74 posts • joined Friday 3rd August 2012 01:30 GMT
What a laugh and interesting read the comments in this article are.
Wasn't going to comment on this article originally. I now feel the urge however to mention that this is one of the big reasons I read The Register. The comments section in articles are often filled with both insightful and outright humorous posts which can go on to make my day.
I've long had an interest in reading up on disaster-related incidents of various types and there was at least one story linked which I hadn't had heard before. Thank you for that, Dan Paul.
(One of the original reasons for my interest was from back when I was a rather young chap when I noticed that everyone keeps banging on about how everything nuclear is the root of all evil. Yeah, radiation can be bad. We get it. It's stupid however that even the smallest of incidents involving any form of radiation often over-shadows much larger incidents of other types. I, for one, have noticed that while just about everyone has heard of Chernobyl almost no-one I know is aware of the massive chemical incident in Bhopal. And the two incidents weren't exactly far off from one another.)
This bit though made me spend the next half hour cleaning my monitor;
Daniel B.: "Indeed, all radioactive stuff has explicit labels like the all-known fan-shaped one and "MATERIAL RADIOACTIVO" stamped on it."
I like crisps: "or MATERIAL......SCORCHIO!!!!"
And now for a suitable icon...
Re: "unless a BOFH opens a email containing rigged PDFs from a vulnerable server"
You'd be surprised.
Some months ago a friend of mine had made an urgent request for me to pop by her office to take a look at their failing Microsoft Exchange 6.5 on Server 2003. Apparently their outsourced IT "support" (and I use the word "support" rather loosely here) were too incompetent to solve the problem.
Anyhow. Dropped by her office. Asked for her to log into the server. My jaw hit the ground when I saw the desktop and then hit the core of the earth when I navigated "All Programs".
Chrome? Check. Firefox? Check. Thunderbird? Check. Adobe Flash? Check. Adobe Reader? Check. Silverlight? Check. Nero? Check. Antivirus definitions dated 2009? Check. Firewalls disabled? Check. And I could go on forever, frankly.
And this was on their corporate Exchange server.
I had, admittedly, performed a similar cockup many years ago.
While moving our firewall policies from one GPO to another I had forgotten to disable the destination GPO first before applying the new firewall rules. And because the base policy was to block all inbound and outbound connections by default (and also because I was rather slow in setting the new firewall rules up) quite a number of systems inherited the new GPO before it was fully configured and were thus left in a state where traffic in both directions were being blocked.
Fixing that wasn't fun as I couldn't automatically force all the affected workstations to acquire a new policy since I had successfully bricked their network connections.
Lesson learned though is that I now set up new GPO's as very-freaking-disabled, configure them, export to test environment, test, and then enable them if all goes well in test.
For Microsoft to have made a similar cockup though... hahaha.
Re: so far so good
I'm personally surprised that no one has commented on their use of NetSol in the first place.
Now I do admit that I haven't visited NetSol's site in years (and still refuse to even in the name of fact finding) but last I checked NetSol was still charging ludicrous mark-ups on domain name registrations claiming "superior support" over their competitors as justification of said ludicrous mark-up.
If my other half (who is not IT savvy at all) is able to figure out on her own (and with ease) how to register a domain name and then forward said domain name to her blog then I think we can do without NetSol's claimed "superior support" and just go with a more affordable (and reliable) alternative.
Re: Why bash IE? This would be a non-issue if you configured your browser proper.
Are those facts or merely your personal opinions? I do not typically stay on top of which browsers have suffered the most security vulnerabilities but doing a quick search online reveals a number of articles showing that there was at least one year where both Chrome and Firefox had over two times more high risk vulnerabilities than Internet Explorer. Each.
Internet Explorer was an absolutely crap browser all the way till 9. Which was decent. But with 10 Microsoft has certainly gotten their act together. I used to use Firefox during the earlier days of IE until the release of IE9 as Firefox dev seems to have suffered a number of quality assurance problems during that time (plenty of crashes, infinite loops, memory leaks, and et cetera). Things have gotten better for Firefox recently, however. Just like how Microsoft has improved Internet Explorer.
My only criticism of Internet Explorer (or Microsoft, really) is that from 9 onwards it is no longer provided to users of Windows XP. I actually aggressively recommend Firefox to Windows XP users. For those on 7 however I simply say "well, it's really down to your personal preference".
Why bash IE? This would be a non-issue if you configured your browser proper.
I'm probably going to down-voted quite a fair bit for saying this, but lets be honest here... your choice of an "alternate" browser doesn't suddenly make you "all so security savvy". What matters is how you browser is configured along with your browsing habits.
Based on Microsoft's advisory I'm pretty much unaffected by this vulnerability. My standard Internet Explorer configuration involves custom security zones configured with ActiveX very disabled, many other features I do not require also disabled, all default IE plugins disabled and Internet Explorer running in enhanced security mode (which forces 64 bit, ASLR and et cetera).
As already mentioned every browser encounters security vulnerabilities and bashing Internet Explorer exclusivity every time Microsoft releases a security advisory is childish. I could even go as far to say that Internet Explorer is actually FAR more customizable than Chrome from its user interface from a security perspective (primarily due to the decent amount of options offered when customizing a security zone though quite a few other security related options can also be found in the Advanced tab).
This perpetual Internet Explorer bashing is slowly becoming old.
No mention of Obsidian?
While Myst was and still is an astonishing game lets not once again forget about the existence of an equally as astonishing masterpiece named Obsidian (by Rocket Science Games).
Let me point out however that this company was appropriately named. Obsidian is infinitely more difficult than Myst. It took me months before I reached the FIFTH CD (yes, there were five CD's in total) and I eventually gave up. I have been gaming for 20 years now (with much experience in puzzle/adventure games) and Obsidian is the only game I have given up on (and I'm quite stubborn when it comes to not going online for walkthroughs as I enjoy the satisfaction of completing a seriously difficult game on my own).
Personally I did not find Myst difficult at all (completed it in about five hours a few months back and the last time I touched the game was in 1994). Myst had its plus points in many other areas however which have already been mentioned in the article.
Take my word though. If you enjoyed Myst... play Obsidian. It has an astonishing story. An absolutely unreal environment with concepts and ideas which are truly unique to this game. And its puzzles... my lord. Your problem solving skills and patience will be pushed to their absolute limits.
Trust me on this.
Have said it before and will say it again...
...thank Intel for delaying 22nm E5/E7 Xeon's.
If you consider the fact that servers need to last a good many years it does make one hell of a difference in power and cooling costs when you compare 22nm versus 32nm. And even as we speak right now Intel's 22nm E5 Xeon parts are STILL not out.
Yes, I'm aware that they'll hit the market in Q3, but the fact is this delay has caused us to pretty much eradicate all server upgrades over the past 15 months. And I know I'm not the only one.
After all the primary benefit for me to upgrade my servers is to reduce power and cooling costs. Performance is a plus point, sure, but it's a secondary benefit for most part.
Re: but experts say it is likely that they wouldn't have to serve any prison time at all
Of course... since the mishandling was not of US government information.
Re: Somewhat annoyed (Attn: rcorrect)
Back when I used to use Chrome (don't anymore for obvious reasons) I actually found a way around this (along with getting rid of the bloody annoying "New Tab" page in Chrome). I'm not sure if this still works, though. Give it a shot if you've got some time to spare.
In the registry and in HKCU navigate to "Software\Policies\Google\Chrome" (you will likely need to create these appropriate keys) and create a string named "IncognitoModeAvailability" and give it a value of "2".
"0" means "Available", "1" means "Disabled" and "2" means "Forced".
I discovered this as this feature was made available in the Chrome GPO Administrative Template. You will notice that it's impossible to "Always Force" Incognito in Chrome otherwise. Obviously, as it clears all cookies and browsing history and et cetera. And no cookies means no ad revenue for Google. For most part. This registry value (normally applied through the Chrome GPO Administrative Template) was obviously added as a way for Google to "please" enterprise administrators while keeping it out of sight of most other users.
Also, when using Incognito, the "New Tab" page is replaced with an Incognito notice and thus eliminates the "New Tab" page altogether.
Now, I'm aware that it's possible to add a command line argument to a Chrome shortcut to launch Chrome in Incognito. It's a half-arsed solution though as your Chrome shortcut isn't called when you open a link from your E-Mail client, for example.
BE WARNED however that Chrome is notorious for maintaining "browsing history" in its various caches and databases even after you have cleared it and even when using Incognito. As I no longer have Chrome installed I can't provide you with the details. However, visit any webpage in Chrome, clear your browsing history, and grep your local Chrome directory within your Windows user profile with the name of the site you've just visited. You'll get what I mean.
Again, I'm not sure if any of this has been "fixed" since I last used the browser. But you get my point.
This has been part of the Japanese corporate culture for a long, long time now.
It is quite rare for a Japanese corporation to fire or otherwise lay off an employee and they instead resort to either boring you to death or making life such a misery with the hope that you will one day cave in and voluntarily hand in your resignation.
It doesn't just end there, either. Many Japanese companies practice "retraining" (or what most of us would call "reformative training") where employees are sent for "additional training" whenever mistakes (even trivial ones) are made on the job.
Many Japanese I know openly admit that they'd never return to Japan if they'd have to work there. It can be that bad... worse still if you happen to be female.
Interestingly though I did have one friend who was more than happy to be entertain himself on the job and he continued to draw his not-very-low salary for years until he managed to find a better package elsewhere. Such instances are supposed to be rare, however.
You know what? Screw you too, Google!
Glad I've ceased using any of your crap.
No more Gmail. No more Google. And DEFINITELY no more Chrome. Don't need any of your spyware-laden junk installed on any of my computers anymore.
I still recall about a year ago I had stopped using Chrome (kept it installed, however) in favour of Internet Explorer (lets ignore my choice of browser for now, eh). A week or two later I actually received a popup from Chrome while using Internet Explorer along the lines of "Chrome has been updated! Would you like to try it again?"... Seriously?
It was then when I decided to do some digging around and subsequently realized just how much junk a Chrome installation injects into ones computer. Windows services? Check. Scheduled tasks? Check. Internet Explorer plugins? Check.
WHY DOES GOOGLE CHROME NEED TO INSTALL INTERNET EXPLORER PLUGINS? OH WAIT, I KNOW! So it can continue to monitor how much I use IE versus its excuse of a web browser.
And you know what else? Screw all the Google apologists too.
Re: Level of craps not given: All of them.
"Its worse then crap its crap painted over with crap where the painter thinks that the crap on top of the crap is going to make the crap look better to people."
Just... LOL. Thank you for that, this made my day. Have an upvote.
Windows 8/8.1... it is THAT bad.
Some weeks ago I had some time to spend and figured that it would probably be a good time for me to increase my level of familiarization with Windows 8 (or 8.1, rather). I had used the operating system briefly from time to time but I wanted to set it up from scratch and use it on my own for a bit.
Since the preview was already available by then and easily accessible too (since there was no requirement to register to acquire a copy)... off I went.
Now I have to point out that I went into this exercise with a very open mind. I continuously told myself "well, it can't be THAT bad now can it" all the way from when I was downloading the preview to installation. Boy was I wrong. So very, very wrong.
First off; let me begin by saying that the start screen isn't actually that bad. Once you've uninstalled all those bloody useless default apps (which can be easily and quickly accomplished) you can actually turn the start screen into a rather pleasant interface from where you can access commonly used applications and folders. And yup, the fact that you can actually create shortcuts of folders on the start screen helps a lot.
My problems begin surface once you move away from the start screen, however.
What Microsoft really should have done was take Windows 7, leave the entire interface as-is, add the start screen and increase support for tablets and call it a day. But nooo... they had to screw around with what already worked. The Task Manager for instance doesn't offer the same amount of detail (additional columns to select and view) in its process list compared to Windows 7... which is annoying.
Then comes the fact that even when you've decided to put the start screen away it still tends to make unexpected reappearances from time to time. If for example you go to the "classic" desktop and go to Control Panel and Network Center and subsequently click on "Manage Wireless Networks" you're given a bloody start screen view of all available wireless networks rather than the good old fashioned wireless network profile manager.
And while we're on the topic of the new wireless network "manager"... you can NOT remove a wireless network profile unless you are within range of that wireless network. What? And yes, this is verified. The only way to remove a wireless network profile when out of range of said network is through Command Prompt.
Even the start screen itself isn't exactly intuitive (namely its default apps). At one point I accidentally opened the Mail app. It asked me to enter an E-Mail login to link my Windows account to a Microsoft Live account, or some such. I did not want this. So I clicked on "Cancel" (one of two available buttons, the other being "Next") and was greeted with an error stating "You must enter an E-Mail address". Clicking on "Next" gave me the same error. WTF? There was no obvious way to get out of this screen other than to Alt-F4.
Such blatantly careless interface design decisions make me want to puke. Just what it's like for users who are unaware of the various Windows keyboard shortcuts is beyond me.
I could really go on forever about just how bad and unpolished Windows 8/8.1 is but I think I've already made my point. All this would be maybe even 1% understandable if the operating system was absolutely fan-fucking-tastic on a tablet but even those who own Windows 8 tablets aren't exactly satisfied.
Google being Google.
Business as usual.
Re: Hands up who trusts Trusteer.
"It should be part of your information security management strategy." In my organization, yes. At home, no. And even in my organization it is as you mentioned "PART" of the strategy... and not a very sizable one at it. Lee has already sufficiently pointed out some of the pitfalls of antivirus solutions (my personal complaint would be resource usage, especially if real-time file system scanning is enabled).
Extremely tight group policy restrictions (SRP/Applocker) on their own go an extremely long way in preventing most unwanted applications from running with hardly any performance penalty. And these days if something is sufficiently sophisticated to bypass any such restrictions (through a zero day vulnerability, for instance) then chances are it is going to be equally as proficient in bypassing an antivirus solution.
Yes, websites can be compromised to deliver malicious content. Happens all the time. If such content is delivered merely as an executable, it won't run due to SRP. If as a PDF/DOC/XLS/... chances are it would have to make use of a zero day and it must not count on JS in Acrobat (disabled) or any form of Macro (also disabled). Again, see point above with respect to zero day vulnerabilities.
Is my solution 100% airtight? No, it isn't. No solution is. I do employ a good many layers of security however (including antivirus, but with limitations) in order to make it as difficult as possible for any of my systems to be compromised by any form of malware. The key here is to prevent being compromised by "common" forms of malware. Targeted attacks are a separate story altogether.
Is antivirus 100% useless? No, it isn't. I still recommend antivirus products to home users and companies. Especially so companies with no dedicated IT security resources (personnel to maintain policies, audit said policies, perform rapid updates of deployed applications, and et cetera). Even for companies with dedicated IT security resources antivirus CAN have its place as an additional layer of checks.
Have firm policies in place. Restrict everything that isn't required. Run strictly as user. Limit the number of resources/applications (and plugins, if applicable) to the absolute bare minimum. Keep your software as up to date as possible. And you're likely 99% ahead of the vast majority of malware writers already who really prefer to target the masses rather than worry about the few who know what they are doing.
(P.S. I'm not claiming to know it all. But I'm writing based on experience. Again, I will never claim that my systems are 100% airtight and I will always welcome someone to proof to me that what I am doing is absolutely wrong/absurd. This is ultimately what security is about. Learn and keep learning.)
Re: Lee D
I'm assuming here your bank doesn't force JRE down your throat then?
Still seems to be quite the "in" thing for a good many financial institutions.
Re: Hands up who trusts Trusteer.
Good to know I'm not the only one. I don't even install Antivirus. My installations have become increasingly bare over the years. Less to maintain. Less to update. Less to exploit.
Even Ad Blockers have become a big no-no for me. Much prefer something which is easily auditable such as this simple little host file; http://someonewhocares.org/hosts/
Am I the only one who thinks this is all just a massive distraction?
It seems to me that all this moaning about with respect to Third Party Cookies is nothing but a colossal distraction to keep everyone's attention away from the countless other methods which can be employed to track a given user.
If I recall correctly there has been ways to track through plugins, for instance. Adobe Flash comes to mind though Adobe "might" have "addressed" it by now.
Also, read up on EFF's Panopticlick. It's a worthwhile site to check out if you haven't already. I found it quite interesting at least and wouldn't be all too surprised if similar methods are already (at least partially) employed in order increase tracking efficiency.
Also, doesn't Safari already block Third Party Cookies?
While I was fiddling around with a temporary OS X installation I decided to check Safari out and realized that Third Party Cookies were disabled by default in its preferences. This was a clean installation too. I might be wrong here but I'm quite confident that this is the case.
Now of course one might argue that Safari's "market share" isn't exactly up there (not on desktops at least) and even the most die-hard Apple fans I've come across outright refuse to use it for any purpose other than to download another browser but it still has to account for *something*.
Re: Entrope Aaannd...
And do you honestly believe that with the level of corruption which exists within the Indian government that such "lawful interception" will remain "lawful"? I wouldn't be all too surprised if criminal gangs are able to bribe their way into receiving whatever information they deem the government is able to access.
And who knows what they'll be able to do with whatever they're able to retrieve.
Re: They still don't get it
Hah. Every time I see a website with such a ridiculous password limit I simply assume that the developers weren't bright enough to hash the password and at the same time decided; "Hey look! Lets show how awesome we are by making the database more efficient by setting our password field to varchar(8)!"
On a more serious note though; anyone who has even the slightest clue in basic security knows that passphrases really are the way forward.
Inevitable XKCD reference: http://xkcd.com/936/
Re: Windows 8.1: 'It's good for enterprises, too,' says Redmond
Richard Gadsden: Thanks for your reply!
Actually, most hardware vendors (at least where I'm located) do sell PC's without Windows OEM licenses to enterprise customers. For non-enterprise customers it's a separate story altogether, though.
Also, with respect to being able to use Enterprise even after SA expires... according to Microsoft's Volume Licensing Brief; "Volume Licensing customers with Software Assurance may migrate from a lower edition to a higher edition software product while maintaining their Software Assurance coverage on a given product."
The phrase "while maintaining their Software Assurance coverage on a given product" has me worried. Am I misunderstanding something?
Re: Windows 8.1: 'It's good for enterprises, too,' says Redmond
Charlie P: Here's the thing. Normally I'd fault my vendor because it really does sound pretty ridiculous that Microsoft would only have an "Upgrade" SKU for Windows 8 volume licensing... but all three of my preferred vendors (and one of them is supposedly a "Gold Volume Licensing Partner") tell me the same story.
That particular "Gold" vendor told me my only option was to make use of Microsoft's "Legalization Offering" which is used to convert all non-genuine Windows copies to genuine... but I was also strongly encouraged against using this option as a company is only given the opportunity to use it once.
I did inquire on less than 100 seats though but not too far off either.
If you have any other suggestions I'd be extremely grateful.
Re: Windows 8.1: 'It's good for enterprises, too,' says Redmond
Last I checked Microsoft won't even sell Windows 8 to its enterprise customers.
Obviously then it must be pretty bad. Either that or I'm missing something here...
A month ago I was looking into the possibility of finally moving the remainder of our users from Windows XP over to Windows 7. A hundred licenses or thereabouts. Traditionally however our company has never actually purchased Windows (not directly at least). We simply tag on an OEM license with every system purchase as our corporate discount with our hardware vendor makes it extremely affordable versus volume licensing.
Typically then the only time we upgrade Windows on a system is when the hardware itself is upgraded. Our interest in upgrading to Windows 7 however is mostly due to Windows XP's upcoming End-of-Support.
Part of our problem is that bulk of our hardware upgrades were performed out of necessity about half a year before Windows 7 was released and as such the vast majority of our systems have Windows Vista OEM licenses on them. These are systems which won't be changed anytime soon either as desktops tend to last pretty long and we are projecting to keep these systems in commission for at least another three years.
Well, most of them at least. Our hardware upgrade exercise typically involves stretching the purchase through the course of multiple years in order to not wreck our budgets. Buying Windows 7 OEM licenses then wouldn't make much sense as OEM licenses cannot be transferred thus if we did buy Windows 7 OEM licenses we would eventually have to purchase them again every time a system is changed.
This was when I caved in and decided to give volume licensing at least a consideration.
I shouldn't have bothered.
Whenever Microsoft releases a new version of a given product they will always discontinue the volume licensing SKU for the superseded product. When Microsoft released Windows 8 then it was no longer possible to purchase Windows 7. Not through volume licensing at least. This in itself was never much of a problem as Microsoft continues to offer downgrade rights.
The problem here is that as of this moment there is ONLY ONE SKU for Windows 8 in volume licensing form (excluding special editions for government and academic use, at least).
Which is: Windows 8 Pro, Upgrade
And yup, you read that right. UPGRADE. There is absolutely no way to purchase Windows 8 outright in volume licensing form. It must be an upgrade from a previous edition. Plus you will also notice the glaring omission of Windows 8 Enterprise. Yup, that doesn't exist either. The only way to acquire Windows 8 Enterprise is to have your volume licenses on Software Assurance.
And Software Assurance means yearly payments. Stop paying? You're back to Windows Pro. Fun. And while we don't require Enterprise for Windows 8 we do require Enterprise for Windows 7 as BitLocker is a Windows 7 Enterprise feature and downgrade rights obviously dictate that you must own Windows 8 Enterprise in order downgrade to Windows 7 Enterprise. So this was the first major headache.
The second major headache was the upgrade requirement itself.
Microsoft's obvious response to me was; "Well, surely you're already running Windows, right?"
Right. I highlighted to Microsoft that my licenses were all OEM. No problem they enthusiastically claimed. Except that they forgot to mention that original OEM terms which prohibit the transfer of licenses continue to apply. That's right. Even if I upgrade my OEM license Windows XP to volume license Windows 8 I can't transfer the license to another system once I've decided that the hardware needs changing.
This of course was a problem. As previously highlighted, due to our hardware upgrade strategy we do intend on replacing a small number of systems at least two to three times a year.
The third headaches comes courtesy of Windows Activation 2.0 which was another one of the reasons for considering volume licensing: to acquire a KMS/MAK key so that we do not have to manually activate Windows every single time a system is cloned (and we re-clone our systems on every staff turnover in order to give every newcomer a fresh OS installation).
The fourth headache comes when we need to increase our hardware count. When I asked Microsoft what if I wanted to increase my workstation count by 10 they told me to simply put those systems on OEM license. What? Yeah, sure. If there's a Microsoft representative on-site 24/7 to activate the god damned product for me every single time I clone a box then sure. But that isn't going to happen, now is it.
So you can probably tell by now that I'm quite cross.
The only solution right now is to buy Windows 7 retail and manually deal with product activation. VAMT can make this a little less of a headache but it's still going to be quite an annoyance.
All that's left for me to say at this point is...
Microsoft: F**k you.
Seems Google is now experiencing a little bit of a Microsoft moment.
Having said that though you really have to admire how thorough the malware writers are on Android. You can find malware packaged into just about every single type of application.
Friend of mine had his phone compromised after installing an SSH client if I recall correctly.
It's not just your usual free games and whatever other equivalent there is to free mouse pointers and screen savers on Windows. Plus some of the malware actually make use of zero day exploits in order to circumvent security prompts and the like.
This is really the price to pay though once your operating system becomes popular. Apple gets away with it for most part thanks to their ludicrous app screening process.
Yup. Whois should definitely be going the way of the Dodo.
As mentioned in the article already the data is predominantly useless as there's no guarantee that it was ever correctly filled up in the first place and most people I know just throw garbage in as spam bots are very well known to harvest whois data.
Plus removing whois also solves the problem of individuals monitoring the expiry dates of domains hoping to steal a domain name and subsequently demand ransom.
There's really no reason for whois to exist. If they're adamant on keeping it the output should be limited to "IsRegistered? [Yes/No]". Done. Finish. There's nothing else anyone else needs to know.
As it is Geographic gTLD registrars are notorious for having whois servers which don't even work in the first place. So we may as well just pack up and call it a day for everyone.
Also, I don't see the additional income of "whois privacy" ever covering up the cost of maintaining a whois server. And in the first place most people will just opt to enter garbage information rather than genuine information and then subsequently pay for "whois privacy".
Re: Eh, Server 2008 R2 is awesome.
> You know what won me over? The ability to right click on a system in DHCP and add a reservation.
That was a lovely addition indeed as I've always been fond of running Windows DHCP servers. And yup, I'm also a pretty heavy user of DHCP reservations as I like to be in absolute control of all devices on my network... all the way down to IP addresses.
This does prove my point though; that Server 2008 R2 isn't about one big change but rather that it's about a million of tiny little improvements put into an awesome package to make life a lot less of a misery.
Unfortunately however a lot of SMB's couldn't care less.
Re: The road to hell's paved with good intentions, though.
Still doesn't change it from being the road to hell, though.
Re: You like hard questions? ;)
> I'd say "IIS finally stopped sucking monkey dong in Server 2012" but honestly here, who uses IIS?
The sheer number of websites with "Server Error in '/' Application" as their "homepage" disagree with you.
Eh, Server 2008 R2 is awesome.
We pretty much moved over to Server 2008 R2 (and Windows 7 for most of our IT department) within six months of the OS being released. Never looked back since...especially since you can certainly feel Server 2003's age by now. Heck we could feel it years ago.
And I'm still deploying new Server 2008 R2 systems. Server 2012 doesn't exist in my world. Much in the same way how vanilla Server 2008 doesn't exist either. Will Server 2012 R2 be better? Only time will tell.
I do admit that not everyone will find it necessary to move away from Server 2003. Thing is though, these people tend to be the ones who don't fiddle around with their servers much in the first place. You know, screw Windows Updates right. To these people Server 2003 going into End-of-Support is the least of their concern... especially if one of the pending updates is "Windows Server 2003 Service Pack 2".
To a full-time administrator there's lots to love about Server 2008 R2. Lots of tiny little improvements here and there to make life less of a misery. I for one welcomed WSUS becoming an MMC snap-in. Managed Service Accounts being another feature I like since managing the dozens of passwords for the accounts of all our various services has become quite the headache in the past. PowerShell 3.0... and et cetera.
Oh, and did I mention PowerShell 3.0 yet? Guess I did.
Again, these are things which really benefit the administrator.
But if there isn't an administrator... or if it's someone who comes into the office all of five minutes of his week just to visit the loo... then there really are bigger issues at hand which need looking into.
Re: Well duh
Yeah. And quite a few countries have already planned or committed to similar adjustments.
Re: <3 Competition. Still not buying an Xboner, however.
Oh right and lets not forget this little calamity as well: http://i.imgur.com/ByOK23t.jpg
<3 Competition. Still not buying an Xboner, however.
It is rather obvious that Microsoft's draconian ways would have remained unchanged if it wasn't for Sony.
So while yes, I can give them some credit for having changed their policies. For now at least. I do have a problem with the underlying mentality (read: greed) of Microsoft which will no doubt remain unchanged.
This is the power of competition, however. Fuckobe, oh sorry I meant Adobe, is unlikely to ever change their policies on Creative Cloud and their ludicrous subscription models, prices and activation requirements as all of their competitors have been gobbled up.
Re: If SCO wins it can start throwing sueballs...
If I remember correctly SCO was already trying to sue World + Cat, Mouse & Dog back when this case hit the headlines. Quite literally everyone who they'd suspect of even thinking of using anything *n?x was targeted.
But seriously now... WHAT THE F**K? I can't believe these leeches are still around...
Let alone having resurrected this heap of Godzilla Dung of a "case".
Re: The malicious email attachment exploits CVE-2012-0158
Would be interesting to know when distribution of this malware actually begun.
CVE-2012-0158 (MS12-027) seems to have been patched since April 2012's patch Tuesday.
...waiting for Xbone 1 apology.
Re: I'm curious to see if restoring firmware via DFU would bypass this protection
Same came to mind. I actually DFU my phone every single time I need to factory restore it so I suspect I'll find out pretty quick once iOS7 has been released since I tend to factory restore after every major iOS release.
It would also be interesting to see if a jail-break through DFU would be able to get around this restriction. Though I believe a number of more recent jail-breaks have been triggered via exploits through Safari or some such so doing a jail-break through DFU might be trickier.
A step in the right direction but I also believe there should be a physical kill-switch deep in the hardware of the device. Either way though people are "usually" more cautious of buying a device that has already been jail-broken at some point (and yes I'm aware that if you offer a low enough price there will always be buyers).
I'm also not in disagreement with making the phone go pop. It does after all already have a payload in the form of a Li-Ion battery...
The XB1 is irrelevant now...
...PS4 fully supports the used game market. Has no always-on restriction. Just announced.
Bite me, Microsoft.
Microsoft: "We're always listening to our customers"
Give us 22nm E5/E7 CPU's and then we're talking...
It's still a little bit of a joke that Ivy Bridge EP hasn't arrived yet.
We've been holding off on quite a number of server purchases because we firmly do not believe in purchasing CPU's which are still sitting on the 32nm process and unfortunately for everyone requiring SMP solutions right now you don't really have much of a choice as E3 Xeon's are strictly for single socket solutions only.
This is of particular annoyance for us as we generally give our servers an estimated operation life of five years. And when you're talking about this kind of time-frame the difference between 100W and 70W for instance does add up (especially since you need to consider that a hotter CPU doesn't just eat more power - you'll also require additional power to keep things nice and chilled).
Come on Intel.
Well. Where credit is due having control over which sites are able to run Java through Group Policy will definitely make some people sleep better at night.
It's bloody annoying having to install this heap of junk just for that one website which requires it.
And quite a few of us should be more than familiar enough with such a scenario.
However... this is of course Oracle we're talking about and it really wouldn't surprise me to see a vulnerability surface which could either tamper or circumvent the trusted hosts lists.
RE: VPN protocols PPTP and L2TP have largely been unaffected as they are too tricky to block
Hmm? I do believe some "correction" is needed here. PPTP and L2TP/IPsec which utilize the GRE and ESP protocol respectively are actually extremely easy to block as you can block both those protocols with relative ease without the worry of such a block affecting just about anything else.
Heck; I've even seen "home" routers by LinkSys and D-Link which offer such a function (usually a configuration option to the tune of "Restrict Tunneling Protocols").
If anything OpenVPN with SSL based VPN would be the biggest pain in the buttock to block as it's (to my knowledge at least) almost indistinguishable from regular HTTPS traffic. Especially so if utilized on port 443.
The reason I say "almost" is because you "could" possibly distinguish SSL VPN from regular HTTPS traffic by looking at the behavior of the connection. An SSL VPN connection could remain as established for long periods of time whereas a visit to an HTTPS website would generate as many connections as there are objects to load but said connections do not stay as consistently established.
That is unless of course you're downloading a file through HTTPS.
So; am I missing something here?
Seems Adobe believes their own propaganda though...
I actually had a very firm "chat" with my local Adobe office a month ago with respect to this matter.
A senior Adobe sales representative had called me to preach their Creative Cloud offerings. She claimed that it was more "economical" than their boxed solutions of the past and et cetera. What?
(A) We've been utilizing a dozen copies of CS3 since 2007. Each license cost us USD 1,400.00 at launch and said license allows us to use the product for as long as we see fit. That's USD 233.33 a year to date. You'll find that "Creative Cloud for Teams" costs at least three times that amount.
And that's an amount which is further subject to review on a yearly basis.
(B) No Adobe, we do NOT need every single damned product under your umbrella in order to function our business. We are perfectly fine with Photoshop, Illustrator, InDesign and Acrobat. We do not see it as "value added" having a ton and a bit of applications we do not use. We see it as a complete waste of money.
(C) Upon hearing earlier in the year that Adobe was headed in this direction we actually upgraded all of our licenses to CS6 which enables us to shun away from Creative Cloud for as long as it is possible to do so. We have used CS3 for six years... I don't see why we can't use CS6 for just as long if not longer.
(D) It's obvious that Adobe has lost touch with reality and firmly believes that every single business in the creative industry is swimming in cash. It's a hugely competitive arena and there are many who barely survive. Both I and my finance controller will definitely sleep better at night if we don't have to worry whether or not we can afford our upcoming yearly license renewals because that'll be a pretty shitty situation of "if we upgrade, we're in the minus; if we don't, we can't work".
So to sum it up...
Adobe: F*ck you.
(P.S. We need Linus's iconic nVidia-Middle-Finger as an icon here...)
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- I KNOW how to SAVE Microsoft. Give Windows 8 away for FREE – analyst