1122 posts • joined 23 Apr 2010
Re: You can sell anything to the young
Re: Rubbish web sites
I suspect that many will have forgotten the really rubbish websites that the bright young things were putting up in the late 1990's - yes some were really cool, however many were only loadable if you were attached to the same LAN (ie. had a 100mbps connection) - something that wasn't easy when most users had 28.8kbps dial-up...
Re: Can I quietly end it all? @Jelabarre59
>MS needs to completely kill Win8 and just re-release Win7.
There are some and may more once the fun and games of Win 8.1 Update get out, that will be demanding a re-release of XP (32-bit with 64GB memory support) ...
Re: Can I quietly end it all?
So if I understand it correctly, those members of the public who have gone out and purchased shiny new systems with Win8.0; will, come May-2014, be only marginally better off than those who ignored MS and stayed with XP which has only just dropped off support (Apr-2014) !
This is because MS have refused to distribute the free Win8.1 update released in Nov-2103 via the Windows Update service - only making it available via the Store (given the size I'm sure many people are glad of this). Said update seems to be a necessary precursor to being able to install the new "Windows 8.1 Update" via the Windows Update service. So these people who in their ignorance have left Windows Update to run automatically, thinking it will keep their system uptodate, will no longer be receiving updates post May-2014 and assuming they have no problems will have no reason to install the free Win8.1 update before the Nov-2015 cut-off.
I wonder whether MS are going to publicise this cut-off to the same extent as they have with XP's end-of-life (ie. both iin the media and via informational updates like the "Windows XP End of Support Notification" (KB2934207)...
Re: Long term support - provided you don't change anything.
Agree whilst LTS is to be applauded, 3 years (desktop) and 5 years (server) isn't really long-term, particularly as back in 2012, RedHat and Oracle standardised on 10 years; but even these aren't really in the same space as IBM with AIX...
Re: Well... @Aqua Marina
I assume that you've also implemented test system(s) that get updated before the end user base, just so that they don't hit by a similar MS mistake (remember the fun and games of Win7 and the postSP1 hot fix that needed to be installed prior to installing SP1...).
Whilst you may be feeling put out about what you and your department had to do, be thankful that the FD (and others) may appreciate you a little more.
Re: @cornz @ShelLuser
Much harder is to sensibly configure XP to handle the lack of updates.
Turning off Windows Update, means that MS Security Center constantly posts a red notification in the taskbar that Windows is insecure due to updates being turned off.
Short of stopping the MSC service I've set MSC to notify user but not to download any updates, as this mode seems to keep it happy and prevent the accidental installation of any future 'updates' such as KB2949787.
Another service that is having problems with the end of support for XP is Secunia PSI; it doesn't really give an option to ignore this security warning.
Open Source Funding...
What seems to have been missed in all this is how open source projects are and should be funded.
According to this BBC article "Heartbleed fallout may 'slow' browsing speeds" (http://www.bbc.co.uk/news/technology-27035072 ) "Annual donations [to the OpenSSL Software Foundation] typically amounted to about $2,000 (£1,195)"
So I would agree we need to find a better way of funding the original development and on-going maintenance of open source projects than we have at the present. Funding a 'jackpot' for bug finders without rewarding original development contributions is sending the wrong message, namely the ability to develop good bug free code is of lower value than the ability to break such code.
Re: What's the point? @Vic
Should of used the term "critical" rather than "major" which as you rightly intimate implies large enterprise.
Basically for enterprises with IT departments - who can administer things you are right. However, for smaller multi-site businesses DynDNS is a quick and reliable way of doing exactly what you say.
Re: Do they support the dynamic portion? No @AC
So AC, you've established a potential cost floor for a dynamic DNS service, how about establishing a selling price. Clearly there is much room between your 6.12 USD and DynDNS's 25 USD price - so an opportunity for you to make some money - either by selling the service or the parts for DIY... :)
Re: @Lost ... @big_D What's the point? @Frank ly
>"I do always carry a mobile phone and have a subscription to a recovery service, which is much more useful"
That number is the telephone equivalent of a dynamic address - that's how your call can be routed to a call centre in Scotland (yesterday), India (today) and Wales (tomorrow) - you don't care which telco is routing your call, neither do you really care where the person answering it is located, just so long as they get a man in a van out to you (where ever you happen to be) within the next hour.
Re: What's the point?
For many businesses a static IP address is supplied by their ISP: change ISP and you have to change your static IP address...
Having set up major IT systems to use a static dynamic domain to connect to each other rather than an IP address or the domain tied to that IP address, means that changing ISP's and generally messing around with connections such as alternative routing or relocating key servers is much much simpler. For this I happily recommend client pay what is a very small fee for the convenience.
Putting to one side the issue of a late migration from XP, I suspect the main reason both the US and UK governments have done deals, is that they need to have the option to call upon support IF anything actually goes wrong, before the systems are swapped out. It would be very embarrassing if they didn't have support then a service outage happened due to a major previously unreported hole in 2003/XP et al. ...
So I suspect the reason governments and major users are signing support contracts is more for reasons of security and insurance rather than because they believe they are really necessary. Obviously the cost of the 'insurance' is such that it is encouraging these major customers to give priority to migrating away from XP.
Re: Coined the term iAnywhere?
Sybase got there years ago...
Interestingly, the concepts behind "Apple iAnywhere" have already been demonstrated with Android/Linux. This doesn't mean that the Apple implementation won't get attention and create a market.
Re: Even worse than I thought @btrower
Whilst you make some good points, there is a balance to be struck between security and utility. Currently we know that 128~256 key encryption is very secure and reasonably performant -ie. you can use it for SSL etc. (yes I know it wasn't that long ago that computing power made shorter keys secure, hence it is probably only a matter of time before longer keys are talked about). The problem as you indicate is the security of the key's themselves.
What this exploit reveals is that whilst care has been taken with respect to the encryption of communications, little care has been taken over the handling of the keys themselves. In some respects the OpenSSL vulnerability reminds me of a security office where normally only security personnel enter, but the door isn't locked and the keys are just left on the desk.
Re: Even worse than I thought
The OpenSSL vulnerability/exploit shows why you don't use the same physical hardware to handle the encryption/decrypt of data streams with different levels of security.
Key length is irrelevant to this, if the key is in memory then it is possible to grab it.
Re: Few clients are vulnerable
>IE, obviously, isn't vulnerable
Just because it doesn't use OpenSSL libraries doesn't mean it isn't vulnerable to this attack vector.
Not knocking MS, but it is worth noting that without testing we don't know if third-party (ie. non-OpenSSL) SSL implementations are vulnerable to this attack. Otherwise good comment so up voted.
re: Never understood why malloc ... didn't nuke the memory area by default
Your forgetting that it is only in comparatively recent times that CPU cycles have been plentiful on some systems. Zero'ing memory was a nice to have but impractical outside of the test lab when workstation cpu's typically ran at sub 12.5MHz...
Re: My thoughts exactly
Just think what would of happened if this vulnerability was discovered in XP and WS2003 - IIS 6 ...
Bet MS are (in some respects) kicking themselves for not providing a real reason to get companies off 'unsupported' products....
Re: OpenSSL is open source, most financial institutions don't use open source encryption.
>IIS is immune to this attack
It doesn't seem to be quite so clear from various IIS forums...
Whilst IIS doesn't use the OpenSSL libraries, there seems to be a little uncertainty as Win 2008 IIS7 - SSL is being reported as being vulnerable, whereas Win 2012 IIS8 - SSL isn't.
To me this is one of those reasons why we need independent test labs who run specific suites of tests and award test pass certificates. Whilst this doesn't mean the code doesn't contain vulnerabilities, it does mean that known vulnerabilities are not re-introduced. Which is the real worry as whilst we can be sure that v1.0.1g doesn't have this vulnerability, there is no such certainty over future releases.
Re: patches and version numbers @AC
Are you sure the platform you've migrated to isn't using OpenSSL?
Worth testing your servers (web, remote access gateways etc.) against: http://filippo.io/Heartbleed/
Just done this for a couple of clients who permit SSL remote access to their systems, but don't run *nix
Best to be sure you're not vulnerable...
Re: Garage PC
Good list of key security measures here: http://www.tomsguide.com/us/10-tips-safely-run-windows-xp,news-18571.html
Re: Garage PC @LDS
>Give admin user a "complex" password that you can remember.
In the context of the garage, the important thing is that this password needs to be kept safe and accessible, so that it is remembered for periodically use but also is not so simple that users just get in the habit of using "run as admin"...
>Disable useless and unused services
Well two key services I suggest are: Windows Update and Security Centre.
Also do a final full update, confirm the system is stable and disable non-essential third-party auto updaters eg. Adobe Acrobat Reader.
Re: I agree entirely...but Norton?
>Surely if MSE is working as it should the icon should be green?
It is working! The icon is red because you are now running an unsupported version of Windows...
Personally, I would uninstall MSE and install a third-party firewall & security suite such as Comodo or Agnitum (both do freeware versions).
Additionally or alternatively EMET is quite a useful tool to help harden the system. Whilst it isn't the same as Deep Freeze, Steady State etc. it does enable you to force the usage of many security features inherent in XP...
Re: So, no more patches
>patches available from Windows Update?
This is a big question. I suspect (based on previous MS product upgrades) that it could be a year or so before XP updates (up to and including 8-Apr-2014) are dropped from Windows/Microsoft Update site. Future patches (we are told) will only be distributed directly to those organisations who have contracted for XP support and so won't appear on Windows Update.
Additionally, it may be several years before an XP system is unable to connect to Windows/Microsoft Update because of the products currently in support that can be installed on XP (eg. MSE and Office 2007) and hence MS will still have to honour these licenses. In fact I suspect that MS may use the auto update mechanism to send out periodic reminders to XP and Office 2003 users that they are using unsupported products...
Personally, I've used WSUS Offline to create my own set of critical updates, just to be safe. (Cumulative XP updates ~1.6Gb and Office 2003 (Word, Excel, Powerpoint & Access) ~1Gb). But then there are still all the non-MS drivers and app's...
Doesn't bode well for Jan 2020 when Win7 drops off support ...
But then as I've commented elsewhere, the more business minded members of the open source community really need to target this date for having a full suite of enterprise grade product offerings.
Re: Underlying meaning of the data ... @Khaptain
And strangely enough the majority of business'es do use *nix, but only a (brave) few on the desktop and hence it is largely invisible to the majority of employee's.
Re: You had a long and productive life
Well given the 50th anniversary celebrations around IBM's S/360, and Oracles commitment to Solaris etc. I think it is over egging it a bit to suggest Windows XP had a long life.
Re: Was IBM ever cheaper?
Good question particularly as we now have several decades of experience of 'cheap' computing and the current issue of vendor forced migration from Windows XP.
Re: "Windows XP is a thirteen year old operating system .."
>I am expecting Security Essentials for XP, which has had it's life extended for a while more, to start issuing dire warnings about every little thing it finds, just to increase the fear and uncertainty amongst the remaining XP users, to encourage them to change.
This has already happened to some extent, if you installed the March 2014 Security Essentials for XP update, as it will place a permanent reminder in the system tray that the system is out of date:..
Re: No doubt the conversation went something like this...
"Yes that's fine we can deliver 16,000 PC's by the end of March, however are you able to accept delivery and pay the invoice into our bank account before close of business on 5-April? ... what do you mean you don't have the facilities to unload the 30+ lorries and store the PC's..."
>"The BDUK process includes an open market survey asking for any (credible) privately-funded schemes before the intervention areas were defined."
Yes that was a joke!
In my area, firstly no one actually knew which areas would be in the BDUK area, because BT were the only one's who knew where they were/weren't going to commercially deploy broadband, so first obstacle to overcome. Secondly, the open market survey was quietly publicised on the County Council's BDUK micro-site which also was quietly launched. Yes the local BDUK group communicated with local councils, however, to many of these the communication was of little value unless a councillor had a personal interest in the matter, so nothing was communicated beyond the council... Also having registered with the local BDUK group (both as a resident and as someone with an interest in operating a privately-funded system), I've yet (and we're talking since 2011) to receive any communication from them...
As I've mentioned elsewhere, BT have in the last few months installed an FTTC cabinet next to my street cabinet and I've still not received any proactive communication and all information I have obtained has been because I've forced the issue.
No from what I have seen, the BDUK process was and is all about providing a veneer of respectability over the obvious allocation of government monies to BT.
Re: It's not only Microsoft
>"I guess there's also a lot of industrial handheld devices out there using PalmOS,"
Yes a client has a system based on Symbol/Palm barcode scanners (dates from circa 2000), due to their diminishing spares holdings they are now looking at replacement. Unfortunately I've yet to identify a candidate replacement end user device platform consisting of palm with docking/charging/modem station - it seems that whilst the technology is much more capable, in terms of usable functionality it has taken a major step backwards...
Provided I can satisfy the fundamental business requirements at a reasonable price, no one will complain what platform I select... Obviously the client would like to simply replace old Symbol/Palm devices with new, unfortunately Symbol stopped selling these back in 2007...
Re: It's not just Microsoft who end up supporting XP
>As a third party software developer, customers running XP is an additional expense for us. It means extra testing, having to find workarounds for APIs and technologies not supported by XP and adds a significant extra cost to doing business.
Firstly, the costs of supporting your software on XP are the same those supporting another platform - if you develop for say Win 8 64-bit then you will be incurring costs associated with supporting: Win8 32bit, Win7 32/64 etc.
However, with XP the question is why are you developing new stuff rather just supporting bug fix? An ERP vendor I'm familiar with, supports several versions of their product (basically all versions that their customers are prepared to pay support for). However, if you want to run their latest software with all the whizzy cloud bits then you have to upgrade... also they will do custom development if you really want your old ERP system to handle something new in the older version you are running...
Finally, there is no real reason why your release and support cycle has to mirror MS's.
RE: They could send it to a maintenance group in India
I suspect the outcome from the current negotiations between MS and the Chinese government, will be MS opening a Windows support centre in China...
Re: The main problem not discussed here is 'rest of the Microsoft business'
Good point, lets look at the 'rest of the Microsoft business', I suggest relevant products are those it targets at business/enterprise: BizTalk, SQL-Server, Dynamics etc etc.
and what do we see, but the same cavalier attitude to support and compatibility... Compare this to IBM and other reputable enterprise vendors who give notice of change, particularly about functionality that will be dropped in a future release...
"Microsoft's revenue is built on selling shiny new toys"
No only in the consumer/ 'Home' and micro business space, in the main business/volume space revenues come via Select and other annual volume licensing agreements.
MS's problems go back to the 90's when they decided to effectively only have one product for both the 'Home' and 'Professional' markets. As we've seen with Windows 8 specifrically, this strategy is now unwinding as they try and produce something "new and fashionable" for the consumer space whilst at the same time trying to keep it's bread and butter enterprise business customers happy.
Re: @ Flocke Kroes -- Wrong economics
"If I had a choice then I'd like to see at least one other company producing Win32/64 API compatible O/S products"
Perhaps it is time for The Open Group to update POSIX and add a Win32/64 addemndum...
Re: This is the fault of Trevor's clients @Doug S
>What does that have to do with this machine's apparent requirement for NETBEUI?
Probably because the original design of the machine's network interface dates from the 80's when NETBEUI was common (remember NetBeui was released by IBM in 1985; who were the dominant player in the IT market) and CIM was the big thing - in part because the cost of controllers fell due to the widespread availability of industrial 'PC' boards and also we were seeing the first real fruits of LAN standardisation.
As for using NETBEUI, I direct you at MAP 2.1/3.0 and the technical rationale for using a cut down stack - which the OSI purists objected to... With the demise of MAP/OSI in circa 1989~1990, the MAP alternative was never widely used or implemented, so given that PC's continued to support NetBeui why change, particularly as TCP/IP suffers from all the same issues as OSI in a single subnet LAN environment?
So NetBeui has effectively been around largely unchanged for nearly 30 years, not bad for a 'proprietary' standard.
Re: @A.C. -- Irrelevant Here. @Mpeler
"When the only choices out there are MS (with its MULTICS-derivative file system) and any of the *X's (with their MULTICS-derivative file systems), we're pretty much sunk until someone has the guts to come out with something completely new."
Yes, it is very interesting looking back and seeing that the MS and Unix juggernauts between them have largely defined what an OS is and how we interact with a computer. In some ways Steve Job's NeXtStep was possibly the last attempt at a different user desktop paradigm.
As someone deeply schooled in distributed systems I found it interesting comparing the first editions of say Andrew S. Tanenbaum's books on OS's and networking and his later versions, they nicely illustrate just how much we've been blinked by TCP/IP, Unix/Linux and Windows.
Re: Irrelevant Here. @LDS
>"Hope you paid for all those XP licenses..."
Well there are no indications that MS are refusing to take annual licence payments for XP (and other legacy products) from members of it's various volume licensing programmes...
The only issue I can see is if you are using systems with MS OEM licenses, as you may have licensing problems with 'repaired' systems, depending upon the extent of the 'repair'.
Re: Production Line
>with an expected lifetime of 20 years
Even back in the early 80's the IT industry had problems getting their heads around the concept of providing support over this period of time. Whilst MS offers longer support for Windows Embedded over it's desktop/server versions it still doesn't satisfy the user requirement; to do this MS would have to offer at least 25~30 years of support to allow for development and build which can take several years.
>If the line still works and makes the product, what company is going to blow another ten years profit on a new line?
Plus if they aren't building new premises, they will have to handle the non-productive time whilst the old production line is stripped out and the new one installed. Depending on the size of the production line, these activities could take a few years...
Re: Cannot believe it! @Version 1.0
Also not seeing it in either IE8 or Chrome on XP (using display/view source) ; signed in or not to LinkedIn UK; connections or un-connected profiles.
What I have noticed is that some contacts have included their email address within their published profile...
Re: Openness @AC
Know the feeling, I couldn't help but laugh at the sentence "The politicos recommended that the DCMS, which is headed up by Secretary of State Maria Miller, should work "urgently" with local councils to publish detailed mapping of their implementation plans. Searches should be made available down to full (7-digit) postcode level, they said."
In my area, BT have just completed the installation of a new (empty) green cabinet. The Parish council know nothing (even though they would most probably have seen the planning application), the local council also know nothing and the local DCMS project team/co-ordinators know nothing, beyond my village being in the 2014/15 plan, and naturally BT themselves are releasing nothing...
So I know that my village will be getting FTTC (I'm assuming BT wouldn't install an FTTC cabinet just for the fun of it), just no idea of when...
Re: Could competition have worked? @AC
>BT circuit is so contended we can't use Skype in the evening
Suspect that rural Norfolk isn't that well served and the only available LLU's are: BT, TalkTalk/CPW and Sky (the original Sky LLU, not the recently acquired O2/BE LLU). My preference would be to switch to a BT Wholesale Business broadband package via a third-party ISP such as Zen and attach a decent router (eg. Draytek) to make the best of the available line speed and throughput.
If line speed is sub 1Mbps then need to assess whether a second DSL line (and router that can simultaneously use 2 DSL lines) would be beneficial or if a 3G phone or dongle (with external antenna) is usable.
>How does this compare with the European allocation?
See table: http://en.wikipedia.org/wiki/List_of_WLAN_channels#5.C2.A0GHz_.28802.11a.2Fh.2Fj.2Fn.2Fac.29.5B16.5D
So it would seem that US infrastructure devices will be able to make better use of bonded channels than the EU and won't be restricted to indoor use only in the 5.150-5.350GHz band.
As for mismatches between infrastructure (access points) and client devices; with WiFi the client typically takes it's lead from the infrastructure ie. assume the infrastructure is using a legitimate channel, so the potential for mismatch is very similar to that experienced today.
From what I can see the changes aren't quite as limited as you indicate.
From what I can determine these changes now enable the use of channels: 34, 38, 42 & 46; removing a number of holes in the existing spectrum (see: http://en.wikipedia.org/wiki/List_of_WLAN_channels#5.C2.A0GHz_.28802.11a.2Fh.2Fj.2Fn.2Fac.29.5B16.5D ), so permitting channel bonding in this band.
Re: There are no secure tablets on the market.
Yes, Lenovo did get my hopes up when they brought out an Android-based Thinkpad Business Tablet, but then followed it up with everything Windows...
Re: Microsoft's influence within a private Dell?
>Tell me, if you think it's so obvious that these patents are simply an irrelevant shakedown, why did Samsung and Sony pay for them?
From the little that has been published, I suspect that these agreements are probably wider than just the subset of patents that MS deems Android to infringe and will cover both past, present and future possible infringements - hence why many would sign.
This would also fit with MS's reluctance to actually be too specific about which patents Android may or may not infringe. Google is probably big enough to force MS to go to court and hence actually draw up a complete list of patents it claims Android does infringe and once there force MS, under oath, to say the list is complete (ie. Android does not infringe any other existing MS patents), hence a reason why MS are reluctant to directly take them on.
Re: Not there yet...
I think also SDN is deliberately being obfuscated. Like networking was segmented wayback into WAN/MAN/LAN so SDN needs to be similarly subdivided.
Plus it is difficult to see and sell the benefits to a traditional smaller enterprise running mainstream n-tier enterprise applications in a "server room" rather than a data centre et al.
Re: You don't need anything, ...
>Anyone want to share anecdotes about bold but disastrous forays onto an alternative career path to balance the picture?
Well, my impression is that the author is currently in the 'honeymoon' period in a new job. From my experience I can fully comprehend the feelings of liberation etc. in leaving the corporate world and entering the 'heady' world of start-ups. However, from my experience the real challenge is what to do next, when the option of returning to the corporate world is no longer such an easy option.
However, given that we are both able to and being expected to work longer, a transition to an alternative career path is likely to become more common.