Posts by El Cid Campeador

Re: Had to happen

Hmmm... not sure if joking or just Ballmerizing.....

Re: New York to London in less than 1 hour?

Reminds me of the joke that was circulating during WWII:

An American soldier is bragging in an English pub about how great Texas is: "Why in Texas, you can get on a train, ride all day, sleep all night, ride all day, sleep all night, and you're STILL in Texas!" One of the locals gets up, walks over, pats him on the shoulder and says sympathically, "It's all right, we have trains like that in England too."

Exactly

Good lord, why not get it from the people who actually wrote it?

Of course if it's Adobe or Java you're still hosed.... but that's why you always take the "custom" option for install, to get rid of the useless fripperies (AVG, oh AVG, why hast thou bloated the everliving crap out of thy software?)

Glad I'm off Windows and can just find the official repo... but not everybody has that option.

Not so fast...

I'm as big a fan of Linux as anyone out there... and I refuse to have a Windows machine, BUT... this kind of rootkit would work against a Linux machine too, and a good Trojan can still trick the user into installing it.

In this case we should be working together to detect these kind of shenanigan instead of flaming each other.

Agreed!

To use the aviation analogy-- with "cyberwarfare" (I hate the term, but oh well) we're still in 1914: buzzing around, mostly doing recon, and heaving the occasional brick and/or hand grenade.

That being said, if we persist in keeping our fingers in our ears and singing "LALALALALA--I CAN'T HEAR YOU" and continue connection every stinking thing we own to the Internet, we're setting ourselves up for real disaster, and the longer before it happens, the worse it will be. Unfortunately, I am not optimistic. Mention security to otherwise informed and intelligent people, whether in industry or academia, and you get classified with people who believe in mind rays. Not promising if we're going to fix anything....

Agreed. I used to work at a local retail/repair shop where we also built new PCs. In theory, we could put whatever OS we wanted on the system, but if we put anything other that Windows on our new-build machines, we would lose our "discount" and any hope of being able to sell the machines at a competitive price (already difficult since we used quality hardware with solid manufacturer's warranties as opposed to the flimsy crap in the big boys' systems).

So... of course you can disobey MS, but you'll go out of business if you do. Unfortunately, they can say they weren't "forcing" us since, in theory, we could do whatever we wanted. In practice, you obey Redmond or go bankrupt....

Drivers too

And (if you're running Windows) unless you've imaged the drive or have the original restore disks, have fun tracking down goofy drivers for the hardware... used to fix computers at the retail level for a living and I hated seeing busted laptops-- the customer NEVER had the restore disks or a backup and some of those websites seem to have been organized by 1) taking all data for the site, printing it out 2) placing the pages in a ring binder with the rings open, 3) throwing the binder down a flight of stairs and (profit?) using the ensuing mess as their site map.

Absolutely!

Thank you for a great post! I couldn't agree more... when I did lock down a Win2k3/XP nextwork (and got the results to prove it worked) I was constantly battling not simply the classic PHB/secretarial types but people who should have known better-- someone actually had the gall to email me that, as a network admin, he should be exempt from proxy restrictions (mostly social networking/streaming media blocks) and other measures because he and his cronies were the "heart and soul" of the organization... yeah right.

Of course, if you're going to lock down a network, you'd better be ready to run, not walk, to make sure your people do have what they need to do their jobs. And if you use bad passwords or don't restrict access to sensitive information, no OS in the world can save you or protect you.

As far as the Win/*nix debate is concerned-- yes, Windows can be locked down to a reasonably secure level, but it takes a LOT of work and you'll have to be ready to tweak some apps (usually just adjusting permissions on Program Files folders) or they won't work. *nix, on the other hand, is generally much easier to lock down, and very few applications will break, which suggests it's more secure out of the box, and much more amenable to lock down.

Still not convinced? Take two VMs, put Vista or Win7 (with UAC fully enabled) on one and Ubuntu (deliberately choosing one of the least secure *nix variants) and do similar stuff-- how often does the UAC come up vis-a-vis the sudo dialogue on Ubuntu? Yep. Windows is indeed poorly designed and requires far too much user access to sensitive areas of the system.

It's short...

...the nice thing about a helicopter is that (provided the pilot is properly trained) you can make a safe autorotational landing in a VERY small space and from a low altitude. For your typical light utility helicopter, a decent parking lot will do if there's a clear approach.

Of course in a built up area wire and such are a huge issue but that applies to fixed wing too...

That will be nice.....

...if you can write your own patches/fixes. Unfortunately when MS drops support you're going to be left in the lurch. :( Personally, I wish the gov't would actually do something useful and pass a simple law: if you've charged people for your software you must either 1) support it OR 2) open-source it so legacy users can continue to maintain their systems. If keeping their code secret is so important, they should continue patching it, end of story.

Since that's not going to happen, I'm encouraging all my friends who are running XP to at least give Linux Mint a spin before shelling out for a pricey Win7 box... It's not like they're losing money if they don't like it.

Look around

You CAN find Reader MSI installers--not easy (unless you sign up with them) and you have to be VERY careful about your source, but it is doable (if still a huge pain).

Agreed!

Even if it was a number or years (or decades) we're still looking at en extremely brief period. In addition, I've seen that some paleontologists don't think that it was JUST the meteor-- the impact was more the cherry on a cake that had been building for some time. According to these guys, the Deccan supervolcano (erupted sometime between 60 and 68 MYA so right in period) and the establishment of a land bridge between what would become Europe and North America (allowing the spread of new diseases and invasive species) had already severely stressed the overall ecosystem in a kind of "perfect storm" scenario. If there was already a dieback in effect in the time leading up to the impact, that can explain the lack of fossils (in addition to the reasons listed above).

Nuke the site from orbit...

...it's the only way to be sure.

DoD wipe the whole drive and reinstall from clean media-- and hope you've got a good data backup.

Before you make any assumptions....

...realize that some of us aren't allowed to use the tools we would like. I'd elaborate further but why expose myself to another barrage of mistaken assumptions and abusive language?

Agreed

Just goes to show--they must be offering good support or people wouldn't be renewing. Open Source can and is generating profits.

Agreed--worrying and a tough call.

This just highlights the need for the conversation about security to get out of the geek community and hit the mainstream. On the one hand, I am extremely concerned about any government or private agency reaching into anybody's computer without their informed consent (Google, I'm looking in your direction), but on the other hand these bots (and other malware) are endangering innocent users and the very Internet we all depend on. What is even more unfortunate is that nine times out of ten discussing anything like this with an ordinary user gets you a shrug and a "meh." So... at what point does ignorance cease to be an excuse? And, as has been asked above, at where exactly is the line between dodgy and flat-out malware? These are NOT easy questions and drawing the line in the wrong place could have catastrophic consequences: too slack and the web gets overwhelmed by the bad guys, too tight and we have Big Brother (if we don't already--if the governments of the world were less clueless we'd already be boned). We must broaden this conversation if we're going to get anything resembling a workable solution.

Your right in principle... but the legal system IS an issue

What we're seeing is old-school (i.e. pre-1776 and Adam Smith) mercantilist thinking-- competition as a zero-sum game. This is the thinking that cost England its American colonies by trying to restrict trade in the name of keeping the resources on the other side of the Pond to itself. If a significant number of enterprises adopted this model, everyone would benefit as there would be a Darwinian process where the good bits multiply and the bad bits die. Who knows, you might even see enterprises agreeing to save money on software infrastructure by working together so they can get on with selling oil/cars/toothbrushes/whatever. Then competition would happen on the basis of who has the better product not on who has the least buggy code.

Unfortunately, as long as the patent system remains broken (ironically, the US patent system was originally designed to promote innovation rather than stifle it) and as investors abuse due diligence lawsuits there will be legitimate fears that will prevent open sourcing of code.

Sound like an idealist pipe dream? So was free trade in 1776.

See private property posts above....

Yeah, I know, none of us read the fine print on our tickets (oops am I showing my age regarding paper tickets?)... but these planes are private property. That means that (as long as they're not asking for anything illegal) the owners of the plane can set whatever rules they like--and can remove you if you refuse to comply (preferably while the plane is on the ground). It's like the bars having the sign that says "We reserve the right to refuse service for any reason whatsoever--punk!" Maybe the saggy pants brigade should pool their own money and found their own airline where they can hobble about to their heart's content (speaking of which... how's that naked airline doing?)

A guess....

I'm not a scientist either, but a complete wild guess: as trees lose their leaves and smaller plants die in the (Northern hemisphere) fall each year, less CO2 is absorbed? Might be interesting to check if there's a smaller spike (given less land area) when fall hits the Southern hemisphere....

Not so simple

The Wall Street firms are so interlaced with the government (even before the bailout, which has just made things worse) that it's more a case of cronyism than capitalism.... again, follow the money in both directions--bailouts for stupid (partially government-induced--see the CRA and Dodds) behavior AND campaign cash. :(

Subsidies and such are a way of gaining leverage and control--NOT the same as getting out of the way and letting private enterprise get on with it.

Of course they do....

and we've all heard about it because it's been so successful....

"Hey this is really safe!"

"But then people will be inconvenienced and won't be able to run old applications...."

"Oh. Disable it then."

Yep.

Fiat lux

A fiat currency (virtual or paper; as if there's a difference these days) relies on people believing that it's worth something--so sure, the more people believe, the more stable it will be, and it takes a Soros-sized manipulation to screw around with it as an individual. However, there is still the problem that fiat currencies rely on faith alone... which is why currencies that have been successful in the long term are backed with gold or (less stably) silver--if you get antsy you can (at least in theory) march into the back, plunk down that piece of paper, and get a chunk of precious metal you can take home. The funny thing is that when people know they can do this, they rarely actually do it, but the currency is much more stable. Unfortunately, after World War II the influence of Keynesian economics tempted governments to move away from backed currencies to fiat currencies so they, being the government, could print more money whenever they wanted to buy the votes of the indolent, ignorant, and unproductive, and we are now paying the price, both with the Euro and the dollar.

Before everyone downvotes me, a couple of points: 1) I am aware that both the gold/silver standards and the move away from them are more complicated than what I've just stated--to the point where technically we're not quite at fiat currencies--but the basic principle holds true. 2) I realize that backed currencies are NOT immune from manipulation--just look at the Byzantine devaluations; but at least it takes a government to do it... you don't have Soros moments when your currency represents something real, and government manipulations are very clear to all... much more difficult to pull Fed type smoke and mirrors

OPSEC is OPSEC

Like it or not, there ARE people out to get uniformed personnel. In addition, while the little bit of information you hand out may be insignificant, when taken in context with all the insignificant bits of information everyone else is letting slip, the bad guys can get a surprisingly complete picture they shouldn't have....

And that doesn't even get into the issue of systems getting infected by dodgy social networking games...

Silence is golden.