1732 posts • joined 15 Jun 2007
"(Perfectly legal if the last computer it was used on has been retired.)"
This really depends on the type of Windows licence provided with the old computer. If it's a full retail version, you are completely correct. If it's an OEM version, then the licence restricts you to the system that it was purchased on, and some OEM licence keys cannot be used for hardware from a different manufacturer (the installation process can check the BIOS identification string to check that the machine was made by the manufacturer who bought the OEM license).
MS will sometimes grant an activation string if you have to replace the motherboard as a result of a system failure, but I've found that recovery CDs in this scenario do not always work with different motherboards, at least for systems from large suppliers who use custom BIOSes. Simple answer is, if you can get a copy of a retail disk, guard it like it is gold.
I recently found this out when trying to license XP for a VirtualBox on my laptop, which runs Ubuntu (VirtualBox loads a specific BIOS in the VM which is completely unrelated to the actual system BIOS). I could not get it to accept the IBM OEM WinXP Pro key printed on the COA on the bottom of the machine until I cloned the BIOS identification strings in VirtualBox.
Of course, to a system integrator, providing a full retail licence will cost either them or their customer a lot more money than the heavily discounted OEM licence that Microsoft will sell them. This would put the supplier at a significant competitive disadvantage (I believe in the UK it is in the order of £50 per system) to their competitors who just use OEM licences, and as a side effect, ties them almost irrevocably to Microsoft, who will threaten to withdraw the OEM licence if they do anything that Microsoft don't like (like pre-installing Netscape Navigator or Lotus Notes/Symphony [old Symphony, not current], or shippping systems without an OS, or even with Linux pre-installed).
And of course, this also means that MS have a continual revenue stream as people replace their PC, and MS counts another Windows sale, even if it is an OEM one.
"You drink it, you piss it out, they collect it and serve it to someone else"
I think you're confusing proper beer with that fizzy cold stuff that appears to have almost displaced ale in too many pubs.
Funny, the taste of lager when warm and flat, together with it's colour does remind me of something along the lines of your comment!
re: bork bork bork
The data capture system was on the Internet, but that does not follow that the main DB server is. They could have (although probably didn't) written each census record to tape, and then bulk-loaded it into a completely standalone database system.
Most internet facing systems are a combination of an internet attached web server of some form, with only enough storage to hold transient data, together with a significant number of security layers, some of which may take part in the transaction, and one or more database servers.
Thus, the database system is only indirectly attached to the Internet, and cannot be directly attacked. One bank I worked at had more than 10 different security zones between the front-end web servers and the systems holding the databases.
The internet facing web server gathers your data, then commits it through secure protocols and intermediate systems to the backend, and then deletes the transient copy.
Normally, the gathering system has no way of bulk-loading data back from the database machine. It may be able to get individual forms back (in order to allow you to edit them), but this needs to be done on an individual basis, and often the security checking is done off of the internet facing box.
This means that even if the Web facing system is hacked, without some authentication information for each address, it will not be able to load data from the database.
This is large web application design 101.
It is normal for there to be multiple security zones, such that it is not possible at to use, at each boudary, any other protocol than the allowed one to get further into the network (implicit deny, explicit allow).
Much more likely is that if there really was a breach, it would have been one of the routes that are used for remote system administration, and once in, a path to export the data was constructed, although even this has problems.
As far as I can tell, there are around 25,000,000 residential addresses in the UK. If the census form could be encoded in 8KB, this would make an approximate size of raw data of around 200GB. This is not a huge amount of data as things stand today, but I would not be wanting to squirt it through a SSH tunnel over the Internet!
I think that all of the posters who take this statement at face value ought to read some of the UK government security standards. These definitely exist, and they were not written by people who are security illiterate. See http://www.cesg.gov.uk
The problem is that they are difficult to interpret, and are couched in terms that many IT people don't understand (they talk a lot about data crossing security zones rather than being securely stored), and sometimes it seems like there is no real world help in ensuring that a particular application or solution meets the requirements (government security auditors will often tell you that something is not compliant, but will not offer any advice on how to make it so, nor suggest security mechanisms during system design). Thus implementing a security solution often become an iterative process of attrition with the security people.
When I was last involved, it was even the case that some of the Infosec documentation describing what has to be done is classified as RESTRICTED, which does not help trying to implement what they say.
Generally, it is not a lack of standards that cause this type of data breach, it is implementation (often by companies contracted to supply services), or ignorance of the standards by individuals working on such data. Although there should be safeguards, it often only takes one person to make a mistake to put at risk complete datasets, especially if there is any external route in to the systems implementing the solutions.
forced - by law
In case you had not noticed, it is a criminal offence to not fill in a census form when requested, backed up by fines and a criminal record. Is that forced enough for you?
I was questioning the claim that the mainframe was never hacked, not the comment. Should have made myself more clear!
The problem is that the term 'mainframe' makes does not actually describe either a computer or an operating system.
The IBM 9370 running AIX/370 that sat under a desk at one of my previous jobs was a (baby) 'mainframe'. The 3090s running VM/CMS and RETAIN (an OS in itself) that I used when in IBM were 'mainframes'. The Amdahl 5890E running UTS and AT&T RDS UNIX was a 'mainframe'. The Honeywell 6180 running MULTICS was a 'mainframes'. LEO was a 'mainframe'. The IBM 370/168 running MTS I used at University was a 'mainframe'. The ICL 1904 and 2904 running George that many Universities had were 'mainframes'. The DEC Systems 10 and 20 running TOPS were 'mainframes'. I could dig around and find a lot more 'mainframe' systems.
Now. Were none of these hacked? I can tell you for a fact that I hacked an Amdahl running R&D UNIX as part of my job more than once, and I must admit to breaking into accounts on MTS on the 370/168 while at University to get more computing budget to play the original Adventure (come on, it was 30 years ago. There must be a statute of limitations on this, surely!).
This article probably means an IBM mainframe running z/OS or its ancestors, probably using RACF. Even this, I'm sure, can not claim to never have been hacked! I have just found this http://www.os390-mvs.freesurf.fr/tenflaws.htm, in which item 9 clearly states that the author gained key 0 protection from a non supervisor account on MVS. Sounds like hacking to me.
I will freely admit that current mainframes running z/OS are incredibility secure, but I ask again. Where is the references that state a mainframe has never been hacked!
I would like to know
where the references to back this claim up are!
What you need is inertial navigation.
Submarines have used it for years when underwater, and surface ships and missiles used to use it before GPS satellites existed.
In fact, I seem to remember that German V1 and V2 missiles used a very primitive form of this for navigation. A documented way of crashing a V1 was to tip the giros by flipping it over wing-to-wing using a late mark Spitfire, Mosquito, Tempest or Mustang, all of which were fast enough to catch a V1.
It goes back to beyond the golden age, and pre-dates the term Science Fiction. I seem to remember Isaac Asimov commenting in the forward to one of his short stories on the argument between the use of the two terms when Astounding Stories was being published (it's even older than Isaac (rip), but he was representing the view of Hugo Gernsback, the founding editor).
Haven't heard that term in a long time!
It's not even mid-engined!
I was going to mention transputers in my last post
but I decided that it was long enough already!
This is completely wasted on ~100% of commercial software
In that part of the software market, it's all about rapid application development, and sod the efficiency. They rely on Moore's Law to make sure that by the time their software hits customer systems, the computers are powerful enough to cope.
So MIC processors will be completely wasted on commercial boxes, which is where the majority of the systems will be sold.
Even if someone (extremely cleverly) produces an IDE that can generate parallel code to make good use of many-cores, much of the workload that is done is not suited to run in a parallel manner anyway.
Apologies in advance to those that do, but most new programmers nowadays are never taught about registers, how cache works, the actual instruction set that machines use, and I'm sure that there are a lot of people reading even on this site who do not really understand what a coherent cache actually is.
I work with people who are trying to make certain large computer models more parallel, and they are very aware that communication and memory bandwidth is the key. Code that is already parallel tops out at a much smaller number of cores than the current systems that they have available can provide. And the next generation system, which will have still more cores, may not actually run their code much faster than the current one.
But even these people, many who have dedicated their working lives to making large computational models work on top 500 supercomputers, don't really want to have to worry about this level. They rely on the compilers and runtimes to make sensible decisions about how variables are stored, arguments are passed, and inter-thread communication is handled.
And when these decisions are wrong, things get complex. We found recently that a particular vendor optimised matrix-multiplication stomped all over carefully written code by generating threads for all cores in the system, ignoring the fact that all the cores were already occupied running coded separate threads. Ended up with each lock-stepped thread generating many times more threads during the matmul than there were cores, completely trashing the cache, and causing multiple thread context switches. It actually slowed the code down compared to running the non-threaded version of the same routine.
It will be a whole new ball game even for these people who do understand it if they have to start thinking still more about localization of memory, and if they will have difficulty, the average commercial programmer writing in Java or C# won't have a clue!
what the advantage of a MIPS processor over ARM is.
ARMs are already cheap-as-chips, low power, and easy to license. Several Chinese companies are already making SoC implementations, with graphic assists on the silicon, including Rockchip, who seem to produce millions of the things to go in chipod and apad type devices.
They need to at least recover their complete court costs in a timely manner. Otherwise, Lockheed et. al. and their proxies will just tie SpaceX up in court until their budget is exhausted.
This is the problem with the US (and increasingly European) legal systems.
Anyway, I'm hoping that they successfully defend their reputation.
BBC iPlayer - another brick in the wall.
I'm cross, but not because AIR is going, but because it is proving the trend that is making Linux a less suitable OS for ordinary users.
BBC iPlayer was one of the few platforms for content delivery with content expiry that actually worked reasonably well.
The reason why this is important revolves around the perfectly understandable attitude of the content owners wanting to protect their content, and thus their existence.
Like it or not, free content is not the way that the world is going, and the large production companies investing millions in current TV series and films will not license their content for delivery channels unless those channels at least make it difficult to capture and re-distribute it. And strictly speaking, get_iplayer accesses the content in a manner against the terms and conditions for iPlayer.
This means some form of DRM. Without a trusted DRM mechanism, you won't get _legal_ streams or downloads of new content playable on Linux. Without big-name current media, those enlightened ordinary users who try to use Linux will give up. So goodbye to Linux as a creditable Windows alternative.
One of the fears that the content owners have of Open Source platforms (and this includes Open DRM and content delivery platforms, not just the OS) is that someone can take the source and hack it to allow data capture. They will never trust it, so unless AIR remains closed-source (which is perfectly allowable under GPL/LGPL provided it is written correctly), it will become untrustworthy, at least to the content owners.
Whether a closed solution is actually any more secure is an interesting question, but that is a matter of perception and contract law (if you provide some software for a fee, and it fails to do what it is meant to, leading to a financial loss, then it does not matter what the License Agreement says, there may well be legal redress against the provider).
Open source makes no promises, has no contract, and thus has no legal redress.
Sadly, despite efforts from people like Red Hat and Canonical, I think Desktop Linux has now missed the boat. It is clear that the world will/is moving on to tablet and mobile based devices which include some form of content delivery and control system built in from the very beginning. These may be Linux/UNIX based, but they aren't what I call a general purpose Linux device, which is what I want.
but you forgot it is not an infinite resolution camera! They use "image enhancement" to sharpen the image. That's the magic!
I keep asking why, when matching fingerprints, the computer shows each record on the screen. Just think how much faster it would be if it didn't have to do that, and say, just did a relational database search on a hash of the loci!
Only topped by the real-time IR satellite images down to a resolution of about 5cm that appears in Behind Enemy Lines. I'll also swear that the first missile fired at the F/A 18 is in the air for nearly two minutes, whilst following highly evasive manoeuvres.
Maybe I'm showing my age, but I used card punch time clocks (which normally are referred to as "time clocks") in one of my early jobs.
Might I suggest that you watch the Warner Brothers cartoons of Ralph E. Wolf and Sam Sheepdog. They always clock in at the beginning of the cartoon, and out at the end. That's a time clock.
1. They might have access to leaked phone number lists, or they may have a copy of a Directory Enquiries CD set from BT, or they might just make them up!
2. They probably don't. It's just a line dangled to make them appear more plausible. Alternatively, they may have some leaked information from BT or your ISP, because it is certain that at a known time, those organisations know which IP address is allocated equipment on which phone line.
3. Windows is ubiquitous. For home systems, chances are that at least 90% of homes with a computer have a Windows variant rather than a Mac, Linux or other system. And even those with Linux probably have Windows installed somewhere as a dual boot.. The Reg. readership are not typical. My house as all three (Win2000, WinXP, and Win7, OSX, and Linux), as well as an AIX box.
I suppose that there will be an increasing number of houses that have broadband for just their TV, gaming console, iPad or Android Pad. I wonder how the ISP's will cope with supporting such customers? At the moment they all appear to be geared around having a Windows box around.
An understanding of evolution was not essential to the creation of the smallpox vaccine. This was developed by observation, hypothesis, prediction, experimentation and conclusion, exactly as the Scientific Method dictates.
Your example of a Flu vaccine is not a good one, either. Most Flu outbreaks are of known strains, of which there are many. Each vaccine developed is a mix (normally of three strains), and is only effective against a small number of these strains sometimes more than the three target strains), and it is the job of the vaccine producers to make an informed guess about which will be the main threats each year. They then prime the process to produce the vaccine (which are developed in chicken eggs) to produce the vaccine for that year. This process takes weeks to months to get the number of doses for a large population. If they select the wrong strains, the vaccine could fail to protect at all.
What gets the medical profession worried is new mutated strains of 'flu, for which they don't yet have a vaccine. It is necessary to isolate the virus in order to culture it to produce the vaccine. By the time a vaccine for a new variant is produced, it may be that a sizeable part of the world population has been exposed, reducing the value of the virus.
And why do you think that you can trust what a half-life means? And how do you know what radioactive decay is? And how do you know how much of the original sample remains? And how do you know you can trust the mass spectrometer? And... and... and ad nauseam.
Until you think about it, most people regard experimentally confirmed hypotheses as truths. Unfortunately, science does not really refer to truths, but about not-disproved hypotheses. This is a fair point if you believe the scientific method, but becomes hard to justify to someone who wont acknowledge it.
You just have to try arguing this with one of these people who are good at it to understand what it is like. They effectively argue that you have to justify the entirety of known science in order to trust it, and most people get too cross after a while to argue effectively. I just refused to continue once I realised what their tactic was.
Creationists do not dispute extinctions. They just don't believe the time scales over which they happened.
I've whiled away many hours arguing about ID and creationism with some otherwise completely rational people, and the most skilled of them have convincing-sounding answers to almost every question you could ask!
Firstly, they argue that the dating techniques are not accurate, as nobody understands all of the hypotheses that they are based on, you have to take it on 'faith' that the whole chain of scientific proof is true, and thus their single faith belief (in the Bible) is more trustworthy than many beliefs that previous hypotheses were correct.
Then they will argue that if dating cannot be relied upon, then how do we know that the Earth is older than 6,000 years (I don't know where 10,000 years came from, my friends were certain it was only 6,000).
Then they will argue flood.
Then they will argue 'test of faith' of the believers.
The most recent discussions I had with one of them even allowed for micro-evolution (change of colour, eating habits etc) as a result of environment.
It's all highly amusing, and I still count several of them as friends. But that does not stop me thinking that, at least in their beliefs, they are a bit crazy. But it livens up a beer or five!
Ahhh beery crazy discussions!
This is Apple
with big pockets. I would imagine that Dell, HP, IBM or any of the white box manufacturers would have been quite happy to flash different bootstrap code from normal to allow OSX to boot, considering the number of servers they would sell. Would probably also still support them as well, if asked.
This is the "Rules of Engagement"
The Royal Navy are quite capable of preventing a lot of the dhows and speedboats from causing bother to the tankers. After all, even a 30mm cannon can do serious damage to an armoured wooden ship, and helicopters can react very rapidly over quite large distances.
Unfortunately, the Rules of Engagement state that they have to have a reason for stopping or boarding the dhows, and also that there has to be evidence of hostile action before the RN can fire on ships in the Indian Ocean and Arabian Gulf.
Besides the pirates, there is a large amount of quite legitimate sea travel in these seas, so the standard tactic of the pirates is to look as innocent as possible until they are within a few hundred metres of their target, and then move fast. Once on board, they have hostages to hold the navies of the world to account to prevent any action.
Because the military lawyers advise against possible harm to civilians, especially the hostage crew once a ship is taken, it is almost impossible for anybody to take it back without collateral damage, no matter how well trained or armed they are. This is compounded by the unprecedented access the media has to publicise what has happened, and focus the World's scrutiny.
This is not just an RN problem, but one that affects all countries navel ships in the area.
I think that all of the examples you quoted show Apple refined other peoples ideas.
The iPhone, slick though it is, is just a smart phone, and people like Compaq/HP and Palm were selling smart phones with touch screens long before Apple.
The iPad is a touch screen tablet. Many of these before the iPad, but again the iPad is very well executed.
iMac - Pretty for it's time, but in no way was it the first system-in-a-box with a keyboard and mouse. I could point out several CP/M systems from the early '80s with similar form-factors, and the classic Macintosh pre-dated the iMac.
Stylus free touchpads. Goodness. How long have Synaptics been around?
Development and distribution. I know of several websites that will allow purchase and delivery of applications direct to a device, even to smart phones. I'm not too sure about a development environment, I don't know whether this is actually integrated into iTunes, because I do not write such apps.
BTW, you missed out iPod, or maybe you realised that that was not the first in it's field either.
Apple are great at industrial and ergonomic design. No doubt about that. But innovative?
Now, for innovative, try thinking Nintendo with the Gameboy and Wii. It is possible to be first in the field.
This is all fine
as long as the only data you keep is in a form understood by the cloud. I must admit that I have only Google Docs to go on (and I don't use that much), but it appears to me that if you want to keep some data that does not fit with the applications supported, you will struggle.
Of course, as I have often said, I am not a typical user any more, and many people only use data of defined types 'music', 'pictures', 'video', 'documents (embracing email, letters, the odd spreadsheet)', but as long as there is no generic data container (think file), I will not be able to work totally in the cloud, and probably won't at all (damn, wrong already - I've just remembered that I'm using gmail a lot now).
Computers are a generic tool to me. I may use one any time for a purpose I have not yet thought about. I'm regularly throwing gigabytes of data around my home network, and have not got sufficient bandwidth to do that over the 'net.
All of this hype about the 'Cloud' is currently just a wet-dream of the people who want to tie-and-charge consumers (I won't say customers) into their money generating machines. It may change to an benevolent altruistic model, but I'm not holding my breath.
that ACS:Law £200,000 fine was against a limited company. If that was the case, then UK law says that he *personally* is not liable for the company losses unless he was a director, and then only if he was negligently running the company (and although he was a con artist, this does not amount to negligence in UK corporate law).
This article says that he has been declared *personally* bankrupt, so the two things are not necessarily linked.
When it comes to personal property, as long as the money used to buy it was extracted from the company in a legal manner, then there ain't much that can be done to link the company losses against him personally. That is what a limited company is all about.
Of course, he could have been stupid, and set it up as a partnership (trading, not legal - although who with is a moot point) or as a sole trader, at which point he would be liable. But he wouldn't be that stu..... Oh, wait. Maybe he would.
Unfortunately, this would be SOOO insecure, as the answer-back string is triggered remotely.
As can (believe it or not) the programmable function keys of a VT220. I'm sure that I spent some time twenty years or so ago, writing a program that would set a PFK (on the shifted function keys IIRC), and then trigger it.
All you needed was write access to the device, and you cold make the current user apparently run anything you wanted them to! Similar techniques worked for HP2392 as well.
This was with UNIX, not VMS, so I'm not sure that this was possible unless you were already were a privileged user (could you so it through Phone, I wonder).
You're assuming a certain type of game.
I would guess that Nintendo are trying for another Wii moment, with completely new types of game with more interaction that you can get from a tradditional controller.
But this is the manufacturers talking
They are not interested in the netbook they sold yesterday. That's history. They are looking at the one they may not sell tomorrow.
I'm still happy with what my EeePC701 can do running Ubuntu. I'm just a bit worried where I can get a replacement battery when it dies!
@Joel 1: He might have been in the audience!
@JEDIDIAH - So has Android...
... but you have to jump through hoops to find them!
top, ps and kill all exist and can be used (at least top and ps) if you can get a shell on the phone. Kill depends on how you get the session.
But then you can also run "Advanced Task Killer" which is in the Market place, and 2.2 onward has an enhanced Task Manager
"mirror the mainboard"
I presume that you mean that the PCI cards appear on the 'wrong' end of the board, and also that the case opens on the 'wrong' side. Chances are these were systems with BTX (as opposed to ATX-type) motherboards, that were supposed to mark a new integration of board and case design to allow better cooling. It was an Intel specification. Gateway and Dell produced several systems using them.
Absolute bugger to try and find a replacement, because nobody makes them any more.
At one of my contracts
I spent a lot of time gathering data about systems that needed OS upgrades in a company with a large (more than a thousand system-images) heterogeneous estate. I created it in a relational, normalised manner that allowed complex queries.
When it was decided that the task was too big for one person to actually do all of the upgrade work (duh! hundreds of systems!), I was told to hand my data over to an administrator to manage it, and was relegated to just a technical resource performing some of the upgrade work. The first thing the administrator did was to dump my data into an Excel spreadsheet "so everybody could use it", after which the management of it went to pot. Because of numerous data-loss errors, they eventually surrounded it by scripts to effectively serialise access, not trusting Excel's multi-user protection features (this was some years ago, so things may have got better).
I had actually asked for the data to be stored in a multi-user RDBM (it is a large organisation which employs a dedicated DBA team, so there were plenty of databases around), but I was told that there was not a suitable system around for management tasks, and told to do the best I could with what was available. I did not feel appreciated at the time.
I find it incredibly ironic that an organisation that has bought in to databases, spending millions on Oracle and other DB licences to manage customer data, cannot see the benefit for using such tools for their own management purposes.
Ho hum. I can't see myself working there again! Everything has now been moved to India.
Not just Apple
almost all the world's consumer electronics, tat and anything else that has fallen in price dramatically over the last 20 years.
Even the stuff made in Korea and Taiwan often contain significant numbers of components sourced in China!
Answered my own question. On 28th September this year, users of Mendip have to re-tune our boxes again(!), presumably to have the channels shuffled down to lower frequencies. Can't find the exact details, but www.digitaluk.co.uk says that this needs to be done.
"But that 790MHz band butts right up against the top DTT band, known as Channel 60*"
I know there is an asterisk against this (but I can't find the note that should go with it), but channel 60 is *not* the top TV band. TV bands go from channel 21 to channel 68, and on the Mendip transmitter, we currently have C61, C62 and C67 carrying terrestrial digital television. If we loose all channels above 60, we will loose all BBC channels, and many of the extra ITV and Channel 4 channels.
Pointing the aerial the other way will give me Welsh television from Wenvoe. I don't understand Welsh (living in England) so this is no help to me for the channels I might loose.
Also, I currently have a TV in several rooms in the house. I only have Sky on one of these. Are they going to pay for additional satellite boxes, together with a multi-channel LNB and all of the wiring in the house to maintain my current TV service?
Also what do they mean by "and 5.7 million users who've plugged them into their own televisions"? Do they think that anybody who has *not* paid for a TV installer to plug it in are incompetent? I think the Electronics part of my degree probably means I understand more about transmission lines, aerials and the like than a TV installer who has probably done a one day course in how to read a compass and point the aerial in the correct direction!
Admittedly, to do the job properly now there is no analog TV signal, you really need a signal strength meter to get the best signal, but there are ways and means if you don't have one.
that there will be no way of using this from Linux!
And I hope you will be able to un-register devices from accounts for when, say, a young person leaves to set up their own dwelling.
Even if this is a positive spin on DRM, I don't trust the industry.
OK, UK Census.
But how about -
National Government: DVLA, HMRC, DWP, IPS (passports), MOD, GCHQ
Local Government departments: Electoral Role, Council Tax, Benefits system
Health system: All your health records.
Commercial: Your Bank, Utility companies, anybody who holds your bank details, your telecom provider.
Other: Basically, any personal data covered by the Data Protection act which makes it an offence as a data holder not to take all relevant precautions to keep the data secure.
Now, what were you saying about critical data and the requirement for strict network control?
I've worked in UK bank's IT departments where the network control was much more severe than UK government agencies, with serious risk of disciplinary procedures, sacking, and even report to the police for prosecution under the Data Protection legislation for anybody who does not follow the rules about connection policy. This included things like PDAs, USB memory keys, and anything that could possibly be a communication device.
Now where I am currently working, I'm not even allowed to plug a non-approved keyboard into their systems!
Lax network management
For goodness sake, at least segregate your DHCP space.
Allocate two IP subnets, trusted and untrusted. Register all of the MAC addresses of your trusted devices and give out addresses in the trusted range. Any unknown or foreign MAC addresses get given addresses in the other range. Allocate different DNS server addresses and default routes to each subnet. Use short leases to make sure that someone using a fixed IP address will be spotted (by duplicate IP addresses) as soon as the addresses cycle round.
Control routing between the two subnets so that untrusted devices get no access to internal servers, and minimal access to the Internet and such devices as printers. There, does not matter what gets brought in, it is unlikely to do any damage. And you do not even need to invest in a large network infrastructure, as most switches will multinet quite happily.
Of course, if you are paranoid, you could just not give out any DNS address to unknown devices, or you could have something like Wireshark alerting whenever you get a source address in your untrusted address range.
In extreme security environments, lock network ports down at the switch to only a single device per port by MAC address, with the port being disabled if another device is attached. As soon as a user plugs something else in and locks the port, they either have to call the help desk (giving you a chance to rap them over the knuckles), or suffer the port not working forever.
I know that this can be defeated with LAA MACs, but if al you are trying to do is prevent users from attaching smart phones, printers and the like, these devices use fixed MAC address anyway. Most basic users would also not know how to change the MAC address in their PC either.
This is not far fetched. I've seen all instances of the above deployed in real customers, and most large organizations do something along these lines by default.
This is aimed
at the large swathes of rural counties where even 500K/s would be welcome. You know, the ones where all they have is dial-up and if they are prepared to pay for it, satellite broadband.
This will make my wife happy (but not me or the kids) because she wants to move to to an even more remote part of Somerset than we are currently in, but realises that lack of Broadband will always be a show-stopper. I just have to remind her that 2Mb/s is far from Super-Fast, even if the Government says it is.
Oooh. New icons!
It's still the UNIX security model, it's just that the default user almost certainly has a particular group in their groupset, and the directory in question has group read-write-execute on it.
It's been possible to do such things as this since the year dot, or at least UNIX V7 circa 1978.
On modern Linuxes
the first account setup is an 'admin' account, but by default this gives them very little additional access to the system. What it does, however, is add them into the "admin" group which is setup so that they can use sudo when required to run commands with enhanced privileges. Thus in normal day-to-day use, the system is safe, and you can just worry about things that fire up the request for the password.
If you set up additional accounts without adding them to the "admin" group, they will not even be able to run sudo or use any of the additional commands that need sudo access to run (like package managers, for example). This makes those user accounts safe even from users who click "yes" to everything. Their personal information is still vulnerable, of course, but they will not be able to touch any of the system files or directories.
I though that OSX was the same, but if there are application directories that can be written to by one of these accounts without needing to use sudo, then it's security is significantly weaker than I thought. I will thus nod to everybody who has been saying that OSX no better than Windows, admitting that I was not totally correct, but point out that it is still better than the all-or-nothing situation in the pre-Vista Windows world.
On Windows 95 and 98,
there was effectively only a single user, with some slight trickery to allow some applications to store their defaults in different places for different 'users'.
All users were effectively administrator accounts, and as Fat16 and Fat32 filesystems did not have any form of security-by-user, the entirety of the system disk was vulnerable to infection by any account logged onto the system.
As a sideline, this last point is exactly why you should never do a WinNT, 2000 or XP install using Fat32 as the filesystem for the system disk, as this negates almost all of the security that segregated privileges provides.
On a side note, on XP and Windows 7 (not done a Vista install), the administrator password that is asked to be set up during install is indeed a hidden account that can only be used when the system is brought up in system recovery mode (or similar). This is intended to be used when the system will not start, or when users forget their own passwords.
By default when using the MS XP install process, the first named user account that is set up will be an administrator account unless changed. If you set up more than one user account during the install, the subsequent ones will be not have administrator rights, by default, but this can be changed.
But there is another point here. Many 'canned' Windows installs (for example, from system recovery disks) will not use the normal XP installation process, so even those users who have restored their system will not have seen this setup process. Only those wearing hair-shirts, and doing everything from lowest common denominator (MS install disks and vendor driver disks) will have seen these accounts being set up. But those of us who have done it this way KNOW that Windows installs are FAR, FAR more painful than some of the other OS offerings out there.
@AC 14:40 - Wrong.
That is the admin account for system recovery. Can't use that to log in when the system is booted normally.
The install process gives first user account set up admin rights. Subsequent ones will normally be ordinary users unless specifically changed. I always create my own admin account as the first account, and then create additional ordinary accounts for each of the kids for day-to-day use. I never give the kids the password for the admin account I created. I normally install any programs that then need admin rights.
For those awkward programs that have to have admin rights in order to run, I also create a second admin account, which I then fix in the Registry so that you can't log in using it, and tell the kids to use "Runas" with this account for any applications that won't work from their ordinary accounts.
It's not perfect, because you can really run anything with Runas as long as you can find it on the disk. But it meant that I was able to have one of our shared machines virus free for years (also have external firewall to block direct malicious traffic).
I think some of this must have stuck in the kids minds, because now they are older, and have their own systems that they control completely, they often keep using this model, and generally have less problems that their peers.
Meanwhile, back in the real world...
ARMs are currently being deployed more and more widely as people realise that they really don't have a current need for 64 bit processors for much of what they do. 32 bit+address extension will do very nicely.
Just wait for ChromeOS and a decent server distro of Linux for ARM, and Intel will see all sorts of customers defect. They just don't see that it's largely about power consumption, and their track record in reducing power is not good.
@Sir Runcible Spoon
But the BT HomeHub router is on the local network, and so a judicious bit of logging code in the router allows such things to be captured. Remember, a router may do much more than routing, especially if you (or in this case BT) has control of the firmware. I'm sorry for the icon, but I'm not the one being stupid here.
@Don - Depends on which flavour of UNIX
IBM introduced dynamic driver load/unload, shared libraries by default, virtual Kernel address space (associated with never having to sysgen a system again), along with journaling filesystems and many other features, in 1990.
Shared libraries were around in SunOS before then, although the norm was still to statically linked libraries for several years.
I think that your description of X11 applications is completely wrong for everything except Java graphical programs (but that is a Java problem).
The concept of Drag-and-Drop in X-Windows (and it was probably X10 at the time) was shown to me on a Torch TripleX running X.desktop (although I'm sure it was also called LookingGlass and possibly OpenTop) in the middle of the 80's, along with desktop icons and walking menus. I concede that MacOS had these concepts before then, but they were not foreign to UNIX even before Windows.
The standard X-Windows model for GUI type programs was indeed to use toolkits and widgets (effectively library code) for drawing things like buttons, text boxes and pixmaps, and this does mean that the application has to keep some sort of track of what is going on on it's own graphical space, but the server is what keeps track of where the cursor is. X-Windows is built around call-backs and managed data objects, which meant that the X Server (the thing that controls the keyboard, mouse and screen) always has a degree of separation from client programs (which is really to allow X-Windows to run across a network, something that Windows still does not really do well), but it can only marginally be called Object Oriented.
This separation allows a client to be completely ignorant about the position of the cursor and which parts of a window was obscured by another window. Each click, key press and other event was tagged with the current cursor position by the server, and when a part of a window was uncovered, the server gave one (or sometimes many) expose events, saying exactly which part of a window needed to be re-drawn. And if the server was configured with BackingStore, the server itself could fill in the missing bits without bothering the client. This was designed to make it run efficiently with a network between the server and client.
In addition, things like window decorations (frames, resizing options, window control buttons) are all handled by a separate component from either the client applications and the X server. This is the Window Manager, which is what allows you to rapidly change the look and feel of the GUI. This works by encapsulating an application window (X11 defines a window hierarchy, with the root window at the top, application windows in the middle, and individual graphic contexts at the bottom handling widgets within application windows) , allowing keyboard and button events to be acted upon before they are given to the client. This is also an OO type feature.
I don't think that Windows integrated COM into the presentation manager until the late 90's probably with Windows 2000, although it was available to applications, and all windowing applications needed to manage their own
HP VUE and then CDE did provide something like COM, and this was before Windows95, but coding for CDE was difficult, and the old X11 models still worked, so were still used.
There are not many people now who actually code at the X11 level. Almost all applications are now written with toolkits or SDKs (like Motif, Qt and GTK+), which hide almost all of the complexity of how X11 works.
My EeePC 701
is currently acting as an internet router allowing my home network to use a 3G USB dongle while I change ISP's.
I thought it would be a bit difficult to set up, but it took about 15 minutes. I already had Ubuntu 10.10 on it, though, and it is normally used as a portable network capable media player when I don't want to watch what the wife has on the main telly.
Greenland is an autonomous country, has it's own parliament, and is not part of the EU. Thus I was not counting it as part of Denmark the country.
As a result, I'm would be surprised if the ban on Marmite applies.
Point taken, though.
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Spanish village called 'Kill the Jews' mulls rebranding exercise
- NASA finds first Earth-sized planet in a habitable zone around star