* Posts by h4rm0ny

4617 posts • joined 26 Jul 2008

Upping your game with Windows Server 2012

h4rm0ny Silver badge

Re: @H4rm0ny

"Although I agree with you that it can easily be done;"

I feel the bolded word is an important ommission from your original statement which otherwise suggests it's some sort of fiddly work around to use Server 2012 without Windows 8.

"where does that leave Microsoft's core feature wrt 2012; the by default desktop-less installation? Worse; where does that leave remote administration?"

I'm really starting to wonder if you've actually used this or looked at it. Firstly, GUI-less operation is not MS's "core feature", it's one of many very nice enhancements and new features on Server 2012. If you don't use it (and this is the personal 'you' there, most people will be able to use it fine because they don't have your dislike), then there are still plenty of other features that make it well worth having. And you can turn the GUI on or off as you like. During run-time. I don't think you understand the advantage of the GUI-less setting - it reduces overhead and footprint when you're running ranks of virtualized instances. I honestly find your objection to using the management tools on Windows 8 arbitrary and ill-supported anyway. It's a $40 upgrade and Win8 does everything that Win7 does. Your inability to manage a different Start Screen is well-documented on these forums, yet it still comes up against my direct experience that I personally am able to manage with it fine so I don't see why you have trouble with it.

I also don't see why you find it so unreasonable that the new admin tools should be released for Windows 8 first.

h4rm0ny Silver badge

"You'd need Win8 to administer it because the admin tools haven't been backported yet."

You can use the interface on Server 2012 instead, just as you can on previous versions of Server. You may not like the GUI on Server 2012 (you've written many times about that), but it doesn't seem problematic to me.

Asteroid miners hunt for platinum, leave all common sense in glovebox

h4rm0ny Silver badge

Re: Inferring

Okay. Can't stand this any longer. The word you are all looking for is implying. The article itself is not going to infer anything from anyone unless you think the article is somehow sentient.

Microsoft dragging its feet on Linux Secure Boot fix

h4rm0ny Silver badge

Re: RE: Never ascribe to malice that which can adequately be explained by incompetence

"The difficulty is that in the current scheme the root certificate is issued by an untrusted entity. And this cert cannot be substituted for one of choice."

Firstly, inability to install your own certificates does not stop anyone from installing a different OS which is what Fatman was concerned about. It merely means that you wont be using Secure Boot. Which is the same as with any PCs today. This is the main point as it fully answers the scenario that Fatman raises in thinking you wouldn't be able to re-sell a PC and put something else on it (you can).

Secondly, you're calling Verisign or the manufacturer such as Lenovo an "untrusted entity", at which point you've taken your security concerns way beyond what the vast majority of users do, to the extent that your making an equivalent argument to saying you don't trust antivirus software sellers because maybe you can't trust them not to approve something they shouldn't.

But that doesn't

h4rm0ny Silver badge

Re: RE: Never ascribe to malice that which can adequately be explained by incompetence

"The proof of this will be in 3 to 5 years down the road, as corporate PC's get retired, and hit the resale market. How difficult will it be for a second owner to put whatever O/S on it remains to be seen"

Not sure what you think the difficulty would be. You don't need Microsoft's assistance or any of the original install keys or discs to replace the OS that is on there. You just go ahead and install what you want, turning off Secure Boot if need be. Secure Boot prevents malware from changing what can boot on a PC, not what a physically present user can install.

h4rm0ny Silver badge

Re: Microsoft reason of doing this

"How much are you paid for this PR guff?"

Addressed to me? I'm not paid to post at all nor remunerated in any other way nor expect to be. I have no affiliation with any of the businesses involved in this story nor expect to. Accusations of being an astro-turfer is just an ad hominim. There's nothing that I've written here that I can't back up with actual sources or clear reasoning.

h4rm0ny Silver badge

Re: Microsoft apologists miss the point

I've gone back to see where you got that "quote" from me that I thought sounded suspiciously unlike something I would write. I've found what I originally wrote and you have misquoted me and actively misrepresented what I wrote. That's a pretty low thing to do.

This is what you wrote:

"You say, "Red Hat etc are "actively taking advantage" of it - that is bullshit they have no choice, and it's a real problem"

This is what I actually wrote:

"I wonder if you will be so angry about Secure Boot and call it a "lock out system" when Red Hat or SuSE start actively taking advantage of it. I suspect not."

You should consider that when you need to start misrepresenting what someone says in order to argue with them, you have crossed bounds into setting your own desire to "win" an argument above your respect for actual truth. Your posts have been riddled with dubious misrepresntations and suppositions as well as insults such as calling people "apologists". You're a zealot, in short.

h4rm0ny Silver badge

Re: Microsoft apologists miss the point

"They can't put in a CD/DVD and instal now. They need specialist knowledge."

Changing a simple option from "On" to "Off" when it's clearly marked and easy to get to, is not "specialist knowledge". It's more complicated to download the ISO and burn that than it is to turn off Secure Boot. And if they need technical help with that, then surely the same source can tell them "press this button when you turn it on".

"Secondly, you can turn it off now, but it's a fair risk that in the future there will be no such option to turn it off."

You say that, but you offer no proof other than saying "that's what Microsoft would do". Besides, you've been arguing that it's a problem now. An argument that something is bad because of what might happen in the future is a different argument. That could be applied to a lot of good things.

"Microsoft have forced this "secure boot" (Trusted Computing by another name) and suddenly all the Linux guys have to get Linux to work with it, or be locked out"

MS haven't forced this on anyone. Secure Boot is not a MS product. They're merely the first to make proper use of it. And demonstrably Linux is not locked out of PCs by it. Any of us can still install Linux on a Windows 8 certified PC easily which means you are clearly wrong.

"You say, "Red Hat etc are "actively taking advantage" of it - that is bullshit they have no choice, and it's a real problem.

I think if I did say that, what I was saying was that RedHat *will* take advantage of it. I'll have to go back and check the quote but it doesn't sound right the way you put it. I do believe that RedHat will take advantage of it. And they'll be right to do so - it's useful.

"That is why you are an apologist, you try to justify Microsoft's unethical actions in the comments you make, usually with arguments that are fallacy."

So you couldn't actually find a post where I showed bias, then? And where is anything I've said a fallacy? Nearly everything that I've written here has just been a factual correction of misinformation.

h4rm0ny Silver badge

Re: Microsoft reason of doing this

"they also take the chance to earn money from Linux."

Do you really think Microsoft are motivated by a $US99 fee they get from RedHat or SuSE asking them to sign a bootloader? Because that's how much has been charged.

h4rm0ny Silver badge

Re: Interesting approaches to monopoly

Just a bit more, in case the previous seems ambiguous without context, here is the following paragraph:

18. Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv."

Also, apologies if the last part of my previous post came across as hostile. It just seemed very strange that you would tell somone the word was "can" instead of "must". You made it sound like you had read the specification, when actually the OP has the wording right.

h4rm0ny Silver badge

Re: Interesting approaches to monopoly

"...Actually, the word is "can", not "must". So long as SecureBoot is turned on *by default* with the MS key installed, the OEM is under no obligation to provide a method to turn it off for the HW to be approved by MS."

I don't know where you got that from. It's incorrect. Here is a link to MS's hardware certification requirements for Windows 8 PCs. LINK

From the section on Secure Boot (around page 118):

""17. Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:"

OEMs are absolutely under an obligation to allow users to disable Secure Boot to be turned off if they wish to comply to with MS's terms for certification. Why did you choose to "correct" someone who had it right?

h4rm0ny Silver badge

Re: @dajames

"'AC@11/22-00:20 here, to be honest that's the first time I hear about Verisign keys in this UEFI SecureBoot context even though I'm a regular ElReg reader too."

The Reg's coverage here has been high on sensationalism, but rather weak on details. Verisign do provide keys for Secure Boot (I don't know whether or not they provide them for all OEMs, or just some). But obviously the component used for signing must be kept very secure, otherwise security would be compromised. So Verisign provide the keys, but MS have one of them to sign their code with (and they will sign other people's code too for a relatively small fee). Red Hat investigated doing it themself (i.e. they could get a key from Verisign too), but decided that managing that whole process plus the cost involved, was worse for them than simply paying MS to sign their code for them. The link you posted to RedHat is actually a very good link covering their decision. From there, this is probably the most relevant part:

challenge is how to both initially ship and later update the set of trusted keys stored in the system firmware. g all users to manually perform this task would not meet the ease of use objectives. After all, with any security feature if it's too hard to enable it, few will bother to use it and leave themselves exposed.

The resulting mechanism planned for getting the keys automatically distributed is to utilize Microsoft key signing and registry services. This obviates the need for every customer to have to round up a collection of keys for multiple operating systems and device drivers. t will provide keys for Windows and Red Hat will provide keys for Red Hat Enterprise Linux and Fedora. Similarly other distributions can participate at a nominal cost of $99 USD - allowing them to register their own keys for distribution to system firmware vendors.

MS get a key from Verisign, Red Hat side-steps all the hassle of doing it themselves by paying the $99 fee and MS sign it for them.

h4rm0ny Silver badge

Re: Microsoft apologists miss the point

"Windows apologists like @Harmony preach that you can work around these lock-out systems."

There are three things wrong with the above statement. Firstly, you can work around it very easily, by just turning it off. It's no more complicated than switching a boot device in BIOS. It's actually less honest to "preach" that it's difficult to work around it, as you do. Secondly, "apologist" is a nasty word. It makes it sound like someone is justifying racism. If you genuinely see my posting factual corrections as being an apologist, it says far more about how you see things than it says about me. For you to see someone correcting misinformation here as I have been repeatededly doing as being an "apologist", you must have an incrediblly partisan view on things. I prefer my own neutrality, thanks. Thirdly, as it's so trivial to turn this off, it's only your desire to present it as a sinister move that makes you call it a "lock-out system". To nuetral parties it's a security measure that has demonstrable benefits (there is plenty of malware we can point at that will be successfully blocked by this). I wonder if you will be so angry about Secure Boot and call it a "lock out system" when Red Hat or SuSE start actively taking advantage of it. I suspect not.

I don't suppose I'll ever get an apology for being called an "apologist". Something that is an accusation of bias which I dislike. I don't think you'll be able to find any post that shows a biased point of view regarding OSs. In fact, go ahead and try.

h4rm0ny Silver badge


"In passing, you don't need a UEFI BIOS to support disks >2Gb with Linux, provided you are happy with the plural. Once a linux kernel is up and running, it'll handle a disk with a GPT without any use of the system BIOS."

That's actually the same as under Windows. It's the "up and running" part that UEFI solves. With either Linux or WIndows, you can't boot off a disk 2TB or larger (note, you wrote 2GB, this is incorrect). WIth UEFI, you can (under either).

h4rm0ny Silver badge

Re: @AManCalledBob - Don't like windows 8? Tough, you can't run anything else.

What gives you the confidence to assume all PC hardware manufacturers will allow you to disable secure boot ? Microsoft suggested them they can do it not that they must do it (after all they can't dictate to OEMs, can they?).

MS have specified that you have to be able to turn off Secure Boot if you want to advertise your PC as certified by them for Windows 8. That's a fairly powerful marketing draw. Besides which, what would OEMs have to gain by making their product less able than a competitors?

h4rm0ny Silver badge

Re: Secure Boot can be turned off ... BUT ...

"Once you do, if you boot up a Live CD, say, Linux Mint 13, and try to install a dual boot, Linux does not recognize Windows 8 (nor any of the numerous partitions on the hard drive) as a valid operating system. How then to set up a dual-boot system?"

Are you saying you have had this happen to you? Because turning off Secure Boot shouldn't cause you any problems with dual booting. Windows 8 runs fine on systems without Secure Boot. I think you're very misinformed. I don't see how Linux would fail to recognize any of the partitions on the hard drive. Linux has better and wider file system support than Windows.

h4rm0ny Silver badge

Re: Interesting approaches to monopoly

"So you can re-flash the UEFI from Linux (or other non-MS utility) with a UEFI of your own, with your own signing key and without MS's revocation rights? You know, so that the UEFI could secure-boot a non-MS OS?"

No. There's no flashing of firmware involved or anything remotely like that. You just power on the computer and enter UEFI, just like you would enter BIOS (typically, you press F1). Then you just select the option for Secure Boot and turn it off. You can then boot any OS you choose. You wont then be using Secure Boot.

This means that you can't benefit from Secure Boot with Linux if you do this, but no Linux distro really makes use of it at this time anyway. The signed boot loaders that RedHat and Ubuntu are providing don't really provide any security. All that they do is enable you to use a Live CD to demo or install their Distro without having to go into the UEFI and turn Secure Boot off. Beyond that initial boot loader, there's not much protection to be gained by using Secure Boot with Linux. Hopefully one of the main distros will make use of it in time.

h4rm0ny Silver badge

Re: Re:Don't like windows 8? Tough, you can't run anything else.

"So if you buy a machine with Win8 from an OEM it will NOT boot any other OS."

This is incorrect. Just go into UEFI and turn off Secure Boot. It's very easy, no different to swapping the default boot device.

h4rm0ny Silver badge

Re: Windows 8

"There are now only Apple and Windows computers available easily."

There is absolutely nothing preventing you from starting a business selling PCs with a Linux distribution pre-installed. Or indeed with no OS installed. Secure Boot hasn't changed that in the slightest.

h4rm0ny Silver badge

"Not if it means they move off Windows. Everyone's a winner in that case."

So your ethics says it's okay to jeapordize people's security because you should be able to punish people for not choosing the OS you think they should?

h4rm0ny Silver badge

Re: how to disable this secure boot

"And if the user can do it, any malware that gets into kernel mode can do it."

No. Because kernel mode doesn't have access to change the UEFI settings. The user does it by going into UEFI on power-up, just like they would go into BIOS and changing a setting. Just because the OS says something can be done, does not mean that the firmware will agree.

h4rm0ny Silver badge

Re: Don't like windows 8? Tough, you can't run anything else.

"That's all very well unless you want to dual-boot - if you disable Secure Boot then Windows 8 won't start."

Seems massively unlikely that is true. You can install Windows 8 on machines without Secure Boot, after all. Evidence please.

h4rm0ny Silver badge

Re: Boot on the other foot

"The problem isn't UEFI or Secure Boot in itself, it's Microsoft's abuse of its monopoly position in order to make it very difficult (if not impossible) to install any other operating system."

If you don't have a problem with UEFI or Secure Boot, then why you do have a problem with Microsoft when their own requirements demand that it be possible for a user to turn off Secure Boot on any WIndows 8 PC? Have you thought about how useful Secure Boot would be if it were turned off by default? Obviously not.

h4rm0ny Silver badge

Re: This UEFI thing...

"This UEFI thing... why do I get the feeling it'll be a complete flop?"

Possibly because you don't understand the difference between UEFI and Secure Boot and aren't aware that pretty much all modern x86 motherboards are shipping with UEFI instead of BIOS and that this has already been the case for some time. I have a motherboard here I bought about a year ago. And it has UEFI. Quite possibly you are using it now as well.

h4rm0ny Silver badge

Re: Once the pre-bootloader is released

I wrote above that it's not a "pre-" bootloader. I was incorrect. My argument is still the same, but they are now using the term "pre-bootloader" as well because (although this is a bootloader), they are using it to boot their normal boot loader. So I guess it is a "pre-" bootloader in a sense. Apologies for the wrong correction.

h4rm0ny Silver badge

Summary of the "problems"

So reading the article the show stoppers are:

(1) The signing process requires uploading from a Windows machine. Perhaps galling if you want to avoid having one in your house for reasons of principle, but from a practical point of view I find it ridiculous that the people in charge of getting Linux code signed should hold this up as a difficulty. XP, Vista and Win7 machines are ten a penny. If it's for a good cause, I have one that they can have.

(2) They have had to create an account with Microsoft. This is so stupid an objection that they should be ashamed to raise it.

(3) The signing Terms and Condiitions are incompatible with GPLv3. Well so is a good portion of most Linux distributions Linus Torvalds and most of the top Linux Developers are against licensing Linux under GPLv3 and for some of the same reasons MS can't allow it under their Terms and Conditions. GPLv3 has some major blocks when it comes to patents and DRM. This as an objection is both unreasonable and it is unnecessary as most (all?) GNU/Linux distributions are actually under GPLv2.

(4) The signing process hasn't worke and they're still waiting for MS support to get back to them. We're missing some details here. Did it fail because the people uploading are unfamiliar with the process and did something wrong? Or is it buggy software? And how long have they been waiting? Did they file this three months ago or was it last week?

Of these listed objections, only the last one may or may not be valid depending on the details. One thing I am confident of, is that if it turns out Bottomly was doing something wrong, we wont see headlines on it or scores of posts here angrily blaming him or lack of a signed Linux bootloader (even though it would have turned out he was culpable rather than MS).

h4rm0ny Silver badge

Re: And I have this habit of assembling my own computer

"How is UEFI going to affect that?"

It wont. Also, by UEFI, I presume you mean Secure Boot which is actually only a smallish part of UEFI. You can just turn Secure Boot off. Unless you are building your own ARM devices.

h4rm0ny Silver badge

Re: how to disable this secure boot

"how to disable this secure boot that's all I would like to know"

When you power up the computer, press the key to enter set up. Typically <F1>. Then mouse or cursor to the option saying: "Secure Boot: Enabled" and toggle it to "Disabled" or "Off". Exit and let the computer start up. It's much like changing the boot device in BIOS.

h4rm0ny Silver badge

Re: Windows 8

"You can't disable secure boot on all systems."

Specifically, you can disable it on all x86 platforms (i.e. PCs). You can't on ARM devices that come with WindowsRT installed.

h4rm0ny Silver badge

Re: Once the pre-bootloader is released

"Why won't the virus writers simply bundle the pre-bootloader with their "products"?"

A couple of reasons. Firstly, they can't bundle the bootloader (it's not a "pre-", btw), because only a signed bootloader will be executed, so any malware has to start further up the chain. Secondly, the bootloader is for GNU/Linux so their malware actually has to target this platform rather than Windows. Well it doesn't have to, but you'd essentially be writing malware that infected Linux and then unloaded Linux and booted up Windows. Possible but very cumbersome. The install base of GNU/Linux is far smaller than Windows and most of the roots to infect the boot process would be opportunistic and thus target Windows.

h4rm0ny Silver badge

Re: Different UEFI firmware

Microsoft forbids you from having those open bootloaders on ARM-devices. Thus Windows 8 capable ARM devices are essentially useless.

You haven't answered Harry Shepherd's question and in fact have actually given him a pretty misleading answer. He asked about UEFI harware manufacturers generally and only used Android to help explain his question. The actual answer is yes - you can have UEFI hardware not locked to a particular set of signatures. You simply have Secure Boot turned off. The side of the coin that Christian Berger somehow managed to omit is that MS have mandated that a user be able to turn off Secure Boot on x86 devices. This isn't the case on ARM devices which are locked, unfortunately. However, Christian Berger is incorrect to say that such devices are therefore "essentially useless". They're actually very good for running Windows on. ;)

h4rm0ny Silver badge

Re: Hubris?

"What about other open source software such as Truecrypt, who aren't a competing operating system, but are going to have problems with full disc encryption."

Shouldn't be a problem, I think. Anything you want to run from the encrypted disk, you will need to decrypt first, in which case the encryption is irrelevant. TrueCrypt creates its own virtual disk driver. Whether you are loading a module from that or from a USB drive or from a real disk, shouldn't matter. It's only when the module is retrieved from the storage "device" and its signature checked, that Secure Boot steps into the process.

h4rm0ny Silver badge

"How about the possibility of some less than scrupulous open-source developer, fed up with the apparent obstruction from Microsoft, discovering the loophole in the system?"

Then they would be highly unethical because they would be reducing the security of millions of people.

h4rm0ny Silver badge

"I'm sorry, but have you even looked into the concept of "Secure Boot"? It only signs the bootloader"

Not you again, lecturing people on not understanding things when you actually have it wrong yourself. It only signs the bootloader for GNU/Linux because no Linux distribution has fully engaged with Secure Boot, yet. They are using a signed boot loader as a work around to make Linux run on a system that has Secure Boot on it without actually taking advantage of its intended purpose. On Windows, Secure Boot is capable of checking that all sorts of things (i.e. drivers and other modules) are signed before loading.

"If you previously got drivers into the kernel, it will still work."

Only on Linux. On Windows it offers an extra layer of protection.

"Nobody exploits the boot-process"

Lots of malware exploits the boot process. There are whole families of malware that infect the boot process. You plainly have never bothered to actually read up much on this, instead just deciding to talk confidently without actual fact checking.

h4rm0ny Silver badge

"Why does RedHat not engage with the OEMs and provide it's key so that Red Hat variants are supported out-of-the-box on certain equipment?"

Nothing in principle. According to RedHat's statement, they investigated doing this and found that setting up the infrastructure to do all this themselves was too costly and it was cheaper for them to simply licence MS's signing capability.

Incidentally, Secure Boot can be turned off. It's not complicated.

Microsoft's Surface bait-and-switch won't make people buy Windows 8

h4rm0ny Silver badge

"I have recently been told......that the Surface will out sell the iPad."

This is simply impossible for the reason that nowhere near as many Surfaces will be produced as there are iPads sold. Even if every single Surface made is sold (which will probably be the case), the Surface could not outsell the iPad. The Surface is a pace-setter for the OEMs. Surface Pro included.

Microsoft-Motorola patent row: Google wants $4 BEELLION a year

h4rm0ny Silver badge

Re: @h4rm0ny

"You pretend not getting, do you. The whole idea of Google using Moto's patents is to MAKE MS and Apple stop their aggression. "

I'm not pretending anything. I simply believe that if Google saw the opportunity to sting MS for $4bn they'd try to get that money regardless of any good faith action on MS's part. That's just business. Can you honestly see the board of Google saying to their shareholders: "we passed over this $4bn opportunity because we think MS are okay." They are rivals. They fight. You suggest that Google would be happy to accept free use of MS's patents in exchange for free use of their patents and think that it's wrong of MS to not agree to this. But do you know what MS patents are worth and what they are? No you do not. So how can you say that it is fair to do a straight swap? Do you think sueing someone for patent infringement is intrinsically wrong? If so, then Google are doing something wrong by you. If not, then what are your reasons for condemning MS for charging Google for use of theirs in the first place?

"Eye for an eye" is translated for you into "you touch my own or any of my friend's eye, I'll poke yours and kick you in the groin and rip your ear, or punch you in the face, so you don't engage in this risky business" And this is totally justified

I'm not sure which is supposed to be which party in the above. But your confidence in knowning how much the relevant patents held by each side are worth in dollars (worth translates into how much injury is inflicted in your analogy) seems unwarranted to me - unless you happen to have a lot of knowledge that the rest of us don't? We know how much MS are charging Google so we can put a value on that. We don't know how much Google's are worth, because this hasn't been settled or gone through court. We just know how much Google claim they're worth. And Google are no less unbiased in this matter than you are.

h4rm0ny Silver badge

Re: Microsoft V. Google is like

"The best possible outcome for this is to have "method patents" disallowed. Then we can all go home and worry about more pressing issues"

I agree in a lot of cases. But some method patents are valid. Or at least it's a supportable argument that they are. In this case we're talking about video encoding. A great deal or work, imagination and cleverness can go into working out a new way of compressing images into video - thinking of ways that you can record only changes between two images for example. MPEG-4 has methods by which it checks forward and backward to reference frames, adjusts for motion blur and all kinds of things. It's a lot of work. And yet when that work is done, you could independently implement it relatively easily in different languages or platforms. Should the people who worked hard on developing those solutions not be recompensed because copyright does not cover it?

h4rm0ny Silver badge

Re: @h4rm0ny

"No, it's you that misunderstand it."

Let's demonstrate. You wrote that someone (patent) trolling another party that was (patent) trolling, is not trollnig them. I disagree. I say that this is now clearly two people indulding in patent trolling. I tried to convey this to you in a more colourful way, hoping to show how illogical your statement was, by likening it to one person throwing excrement at another person who is also throwing excrement. The fact that one is already doing so doesn't make the latter not doing so. It's just two people throwing excrement.

You then responded with a reply saying it was okay for the second party to indulge in this behaviour. I never said anything about justification. I just said it was ridiculous for you to say that they weren't indulging in that behaviour.

And as your second post was a longish justification for why they should indulge in that behaviour, it seems you have now conceded that they are.

"Remember MS to shamelessly approach Android manufacturers, smaller companies most of the time, and extort money from them?"

What was the money wanted in exchange for?

h4rm0ny Silver badge

Re: @auburnman

"It is fun watching it, isn't it?"

Uh no, not really. Big players charging each other fortunes means more expensive products for the rest of us.

h4rm0ny Silver badge

Re: Google being a troll

Wow. You've really misunderstood the point of the analogy. So you now agree that both sides are engaged in the same activity?

As to the Eye for an Eye approach you advocate of punitive charges, that just creates a barrier to entry for any new players and entrenches the existing big players, because costs rise and outside players can't break in any more. Some of us would prefer the market to stay open and competitve, rather than seeing huge fees charged for licences because big players want to punish each other, as you say they should.

h4rm0ny Silver badge

Re: Google being a troll

"A troll trolling another troll is not a troll after all. Don't you get that?"

Well you can say that but what makes it true? If I say a throwing excrement at another person throwing excrement is not actually throwing excrement, would that suddenly be a true statement? It's just more excrement even if you choose to support one of the parties throwing it.

h4rm0ny Silver badge

Re: Oh I see

"Correct, because it happened in that order"

Well if it's a play-ground case of "Who Started It" then presumably you have to add Google infringing on MS's patents as a prior step to MS asking them for money. Because if Google didn't, then MS wouldn't be able to do so.

But really, I don't think big business quite works on the principle of who started it. If a big business sees a rival to themselves - whether that's MS looking at Google or Google looking at MS, and they then see an opportunity to get money from that rival, then they take that opportunity.

Does anyone really think that if Google had the opportunity to sue MS for US$4bn and MS hadn't been charging them licence fees, the Google board would sit there and say "oh let's not sue MS for money for our patents, we kind of like them."

PGP Zimmermann teams with Navy SEALs, SAS techies in London

h4rm0ny Silver badge

Thank you for coming here and posting that. It's very interesting and it's great to see products like yours emerging. I really hope it works well as privacy is important.

You're not wrong about mandated backdoors being misused by outside parties. There was a case in Greece some years ago (you are probably aware of it, so posting more for other readers' benefit), where Vodafone's own backdoor technology was subverted by a hacker who used it to listen in on the phone calls of the Greek Prime Minister and others. All they had to do, was use the bugging that had actually been deliberately built into the system for law enforcement / intelligence agencies to use.

h4rm0ny Silver badge

Re: Soldiers are geeky?

"but these *are* people who put their life on the line so people at home have the freedom to whinge about them"

Actually, in the case of the USA which is the context I was talking about, it is a small fraction of the USA's overseas operations that are about ensuring the people of the USA have the "freedom to whinge". Mostly it's about maintaining the USA's position as preminent power in a region or obtaining oil reserves. Even when the stated aim is protecting the people of the USA, such as invading Afghanistan as a supposed response to 9/11, it's reasonably clear to the rest of the world that this is not the real motivation. (And 9/11 itself was a response to the US presence in Saudi Arabia, primarily).

"Maybe it's just me, but in that context I must admit that I find the treatment of those who return from war in many cases flat out deplorable."

Anyone who signs up to the US army thinking they're primarily going to be literally protecting the people of the USA, is naive in the extreme. I hope you will agree with that. So what is left, is people who sign up knowing that they are agreeing to kill people, in return for a paycheck.

Evildoers can now turn all sites on a Linux server into silent hell-pits

h4rm0ny Silver badge

Re: Web Applications are the vector

"On a an up-to-date system? If so, can you give us at least one such flaw we could exploit . Thanks"

You're asking me for a zero-day exploit that you can exploit? Uh, no.

What I wrote was that such flaws exist. I meant that they occur. You are the one that shifted the argument to my personally knowing of ones in advance of the people who patch and fix these things which is an unreasonable shift. I'm just pointing out that they occur. If you argue that they don't then you're ignorant and you're position is based on faith rather than study. Here is an example of one: Link It's pretty irrelevant to post it except for you to show that these can and do happen on Linux seeing as you seem so doubtful.

There was a privilege escalation in an NVIDIA driver last month as well. But I daresay you would try to shift the argument there as well, saying that it's not actually part of the Linux kernel. Despite it's presence on huge numbers of Linux PCs. The reason you would think it valid to shift it is because your motivation is to show that "Linux" (as if it were a person) is not at fault. Whereas my motivation is really just real world security and to show that a Linux system can be hacked.

h4rm0ny Silver badge

What's really depressing is that someone modded you down for that. Meaning they actually think that you're wrong to criticise people for thinking Linux is magically invulnerable. The tragic thing is that back when I first started using Linux, in the days when you had to compile everything yourself, nobody had that attitude. Okay, we knew it was safer than Windows in a lot of ways both because it was more obscure and because back then you had Windows 2000 and XP that didn't have decent security models. But you didn't have this zealotry.

Linux seems to have acquired religious followers. Those of us who actually were around in the early days and probably know more about managing or programming on Linux than a lot of the Linux fan-people, get modded down by those who merely identify with the OS like its some sort of sect. Take Eadon for example - on a previous story they actually tried to make the argument that good programmers are those who develop for Linux, and bad programmers are those who develop for Windows. I struggle to believe someone who would make that argument has any significant experience in the world of programming. But I bet they think their pronouncements on Linux trump any old timer's. Eulampios who is posting here previously argued with me that it was right to misrepresent facts if doing so made Microsoft look worse.

Operating Systems as religion and to Hell with any inconvenient people who remember LinuxJesus when he was just a man. How depressing.

h4rm0ny Silver badge

Re: Maybe its time...

"The questions - is this enough - anyone know how effective the current AV products are ? - is this a non-issue ?"

If you do all that you say you do, then the real question would be: is there anything more you can do. To which I'd say no, not really. About the only thing you could do more than you say you're doing is to monitor all the software you have installed yourself and try to patch it faster than your distribution actually does. Which is a nonsense task in practice. You might want to look at SE Linux depending on what your boxes actually do. And you would might want to install additional security tools like Suhosin if you're running a webserver. Basically, the only thing you haven't mentioned that you are doing is proactively checking to see if you have been compromised. E.g. there are tools that will monitor your system for unexpected changes. You could look into that.

But really, if you're doing everything you say you are and you're running Linux, you're going to be pretty safe. I don't use any sort of anti-virus on my own boxes. One of my clients has some of that pro-active monitoring software I talked about but I'm not overly-familiar with it. I could look into it if you're interested, but it's way overkill for your box if you're just a human being and not a company or intelligence agency.

Texan schoolgirl expelled for refusing to wear RFID tag

h4rm0ny Silver badge


All these technical solutions are starting down the wrong path. The girl has chosen the right one - take it to the people and the courts. What would be wonderful is if all the children in that school microwaved their cards as a sign of solidarity with her. If all the pupils did that, then the school could do nothing to them.

Biting the hand that feeds IT © 1998–2018