Once again I ask, why am I not affected, and why aren't clients of mine affected?
I have 200+ WSUS clients at one site alone, which are a mix of XP and Windows 7 desktops. Installation took a while, as .NET updates tend to do, but that's why we have scheduled updates over the weekend.
...sellers even offer advice on how to use telephone social engineering techniques via VoIP software to trick front desk managers into installing the Trojan.
If your hotel allows its front desk staff to install software, get a hold of me for some badly needed consulting.
I realize hospitality vendors are lazy about automatic updates of their garbage software, but this is just insulting after twelve years of Windows 2000.
Consequence: the effort that went in to designing new versions of Windows that require acknowledgement before running superuser tasks (like OSX and Linux), was in vain.
Is it really, really necessary to ask the "do you want...blah blah" question every single time you want to start a program?
Only the really ancient, or b0rken, or not-designed-for-supported-windows-versions-really programs do this. One could bite the bullet and, instead of paying for crap security products, upgrade the products they actually use.
How come I don't deal with UAC prompts every time I want to do something productive? Yes, I have UAC turned on and I run my applications as a non-admin as a matter of course.
"Emerging Trend" == "Happened for years." Absolutely nothing new nere.
"SFX Fake AV is morphing at a relatively fast rate, so it is something that signature-based vendors will have to watch out for as there will be an increasing number of variants in the wild."
This includes your signature-based Malwarebytes, right? So your own product can't save us. And you're only realizing this twenty years after the fact?!
"Also, the use of [s/Dropbox/some other public system] as a delivery mechanism is a something that the industry is going to have to take into account and protect against, as it is an emerging trend."
Wasn't this done in IRC twenty years ago? Is using Dropbox the emerging trend, or is using anything public for a delivery mechanism the emerging trend? So are we to ban Dropbox at the firewall, now? Or do we finally take before-the-fact measures?
Once again, I ask: Why am I not affected? Why are my clients, co-workers, and so on not affected? The answer may surprise you.
There is nothing new, here. Absolutely nothing. And there's nothing new in preventing this, either.
If Linux is the platform for the future of computing...
...then I weep for the recipients of its customer service.
Your DNS doesn't work? get a Linux box. hahahahahahahahahahah...(click)
If paying through the nose for non-"free" software gets me some decent customer service compared to this, I'll pay.
(That was an actual tech support call I had to endure once. This was a reverse DNS zone lookup delay problem. It turned out the authoritative DNS' admin made a stupid spelling mistake in a zone, and after they fixed it my NT-based DNS worked just fine, thank-you. Jerks. And you wonder why I go a little mad...)
"Browsium's low-cost answer was to avoid rewrites. [...] When it receives a call to a URL for IE6, it reproduces IE6's security and configuration [...] to make sure things still work."
I did this three years ago by fixing DNS in networks, and making sure internal app servers were visited with short names. IE8 automatically placed these in the "Local Intranet" zone, doing all of that natively. For others that needed full names or IPs I made Group Policy objects that put those things in the same zone. Sites in this zone automatically use 'compatibility' mode and relaxed security, unless their HTML has headers that tell IE8 to do otherwise.
So Browsium wrote a hack that does what was built in already. And they got paid to do this? If they have a patent, I claim prior art.
Yeah, it was supposed to be a troll comment and when I intentionally troll I use that such as to discourage responses. Don't feed the trolls, including me. I do hope people think before blaming Microsoft for everything, though.
It's ironic that Google designs installers that work for non-admins and applications that work in "userland" on Windows, yet they forbid using Windows in their own environment. More do as we say, not as we do.
... but it was [s/Microsoft's crappy OS/Google's crappy browser] that gave them the ability to do their naughty deeds in the first place! (To paraphrase a fellow commentard in another article.)
"HTML is the open standard of the web. Deal with it, bitches."
(Courtesy of the W3C Validator)
Line 112, Column 123: general entity "T" not defined and no default entity…inancial incentives to Verizon and AT&T in the hope of getting them to join Sp…
This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details.
Line 192, Column 22: reference to non-existent ID "EMAIL" <h4><label for=email>Email</label></h4>
Line 198, Column 22: reference to non-existent ID "PASSWORD" <h4><label for=password>Password</label></h4>
...to be fair, I struggled a lot with ampersands in URLs until I changed my parser to catch these and swap these in and out on the fly. Avoiding them in links entirely also helps. And face it: You were asking for this, El Reg.
Messagelabs isn't immune, seems to hand out licences to send spam
I've subscribed to these guys for five years, and their "Skeptic" is becoming less skeptical.
They seem to let a lot of hired gun spammers send through, with the reason:
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: (...)
...where some identifier follows.
I don't know what their sa_preprocessor does to let these jokers through, but it seems inconsistent. I've had to resort to listing the offending hired guns' networks, domain names and e-mail addresses in their Blocked Senders lists, turning this into a new Whack-A-Mole game. Whatever it is doesn't matter; I didn't subscribe to those mailings.
Is Alex Shipp still roaming these forums? Any insights?
On the plus side, they still haven't let a piece of malware in over five years. Spam is one thing, but at least they're holding up to the virus detection guarantee.
No good IT department would permit staff to take company property and install unauthorized software on it, including whatever DRM this kiosk system uses.
Here's the evil part: Said staff would then call from the airport to their IT department helpdesk. "I'm sorry, Director of Whatever, company computer policy Charter X Part Y prohibits employees from installing unauthorized softtware." And then I'd be out of a job just because I was doing my job.
So thank-you, Digiboo, for becoming a possible source of IT unemployment.
I see news of MS Windows volume license (US spelling) product keys pilfered and key-generated and so-on fairly routinely. If the Beeb iPlayer was tied into the UK's TV licence system somehow, it wouldn't be long before these licence numbers got pirated.
This sort of news does not inspire confidence in an already dubious anti-virus industry, that spends more money on market research than anti-virus research and has to call out to the masses: "Help us find out how this was written."
What I would do with actual budget figures from a major AV firm. Even without that information, if they spent more money on AV research than market research, we'd have an off-the-shelf profile-based virus product that can catch this sort of thing before it's written, instead of boxes of the same-old after-the-fact garbage with pictures of Iron Man on the front.
"I installed the AV software you advised - so why is my PC infected?"
Because anti-virus software is designed to fail. It's designed to keep you pressing that 'update' button and keep you paying for subscriptions. It's not designed to actually do PC security for you.
I suppose AV companies could make products that did the job, but who would buy them? If they don't constantly nag you to do something, you might start to think they're not needed anymore, and stop paying for them.
I don't rely solely on anti-virus software in my home, my home office, or workplaces. I manage Windows systems almost exclusively, with the exception of appliances running Cisco IOS or varying distros of Linux, but no Linux PCs or servers. Yet I don't have virus problems. Go figure.
Did anyone else notice the "inherent flaw" conclusions?
Technical details of the hack aside, the paper explained, "Why internet voting is hard," especially, "Tensions between ballot secrecy and integrity." Implementing both secrecy and integrity seems very difficult in any electronic system, but we've mastered both in a paper ballot.
I mean a real paper ballot, that uses "X" for an anonymous signature.
And I couldn't help but notice this little jab: "[...]despite the use of the term “commercial [off-the-shelf software],” includes most everyday open-source software."
In exchange I offer this little jab: "You can't blame Microsoft for this one."
Somehow, someone managed to blame Microsoft for a non-Microsoft problem.
"I guess the money flowing into SUSE from Microsoft is starting to pay dividends..."
SUSE doesn't need any help from Microsoft to make Linux harder to use. They have legions of religious fanatics who were working on making Linux harder to use for two decades. They keep designing for other Linux users than for other regular users.
"Don't even get me started about the [s/Windows/Linux] [s/'Run As Admin'/'su'] kludge."
"[s/MS/Apple] is already [s/trying to shaft/shafting] everyone with (cough) trusted computing in the guise of UEFI bullcrap."
And that's just on the Macintosh.
What was old is new again, and customers are happy to gobble it up on their iDevices and 'droids when they didn't understand it on the bog standard PC. Subsidized devices and cheap games make for a more pleasant screwing-over, like being taken out to dinner first. Of course, designing TPM into an entirely new platform instead of bolting it onto a decades-old architecture helped some.
A spoonful of sugar helps the (TPM) medicine go down.
I'm not liking it any, but I'm not expecting to change the minds of the iSheep anytime soon with postings on El Reg.
"the man has been the most ineffectual President the US has seen in a while"
I'm more likely to blame a system that ensures politicians are in eternal re-election mode, coupled with a "me first" attitude that the populace presents, which of course differs wildly from region to region. There's no room for moderation, compromise, or pragmatism in that system with that populace.
The system would work if the populace were more pragmatic, or the populace could all agree to change the system. I don't see either of those happening in the next century or so.
HP burned my britches when I first consulted for a company that had a few of the HP 2600N Color Laserjet printers. These supposedly-network-capable printers didn't support point-and-print functionality in Windows Server. Pundits of the day blamed HP's "host-based printing" system for the failure to support point-and-print.
Point-and-print isn't a big deal in a two workstation network. When you have non-admin users spread out over ten stations or more, point-and-print, along with logon scripts, are work-savers.
While folks blamed "host-based" printing as the cause, I didn't buy that. Okidata line printers did "host-based" drivers for a long time, yet they support point-and-print effortlessly. HP's excuse was that the 2600N was not designed as an enterprise printer. whoopty-******-doo. If you put a LAN port on a printer, expect some admin somewhere to run it off a Windows print server.
If you don't believe freedom can be bought, just look at the legal industry.
That aside, the Mozilla Foundation is using this as a selling point for their business. I argue that it is not enough for a strong business model. Their products need to Work, or guest what? No one will buy them.
Being someone who has to work with this daily, I'm forced to choose between something that works and something that sort-of-works-but-resists-oppression. I don't get paid enough to support altrustic causes at work.
The Mozilla Foundation better have more than "freedom" as a selling point. Their stuff needs to Just Work.
Probably redesigns, not 'ports' in the traditional sense
"I would be mighty pissed off by MS allowing their own non-Metro software on WOA (Office 15 & IE10) and not allowing anyone else to do so."
Somehow I don't see Office 15 for ARM being a 'non-Metro' application. Same with IE10 (no plugins? Proceed at flank speed on that one! May I get that for x86 / x64?)
"if WOA takes off then it will be targeted by the crooks and then it will be interesting to see how long it takes for things like the boot-loader and software installation to be cracked."
The same crooks are chipping away at iOS and iDevices right now, and not succeeding as vastly as they'd like. The only difference is pundits praise Apple for locking down the device and will denounce Microsoft for doing the exact same thing.
Somehow this is all (s/Microsoft's/Google's) fault
"If (s/Microsoft/Google) were serious about security, they would not use a plain [whatever], but use a service which would reverse-resolve to a proper (s/microsoft/google) [something]. Maybe that would imply that (s/MS/GOOG) itself would do the [thing], but that is the price of proper security..."
I could play Mad Libs all morning. Any more choice paragraphs for me?
"...then it's time to identify which element of your IT stack is holding everything back and get rid of it."
I'd probably trash half of my infrastructure with this philosophy. I'm amazed how much of this garbage gets foisted on me because some marketing or admin wonk insisted they needed Product X.
Dear employers and/or clients: If you're reading this, please let me evaluate these products before forcing me to deploy them. I will save you tons of IT support hours before the fact.
"So how do you avoid the "Unrecognised item in bagging area" errors that plague the rest of us?"
What errors? Where I'm from automated tills don't do this. Mind you, Wal-Mart probably has a larger R&D budget than Superstore, or at least they do in Winnipeg. This is a case in point for the article: Superstore needs to fix this problem or replace the faulty bit with a bit that just works.
DNS is so inherently insecure after all, if some hacker can steal sensitive data using vulnerabilities in Adobe products and transmit it pretending to be Windows Update, and spoof update.microsoft.com so instead of it going to an Akamai server network it goes to a botnet. And let's not forget how inherently insecure digital signatures are... even though there probably isn't a line of MS code being used at Verisign....
OK, I got it out of my system. Downvote away. It's 3 PM, I'm fried... :-)
Sixteen years admining NT and variants; don't tell me I haven't earned my BS.
"If i set up WSUS to point to a single (currently valid) microsoft update server, and they change it, what are the chances they'll send me a note before they do this? zero, absolutely zero."
I don't seem to have such issues. I do run WSUS on a 200+ client multi-site network. Don't dare tell me I've never been an admin.
"Regarding your MS firewall, what DNS does it rely on to insure that your connection to windowsupdate.micrsoft.com ACTUALLY goes to a microsoft server and not any other server?"
WSUS packages are digitally signed.
I only have the DNS root servers to rely on, along with the stability of DNS itself, just like you. DNS is soooooo flawed and subject to hacking, etc etc yet we keep using it. It's certainly not a MS product. Then again, digital signatures are also soooooo flawed and easily forged. We're doomed, I tell you, doomed!!!!!11!one
"So far, you haven't come up with any rational solutions, and its not you, I don't think there are any rational solutions."
You saying LA-LA-LA-LA-I-CAN'T-HEAR-YOU doesn't mean the solution doesn't work. Or is the inline web proxy that does filtering by category, by application, by name, and so on not good enough, working in concert with a firewall router blocking un-proxied HTTP? Not mentioning brands but it's non-MS.
If there are no rational solutions then we're all doomed, pack it in, disconnect from the internet, dismantle the internet as an abject failure. And it's all Microsoft's fault that all of these non-MS services, systems, and so on are a failure.
Take. Some. Ownership. Blaming the biggest target is a coward's way out and doesn't solve the real problem. The internet itself is the real problem.
"At least, Microsoft could use the same set of Akamai addresses for all of their update traffic, but apparently it changes all the time. So I stand to my characterization of a big MS FAIL here."
Or maybe you, the supposedly security-conscious admin, could restrict WU traffic to a single WSUS server and use that to deploy updates, then block the domain from other clients at your proxy level or whatever device you have for managing web traffic. WSUS is free with Windows Server.
Take some ownership already. Or are you going to blame MS for not teaching you how to use your non-MS firewall or web filter or whatever?
But no matter, you and the rest of the crowd here will find some way to pin this on them no matter what rational solutions I could possibly come up with.
Register
269 posts • joined Thursday 20th April 2006 17:17 GMT
Page:
And people wonder why code signing is important.
I've sometimes found it possible to run "foreign" EXEs via the simple expedient of renaming them as something acceptable like "notepad.exe".
Yay for code signing.
All three KBs work here, what's the big deal?
Once again I ask, why am I not affected, and why aren't clients of mine affected?
I have 200+ WSUS clients at one site alone, which are a mix of XP and Windows 7 desktops. Installation took a while, as .NET updates tend to do, but that's why we have scheduled updates over the weekend.
Truth is stranger than fiction
They would have [sued Microsoft] if Microsoft said the same thing about Windows
They already tried.
Is anyone dead from a cyber-attack yet?
Until someone dies because of a so-called 'cyber-attack,' this isn't cyber-war. That's my definition.
1990s thinking again
Securely - well that rules Windows out then
Welcome to the 21st century, AC. Rules have changed since then.
And I thought I had an agenda.
This AC is just out for Google blood today.
And front desk managers can install software?
...sellers even offer advice on how to use telephone social engineering techniques via VoIP software to trick front desk managers into installing the Trojan.
If your hotel allows its front desk staff to install software, get a hold of me for some badly needed consulting.
I realize hospitality vendors are lazy about automatic updates of their garbage software, but this is just insulting after twelve years of Windows 2000.
The solution is obvious: Make root access forbidden!!!!1!one
But still, BackTrack has one single root user anyway.
Time to make a distro that doesn't have a root user. Can't break a PC you can't configure. :-)
Weakness in the user revealed
Consequence: the effort that went in to designing new versions of Windows that require acknowledgement before running superuser tasks (like OSX and Linux), was in vain.
I came up with this concept back in 2006: The simplest Vista virus.
Only the crap b0rken programs.
Is it really, really necessary to ask the "do you want...blah blah" question every single time you want to start a program?
Only the really ancient, or b0rken, or not-designed-for-supported-windows-versions-really programs do this. One could bite the bullet and, instead of paying for crap security products, upgrade the products they actually use.
How come I don't deal with UAC prompts every time I want to do something productive? Yes, I have UAC turned on and I run my applications as a non-admin as a matter of course.
"Emerging Trend" == "Happened for years." Absolutely nothing new nere.
"SFX Fake AV is morphing at a relatively fast rate, so it is something that signature-based vendors will have to watch out for as there will be an increasing number of variants in the wild."
This includes your signature-based Malwarebytes, right? So your own product can't save us. And you're only realizing this twenty years after the fact?!
"Also, the use of [s/Dropbox/some other public system] as a delivery mechanism is a something that the industry is going to have to take into account and protect against, as it is an emerging trend."
Wasn't this done in IRC twenty years ago? Is using Dropbox the emerging trend, or is using anything public for a delivery mechanism the emerging trend? So are we to ban Dropbox at the firewall, now? Or do we finally take before-the-fact measures?
Once again, I ask: Why am I not affected? Why are my clients, co-workers, and so on not affected? The answer may surprise you.
There is nothing new, here. Absolutely nothing. And there's nothing new in preventing this, either.
If Linux is the platform for the future of computing...
...then I weep for the recipients of its customer service.
Your DNS doesn't work? get a Linux box. hahahahahahahahahahah...(click)
If paying through the nose for non-"free" software gets me some decent customer service compared to this, I'll pay.
(That was an actual tech support call I had to endure once. This was a reverse DNS zone lookup delay problem. It turned out the authoritative DNS' admin made a stupid spelling mistake in a zone, and after they fixed it my NT-based DNS worked just fine, thank-you. Jerks. And you wonder why I go a little mad...)
As opposed to a legal porn stash?
Um, fixing DNS does this for FREE
"Browsium's low-cost answer was to avoid rewrites. [...] When it receives a call to a URL for IE6, it reproduces IE6's security and configuration [...] to make sure things still work."
I did this three years ago by fixing DNS in networks, and making sure internal app servers were visited with short names. IE8 automatically placed these in the "Local Intranet" zone, doing all of that natively. For others that needed full names or IPs I made Group Policy objects that put those things in the same zone. Sites in this zone automatically use 'compatibility' mode and relaxed security, unless their HTML has headers that tell IE8 to do otherwise.
So Browsium wrote a hack that does what was built in already. And they got paid to do this? If they have a patent, I claim prior art.
So says Vic Toews, MP for Provencher (Manitoba, Canada)
Also our Public Safety minister. Ugh.
Yeah I deserved it
Yeah, it was supposed to be a troll comment and when I intentionally troll I use that such as to discourage responses. Don't feed the trolls, including me. I do hope people think before blaming Microsoft for everything, though.
It's ironic that Google designs installers that work for non-admins and applications that work in "userland" on Windows, yet they forbid using Windows in their own environment. More do as we say, not as we do.
But... but... but...
... but it was [s/Microsoft's crappy OS/Google's crappy browser] that gave them the ability to do their naughty deeds in the first place! (To paraphrase a fellow commentard in another article.)
And you wonder why I go a little mad...
Read this and this before you blame Microsoft for a botnet team's actions.
Pedantic HTML Nazi Alert
"HTML is the open standard of the web. Deal with it, bitches."
(Courtesy of the W3C Validator)
Line 112, Column 123: general entity "T" not defined and no default entity…inancial incentives to Verizon and AT&T in the hope of getting them to join Sp…
This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details.
Line 192, Column 22: reference to non-existent ID "EMAIL" <h4><label for=email>Email</label></h4>
Line 198, Column 22: reference to non-existent ID "PASSWORD" <h4><label for=password>Password</label></h4>
...to be fair, I struggled a lot with ampersands in URLs until I changed my parser to catch these and swap these in and out on the fly. Avoiding them in links entirely also helps. And face it: You were asking for this, El Reg.
Messagelabs isn't immune, seems to hand out licences to send spam
I've subscribed to these guys for five years, and their "Skeptic" is becoming less skeptical.
They seem to let a lot of hired gun spammers send through, with the reason:
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: (...)
...where some identifier follows.
I don't know what their sa_preprocessor does to let these jokers through, but it seems inconsistent. I've had to resort to listing the offending hired guns' networks, domain names and e-mail addresses in their Blocked Senders lists, turning this into a new Whack-A-Mole game. Whatever it is doesn't matter; I didn't subscribe to those mailings.
Is Alex Shipp still roaming these forums? Any insights?
On the plus side, they still haven't let a piece of malware in over five years. Spam is one thing, but at least they're holding up to the virus detection guarantee.
So old, it's new again!
I have faith in the anti-virus industry, all right. Just not the kind that anti-virus sales droids like their customers to have.
Corporate notebooks + non-admin = no sale
No good IT department would permit staff to take company property and install unauthorized software on it, including whatever DRM this kiosk system uses.
Here's the evil part: Said staff would then call from the airport to their IT department helpdesk. "I'm sorry, Director of Whatever, company computer policy Charter X Part Y prohibits employees from installing unauthorized softtware." And then I'd be out of a job just because I was doing my job.
So thank-you, Digiboo, for becoming a possible source of IT unemployment.
New Math?
"WD quotes speeds of up to 1Gbit/s, twice USB 3.0's 5Gbit/s[...]"
In Western Digital's world, 1 = 2 * 5.
(OK, I'll bet Chris meant "10 Gbit." It's still funny to read.)
How soon before TV licences are pirated, then?
I see news of MS Windows volume license (US spelling) product keys pilfered and key-generated and so-on fairly routinely. If the Beeb iPlayer was tied into the UK's TV licence system somehow, it wouldn't be long before these licence numbers got pirated.
Virus writers, do your part!
In these trying economic times, the anti-virus industry needs all the help it can get.
The point?
This sort of news does not inspire confidence in an already dubious anti-virus industry, that spends more money on market research than anti-virus research and has to call out to the masses: "Help us find out how this was written."
What I would do with actual budget figures from a major AV firm. Even without that information, if they spent more money on AV research than market research, we'd have an off-the-shelf profile-based virus product that can catch this sort of thing before it's written, instead of boxes of the same-old after-the-fact garbage with pictures of Iron Man on the front.
So AV firms forgot how to read x86 assembly?
Like I'm going to trust these guys with protecting my x86 PC given this skill set.
The correct answer for your user...
"I installed the AV software you advised - so why is my PC infected?"
Because anti-virus software is designed to fail. It's designed to keep you pressing that 'update' button and keep you paying for subscriptions. It's not designed to actually do PC security for you.
I suppose AV companies could make products that did the job, but who would buy them? If they don't constantly nag you to do something, you might start to think they're not needed anymore, and stop paying for them.
I don't rely solely on anti-virus software in my home, my home office, or workplaces. I manage Windows systems almost exclusively, with the exception of appliances running Cisco IOS or varying distros of Linux, but no Linux PCs or servers. Yet I don't have virus problems. Go figure.
http://vmyths.com/column/1/2005/1/3/
At least until the 'evil app' learns how to access Droidwall
"A better option is to install DroidWall. It's a free firewall that let's you block apps from accessing the internet."
If an app has 'full permissions' it will only be a mater of time before apps have enough code to look for and disable these things.
Did anyone else notice the "inherent flaw" conclusions?
Technical details of the hack aside, the paper explained, "Why internet voting is hard," especially, "Tensions between ballot secrecy and integrity." Implementing both secrecy and integrity seems very difficult in any electronic system, but we've mastered both in a paper ballot.
I mean a real paper ballot, that uses "X" for an anonymous signature.
And I couldn't help but notice this little jab: "[...]despite the use of the term “commercial [off-the-shelf software],” includes most everyday open-source software."
In exchange I offer this little jab: "You can't blame Microsoft for this one."
Somehow, someone managed to blame Microsoft for a non-Microsoft problem.
"I guess the money flowing into SUSE from Microsoft is starting to pay dividends..."
SUSE doesn't need any help from Microsoft to make Linux harder to use. They have legions of religious fanatics who were working on making Linux harder to use for two decades. They keep designing for other Linux users than for other regular users.
"Don't even get me started about the [s/Windows/Linux] [s/'Run As Admin'/'su'] kludge."
[s/pot/kettle]
Bit late yourself: s/Microsoft/Apple
"[s/MS/Apple] is already [s/trying to shaft/shafting] everyone with (cough) trusted computing in the guise of UEFI bullcrap."
And that's just on the Macintosh.
What was old is new again, and customers are happy to gobble it up on their iDevices and 'droids when they didn't understand it on the bog standard PC. Subsidized devices and cheap games make for a more pleasant screwing-over, like being taken out to dinner first. Of course, designing TPM into an entirely new platform instead of bolting it onto a decades-old architecture helped some.
A spoonful of sugar helps the (TPM) medicine go down.
I'm not liking it any, but I'm not expecting to change the minds of the iSheep anytime soon with postings on El Reg.
OK who else's head was in the wrong place?
This headset looks NOTHING like the headsets worn by techs in Halo 2.
Come to think of it, did techs even WEAR headsets in Halo 2? Were they implanted in the skull or something?
Where have I read, "write once, run/deploy anywhere," before? *ahem*Java*
Another altrustic goal soon to be superseded by market reality, developer impatience, customer frustration and vendor greed.
I hope the Mozilla Foundation learned from Java's legacy. It wasn't that long ago, people. Or is 1996 too far back to remember?
Double standards again
"That Microsoft tries to infect something with DRM is par for the course. That Netflix does so is not really any concern of mine."
s/Netflix/Apple, anyone? How about s/Microsoft/Apple?
And whose fault is this?
"the man has been the most ineffectual President the US has seen in a while"
I'm more likely to blame a system that ensures politicians are in eternal re-election mode, coupled with a "me first" attitude that the populace presents, which of course differs wildly from region to region. There's no room for moderation, compromise, or pragmatism in that system with that populace.
The system would work if the populace were more pragmatic, or the populace could all agree to change the system. I don't see either of those happening in the next century or so.
Do these networkable printers do Point and Print?
HP burned my britches when I first consulted for a company that had a few of the HP 2600N Color Laserjet printers. These supposedly-network-capable printers didn't support point-and-print functionality in Windows Server. Pundits of the day blamed HP's "host-based printing" system for the failure to support point-and-print.
Point-and-print isn't a big deal in a two workstation network. When you have non-admin users spread out over ten stations or more, point-and-print, along with logon scripts, are work-savers.
While folks blamed "host-based" printing as the cause, I didn't buy that. Okidata line printers did "host-based" drivers for a long time, yet they support point-and-print effortlessly. HP's excuse was that the 2600N was not designed as an enterprise printer. whoopty-******-doo. If you put a LAN port on a printer, expect some admin somewhere to run it off a Windows print server.
I think ya better rephrase that...
"I know, [Microsoft shop] sys admins are idiots"
And you wonder why Linux advocates don't get any respect.
These are good people who try to do their damn job as best as they can. Different platform, same, um, "challenges."
Why do I miss out on all of this fun?
I never get problems like this. I only get oddities like cbc.ca telling me to upgrade to IE8 when I'm running IE9.
And the missing DLL in IE8 on XP? Didn't happen to me, either.
I swear, I'm missing out on the whole Windows Experience here.
Okay, how about Freedom[tm]?
If you don't believe freedom can be bought, just look at the legal industry.
That aside, the Mozilla Foundation is using this as a selling point for their business. I argue that it is not enough for a strong business model. Their products need to Work, or guest what? No one will buy them.
"Freedom" vs "Just Works"
What happened to, "don't get in your own way?"
http://forums.theregister.co.uk/forum/1/2012/02/03/sysadmins_should_be_prepared_for_change/
Being someone who has to work with this daily, I'm forced to choose between something that works and something that sort-of-works-but-resists-oppression. I don't get paid enough to support altrustic causes at work.
The Mozilla Foundation better have more than "freedom" as a selling point. Their stuff needs to Just Work.
Probably redesigns, not 'ports' in the traditional sense
"I would be mighty pissed off by MS allowing their own non-Metro software on WOA (Office 15 & IE10) and not allowing anyone else to do so."
Somehow I don't see Office 15 for ARM being a 'non-Metro' application. Same with IE10 (no plugins? Proceed at flank speed on that one! May I get that for x86 / x64?)
"if WOA takes off then it will be targeted by the crooks and then it will be interesting to see how long it takes for things like the boot-loader and software installation to be cracked."
The same crooks are chipping away at iOS and iDevices right now, and not succeeding as vastly as they'd like. The only difference is pundits praise Apple for locking down the device and will denounce Microsoft for doing the exact same thing.
That's my line!
This is somehow all Microsoft's fault... :-) They somehow started the software patent wars, and Apple and Samsung are just emulating them...
Green Bay Packers
...enough said.
Somehow this is all (s/Microsoft's/Google's) fault
"If (s/Microsoft/Google) were serious about security, they would not use a plain [whatever], but use a service which would reverse-resolve to a proper (s/microsoft/google) [something]. Maybe that would imply that (s/MS/GOOG) itself would do the [thing], but that is the price of proper security..."
I could play Mad Libs all morning. Any more choice paragraphs for me?
I guess bad design isn't unique to Redmond.
Forget Atlantis, what about Rapture?
Would You Kindly visit these coordinates in Google Maps? 63 2 N, 29 55 W
Does that still exist in Google Earth? Hmmmm?!!!1!one
Yum, housekeeping.
"...then it's time to identify which element of your IT stack is holding everything back and get rid of it."
I'd probably trash half of my infrastructure with this philosophy. I'm amazed how much of this garbage gets foisted on me because some marketing or admin wonk insisted they needed Product X.
Dear employers and/or clients: If you're reading this, please let me evaluate these products before forcing me to deploy them. I will save you tons of IT support hours before the fact.
"So how do you avoid the "Unrecognised item in bagging area" errors that plague the rest of us?"
What errors? Where I'm from automated tills don't do this. Mind you, Wal-Mart probably has a larger R&D budget than Superstore, or at least they do in Winnipeg. This is a case in point for the article: Superstore needs to fix this problem or replace the faulty bit with a bit that just works.
This is somehow Microsoft's fault
DNS is so inherently insecure after all, if some hacker can steal sensitive data using vulnerabilities in Adobe products and transmit it pretending to be Windows Update, and spoof update.microsoft.com so instead of it going to an Akamai server network it goes to a botnet. And let's not forget how inherently insecure digital signatures are... even though there probably isn't a line of MS code being used at Verisign....
OK, I got it out of my system. Downvote away. It's 3 PM, I'm fried... :-)
Sixteen years admining NT and variants; don't tell me I haven't earned my BS.
"If i set up WSUS to point to a single (currently valid) microsoft update server, and they change it, what are the chances they'll send me a note before they do this? zero, absolutely zero."
I don't seem to have such issues. I do run WSUS on a 200+ client multi-site network. Don't dare tell me I've never been an admin.
"Regarding your MS firewall, what DNS does it rely on to insure that your connection to windowsupdate.micrsoft.com ACTUALLY goes to a microsoft server and not any other server?"
WSUS packages are digitally signed.
I only have the DNS root servers to rely on, along with the stability of DNS itself, just like you. DNS is soooooo flawed and subject to hacking, etc etc yet we keep using it. It's certainly not a MS product. Then again, digital signatures are also soooooo flawed and easily forged. We're doomed, I tell you, doomed!!!!!11!one
"So far, you haven't come up with any rational solutions, and its not you, I don't think there are any rational solutions."
You saying LA-LA-LA-LA-I-CAN'T-HEAR-YOU doesn't mean the solution doesn't work. Or is the inline web proxy that does filtering by category, by application, by name, and so on not good enough, working in concert with a firewall router blocking un-proxied HTTP? Not mentioning brands but it's non-MS.
If there are no rational solutions then we're all doomed, pack it in, disconnect from the internet, dismantle the internet as an abject failure. And it's all Microsoft's fault that all of these non-MS services, systems, and so on are a failure.
Take. Some. Ownership. Blaming the biggest target is a coward's way out and doesn't solve the real problem. The internet itself is the real problem.
http://vmyths.com/column/1/2001/4/4/
But that's digressing. Take some ownership.
So you blame MS for you not doing your job?
"At least, Microsoft could use the same set of Akamai addresses for all of their update traffic, but apparently it changes all the time. So I stand to my characterization of a big MS FAIL here."
Or maybe you, the supposedly security-conscious admin, could restrict WU traffic to a single WSUS server and use that to deploy updates, then block the domain from other clients at your proxy level or whatever device you have for managing web traffic. WSUS is free with Windows Server.
Take some ownership already. Or are you going to blame MS for not teaching you how to use your non-MS firewall or web filter or whatever?
But no matter, you and the rest of the crowd here will find some way to pin this on them no matter what rational solutions I could possibly come up with.
Page: