Forget about holding the ISPs responsible. There are some defective users and defective products allowing this to happen. If someone is found to be harboring a bot node on their home computer, hold them liable for statutory damages, much like the RIAA sues people for. If those people can demonstrate that they made a reasonable effort and followed accepted guidelines in maintaining their computers, then take the fight to the manufacturer, since the product is clearly defective. We need a New DMCA that holds digital content vendors accountable for flaws in their products at the same time it protects their intellectual property rights.

I'm rarely one to defend M$, either, but I don't see much excuse for people to be getting infested with malware that harms more than themselves. I was almost irritated at the "Your computer is at risk" balloon popping-up in an XP VM, but then I thought about what a good thing that actually is. There's no excuse for someone who ignores that and gets infected. Heck, a remote kill-switch might be nice too-- not for the things M$ usually seems to want to implement such "features" over, but something that would knock a Windows PC into a reduced/controlled state if it was not current on patches, didn't have functioning and current AV software, or some form of infestation was detected. At the very least, frequent manual screening could be forced on unprotected computers in order to keep them fully functional. If you don't drop your trousers for the TSA (okay, that might be a few months into the future) in order to convince them that you're not a terrorist, you simply don't get to fly. Why shouldn't computers be held to some standard of safety, or they're not allowed on the internet?

I recall an IT industry commentator comparing on the hp-Compaq merger as two garbage trucks colliding. I thought that was a reasonably accurate analogy.

But these two companies are kind of...worse. Maybe two honeywagons colliding? It'll take a while to get all that stink mopped-up!

"Remote execution/privilege-escalation exploit" is the category of issue you're thinking of, not security exploits in general.

Linux has plenty of security advisories that may be exploited, but almost every last one requires physical access to the machine to do serious damage. However, Linux has almost no credible remote execution threats; there are a handful from useful apps that are installed on Linux, such as Apache. It's simply not the situation where anyone sitting halfway around the world can poke at your ports a little and root your Linux server through no fault of your own (and by "fault", I mean failing to choose a strong password and keep it secure).

Local exploits are simply not the same class of risk as remote exploits. It's so very much more difficult for purveyors of malware who want to convince your computer to join their botnet when they have to break into your house to root your system, or to trick you into signing-up your system to distribute their worm voluntarily through your own stupidity.

The problem with Windows and Microsoft's integrated applications such as IE is that remote execution/privilege-escalation exploits are everywhere. Try connecting a computer running Windows XP SP1a directly to the internet. It'll get pwned before you can even navigate to the M$ site in order to download the security updates it needs. Fortunately, Windows isn't quite that XPloitable anymore, but it's still pretty bad when you visit a website, and that website (which may have an otherwise reputable operator aside from having their database injected with malware) exploits your browser, which in turn hijacks Windows. This is the problem: there's not sufficient compartmentalization between the "untrusted" area of the computer that runs applications that venture into risky territory, local userspace (which is not infallible, but generally not malicious), and the system's inner sanctum. In effect, Windows security is generally so poor that it just allows internet traffic to wander right into that inner sanctum, largely unchecked. It's inconvenient for users to encounter locked-doors or security checkpoints, but if trusted users aren't subjected to such inconvenient and unsightly things, then unauthorized/untrusted users aren't subjected to them either.

You trust the window latches in your home or the deadbolt on your front door to keep random, unauthorized strangers who you don't trust from entering your home, stealing your stuff, or setting-up a webcam in your bedroom. You presumably already trust the people in your home or office who are going to be able to just sit-down at your computer, so local exploits are largely moot. If you can't trust your operating system to not let strangers from the internet have full access to system files and resources, it's not trustworthy computing.

This keeps coming up, and its presence in TFA was unsurprising and seems to be the bulk of Windows 7's narrow margin of victory.

"Windows is everywhere, we've always used Windows, we may as well continue to use Windows," seems like a feeble justification of a status quo that probably can't be justified on any rational basis. Sometimes ubiquity can be its own justification, but it seems pretty obvious that Linux "won" the "business" category by a large margin on merit ("cost", "seamless network functionality", "runs MS Office 2010 without quibble via Wine", and "is more secure") , Windows 7 earned the arbitrary "points", even though its only bullet points were "Adobe Photoshop works on it", "it's everywhere", and "support staff and users are familiar with it". Except that the last two are pretty much false when it comes to Windows 7. Businesses still mostly use Windows XP, that's what users and support staff are familiar with, and Windows 7 is going to take some skill upgrades and retraining to get everyone up to speed on it because it looks and behaves differently than XP.

Would anyone care to imagine what happens to a public-sector IT department, one which has the lion's share of its budget go to purchasing Microsoft desktop OS, server OS, Office, and enterprise antivirus software licenses on an annual basis, when it gets stuck with a budget shortfall because revenues are down? It seems to become a choice between talent and licenses, which leaves them in a bad place. The rationale that "Microsoft products are everywhere" isn't going to get them out of that bind.

Users and organizations should just use what suits their needs and their budgets best. If they chose poorly, they'll find themselves gimped or poor, or both. If they choose wisely, matters of IT will progress as they always do when working properly: without complaint.

The Russians aren't even the first to suggest this. It's brought up at Pure Energy Systems. Considering the source, the views there should be taken with a grain of salt; it seems that they're probably overstating things a bit. Then again, maybe not so much, since the well does seem to have blown-up a platform and somehow foiled a "foolproof" blowout preventer.

So it seems that a large explosion to collapse a good bit of the well shaft suddenly would be a great way to stop the leak, rather than the half-assed methods tried so far. Does anyone seriously believe that dumping junk on the wellhead will accomplish anything meaningful, other than depositing even more waste into the ocean?

Errr, I think you might be missing something here. The treehuggers who have been opposed to the "Drill Baby, Drill" mantra of Sarah Palin & John McCain were right about this sort of scenario. Offshore drilling obviously isn't foolproof and safe, like the people who want to develop those resources have been claiming, and the consequences of the accident, whatever went wrong, seems to be well on its way to dwarfing any other human-caused catastrophe in history in terms of ecological damage.

Greenpeace may have a lot of extreme views, but in light of the catastrophe occurring down in the Gulf, their concerns regarding offshore drilling don't seem so extreme now, do they?

Just saying.

I don't see this as an all-or-none situation either. We can get our fossil fuels by drilling in areas where the consequences of mishaps aren't so catastrophic. Oil in land-based wells that fail goes up, and gravity pulls it back down within some radius. Then there is dirty dirt that can be scooped-up and hauled off for treatment. It can be contained and the damage mitigated. A spill in the ocean, well that's like someone having diarrhea in the pool.

Well, I think it is a valid point. What exactly is the average user going to get for an extra $200 (legit copy), 923MB of additional HDD space consumed, and that extra 15-20 seconds of load time that Photoshop requires?

GIMP can't do everything, but for what most people need and what they're able to make use of, it's every bit as good as Photoshop, which I would think makes it a strong competitor. Its biggest handicap to being a contender is that idiotic name, the secret fear that every GIMP user has, that they'll accidentally confess to being one. ;)

I don't see this result as surprising.

I understand why he did some of what he did, but it honestly seems to me (based on statements he made) that he was just trying to make a massive stink against people he didn't respect or like, using legalistic justifications while ignoring pragmatism.

At the end of the day, I wonder what the worst that would've realistically happened to him could've been, had he just handed all the network passwords over to the incompetent asshole supervisor as he walked out the door. At that point, let them all dig their own graves and jack-up the network if they truly don't understand. Would there realistically be criminal charges for failing to follow the employee handbook regarding password security once he was no longer an employee, so long as he didn't disburse passwords in a malicious way?

I'd really love to see that, testimony for such a case would be downright laughable.

City Attorney: "Your honor, the City fired Mr. Childs for insubordination because he refused to turn-over the passwords, as demanded of him. At that point, as the City police were summoned, he handed the passwords over to his supervisor as demanded, so he could walk out the door a free man and get on with his life. That supervisor then proceeded to fuck-up the city's MAN and it went down and cost millions of dollars to repair due to incompetence. I ask that you hold Mr. Childs criminally liable for the damage another City employee, his supervisor, did to the network. He did not follow the proper procedures outlined in our Employee Handbook!"

Perhaps I'm missing some element that he could've been held accountable for beyond his employment with the City, since the penalties for violating a handbook are usually limited to termination of employment as long as they aren't also covered by criminal code or a breach of an actual contract with the employer. Perhaps he wasn't just being obstinate and doing his best to make things difficult after he lost his little power play. Perhaps there really are employees whose loyalty to their employers comes at their own expense, even after their employers attempt to screw them over.

I'm not a hero like that. I wouldn't go out of my way to hurt a former employer (as that WOULD be unethical and potentially criminal), but I don't think I would consider that I owe them a single thing after being fired in the unceremonious manner Mr. Childs was. I'd give them the means to access all work I'd done for them while in their employ, holding nothing back. What they do with it is their business; I would not help them to figure it out or repair it without consulting fees. I sure as hell wouldn't risk arrest to protect their interests after they ceased paying me to do so. If I trusted someone up the chain enough to inform them of what went down, I might do so in hopes of maybe straightening things out, but if I trusted nobody enough to do so, I'd have to ask myself why I'd even want to get my job back, or why I was even working there in the first place, if everyone is so incompetent, spiteful, and dishonorable.

I know there's a process that has to be followed, but it's obvious at this point, that the SCO lawyers are just trying to appropriate what money they can before it comes time for Novell to collect the judgement against SCO that they are owed under the license agreement. The more of the company's money that they squander on themselves, the less creditors will be able to collect after the liquidation.

I wonder why the trustee is allowing this. It doesn't seem like this situation is much unlike a private citizen, being aware of an imminent, pending judgement against him (which will result in the loss of all his assets), wrecking the house that will be foreclosed upon, and going on a spending spree to empty his bank account, so the creditors are left with rather little.

There should be consequences for this sort of behavior, even if it's a corporation. Sure, the lawyers will argue that they have to keep trying, even if it's a foolish longshot. I'd maintain that they should face having the courts recover any of SCO's money they have collected in compensation for chasing their longshots, and they should also be held *personally* fiscally responsible for the repayment of the other parties' legal fees if they fail to prevail. They're wasting everyone's time, money, and resources, yet risk nothing in pursuit of their frivolous longshot. But the way things are, nobody will be on the hook over this bad behavior. Novell will just come out a loser even though they've prevailed. The only winners will be the lawyers.

It IS kind of a win, as a result of this "fix", users couldn't exactly become infested with malware*, now could they?

*well, arguably a program that deletes svchost could be considered malware, maybe sometimes to save the village, you have to destroy it.

Cyrix processors tended to lack power altogether, but they ran fairly cool.

No, I remember, when I used to play around with idle tinkering such as overclocking, that AMD's 486 and K-5 & 6 series processors ran on the hot end as it was. With comparable Intel processors, it was easy to clock them up to 15% higher without really even needing fancier heatsink (the first Slot 1 processors, with the heat-trapping packaging, were rather forgettable, though). An active heatsink was a necessity with the AMDs to keep the temperatures under control and the system stable under load. The net of it was, if you wanted to tinker with overclocking, Intels just worked best; you were all but guaranteed to be able to get that extra performance, depending on the capabilities of the motherboard and how much effort you were willing to put into the cooling system.

Also, I --was-- speaking "historically". Yes, it's been a while since AMDs failed spectacularly. And no, it wasn't just Tom's Hardware, though that old video does earn style points for spectacularity. Many years ago, I replaced fried AMD processors and found scorched system boards underneath; this was a pretty serious expense considering that all that failed was usually a cheap processor heatsink fan. AMD rose to the challenge and fixed the problem, but it's a problem that shouldn't have existed in the first place. Processors should protect themselves when they get too hot, because heatsink fans can and do fail; that shouldn't be an event that does more than causes a computer to shut-down until repairs are made.

I'm happy for your lack of experience with failing AMD processors, but I'm sure there are some people who never had problems with Quantum Fireball and Bigfoot hard drives either. Notice that I don't point out how many Intel processors I've screwed-with and had them survive to live long lives. A data point or two doesn't really define a trend. My employer has thousands of workstations deployed (I support around 450 or so). When dozens of one type of processor fail, it's just something you take notice of. Our vendor is a little company by the name of HP. No, not a pinnacle of quality by any stretch of the imagination, but the Intel-based HPs (basically the same model, just different innards for the machine, and a little higher price) don't seem to have that sort of problem, just a dead processor here or there. Yes, the Athlon-64s do seem to underclock themselves, frequently, if performance is any indication. That doesn't stop them from failing, it might buy them a little time.

I honestly wish that AMD would get it together. They got the jump on Intel with the 64-bit architecture, they did it right, and Intel folks looked like chumps, with the first iteration of their 64-bit platform kind of being that pathetic imitation 64-bit processor (the "EMT"). Intel needs a strong competitor to keep them honest and to give consumers a choice. AMD might be close to nailing the performance and reliability edge down, but they're going to have to maintain that for a while before they'll shake the perception I have of them. Lottery Core motherboards really don't help, though I guess if there really are many, many reports of those additional disabled cores being A-Ok, I might think better of their brand.