2200 posts • joined Monday 31st May 2010 16:59 GMT
Re: Mandatory add-on
Auto off, two factor to turn on? Biometric + passcode? So many ways to deal with a lost device, is the device is secure enough...
Re: While the article is technically accurate...
I seriously doubt the classified phone's target market is "the common man." It likely won't be as thin-and-light as the iPhone, nor quite as fast, as energy efficient, etc. It will be close enough for jazz, but a notable amount more pricy. Proles don't need classified smartphones....but the gov't, military, emergency services, etc markets for mobile comns are booming worldwide.
For those of you moaning about this "being an infomercial," how about you put your time where your trolling is, and tell me just who, exactly, you feel has comperable tech right now. I agree wholeheartedly that there are far better OSes than Tizen for this. I don't think Intel is going to push Tizen as their spyphone OS.
Tizen was a learning experience; the OS powering the eventual phone will - I hope - be made by Research in Motion. There are surely others that make the OS. What there aren't, are people with the right hardware, other than Intel. That will include writing secure firmware, even embedding new and interesting security into silicon than exists right now.
So...who else is doing it? Give me names, I'll go get interviews. Intel's folks seem confident they have zero competition here. I'm inclined to agree. You won't make the "secure" device on wide open hardware, just by trying *really hard* with the software.
A whole lot of other people are going to have to walk through that minefield before I spend my hard-earned on Microsoft's latest. I somehow doubt Microsoft has plans to be sending me a review sample, so the question is: which tech journalists (if any) do I trust to be capable of reviewing this thing objectively and have anything remotely close to my workflow and multitasking requirements.
I am coming up somewhat blank on that. Oh well, maybe next launch, eh, MS?
Re: Aliens done it.
Excepting that the gates contained various technologies to ensure that atmospheres (gaseous or aqueous) wouldn't pass through the gate. Smart folks those Alterra. Without this little plot mechanism, the entire "Atlantis" series would not have been possible. Every time they opened a wormhole to a space gate, Lantia's atmosphere would go roaring through the event horizon, dragging all the unfortunates in the control room with it.
I'd also like to point out that I do not qualify as someone who simply "dislikes change." I like change just fine...so long as that change is of benefit to me. More to the point, it is not incumbent upon me to go looking for reasons to embrace change. No money greases my palm to do so. Quite the opposite: I have a vested interest in getting the maximum possible return on investment from what I already own, and what I already know.
If you, Microsoft, Apple or anyone else what to impose change then you have to sell me on it. Convince me of the ROI in buying something new, in learning something new and in retraining the habits of a lifetime. Give me a reason to embrace a given change, one that can be objectively seen to benefit me, and I'll be all over that.
As one example related to Windows 8: I like Metro Start...I just don't believe it is an appropriate replacement for my Start Menu. I think it's a fantastic little launcher, and I truly adore live tiles. They are like widgets on my Android phone, but – if coded well – contain a higher information density. I would like to fullscreen the Metro Start application on it's on screen, where it could enhance my desktop experience by providing me more information at a glance without having to context switch.
The extant implementation of this technology however is non-optimal, thus I refuse to invest in it and I call for change. Interesting that; at least some of the people you label as "afraid of change" are in fact calling for change. Not for a return to what was, but for a modification of what is in order to better suit our requirements.
I'm not afraid of change, Mark. I'm just someone without an excess of it in my pockets.
So what, EXACTLY, do I want from Microsoft?
If Microsoft had a desire to shut me up, my "demands" are thus:
1) A switch in the operating system to restore the classic start menu and remove the hot corners. Simply licensing Classic Shell would do fine. Alternately, a legally binding commitment from Microsoft not to block Classic Shell from working at any point in the future (and ensuring the relevant libraries that Classic Shell relies upon are always present) is acceptable.
2) Either context-aware file extensions, or a simple setting that you can toggle which prevents any Metro application from binding associations without explicit permission. The goal is to have a "nothing jumps to Metro without my express permission" setting.
3) A legally binding commitment from Microsoft to maintain the Desktop in all future versions of Windows for a minimum of the next 15 years.
4) A legally binding commitment from Microsoft to produce a Desktop version of any primary software they produce for Metro. (Nobody cares about $widgety application. I mean things like Office, Lync, RSAT, etc.)
5) RDP support for Metro to be taken into consideration. Using Metro from RDP, Teamviewer, or any other remote-access or support application is horrific. Metro is a burden on support desk staff.
6) Revisiting touch queues to make them more obvious, or incorporating a "how to use Windows Touch" tour. "How to use Metro with a keyboard and mouse without going mad" would be great too.
7) Revisit how you "throw away" Metro applications with a mouse. It is counter intuitive and difficult for some people. (Older folks, those using trackpads who have motor control issues, etc.)
8) Fix Stylus support for Metro; it's pants. Specifically, I have an issue with the fact that you cannot drag the Metro screen around. Instead, you have to drag the magic, disappearing slider, and that doesn’t work well.
9) Provide a setting to make the Charms Bar a textual overlay with a transparent background. Big Black Bar causes context switching.
10) Let me "Pop Out" tiles and affix them permanently on the desktop, like widgets or active desktop items. Alternately, I would love the ability to assign Metro to a monitor as a FULL TIME application. Metro is a great launcher in a multi-monitor scenario, but Metro should be a desktop application, the desktop should not be a metro application.
11) Allow me to "Window" Metro applications. I don't care if they aren't resizable, but if I am eschewing Microsoft's "only 33/66 two things at a time" philosophy, I need a way to get at the soon-to-be-mandatory Metro applications in a manner that suits my workflow, not Microsoft's desire to sell more Smartphones through forced acclimation to a new UI.
12) Allow anyone willing to pay the fee to sign their application (because, frankly, if you are forcing a new walled garden UI on everyone, Metro apps should damned well all be signed!) to create a Metro app. That includes browsers and "applications which replicate core functionality." I don't care if you are Microsoft, Apple or Bob the Baker. Shut up and stop trying to restrict competition by turning away people who make a better mousetrap.
13) Alter downgrade rights to include downgrade all the way to XP. Application compatibility is still an issue for some of us. Many are dependant on applications from companies that have gone out of business, or don't have the wonga to re-purchase some $50,000 application that nearly broke the bank the first time. Alternately, take advantage of Windows 8's hyper-v to offer both "XP-mode" and "Windows 7 mode."
14) As per 13, if you don't want to offer downgrade rights all the way to XP, then allow the operating system to be booted directly into either the "XP-mode" or "Windows 7-mode" VMs that should be shipping as options with Windows 8.
15) Let me log on in a manner that bypasses Metro. Just dump me directly to the desktop if that is what I choose. I shouldn't have to see Metro if I don't want to. It should be something I choose to use. Frankly, if you do the things I've said above – like allow me to "pin" metro to a monitor, just as if it were a Desktop application – then I will use Metro. And I will use the start menu. Each has different uses for me.
There's more, but these are the big asks. You can now begin crapping on all of the above with your nose high in the air.
You detail how you use a PC, and champion your ability to adapt while simultainiously writing off anyone who might want to use a PC in a different fashion. I will direct my criticisms at who I damned well please; and frequently do. It's interesting to me that you claim such breadth of experience, and yet conflate "Linux" with Ubuntu.
Your argument is entirely anecdotal, based of your experiences and your experiences alone while simultainiously discarding the experiences and preferences of others. Does Windows' launching of an app full screen serve as a context switch? For me, it does. For others I know, it does.
Maybe we are the only ones on the planet for whom this is true; even if this is in fact so, by what right do you chastise us for seeking an alternative? By what right do you demean and belittle us for seeking to have Microsoft incorporate into their operating system options that accommodate how we work, how our minds have been trained to function?
If you like Metro, fine. Good on you. Go frolic and be merry. I don't; despite having given it several honest tries, and working with it for months.
Beyond that: get off your fucking high horse and look at the complaints being levelled and by whom. I resent the implication that I am singling Microsoft out for criticism. I loathe Unity and Gnome 3 and I could go on for quite some time about the "little things" in OSX that detract from usability. (Though, frankly, Mountain Lion cleaned up a lot of the mess Lion made.)
Apple isn't "trying to kill the mouse and keyboard." Quite the opposite, they are committed to keeping them as first-class devices, expanding their usability with the new interfaces whilst adding touch as an equal partner. Touch is non-requisite, but the keyboard/mouse are not either. In my opinion, Apple have managed the transition better than Microsoft has. The Linux teams aren't even close.
Does that mean that I rush out to embrace Apple? No. I may love OSX, but…I can't stand their keyboards. I just can't use them. My brain has used a PC-standard keyboard for nearly 30 years, and as a writer and programmer I require both a delete and a backspace button as separate keys. That "little thing," a design choice by Apple, is why I can't use their notebooks for prolonged periods.
I don't use Windows Phone or iOS; I eschew both for Android. Why? Because for me, the smartphone isn't just an appliance. It's a pocket computer that I use for many things. It is a USB drive, a mobile hotspot, a full-featured browser, an RDP client and a penetration testing tool. Things I simply can't accomplish without access to the file system, a promiscuous-mode networking stack and root on the file system.
The same goes for my PCs. I choose Windows XP SP3, Windows 7 SP1 (with classic shell) and RHEL/CentOS 6.2 (with the Cinnamon GUI) because they meet my needs. Nothing else does. I need to multitask heavily; it's how I get paid. I also need a comfortable and familiar environment where everything that I need to use is easy to get at and doesn't require me to context-switch in order to get there.
Maybe I'll be the last person on earth using a desktop-metaphor GUI for my computing needs. Maybe I'll be the last person on earth to use a computer where I can install any application I want, get complete control of the operating system, and live outside the walled garden of a vendor-provided store. I'm okay with that. I don't need to defend my choices to you or anyone else.
More importantly, I don't need to attack those who choose differently. That is the behaviour of one who has backed the wrong horse, or who is unsure of their faith. I don't believe in faith. I don't have faith in a god, I find it silly to have faith in a corporation.
What I will do is conduct business. Business in this case means using whatever means I have at my disposal to attempt to convince Microsoft to support my use cases. As my previous comments stated, I don't believe for a second that Microsoft will acquiesce. That isn't the point; the point is to join the chorus of the disenfranchised and make our voices heard: not by Microsoft, but by those who would compete with them. It is the corporation that provides me a computing experience that I want which will ultimately receive my investment, not a corporation that tells me I must adapt to them.
Re: Its a new paradigm
The new version is objectively "worse" for some people's work patterns. Don't give me any of that insipid bullshit about "it's just a replacement for the start menu." It's a hell of a lot more than that. File associations are another great example: many files open in Metro-only, even when launched from the desktop. This means context switching from your multi-tasking environment to a mono (or at best a dual)-tasking environment.
Maybe for you, this isn't a problem. Maybe for you it is even superior. If so, congratulations...and I even envy you! I'd love to be the kind of person who simply "didn't have a problem" with the shit being shoved down my throat. I, however, am not you.
Myself and many others do have a problem with Windows 8. It disrupts our workflow and makes us less productive. It provides jarring context switches when we really need to focus and doesn't allow us to properly multitask when we need to be keeping an eye on 10,000 things. This isn't just a start menu, this is the first broken step on the path towards a New Way Of Doing Things. One which goes against a lifetime of education and burned-in habits.
You can proclaim from on high that "the new way is better" all you want, but I have yet to see proof of this claim. I have seen some evidence that for some people in some circumstances the New Way might be better. I have seen zero evidence that it is ideal for all people under all circumstances.
So not including a way to say "fuck off Metro," bringing back a start menu, banishing the hot corners and re-mapping all the file associations to desktop applications as an easy, integrated option? That is Microsoft urinating on anyone who isn't the middle of the bell curve on the world they are trying to create. For that matter, there's no guarantee that Microsoft are going to keep the desktop around for much longer, anyways.
So why should those of us who find the new regime suboptimal gamble that Microsoft will even still leave us the option of doing things the more optimal way? Right now Microsoft make it a pain in the ass. Soon, it may well not be available at all.
Even if you believed that only "the majority" matters. Even if you believed that Microsoft is good and pure, and those who can't adapt (or are different) simply shouldn't be allowed to use computers…Microsoft's handling of the entire situation has been piss poor. Their engagement with the community on these issues has been rife with arrogance and dismissal.
But hey, if that's the company you want to worship, that's entirely up to you. Me, I will continue to exercise my options to find and use alternatives until they pry sourceforge from the grip of my mouse and keyboard.
Re: Its a new paradigm
How is anything I said predicated on me "being right"? I said only that even if we all spoke out as one, it wouldn't matter. Obviously, we haven't done so; some people like Metro, some don't. Equally obviously, there are quite a few people who don't like Metro one bit.
So it doesn't matter if you like it, or don't. I don't even understand how liking or not liking a user interface can be turned into "right" or "wrong." It's personal preference. Since when is a personal preference right or wrong?
Do you have an island in your kitchen? Do you want one? If the majority of people don't have one, are you wrong? Are you right? What if the majority of people want an island in their kitchen? What if the majority want one, but don't have it? And heaven help you if you choose the wrong colour for your vehicle!
You make a lot of statements backed up by absolutely nothing. Who are you to say Windows is priced correctly? Or designed correctly? Or anything correctly? Who are you to poke at OSX, Linux or anything else? Who are you to tell people what they should believe, desire, or require?
Everyone is part of a minority at some point; everyone's needs are niche eventually. But hey, you know what? I'm okay being "wrong."
And I'm okay with using the microwave, house design, paint colour, cell phone, shoe style, computer operating system and custom-moulded salt shaker that suit my needs. The majority, the minority, the whatever-ority…
…I just don't care about any of them any more.
Sent from my who-gives-a-flaming-monkey-fuck.
Re: Its a new paradigm
I can't change Microsoft's mind. I can put my time and effort into helping people get what they want to out of computers. I don't have the programming skills to write a Classic Shell. I do have the schmoozing skills to put those sorts of people in rooms with others, the research skills to hunt that stuff down, and a couple internet soapboxes to publish the info. I hope it helps a few folks; getting the odd attaboy makes up for the effort.
I'd like to say "if enough of us spoke up, it might make a difference." The truth is: it won't. Voting with our wallets won't matter either. If every prole on Earth decided they were going to fight the power on this one, it wouldn't even tickle Microsoft's income. Microsoft gets where they get because they have the ability to take decision makers at large corporations and government institutions out for fancy meals, shower them with perks, discounts and whatever political or personal clout is required to shift SKUs.
They shift those SKUs in the billions. Because these SKUs are forced on the hoi polloi by the powers that be, we all need to be "compatible." If you are a small business, you need to speak the lingua franca of business: Microsoft formats. Choose not to and you don't get a chance to interact with or bid on contracts from the larger entities. If you are an individual, you need to do follow the pack because we have evolved our society into one that is "always on:" the work-life balance is disrupted and we require the ability to work from home.
Couple this with a tame press (tech and otherwise) that daren't speak out for fear of losing ad revenue and anyone who expresses a dissenting opinion is a marked man. To dislike the digital food shovelled onto your plate is to bear the stigma of being "afraid of change." You are a Luddite; someone unwilling to "give X a chance" and unable to comprehend the obvious majesty and importance of the vision which created the product you malign.
For a press that exists only because of sensationalism and the magnanimity of vendors, the best way achieve these is to publicly evangelise The New whilst heaping scorn and derision upon the heathens clinging to The Old. Throw in some fanboys and most people who would even have thought to speak up are sick and tired of the bullshit before the product even hits shelves.
Consider a comment from the illustrious Ed Bott on Twitter: "if you write about Windows, and you take a screenshot using Windows XP, you're doing it wrong."
Really? How interesting. Just who the flaming monkey fuck is he to tell me – or anyone else – what they should or shouldn't be running on their systems? I am "doing it wrong" because I use XP on my personal VM? Really? Why? Detail this explicitly. Where is the incentive to use anything else? Describe the ROI and in moving away from something that has worked Just Fine for over a decade? Don't give me enterprise-level vague security hand waving bullshit: I'm talking about my personal VM here.
I'm not afraid of the new, but statements like Ed Bott's above both upset me and make me realise how futile resistance truly is. Here we have one of the most respected voices in Microsoft punditry telling everyone that if you write about Microsoft it is your job to evangelise Microsoft's latest. In this case the advocacy is subtle; you are to demonstrate that having the latest is "proper" by only showing the latest greatest as the operating system of choice in your screenshots. It is evangelising nonetheless.
It should come as no shock to my readers that I will take a screenshot off any operating system I damned well please. Maybe it'll even be an XP VM remoted into from a Windows XP VM which I am in turn remoting into from a Linux box. It has been known to happen.
If I am discussing something specifically blowing up on Windows 8, maybe I should demonstrate that on Windows 8. If it affects multiple versions of Windows, what does it matter which version has the screenshot?
But…aha! There's the subtle slant of it all. In the same vein as judicial capture (or regulatory capture,) I posit the concept of "press capture." If a pundit covers a topic or vendor for too long, they begin to sympathise, even empathise with them.
Considering the complexity of the topics at hand, how can any journalist rise to the top if they haven't been covering that vendor for ages? There is so much to know, it takes years to absorb it. So you, me…all of us…
…we'd best get used to Windows 8. Our voices are easily shouted down as heretical by the closed-minded echo chamber that has become the only thing vendors choose to listen to.
Use your "non-new" or "non-Microsoft" operating systems if you must. Just don't talk about it unless you are prepared for scorn, marginalisation and other potentially serious repercussions. Be careful to whom you admit not keeping the faith. It could more than your internet reputation on the line. It could be your job.
Freedom of choice my hex-encoded ASCII.
Also, regarding the "look at feel of the UI," XP always offered a classic mode. Windows 8 doesn't. Even with Classic Shell, that damned derptastic interface still intrudes from time to time.
Windows 8 is far more of a blinekred transition - UI wise - than Windows XP was. Though the core OS is in better shape at the outset.
Unlike XP, Microsoft isn't going to fix it with a service pack.
Who - exactly - is claimin Windows XP "has always been good"? Hmm? I've never met such a madman.
HREF or GTFO
Re: do you not read el reg yourself?
I saw it. That article came out about a week after I had started to poke my nose back into SuperMicro. (I was already well infatuated with the Fat Twin by the time that got published.) That said, it's about the only thing I've seen on SuperMicro's widgetry in a while.
The bulk of my "newspaper" time is spent reading Ars Technica's science section, or skimming El Reg, Anandtech, The Verge and Fudzilla. (Screw 90% of Apple coverage and ALL social media coverage!) Now that I'm writing articles on a regular basis, I only have time to read about 1/2 what I used to. I have begun to rely on PRs dropping information into my mailbox a little too much; it was convenient, but has become a bit of a crutch.
So honestly, it's really easy to miss mention of some of this stuff. If it doesn't cross publications enough, I might not see it. If I get big into a project, I can go days without reading any of the tech rags, or even skimming the RSS reader to pick up the headlines.
Now, go compare how many times SuperMicro has been mentioned on the major tech rags to FusionIO. Or to Dell. Compare hits for "Facebook" to any hardware vendor that isn't Apple. There are more articles about SCO's death throes than there are about tier 2 hardware vendors!
So yeah, the odd article pops up. But it doesn't present the same kind of mindshare. Even if you do see it, it might not stick. Repetition is often necessary (what was it, 12 times?) to burn something into the memory of the average human.
So my point stands; even if you spend 8 hours a day reading the various tech rags, it is still worth poking your nose into the product offerings of your vendors from time to time. Or – as mentioned above – get a VAR you really trust. If there is such a thing.
Re: I remember 10 or so years ago
Who died and made you derpmaster general? Windows XP was a piece of shit when it launched. In fact, it maintained a full-on craptasticness right up until Service Pack 2, which basically introduced an entirely new operating system. Funny how people who like to bang on the "everyone hated XP when it launched" drum tend to forget that opinion of XP changed overnight when the fixed most of the flaws in the operating system.
Vista was the same way. Absolute shit when it launched. Then the fixed all the flaws and called it "Windows 7," (well, except for giving me back my Up Arrow, but Classic Shell fixes that.) As soon as they unborked their craptasm, people loved it.
Windows 8 is a good operating system…under the hood. But there is so much about the OS that is completely fucking broken that we'll need either an XPSP2-esque service pack, or a whole new version to resolve the issues.
For the record, I still love Windows 2000. I refuse to touch XP unless it's SP2 or later, Vista an go [censored] itself, and Windows 7 only became usable on older hardware after SP1. Without Classic Shell, Windows 8 is unusable, and I don't trust Microsoft not to screw us all again a few more times before finding a version we can mostly live with.
Until they screw us again and we go around this loop one more time. But hey, don't let me stand in the way of your blinkered view of history…
To be, or not to be, an infomercial
I really did try not to turn this into an infomercial. That said: they have sexy boxen filled with many blinkenlights. I am not often impressed by hardware...actually, I'm normally cynical and resentful of just about anything involving computers. The theory goes that on the rare occasions when I encounter things that impress and delight me, there's a reasonable chance that at least some of the readers will be intrigued as well.
I can't be dour and snarling "get off my goddamned lawn" all the time. If I keep that up, my internets will stay that way.
Is there another language out there suited to client-side just-in-time compilation?
Re: nice article
I would love to claim all the credit, but in truth a significant amount must go to the inestimable Chris Williams (@diodesign). It was he who tipped me off to the source in the first place, he who serves as sub-editor, and indeed he corrected several mistakes I had made in terminology. (He’s a kernel programmer, so he knows things.)
You want a truly brainy vulture? Chris is your man. I’m just a bored sysadmin who decided to pick apart a zero day as an attempt to solve an insomnia problem.
Also: <pirate> yarrrrr </pirate>
Re: and so ...
Most outdoor city kitties I know manage to get 2-3 birds a day here in Edmonton. Of course, there are so many bloody birds that they do not deplete the population. What does wipe out songbirds right quick is a Blue Jay moving in. They don't last long, however...the other corvids kick the Jays out right quick.
Normally, corvids of all stripes would prey on songbirds, but around here only Jays seem to. The rest of the corvids have figured out that we all put dog food in dishes out on the back porch, and have decided that stealing from the dog dish is a hell of a lot easier than chasing a sparrow through an urban setting filled with nooks the sparrow can get into but the corvid can't.
Re: never seen a dead bird outside my windows
Nah, the issue is that Alberta has this thing called "nature." As you are from the center of the universe, there's no possible way you can understand. In this "nature" (just go with it, it's a thing, honest!) we have "plants." These "plants" can provide food for birds, and also for "insects." (Yes, both plants and insects other than cockroaches exist, honest!) These "insects" can also be food for birds.
Now, in cities that have what we like to call "green space," (places that are not the center of the universe,) both plants and insects occur in large city-owned property, as well as in and around peoples' homes. Insects get on windows; birds try to dive for the insect, and end up smacking into the window. Plants are positioned near windows, and birds miscalculate approaches and smack into windows.
You're going to have to take it on faith though, because even if the center of the universe had any of these things, they wouldn’t cause increased bird strikes, as the birds wouldn’t be able to see them through the smog!
Re: Imagine getting 'bonked' by a Canada Goose ...
Geese do not fly into windows much. Or bonk into cars, or even planes. Planes run geese over. Cars run geese over. As a general rule, geese simply don't tend to fly into things so much as things hit them.
That said, they will chase you across the ground like possessed demons. They have attacked me on numerous occasions when I take the garbage to the curb (several nest in the bushes right by the pick-up zone,) and more than once I have had some angry idiot goose chase my car down the street for some imagined slight.
They are mean, loud, miserable, insufferable little buggers that attack anything that moves on a regular basis. The instant they’re in the air, however, this behaviour ceases. They just aren’t manoeuvrable enough to up there to try it.
Re: Are any of them bats?
I maintain (in whole or in part) several bat boxes throughout the Edmonton area, and have for most of my life. I have never in nearly 30 years of living in this city heard of a bat impacting a window. Bird strikes have been a regular part of life forever; but it has been exceptionally bad this year and last.
I’ll go hunt Erin and have a chat with him, but I suspect the issue is directly related to the overwhelming insect bloom the city has seen in the past two years. Mosquitoes top the list, but there has been a massive growth in the Strawberry Beetle population as well…and those are just the two I know about!
Re: Oh Canada...
Several islands (such as Denman Island) exist in teh gulf between Vancouver Island and the City of Vancouver.
Re: Oh Canada...
Bloody robin broke my window just the other day. Didn't survive the impact, poor bugger.
Many people's minds
Contemplate the “average” citizen. Now please bear in mind that – by definition – 50% of the human race is below average.
How other people choose to spend their hard-earned is up to them. If they choose to read my articles or pay my consulting fee, I’ll give them opinions on what products might meet their needs. But fuck no; I’m not paying a subscription fee for Microsoft Office. Office 2003 and LibreOffice have both been doing a bang up job for me so far.
If you have a particular need for the latest, greatest Microsoft Office…then by all means, pay the man his shilling. If you believe that “free must be bad,” then by all means, buy whichever product makes you feel you have the best item. If you believe that corner cases of formatting issues when importing files into older versions of Office/LibreOffice justify the cost, Microsoft is a-waiting. Even if you just feel that it is prudent, proper, and “what a good IT person does” to “use the same industry standard as ‘everyone else (or at least those with a brain, defined as those who choose the same industry standards as you do)’” hey, go hard.
This is the beauty of marketplace diversity. It is the benefit that we see from having even the barest fraction of competition in this market. An increasing number of people are perfectly happy with iWork. I’m perfectly happy with LibreOffice…
…and for this one household, Microsoft’s rent seeking can kiss my shiny, metal ASCII.
Oh look, everyone, it's Richto! Here to tell you that anything that doesn't put more money into Microsoft's coffers is inevitably bad! Of course, he hasn't the foggiest clue in hell what he's talking about - as usual - but he'll not let that stop him, will he? Charging valiantly onto the battlefield of a dead thread, Richto bravely explodes his heart upon heart upon any possibility of usefulness from a company that isn't Microsoft. Well, charging bravely between the hours of 9 and 5, Monday to Friday.
That said, yes Richto, Group Policy is indeed automation software. It is both configuration deployment and software deployment automation software. In fact, it is some of the most sophisticated configuration deployment software developed ever developed. It is why Microsoft slaughtered Novell at the turn of the millennium.
You are correct in that System Center Operations Manager provides [i]even more[/i] automation possibilities than Group Policy…but not by much. OpsMan mostly provides Agentful Monitoring and some integration with WSUS. Orchestrator extends even more configuration capabilities, and System Center Virtual Machine Manager would be required to fill our the rest of what Puppet can do.
That said, Puppet can indeed match GPOs, GPPs, SCOM, SCO, and SCVMM damned near feature-for-feature on the configuration automation front (not absolutely, no product is perfect,) while offering things that none of them can otherwise offer. Critical functionality that Microsoft’s offerings lack. Namely: cross platform support. Single-pane-of-glass configuration for multiple operating systems (and cloud services) where settings are the same. (Set NTP servers across all OSes from one place? De nada.)
Puppet is about automating configuration deployment. Which is pretty much [i]exactly[/i] what group policy was designed for. The fact that to meet Puppet’s full extent you need not one, but [i]three[/i] add on software packages from Microsoft - [i]and CALs[/i] – is the strongest advertisement for Puppet in a Microsoft shop there is.
But please do respond to this comment with alacrity. I do very much look forward to your very well researched, detailed and through analysis of exactly which elements of configuration automation that Puppet is missing, which Microsoft provides through their products. I am especially eager for you to explain – in detail – how those configuration items justify per-seat cost delta between all the MS CALs you’ll have to buy when compared to Puppet’s cost.
I’ll give you bonus points if you can do it without bringing systems monitoring into the conversation. Because we really don’t need to get into a catfight about “what Puppet can monitor versus what SCOM can monitor.” Real-time monitoring isn’t Puppet’s target, but it sure is making a heck of a lot of inroads into both monitoring [i]and[/i] configuration simulation.
Specifically, the integration work that has been done to tie it to Nagios has been extraordinary. And Nagios ****ing flattens SCOM for monitoring. Of course, if you hate Nagios, Puppet also has been made to work well with both Zenoss and icinga.
So please, Richto, if there are flaws in Puppet’s configuration automation as compared to Microsoft’s (very expensive) offerins, [i]do tell[/i]. I will be very happy to point the community at your response so they can promptly resolve the minor gaps in feature coverage.
Also, can you point me in the direction of Microsoft’s offerings which provide configuration automation for Linux, OSX, OpenStack, GCloud and EC2?
Answers on a postcard,
Re: The plural of box...
Exactly how old are you? It's an honest question, because you are either young enough to never have used a modem where you had to put the phone on the modem to get it to work, or you never paid any attention to the history of the craft which this website reports on.
To wit: boxen contain blinkenlights. Use that newfangled tubular interwebnets to do a Google and discover the 411 on the wiki. (Did I get that right?)
Now get off my goddamned lawn.
Re: Cool man, real cool
@tom38: correct! In fact, even Earth is too small to prevent losing its atmosphere to space. The issue is timeframes. Mars on its own, were we to give it an earth-normal atmosphere, would be able to hold onto it for over 100,000 years before humans started to need pressure suits again. Mars + Ceres is apparently closer to 1,000,000 years. Long enough - I'd hope - for us to find an alternate solution.
It is life after all that renews our atmosphere. There is every reason to believe that it would be able to do the same on Mars. Remember, like Earth, Mars is mostly oxygen. Like Earth, it's all trapped up in the rocks.
Re: Cool man, real cool
Terraforming Mars isn't all that hard. Strap a set of great big engines to Ceres and crash the thing into the south pole. Ceres + polar deposits have enough volatiles that - combined - there should be a reasonable atmosphere. The impact - while it would leave an interesting crater - shouldn't shatter the planet, nor blow the flimsy extant atmosphere off. So yes, you'd have half the planet being molten for a few hundred years to deal with, but that's a relatively minor issue. (It should also help offset the cooling wrought by the dust kicked up, making the thicker atmosphere a net gain.)
This shouldn’t actually be all that big a deal to accomplish. You need a set of holy-shit nuclear power plants on Ceres, an automated mining facility that extracts non-volatile (rock/mineral) mass from the planet for use as propellant (don’t waste your volatiles!) and a set of big-ass ion engines.
You vaporise the mass, ionise it and huck it out the engine at a significant fraction of c. This is a simple impulse engine/hall thruster/VASMIR design. It doesn’t provide a huge amount of thrust – well, okay, with nukes powering the thing, the thrust will be insane, but so is the dwarf planet we’re trying to move – but it will be a constant thrust. That is how we get new horizons out to Pluto in short time frames, or move Dawn out to go check on the dwarf planet under discussion.
You’ll need some RCS thruster quads (probably chemical) for steering, but here you can probably afford to burn some volatiles in order to provide the moderate amount of reaction mass you need.
So, a trillion dollars or so, about 250 years to move the dwarf and another 250 before Mars is tectonically stable enough to think about colonising and *bam*, whole other planet to work with.
Converting the atmosphere into the right oxy/nitro mix, that’s a whole other issue. Still, the ability to walk around outside with no pressure suit, nor cold-weather gear would be a huge thing. Wearing a small oxygen mask is a minor inconvienience.
Re: Apple's Success
Where did I say that Samsung's stuff was anything other than mediocre? I said I preferred their design elements. Not that they were fundamentally "better."
You leap staunchly to defence without realising that I am not attempting to vilify Apple in any way. I am not impugning their honour. I do not hold a grudge against Apple, nor am recommending against them. I am simply objectively determining their place in the market and giving them props where props are due, without attaching unwarranted significance to other aspects of their business.
Do not presume for a second that "preferring A to B" or "what I use" is an indication of what I believe is "best." Far – far – more details go into a purchase decision than what someone thinks is "best." This is true not simply for me, but for anyone. Price, availability, a balance of the values of various features…the mix and the match result in different choices for everyone; and not everyone even has the same options.
So please don’t waste time attacking me; especially if you cannot check your emotions at the door. Instead, I think that you would benefit from reading this paper.
If that seems like too much work, Ars Technica has a great writeup on it here.
I feel compelled to reiterate how this series of comments does nothing but reinforce the point I was trying to make in the article: buying into hype, marketing, "the controlled message," "what’s popular" or "what everyone else is doing" is not a good plan for people who can’t afford to take risks. Instead I advocate research.
Gather evidence, learn some science; especially the science related to our own psychology and group dynamics. Learn to separate the pre-canned, carefully manicured world we are fed by people who do know that very science – and your own tribal instincts – from reality.
Sometimes "what everyone does" is done for good reason; it is the most efficient possible way. Other times, it is because billions of dollars and lots of time from very smart people has gone into creating an industry that merely believes it is the best way.
Consider if you will the Cisco-trained nerd. Indoctrinated for 10+ years in all things Cisco. He is approached by a small business of 50 seats. This business has crunched the numbers as hard as they can and they know that they can only afford to spend $50,000 to upgrade their entire IT infrastructure. It must last 6 years. They have zero wiggle room on this; this is all the money they can possibly get together.
The Cisco nerd – and I have seen this happen many times in my life, involving many different Cisco nerds – will adamantly demand that the company spend $25000 on switches and routers. "If you can’t afford to do things properly, you shouldn’t be in business" is the claim. Chats come out. TCO and long term this and that are mentioned. Huge effort goes in to convincing this business the absolutely must have Cisco because Cisco is the best, and nothing but the best is acceptable. Anything except the exacting deployments outlined in best practice whitepapers is akin to sacrilege.
The CEO of the company turns to me and says "is what he says true? Should I close up my company tomorrow?" I browse to the local computer shop on my phone, pull up some off-the shelf servers, 48-port DLink switches, some SME NAS gear with "meh" replication, VMware licences, MS licenses and backup software licences. I factor in the cost of bandwidth over the 6 year lifespan of the project and some offsite storage in a datacenter I run. I manage to do it for $40,000, including spare parts.
The Cisco nerd explodes with rage. Everything I just described goes against a lifetime of his teaching. He sprays emotion everywhere, verbally assaulting me; even coming within a hair’s breath on more than one occasion of physically assaulting me. For doing math; but not doing it according to the whitepapers in which he has invested his sense of self worth. By rejecting the ideas – and the companies – that he had incorporated into his "tribe" I was not only "insulting" those ideas and products, I was insulting him.
This is my point. It is the point of this article, and ultimately the point of the comment thread we’re engaged in. You have demonstrated in inability to separate emotion and self image from a brand. Apple isn’t what it appears to be at first glance, and it certainly isn’t what its most ardent followers make it out to be. Neither are Microsoft, Cisco, VMware, Oracle or pretty much anyone else you can name.
If you are ever satisfied you know 100% "how things are," then you have stopped seeking evidence and started believing. You have resorted to faith. I get the distinct impression from our little tête-à-tête here that you are willing and capable of resorting to faith. I’m not. So we are never going to resolve this; no more so than any other religious (or political) binary dichotomy will ever be resolved.
I suggest we call it a truce and move on. You have decided that you can label me. In doing so you have associated heaps of extraneous baggage attached to that label with me; most of it without cause. There is thus no room for debate. This thread will simply end up with more of me defending myself against things I never said. Things which instead are associated with the label you have chosen to apply to me.
I’d ask that instead of clicking "reply" and venting your emotions into your poor keyboard (what did it ever do to you?) that you instead click the links I provided you.
Thanks for your time, and have a good day.
Re: Apple's Success
Well, Mark65, we'll have to agree to disagree here. Design is in the eye of the beholder. Personally, I buy Samsung, HTC and Asus because I prefer their design to that of Apple. I prefer the keyboard layouts on non-Apple PCs and a number of other design elements that prevent me from buying Apple. It is in fact Apple's design that means I only own products made by them which were given to me. I am not alone.
The thing is, there is lots of evidence to back up my position: design is a personal item, not a universal one. Apple have a different design. It is not universally liked…not even liked by the majority of consumers, according to most deep dives into the matter. In fact, a significant minority of individuals who own Apple products dislike the design quite a bit, but buy them for other reasons. (Simplicity being the largest factor.)
So I reject your idea that “design” is critical. It was a selling point to hipsters back when Macs were the 3% of desktop PCs and made nothing else. When they started hitting the consumer electronics market, other factors became far bigger reasons to buy. The hipsters still bang on about design aesthetic, but they are the minority of people who buy Apple products now.
The whole article I wrote; analysing as much data as possible to inform your decisions rather than relying on “gut feel,” “personal experience,” “what seems right” or “what you read in X” is pretty much cemented by this debate. My analysis of Apple and its success in the market comes from having read survey after survey, analysis after analysis and innumerable interviews with people from Apple and other companies involved in the process of selling into the CE market. I have poured over the evidence brought forth in the various trials and tried very hard to build an understanding of what shifts this stuff that is based on the real world, not simply who is loudest on the internet.
The hardcore fanbois have always been design hipsters. But they really, honestly and truly are a nearly irrelevant minority of Apple’s customer base. If you actually delve into the numbers, you’ll find the overwhelming majority of Apple’s customer base are 40 and 50 somethings with little-to-no understanding of technology, nor any desire to ever learn. They bought into the marketing hoopla of “just works” and “ease of use.” Ironic, given that many of the cited use cases they present would actually make RIM or WinPhone the better choice!
Marketing. Apple are good at it; quite possible the best at it. This whole debate – in which you wield arguments unsubstantiated by data, but which Apple’s marketing machine would dearly love everyone to believe – is aught but further proof.
Re: Apple's Success
The article discussed Apple's relevance as pertains to the enterprise. It's relevance regarding infiltration and disruption of business IT, from SMEs to large enterprises. I won't dispute that Apple's approach really shook up the CE market. In fact, I'd go so far as to say they levelled the CE market and started rebuilding it from scratch.
Again however, as I see it, their success relies on marketing. Now, in my definition of marketing I do lump in “quality assurance testing;” this is because almost nobody does any form of QA whatsoever in IT anymore. So engaging in QA (as opposed to selling your customers beta products as RTM) is a marketing thing. It’s a differentiator you’re actively choosing in order to make you different from the rest of the competition that cut all those corners.
Apple’s feature/functionality/SKU/etc restriction is also just marketing. As you pointed out, a certain segment of the population can handle choice. This is especially true in the consumer electronics market where people want appliances, not general purpose computers. Again; identify the market, create a mediocre product with limited choices, QA the shit out of those few functions, and then control the message so viciously that you convince an entire generation this is the greatest thing ever.
Knowing what to release and when is marketing. It is studies and focus groups. It’s testing and research, research, research It’s some intuition, but mostly the hard work of real brass tacks marketing which is – I’ll say this again so you get it - market research. Apple has the best of the best in this field working for them. They are the true innovators.
So your arguments don’t alter my stance any. Apple is a consumer electronics appliance provider that doesn’t actually innovate. Instead, they achieve success by limiting options – thus also limiting the potential for business penetration and disruption – and through excellent marketing.
Apple repackage other people’s ideas in a shiny package with a slick video and a clean store. Kudos to them. But it is still just marketing. Marketing par excellence, unmatched by anyone for nearly 100 years, but still marketing.
Re: Apple's Success
So your argument is exactly what I said? Apple excel at marketing: knowing when to introduce a product to the market and when the technology is not there yet?
You seem to be arguing that Apple do something "special" with their gear. I see zero evidence of that. They simply choose not to release products until the technology has advanced to the point that the product which can be released meets their standards of excellence.
The iPod, iPhone and iPad did not appear from a vacuum. There is a clear line of technological progression – in design, battery life, form factor, and UIs – from across the entire IT industry leading to the development of each device. These devices were not revolutionary, they were evolutionary.
The success of Apple is that they didn’t sit around and release version after version of not-quite-working crap. They certainly built them in the lab – the Samsung case showed us the real world evidence of that – but these products never saw the light of day in the market. Apple didn’t invent awesome with a pixie wand and Steve Jobs’ tears. They begged, borrowed and stole ideas from everyone else, mixed with a few evolutionary ideas of their own and then threw the design out because it wasn’t ready yet and came back and tried again a few years later. They repeated this process until Jobs was satisfied in the end user experience.
Funnily enough, everyone else (well, except RIM,) started coming out with similar stuff right around the same time. Again; there is lots of clear evidence of evolution towards current mobile tech inside various companies. They did exactly what Apple did: they begged, borrowed and stole ideas from everyone else, then mixed with a dash of homegrown evolution.
The difference is that these other companies took any prototype they could knock together and went to market with it. They released failure after failure. (Well, except Fujitsu. P1510D and subsequent devices rocked the socks off everyone who had them, but the cost of the tech was too high for a very long time.)
Remember that a lot of the very innovations you tout – such as the mere ability to have “applications” as opposed to HTML “apps” – on your iThing were initially verboten. Even with Apple’s magnificent execution and Jobs’ genius, they launched without native apps, cloud sync and most of the “services” which would eventually make the consumer electronics appliances that Apple sells so compelling.
But Apple still isn’t redefining the enterprise market here. Nothing they do is revolutionary. Their success is that of execution and marketing, not R&D. Indeed; they are quite happy with this arrangement. Everyone else in the world – in a desperate, but blind attempt to be Apple – spends billions on R&D. Apple then simply takes the ideas – licensing or buying out if they have to, stealing or “changing just enough” if they can – and grinds them like a WoW player until they’ve QAed all the userland bugs out.
I don’t believe you analysis of Apple is objective. You don’t seem to understand their business model at all. I wouldn’t feel bad about that; many people running multi-billion-dollar companies haven’t obtained clue either!
But the lack of revolutionary ideas is why Apple isn’t a disruptive force in the enterprise.
Again, however, that’s a whole other article…
I am not sure I understand the meat of your issue here. My "sysadmin blog" is indeed an opinion column. That is the purpose of this particular corner of the internet; I am paid to write ~1 opinion article/wk. Yes, The Register pays me to drive page views. Welcome to how tech rags make money.
I also pitch ideas to the features editor to write more lengthy features. I try to make these focus on practical advice for solving a problem, or (at the very least) doing a far more "deep dive" look at it than I can in a "sysadmin blog" where I am asked to restrict myself to ~500 words. (Something I can only get away with going significantly over on a periodic basis.)
Commissions also creep up from time to time. A vendor will pay me to write X number articles on Y topic, and I am generally given more length to work with…or I can at least turn the whole thing into a set of back-to-backs. Here I can introduce new technologies, or offer solutions to the various problems that I have discussed in my sysadmin blogs.
It is important to remember however that I don’t simply get to “write whatever I want.” I do have to write within the boundary conditions I am given. I have been asked to write for other websites (such as Petri.co.il) where I will indeed be providing step-by-step instruction on how to solve various problems; for example “how to disable Java in every major browser on every major operating system.”
That is exactly the sort of article that will help many other sysadmins over time, but does not get the “big page views.” (Or even much in the way of interest from most people.) There are places and times for different types of writing.
Additionally, writing is not my day job. I “do something about” the crappy parts of IT every day. In some cases, it is solving the day-to-day problems of my individual clients. In others it is advising clients on IT purchasing, datacenter design and strategic direction. In still other cases I am serving as analyst or consultant to various technology companies (thankfully of increasing importance) helping them identify areas of focus, improvement and even methods of targeting the SME market that I have spent my career focused on.
If you have a problem with someone pointing out the negative parts of IT, please do a search on the website and find an article by “Drew Cullen.” Email the editor and discuss your concerns with him. If you feel my writing lacks value in some way, is an inefficient use of resources and/or manpower or you otherwise have a suggestion on how to improve things, he’s the man to talk to.
I feel that the job of a sysadmin blogger is indeed to complain. It is to point out the flaws and faults of various products, companies and so forth so that we can collectively analyse them and prepare to deal with them. The Register has a small army of people who republish press releases and discuss the news of the day. There are all sorts of people here whose job it is to put a positive spin on things.
My job as I see it is to raise the alarm where the alarm needs be raised. Systems administrators have a hard enough time reading the entrails as it is. Having someone cut through the crap and talk about the various elephants loitering silently in the building is something that I have been repeatedly told is helpful, requested and required.
I will take your comments into consideration. However, as the viewpoint expressed in your comments appears to be the minority of what hits my inbox, I cannot honestly say that I expect to change my approach to my weekly column any time soon. So I have taken the time to provide you with possible routes to solution. It would thus be only fitting for you to stop complaining and start solving problems. Complaining, sadly, is all I hear from you.
Re: Apple doesnt effect the landscape?
Oh, I'm aware of this. A lot of the "BYOD is inevitable" stuff? I wrote it. There's more in the hopper. But right now, today, Apple's real world effect on the business computing landscape is negligible. The provide "default untrusted endpoints" that you either treat as a thin client or a limited-functionality device to be targeted by mobile device management software. These devices are supplements to the primary enterprise computing environments; nice to haves, but not "make or break."
This can - and will - change. I've customers on the bleeding edge of this revolution. That said, even in the SME space, Apple as anything other than an expensive document viewer/rdp client is still nearly nil. Even when and where it is used by "creatives," this mostly occurs in a vacuum. Content produced locally on the Mac, pushed to a central repository. True enterprise integration on the levels you see with Microsoft is almost unheard of.
Right now, today, Apple makes CE equipment. Isolated, disposable, replaceable; interchangeable with any other device that does the same task. Apple devices are appliances, not ecosystems. Apple has gone to great pains to preserve that.
And the articles on how that will affect us all...well...that's for the future!
Re: Apple's Success
Apple's products are nothing particularly special. They never have been. Apple turns “compute” into “appliance,” but they are far from the only ones to do so. They are not even the best at doing so for most products they have offered over time.
What they are is fantastic at marketing. More to the point, they were led by a marketing genius who knew when a new product was ready for market, and when “it wasn’t quite there yet.” Remember that the iPad sat on the drawing board for ages before release; there were variants of it before the first iPhones protypes were born!
No, the genius was pure marketing. Knowing that releasing the iPad would do more harm than good if the tech couldn’t A, B, C or [one of D or E]. Controlling the message, spin, hype…it’s an important part of that. Reading the market, pre-seeding the market and then executing that market you so carefully prepared…that is the execution excellence that separates this particular appliance company from all others.
Apple has never succeeded on the strength of their technology; nothing about their technology was ever all that special to begin with. They succeeded because they know when and how to release their technology to achieve maximum effect. That’s the beauty of Apple, and it’s something that everyone else is having a miserable time reproducing.
Re: Nothing I can do about windows
RHEL or GTFO.
Re: "have no idea what the initial vector was"
I feel pretty confident in my call that it's Java. See here: http://forums.theregister.co.uk/post/1533763 . It isn't a 100% slam dunk, but it's damned close.
They generally are capable of PXE boot, but not configured for it. So you have to go into the BIOS and set it up; something that isn't going to happen when your phone call happens as the office is emptying and you get a "please just make this go away over the weekend, bye." :/
Re: "appearance and disappearance of some malicious Java archive files"
MSE flagged them as malicious, and this was logged. I had an app trawling writes to standard windows events at the time making a second copy, so it caught them being flagged as such. By the time I looked at the computer (about 15 minutes later) the Jars were gone, along with most of MSE, Avast, the Windows logs, browser history and so forth.
So these jars showed up, MSE caught them as bad, but wasn't able to kill them. The rest you know. The following is what was seen:
Java/CVE-2011-3544.gen![insert a letter here]
Exploit:Java/CVE-2012-4681[insert letter here]
Exploit:Win32/Java (no qualifier?!?)
Now, CVE-2011-3544 and CVE-2012-1723 should not have affected a fully patched copy of Java. CVE-2012-4681 is just new enough that I can believe it might have been exploited if the user had “patched but not rebooted” or some such. Install logs for this system say that Java was up to date (Java 6u35).
What’s curious is seeing these together within a second of one another followed by the system going crazy. MSE lagged detection of CVE-2012-4681 by a day…so my working hypothesis is that the user went to a site that took a shotgun approach to Java exploits, at least one of which worked. (There may even have been more exploits to come; it is entirely possible that the payload went off before all the detections had been completed.)
The payload that worked nommed all the evidence, except for my little logger which caught the mentions of the files that shouldn’t have actually been an issue. Now, you can flog me all you want for the one stupid thing I actually did during this exercise, but I think making the call that “this crawled in through Java” is backed by reasonable evidence.
What I should have done was immediately image the system at a block level and get the image to Symantec/Kaspersky/etc with alacrity. Assuming the malware didn’t dban the blocks where it was stored, someone could have lifted the thing off of the recently deleted blocks and we might know more about it. Sadly, I got the call pre-coffee and simply set about trying to kill the thing. By the time I realised that I might actually be dealing with something totally unknown, it was too late; I’d made so many system changes that imaging the thing was likely pointless.
So this is why I say that Java is the most likely candidate. Nothing else was untowards on this system. It looks to me like someone out there has an updated Blacole toolkit with some terrifyingly new exploits in hand and is using it with abandon. That said, I am not a security expert. I do not work for Symantec, Kaspersky or any of these other firms. I can only look at the evidence I have and say “well, this looks like the attack vector, this looks like the end result, here’s how you nuke the buggers.”
I can only hope that by laying out a “how to kill it” in my post, someone is helped. If along the way a little bit of awareness is raised about the fact that Java in the browser is bad for us all, so much the better.
Frankly, I don't think Java needs to be singled out as "the only bad thing to run in your browser." I think that any extensions in a browser need to be vetted for necessity. That includes Flash, Silverlight, .net, various toolbars and more. Shrinking the attack surface is always a good idea.
In the case of Java, I have a particular hate on because of the frequency and severity of exploits, combined with the abysmal response from Oracle regarding patches. This gets combined with the sheer unavoidability of the product and the versioning issues that can and do crop up in real world use. It makes me ornery. Doubly so when the issues I described in my post – and the subsequent comments – occur.
So if I hath insulted the almighty JVM, please accept my apologies. It sure looks to me like it is at fault here. I can’t even blame the user for this one, and that bothers the hell out of me.
Re: Mostly agree
"Write once, run anywhere" can indeed work. Assuming your programmers are hot shit and either A) restrict themselves to a very limited subset of the language or B) "Write once, debug everywhere."
It is possible to achieve the holy zen of “write once, run anywhere.” It is however enough work that you’re better of being a monk on a mountain for 40+ years. It’s more satisfying and less effort.
Re: 
Every time I try to run anything that my affect a system configuration, Windows asks for administrator's credentials. The user is not a member of "Administrator" or "Power Users," only "Users." This is verified by taking the time to trace all the domain memberships, how they interact, and what privileges those security groups have on the local computer. The user itself does not have specific permissions on the local machine. Everything I can see points to the user account not having any administrative privileges on the local PC whatsoever.
I do not rule out the possibility that someone may have tweaked some obscure setting in the registry of the local computer before I took over administration of this system that somehow allowed this to occur despite the fact that the user appears in every other way to be unprivileged. Without going over the registry with a fine toothed comb, I cannot possibly know for sure. I do know that no extant GPOs exist that cause any such weirdness. The system is also an off-the-shelf HP consumer-targeted system; there is always the possibility that it simply shipped with a bizarre/obscure registry tweak that nobody is aware of.
That said, I have done the legwork on this. I wouldn’t be posting an article claiming that the thing crawled in through Java without being pretty damned sure that this is exactly what happened. I also don’t claim that it exploited the latest discussed vulnerability; I have absolutely no idea which vulnerability it exploited; for all I know it exploited a vulnerability that is a true zero-day and completely unknown outside the blackhat community.
I have determined that the browser in use at the time was Internet Explorer 9. I have gone over the IE9 settings; unless the malware in question changed the settings post-infection, it is entirely default. That should not allow Java, Flash or anything else to break out of a sandbox in usermode; and yet, it happened.
Look, as far as I can tell, this system is an off-the-shelf HP client system from about 2 years ago. It was attached to a domain run by an administrator that was pretty damned “by the book.” The GPOs and other configurations are pretty clear. WSUS automatically clears critical, security and definition updates for immediate install, and the user was diligent about keeping Java, Flash, etc up to date. Nobody played around with anything obscure because it simply was never required in this environment. It is as close to “off the shelf” as you can get for an SME install.
That’s what’s so scary about all of this. I would like to be able to write a “well damn it Jim, such and such happened because users are stupid” article. They get nods and smiles and sympathy from the readers instead of vicious personal attacks from a pool of internet piranhas.
Indeed, I have one such client that got slapped by their own stupidity on the same weekend. Nothing up to date, everything unmaintained, didn’t listen to my “disable java in your browser now” cries, and they run every user as local administrators. They got predictably pwned, but that’s not exactly interesting. (I like the billable hours, though!)
No, the guys that did it “by the book” and then got run over by something that crawled in through the internet are interesting. The CFO in question is a pretty honest guy; I asked him if he used a USB key, CD or anything in recent memory and no, he had not. I’ve checked every other vector I can think of, and nothing presents itself. So either something crawled in through Java and then broke out, or I.E. itself has a truly abominable zero day.
If I.E. has a zero day, the self-immolating Jars make no sense; why would Java anything be used as an intermediary there? Creating malware that requires something like Java be installed narrows your target availability unless Java itself is part of the vulnerability package you are exploiting to get the toehold into the system. This looks and smells like a Java vulnerability being exploited, probably in combination with something else. (http://arstechnica.com/security/2012/08/microsoft-defense-bypassed-in-2-weeks/ ???)
This is the first time I’ve seen a malware attack on a system that is reasonably properly defended. There is no obvious way this could have or should have occurred. If anyone has a better explanation I’m all ears on this; but I’ve spent an entire long weekend looking for obvious vulnerabilities in configuration and found none so far.
Re: Mr Pott, I tip my hat to you.
Two things: 1) I don't get physical access to the system for another couple of days. 2) I write a sysadmin blog, and my readers are important to me. If I can figure out how to kill the damn thing, maybe I can help someone stuck in a bad situation. If it helps just one guy stuck on the wrong end of a Teamviewer session, it's worth my Friday. :)
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- Peak Facebook: British users lose their Liking for Zuck's ad empire