 for my workloads had it been price competitive with x86.
For ARM this doesn't need to be a problem, if they can make servers which are competitively priced then they should sell just fine.
X11 only has any use if you're using a unix system as a workstation, which is actually pretty rare... Most unix systems are used as embedded devices or servers, and are unlikely to be running X11.
Also, how would an unprivileged user introduce an arbitrary BDF font to the X11 server?
Re: IT security? Ha!
Regularly changing the password can often be detrimental...
Chances are the root password for suse and mysql cannot be directly used externally, SSH is likely configured to disallow root logons and mysql is often configured not to allow remote connections, making the root password only useful if you have physical access to the console or access to an unprivileged account that is able to run 'su'...
Similarly if using modern hashing its unlikely a 12 character password will be cracked unless its dictionary based, and thats assuming you can get a copy of the hashes.. If you can get the hashes you usually already have root, but people reuse passwords across multiple systems and hashes can sometimes be lifted from backups or installation images.
If your password is complex and rarely changed, people who need it can remember it...
If your password has to be changed regularly, then people are unlikely to keep remembering new random passwords, instead they will cheat - either using simplistic passwords (dictionary words, formulaic and predictable passwords etc), or write their passwords down. Most companies require users to change their passwords monthly, and huge numbers of those users use a dictionary word as their password with a number on the end that either relates to the month/year in which the password was set, or simply increments with each change.
Personally i never change the root passwords on my servers either. To use them you need physical access, all remote access is via SSH with keys.
Re: So ... hardware manufacturers are now openly telling Microsoft to get stuffed
It was Microsoft who placed restrictions on netbook specs, not Intel... If your hardware was above a certain spec you were charged full price for windows instead of the cheaper netbook version.
Intel would quite happily sell you any spec hardware you wanted, and would prefer to sell the higher spec components.
Re: Google doesn't spy, it gets to know people
Only they don't plant tracking devices into their pockets, they make tracking devices available which people then choose to put in their pockets.
For every google product available, there is one or more viable alternatives. I don't like their information gathering business model either, but i know that i can avoid their products and suffer no ill effects.
What's more i can even use some of their products while explicitly avoiding the information gathering aspects, e.g. third party builds of android and chromium to name but a few.
I too use unique email addresses, and often meet with disbelief when i attempt to contact those who have leaked my address to spammers...
What we need is a common forum where we can report sites that do this, perhaps they would be forced to listen if a large number of people complained about the same thing and named&shamed them in a public forum.
A console doesn't need to be as high spec as a general purpose system, although the idea of steambox gives up some of the traditional console advantages in favour of flexibility...
On a system which is designed solely for gaming, you won't be running all kinds of other cruft in the background so at the very least you need less memory, less cpu and less disk space. It's also likely that SteamOS, although linux based will be significantly stripped down to remove things which are not necessary for gaming - similar to what MS have done with the xbox.
Ofcourse on a traditional console the hardware is static, so you can do away with the overhead of an OS and driver layers entirely. Many Amiga games did this because performance was significantly better, and AmigaOS is considered extremely lightweight and efficient compared to modern systems.
Re: lost the plot
IA64 was killed by closed source software... If you were running all open source code they actually ran quite well, i had a couple of them running linux and all the typical stuff compiled and ran on them just fine.
If Intel were to introduce a new architecture aimed at Android, ChromeOS or Linux it would have a much better chance of succeeding as not only could Intel port these systems themselves instead of relying on someone else, but most of the existing applications would run with little more than a recompile anyway.
Arguably Intel should come out with a new architecture, the legacy baggage of x86 is a millstone around their neck such that even being a step ahead on fabrication tech they are still having trouble competing with arm. If they were to come up with a new architecture designed specifically for power efficient applications they could easily get themselves ahead of arm.
x86 is only beneficial for users who are stuck with a lot of legacy closed-source code...
Linux and other open source is architecture agnostic, we used to run linux on alpha when it was the fastest available, and we run linux on arm or mips now for low power systems.
It was closed source code above all else that killed itanium... Linux runs quite well on it, but windows as a joke - the core os would run but you had virtually no apps and 99% of windows apps dont come with source so you cant recompile them yourself.
When it comes to content creation, Apple are a big player... Wintel is mostly relegated to boring business desktops and gamers.
A big shake up will happen sooner or later, the idea of an extremely complicated system like windows being used by average users is ridiculous... Why should users be expected to manage updates for a myriad of different applications, maintain antivirus and firewall rules etc. Non technical users are better off with walled garden devices like ipads or chromeos devices.
Even business desktops will eventually ditch windows, once there are a large enough set of users running non-ms tools then interoperability becomes essential, at which point the only real advantage ms ever had is gone... If they're no longer locked in, very few businesses will choose expensive, insecure, unreliable windows, and will go for something else install - probably linux.
Indeed they did...
They removed the otheros option through an update, and in doing so if you had already installed something you lost access to all your own data too (it was still there but you had no way to access it). You then have a choice between not updating and being able to keep the os you installed but not being able to connect to psn or play any new games, or update and lose access to the software you had installed.
Re: What a bunch...
The assumption is that if you're in zone 1 you're either extremely rich or running a business, and should therefore be going for business class leased lines instead of consumer grade connections like DSL. Zone 1 is a complete ghetto as far as consumer level broadband goes.
Media tends to be massively overpriced in Australia compared to other countries, and then there are artificial barriers in place to try and prevent Australians from buying cheaper copies from foreign countries. Is it any wonder then that people are pissed off and turn to alternative sources?
Screw your customers and they will stop buying your product, and if they cant get it from other sources they will do without it at all rather than feel cheated by exorbitant prices.
Re: I guess the issue is.....
You don't sell or rent ip addresses of either the v4 or v6 variety, doing so is explicitly against the ripe rules... You can only charge a one off "admin fee" for provisioning the addresses to the customer.
What did these developers honestly expect when they developed for a proprietary API locked to a proprietary service provided by only a single vendor? And now they are reduced to getting down on hands and knees and begging that vendor not to screw them over.
If you'd made SIP compatible devices then they would all still be working and you'd have literally hundreds of providers to choose from too.
I have always avoided skype, and this is one of the main reasons why.
nobody complains that iPads can't run OSX software
Apple never did anything to make people believe that the ipad would ever be capable of running OSX software, it was always a standalone product with its own identity.
Anything branded as "windows" will cause people to believe that it's compatible with other products using the same branding, which causes disappointment and/or anger when users find out thats not the case.
Re: Windows RT
Windows RT is to iOS as Windows is to Mac OS - with one very important difference - BRANDING.
The "Windows" brand is associated with desktops and a large block of existing software, something with the same brand but no compatibility results in angry users who can't run their existing apps. iOS may be based on the same kernel as OSX but it never did anything to imply any level of compatibility between the two.
Similarly, the "Windows" brand is toxic, it's not popular its simply ubiquitous, people are stuck with it and aren't aware of competitors in its core market, once you take a toxic brand to a market where it does have visible competition people will try to avoid it.
Stick with watermarking
They should stick with watermarking, and ditch the attempts at encryption and access restriction...
Let me watch content on any device i choose, let me exercise my fair use rights, let me make copies for personal use, let me format shift etc...
Stop screwing over the users, and the users will feel less inclined to screw you back.
Only if you are counting from 2005, you could not have purchased a mac in 2005 which would still be capable of running the latest version of OSX... You would have bought new hardware at least once in that time, which would have come with a then-current version of OSX anyway.
- Comment Renewable energy 'simply WON'T WORK': Top Google engineers
- Useless 'computer engineer' Barbie FIRED in three-way fsck row
- Game Theory Dragon Age Inquisition: Our chief weapons are...
- 'How a censorious and moralistic blogger ruined my evening'
- Amazon warming up 'cheapo web video' cannon to SINK Netflix