The point is that this can be used to trick a root user into issuing what he believes is a safe command. The combination of the text-reinterpreting shell and specially crafted file names combines into a seemingly innocent command ending up allowing the attacker (the creator of the specially crafted file) root access on the system.

It doesn't help that some (on the surface) idempotent commands like find packs a number of dangerous options that can be used to execute shell scripts, commands or remove files.

No. This class of attacks will not work against PowerShell (nor for plain old DOS for that matter). The problem is the combination of text-centric shell scripting and shell expanded wildcards.

So a whois.net domain name lookup on their site yielded nothing. And there are suspiciously no patents mentioning "wetag" or "ifind" and the names they listed (Dr. Paul McArthur) are in patents but for cold fusion BS in California.

Surely, though, they must have registered the "iFind" trademark? And if you search on TESS we find:

With an attorney listed as "Richard G. Eldredge" which corresponds to a local attorney. Before you deploy the door kickers to lynch somebody, that address is just somebody's $200,000 house and could possibly be a random address used by a jerk. Remember that it's entirely possible that this is all a front by some other actor and someone was paid western union/bitcoin to register this trademark through this attorney without realizing they were just being used by literally anyone in the world ... of course, kickstarter should have even better transaction details (hopefully).

I actually did switch from a 2011 Macbook Air (the dual core 2GB RAM, 13" model) to a Surface Pro 1, a little while before the Surface Pro 2 came out. Why? Because, through gradual changes in my client base and their worlds, I found myself spending more and more time in powershell, Hyper-V management and other purely Microsoft centric tasks. So I ended up Bootcamping my MBA to Windows 8 (required for Hyper-V 2012+ management), so it was now basically a PC, anyway. Then, once a guy next to me got a DynaDock with his Surface Pro, I realised I could dock it to a couple of nice, big monitors and keyboard and mouse and it's frankly more powerful than my 2011 MBA was.

So I sold my MBA on eBay (at almost as much as I paid for it, amazingly - incredible resale value) and switched to the SP1, which I am still using. I have pre-ordered a SP3, in fact, because I have been so happy with it (we don't get the Surface Pro 3 in Australia until September). It's smaller, lighter, faster and better suited to my current working life. I also love the pen, as I now spend about 40% of my week in meetings.

So overall, I don't think this is a bad thing - I just don't expect it to get heavily taken up. I think most MBA and MBP users will prefer to stick with what they have. The trust is, I use my Surface Pro like a desktop or a notepad (a literal, paper notepad, not a laptop notepad). I basically never use it as an actual laptop unless I have no alternative but then again, I pretty much hate all laptops, compared to the desktop experience.

So, would you expect Microsoft to hold it's breath while the lawmakers pull their collective behinds together to reign in the runamok NSA? Should they stop doing business while they wait for the political system?

Oh sorry, forgot to say, yes, it's easy to find all IPMI devices on your network. Please take a look at: ftp://ftp.supermicro.com/utili... - you can download the IPMIView tool from there, which will find all IPMI devices on your LAN. The default password and username for all Supermicro IPMI is ADMIN and ADMIN, so, of course, super secure.

The majority of IPMI would be enabled by default, yes - however the majority (not all, some are virtual IPMI) are on dedicated NICs - usually labelled management interface or port or something. They're not usable as a normal NIC (although as mentioned above, yes, some are virtual and share an onboard NIC). As such, you're best putting them in a different VLAN. We use differently coloured network cables for them, too, in our datacentre, so there's no confusion. They're in a different VLAN, on a different switch (makes sense to use a different switch as IPMI is usually 100mbit and not worth wasting space on expensive switches for) and only a handful of machines can see that network, which, frankly, if those machines got compromised, we'd be f*cked anyway (domain controllers, etc).

The default config for a Supermicro (which is what I use) is the IPMI is enabled and set to DHCP, so if you left it like that, yes, everyone on your network would probably be able to find it.

This.

However, that is wrong.

Windows kernel is an incredibly modular piece of work, much more so that Unix/Linux. In fact, the "Win32 subsystem" is just *one* possible subsystem mapped onto a very generic kernel. From the start, the core was designed with WIn32 subsystem as just one of a number of subsystems and originally also included a POSIX subsystem and an OS/2 subsystem. Note, that these were NOT emulation layers, but full blown "peers" of the Win32 subsystem, That design is still very much alive within the kernel.

The confusion with respect to the "browser in the kernel" is at least partly Microsoft's own fault. During the browser anti-trust trials they claimed that Internet Explorer could not be unbundled from the core. Until someone actually did and demonstrated it during the trials.

Like virtually all OSes today, some of the core GUI administration components use HTML as rendering mechanism for at least parts of the user interface. Hence a html renderer is part of the core OS (unless a GUI less server SKU is used). However, a HTML renderer being distributed as part of the *core* OS does NOT mean that it will execute in kernel space. This is such a mindbogglingly stupid assertion that whenever someone brings up that claim I get suspicious that they actually know better, but finds pleasure in throwing it out there and watch the immediate condemnation and ridicule.

The HTML renderer is of course the same one as used in Internet Explorer (Trident, IIRC). That *still* does not mean that Internet Explorer is "part of the OS" - it merely means that Internet Explorer (the browser) uses the same rendering library as the core components in the same way that an XML parser can be used buy the browser as well as the core OS without it running in kernel space.

Especially if those automated software deployment packages like SCCM are Microsoft products.

Thanks for the bug report :)

Those shiny distributed file systems run on top of boring local filesystems.

Tux3 is a better design. Tux2 was more along the lines of ZFS and Btrfs, that is, multiply-rooted trees sharing subtrees. Tux3 is a single tree with exactly one pointer to each extent. Considerably easier to check and repair. Of course we need to see if it turns out that way so please stay tuned.

Indeed, different aims. Tux3 has the modest goal of being a light, tight and fast filesystem without ambition of also being a volume manager.

Even if such a platform exists, how does that preclude Microsoft from suing? Remember that the thesis here is that Microsoft would disregard the licenses already granted for C#, .NET Framework, compilers etc and just sue to exhaust your funds. Why couldn't they claim that you infringed an algorithm (or whatever) even if you were using Java or Python? After all, they have no legal standing but are considered *so* malicious that they will sue even when they have no legal standing.

The whole "Microsoft will sue!" is nothing but FUD.

In reality - because of the promissory estoppel of the community promise - users of .NET and any other technology under the community promise is much better protected than when using alternatives. This is because the promissory estoppel can be used to dismiss a lawsuit outright.