After it was announced that Microsoft's OOXML
has
been approved as an official standard, Doug asked readers about their thoughts
on interoperability and Microsoft's standards play. The outlook isn't very optimistic:
Redmond's history with standards development and interoperability has
ranged from a high of poor, to a low of deliberate sabotage. While I find
it amusing that everyone sees this as a move to a more open, competitive,
software environment, it is still inconsistent with Microsoft's business model.
In the history of man, there has never been an altruistic monopoly. No reason
to expect one now.
-Anonymous
I have old 16-bit Windows Write files that NO later MS editor displays
right. Not WordPad, not WinPad, not Word for Win 95 or Word 97 or Word 2000,
nor the Win 95 Write stub -- only old Win 31's original Write.exe seems able
to display or print those critters the way they were originally designed to
look and print. It'd be really refreshing if Windows 7 could offer some means
of displaying and printing these correctly again -- and maybe even editing
them.
On another tack, it would be nice if whatever IE MS includes in Windows
7 would let itself be closed even when (indeed, especially when) not
all tabs have finished loading. Currently, the only way I can close IE 6 (in
XP) or IE 7 (in [ugh!] Vista) before everything has finished loading is to
kill its process with Process Explorer. I'm not holding my breath, though,
on either count.
-Fred
And readers share their thoughts on George Ledin, a professor who teaches
his students hacking techniques -- and apparently gets a lot of grief for
it.
I also read this Newsweek article and I think he is right on the
money. If I were hiring someone to help with our security, I would place high
value on someone that had a clear understanding of hacker methodologies.
I sat in on a Microsoft Tech-Ed session on security once. It was conducted
by a Microsoft security professional who obviously knew how hackers operate.
I think this knowledge would be essential to a competent security professional.
-Anonymous
Keep your friends close and your enemies closer. Yes, teach hacking.
-Milton
Is it wrong to teach hacking techniques? If it is, then every police officer
is a criminal. Every computer science student needs to learn how to attack
a system. Otherwise they will not know how to defend against it or recognize
such attacks.
And for a very bad reference, look at Bruce Wayne in "Batman Begins."
He could not understand the criminal mind until he became one.
-Brian
How about looking at this question from a slightly different point of
view? How many good security analysts out there do not understand how the
attacks are committed? Zero. There aren't any. It is their business to know
how the attacks happen, and thus how to protect from those attacks.
Anybody can follow a list of best practices, but it takes people who
understand the attacks to be able to write and change those best practices,
and to understand how and under what circumstances you can deviate from those
practices.
-Dan
Like you, I believe the only way to fight hacking is to know hacking.
I believe learning hacking techniques is vital to anyone wishing to have a
career in computer security. Look at it this way: Wouldn't everyone like to
have some inside knowledge of their competition? Sports teams spend huge amounts
of time studying their competition. Companies are in a constant struggle to
not only find out what the competition is up to but to figure out how to be
one step ahead of them, as well. Why shouldn't we as computer security professionals
use the same techniques against our competition?
Learning hacking techniques has drastically changed my role as a network
administrator. When I prepare to publish a new application on my Web site,
it is no longer enough to simply make sure it looks good and functions properly.
The first thing that comes to mind is whether the application is vulnerable
to cross-site scripting attacks or buffer overflow attempts, and whether all
user input is properly validated and sanitized. Thanks to my knowledge of
hacking, I now look at everything I do from the perspective of my competition.
If you think that is a bad thing, then be prepared. Because your competition
is going to walk all over you -- and your network.
-Steven
I think you are absolutely on track. The outrage being expressed against
Ledin seems to fall into two camps. There's the Atomic Bomb Theory, which
says that making this information available to the student base greatly increases
the dissemination of knowledge that could otherwise be contained. Sort of
a Malware Non-Proliferation Treaty. However, the vast amount of malware out
there from disparate sources refutes this supposition. The people out there
that we need to worry about already have ample access to this information.
Then, there's the Secret Algorithm Theory. This is hinted at in the article,
where the state of malware protection is compared to that of cryptography
some decades ago. It was discovered that "secret" algorithms seldom
stay secret for long, and the real strength is known algorithms that are tested
on many fronts and still survive. In short, true security consists of finding
the risks and applying a disciplined approach to destroy them without mercy
(my true feeling on malware leaking through a bit). I would hazard a guess
that the major security players have internal training very similar to what
Dr. Ledin is offering at Sonoma State University. If there is any justice,
he will years from now be remembered as a leader in the emergence of computer
security engineering.
-David
Share your thoughts! Leave a comment below or send an e-mail to [email protected].
Posted by Doug Barney on 08/20/2008 at 1:15 PM0 comments
I don't usually read
Newsweek, but it had an
interesting
profile of George Ledin, a Sonoma State University professor who teaches
his students to write viruses and keystroker recorders, and cause all sorts
of digital mischief.
Of course, many people are appalled, likening Ledin's teachings to a subversive
training camp. (Digression: I hate the term "terrorist" because it
gives these punks too much power; by calling them terrorists we imply that they've
already succeeded in creating fear.)
I believe the only way to fight hacking is to know hacking. Is it wrong to
teach hacking techniques? Send your thoughts to [email protected].
Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments
Playtex may offer 18-hour support, but Microsoft goes six further -- for a
full 24 hours! For shops that need to be up 24x7, Microsoft has a new support
plan,
Premier
Ultimate.
This high-end enterprise support offering has tech folks standing by all day
and all night to solve your most vexing Microsoft problems. More interesting
is the proactive part, where Microsoft looks for problems before they actually
bite you in the hiney. This may cost a pretty penny, but could save a lot of
headaches and downtime.
Do you trust Microsoft to solve your support issues? Yes and no answers more
than welcome at [email protected].
Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments
Doug asked readers
yesterday
what Microsoft should do to make Windows 7 your OS of choice. Here are some
of your suggestions:
If Microsoft really wanted to do it right, all it has to do is make Windows
7 look and feel just like XP. Just make it better behind the interface. Have
it use the same third-party drivers, only use them better. If nothing else,
Microsoft should do as it did when it changed the Control Panel -- that is,
give us a one-click option to revert back to an interface which we are familiar
and comfortable with. Rather than obsolescing hardware, it should be able
to create more efficient coding to do more with less. After all, we've not
really added any major capabilities that we couldn't do with Windows NT and
that first Pentium CPU. We can just do everything faster.
When a brand-new PC with a brand-new OS is slower than my seven-year-old
one, then there is a major problem somewhere. I for one am not likely to trust
my livelihood to a company that doesn't understand that very simple point.
-T.W.
I hate to say it, because I know it won't happen, but above all else
Microsoft needs to KEEP IT SIMPLE!
-John
I believe that in order to make Windows 7 shine, Microsoft must do the
following: One, optimize the OS to make it as stable and fast as possible.
Two, make sure that the UI isn't a performance killer. Three, replace the
command prompt with Powershell. Four, drop User Account Control and replace
it with a confirmation prompt for elevated permissions for installation. Five,
remove the need for Internet Explorer to be installed on the machine at all.
Six, provide recovery options that don't require floppy disks be used for
disaster recovery. Seven, provide real multi-user capability, like what's
found in Windows Server 2003, where multiple users can make use of a single
machine at the same time. And eight, provide two versions only: Home Edition
and Business Edition.
-Jerald
Build it on BSD like Apple did with OSX.
-Bill
Windows 7 looks like window (excuse the pun) dressing on Vista. Are we
actually going to get a new file system?
-T.
A nice thing that I am very surprised has not been done in any of the
Windows OSes yet would be the ability to move the position of your open windows
on the Task Bar, instead of just grouping similar ones beside each other.
-Anonymous
It may be too late, but I'd like to see Windows 7 be secure from the outset,
small enough to fit on a single CD, and faster.
-Ray
Check out tomorrow's edition for more reader letters. And to share your own
thoughts, e-mail [email protected],
or fill out the form below.
Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments
Virtual servers are proliferating, but the security for them isn't always keeping
pace. Check Point hopes to catch up with its new
VPN-1
Virtual Edition, a firewall specifically built for virtual environments.
There's a good chance you already have virtual servers. There's just as good
a chance you already have a Check Point firewall or two laying around your shop.
With the new firewall, you can protect virtual machines as if they were physically
discrete servers.
Right now, Virtual Edition only secures VMware systems. But if I were a betting
man, I'd lay down some serious change on it embracing Hyper-V in the near future.
How do you secure virtual servers? Tactics welcome at [email protected].
Posted by Doug Barney on 08/19/2008 at 1:15 PM0 comments
Microsoft is better at priming the pump than an old Oklahoma farmer. In this
case, the company wants you to think of Microsoft when you think of next-generation
operating systems -- and that means getting you excited about Windows 7, the
follow-on to Vista.
To keep you all amped, Microsoft has a new
Windows 7 blog. So far, there's only one
post, this one explaining what the blog is all about.
Microsoft is very clear that it wants to control the message, rather than having
us journalists do that job. It also promises to make it a two-way street, allowing
IT to tell Microsoft what to put (and not put) in the new OS.
What should Microsoft do to make Windows 7 shine? Send your advice to [email protected].
Posted by Doug Barney on 08/18/2008 at 1:15 PM0 comments
The Microsoft OOXML (Open Office XML) file format is
now
an official standard.
As I recall, Microsoft proposed this format in response to the movement to
make the Open Office file format the main way to share documents. While I was
fine with the Open Office approach, any common file format is a step in the
right direction.
What about you -- which format would you rather see as a standard? And is file
interoperability already moving in the right direction? Answers welcome in any
format at [email protected].
Posted by Doug Barney on 08/18/2008 at 1:15 PM0 comments
If you have a spam filter that's as full of holes as mine (in its defense, I
put my e-mail address out there every day so folks like you can write me at
[email protected]), you get
lots of scams from Nigeria and other places who all need your help in moving
millions of dollars out of whatever country they come from.
The last one I got had my blood boiling for two reasons: First, it lacked originality.
Second, it besmirched the reputation of our fine men and women stationed in
Iraq. The e-mail was from an Army private. He and his buddy came across $18
million that just happened to be laying around in Tikrit.
Now they need my help getting it out.
Last week, I watched the movie Three Kings with my son, and I'm wondering
if Pvt. Taylor and his co-conspirator Sgt. Buff saw the same flick. The scam
sounds like it was lifted directly from the plot of the movie, only the gold
that George Clooney, Marky Mark and Ice Cube found is replaced by cold, hard
cash.
One of these Iraq scams was traced back to Australia, and this
little trick has been circulating for several months.
Posted by Doug Barney on 08/18/2008 at 1:15 PM0 comments
Some VMware ESX 3.5 users got a scary surprise recently: Virtual machines that
were shut down
wouldn't
power back up. The culprit? A flaw in VMware's licensing module where the
licensing code is under the assumption that you no longer have the right to
run the software. These licenses expired this Tuesday, Aug. 12, whether you
were paid up or not.
New CEO Paul Maritz personally
apologized to customers in a letter released this week. VMware has some
"express patches" for the flaw, and advises shops that downloaded
the ESX 3.5 Update 2 patch -- but haven't installed it yet -- to hold off.
Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments
A
recent
survey on browser market share gave 23 percent of the pie to browsers other
than IE, Firefox and Safari. Doug asked readers for their guesses as to what
browsers make up that remaining 23 percent:
Mobile browsers perhaps. In these busy times, probably 70 percent of
my browsing is done on my mobile device these days.
-Anonymous
Not sure whether it has "serious share," but Opera 9.5 is the
browser I'm using just now to read Redmond Report and to write you. I find
that its innate capability to render .WML files (used for conveying WAP content
to cell-phones) and to submit .HTML files to the w3.org for validation are
unmatched by any other browser I've ever used.
And, on a Java-capable cell phone, even one as primitive as the five-year-old
Nokia 6610, Opera Mini is just fantastic! Beats the pants off the Nokia's
own little WAP browser.
-Fred
Opera? Avant?
-Anonymous
I'm not sure where Janco gets the 58 percent either. At apartmentguide.com,
here's the current breakdown of our traffic: Internet Explorer (77.2%), Firefox
(15.6%), Safari (4.2%). Of course, there's a smattering of oddball stuff including
spiders, but none of those individually go over 2.3 percent of our traffic.
Concerning browsers on the Mac, our numbers show twice as much traffic from
Safari as opposed to Firefox -- 3.6 vs 1.6 percent.
Given the nature of our Web site, I would think our numbers are relatively
representative of overall browser usage in the U.S.
-Rick
And would you use Linux-only
PCs in your shop? Here are some more of your responses:
Maybe in the near future, when more apps become server-based and merely
require a standards-compliant browser. Open Office is cheaper, faster and
a suitable alternative for everyone except hardcore Visio users. Requires
no more support than Office 2007, perhaps even less. As WINE gets better at
handling old DOS apps, it's a good bet.
-L
Absolutely, in a New York minute! I have been around the business since
1960 and consider IBM to be the benchmark for product reliability and usability.
I use Win 2K SP4 on my local machines and have only dabbled with Linux personally.
If IBM has desktops built to its specs and designed to optimize for Linux,
they will also have a sound OS release with the non-admin user in mind, along
with more and accurate documentation than anyone could want. With the alternatives
to MS Office suite available, small footprint utilities and the cloud along
with a solid, reliable lightweight (overhead) and from a 'safe' provider like
IBM, this is a no-brainer.
-Joe
I do use a Linux PC, Windows XP/Fedora 7 dual-boot. Fedora is a great
desktop version of Linux. It communicates well with our CentOS 4 and 5 servers.
I would never buy a Linux PC, I would just build one. Most Linux people I
know would do the same.
Too bad for IBM; it is a big contributor to Red Hat. But with Microsoft
becoming suicidal, who knows? Stranger things have happened.
-Ken
IBM makes the same mistakes almost predictably. I think Wall Street should
beat it into submission with a clear message to give up. IBM blew it in the
'80s and then again in the '90s on a lesser-known venture to make in-roads
into the desktop with thin client technologies. IBM was great at building
hardware and BIG software, but it could not be satisfied with that and was
extremely paranoid that MS would eat it alive if it partnered with them.
As far as Linux goes, I use Ubuntu 8.04 and I think desktop Linux has come
a long way. However, I believe the rules of human nature trump all else. It's
easy now to get very good free help with Linux issues, but not as much on
Windows. Some of my friends and I make our livings on Microsoft, and if Linux
were to become a serious contender in the enterprise, I believe much of the
"free" advice would disappear. Linux also bears the mark of "technology"
and datacenter managers really don't like technology that much.
-Russ
Share your thoughts with us! Leave a comment below or send an e-mail to [email protected].
Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments
Bill Gates was known for his "ThinkWeeks" where he would go off, usually
with a ton of books and documents from top company techs, and read and think
and think and read. He would often come back with new missions, such as the
time he turned the entire company around to focus on the Internet.
Ray Ozzie is a different animal. Like Bill, he likes to go off on his own,
but Ozzie prefers
to dream -- to avoid all outside stimuli, clear his mind and dream about
the future.
Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments
Windows Server Update Service (WSUS to those that live and breathe acronyms)
is supposed to help IT pros download patches. But for some running Office 2003,
WSUS has been known to
block
these critical patches.
Fortunately, there's
a fix in the form of an update (and yes, there's a way to install the update
despite the blocking).
The good news, besides the fix, is that WSUS was blocking only Office patches,
not all patches.
Posted by Doug Barney on 08/14/2008 at 1:15 PM0 comments