Microsoft News Update 512
Microsoft news of the past few days: Media Player 9 is the subject of a few articles, including one on its integrated digital restrictions and one on changes in its privacy options. Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't. On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net, and there's been more publicity of the vulnerabilities in Microsoft IIS/SSL.
Netbios... (Score:4, Funny)
Re:Netbios... (Score:2)
Re:Netbios... (Score:3, Interesting)
You make a good point. What system on the Internet even has this port open?
Most Windows machines - that is - most computers on the Internet.
I have a CGI script running from Apache on my Linux firewall, named "/scripts/root.exe". (This is actually a counterterrorism measure against a unrelated issue, namely the IIS hole and the Nimda virus). Part of what I am doing in this script is to use Samba ("nmblookup" and "smbclient") to determine the Windows name of the attacking machine, and then to send back a pop-up message warning the owner about their virus infection.
I log these responses as well. I used to get a 75% "hit rate", that is, 75% of attackers exposed NetBIOS information (such as their computer name) directly on the Internet. Recently, my ISP (AT&T Broadband) have started to filter out incoming traffic to ports 137-139 - and since most requests come from people in the same IP address range as mine, most probes are thus unsuccessful nowadays. But among IP addresses from by other ISPs, I still get more machines that reveal this information than machines that don't.
Needless to say, all of these machines would be exposed to "smbdie" - however most of them are probably still running Win98, and so are not affected.
Re:Netbios... (Score:3, Informative)
Jeremy Allison,
Samba Team.
Shifty (Score:2, Insightful)
Well... (Score:5, Funny)
Well, one good way to help the propagation along would be to post a link to it on slashdot so thousands of script kiddies can get ahold of it... oh wait..
Re:Well... (Score:2)
Re:Well... (Score:4, Insightful)
Besides, anyone smart has NETBIOS blocked at the firewall already, right?
Firewall != ivory walls (Score:4, Insightful)
Firewalls can make things inconvenient for people (users as well as crackers), but there is always a balance that must be met between how much inconvencience the users can tolerate and how important it is to inconvenience crackers. That balance is never going to lean very far towards the 'inconveniencing crackers' side.
NetBIOS, not NetBEUI (Score:3, Informative)
NetBIOS is a programming interface implemented as a bunch of packet types which can be sent out either over NetBEUI or over IP. (sitting mostly on top of TCP, though I think some packets are sent out with UDP). IP is extremely routable.
Hasn't this been around for a while? (Score:2, Funny)
Apparently, you can also crash a Windows box by pouring beer into the fan outlet of the power supply. Code to be posted soon.
Re:Hasn't this been around for a while? (Score:2, Funny)
Re:Hasn't this been around for a while? (Score:2)
When you figure out how to do this remotely, let me know.
Really.
I could use the beer.
Re:Hasn't this been around for a while? (Score:2)
Re:Hasn't this been around for a while? (Score:2)
There's much better ways to have fun [ntk.net] with the (L)users. Do your homework.
Exploit doesn't work all the time (Score:2)
Re:Exploit doesn't work all the time (Score:2)
Also (Score:5, Informative)
Re:Also (Score:3, Interesting)
Re:Also (Score:2)
Re:Also (Score:3, Funny)
FCKGW? Fuck George Washington? Must be the British!
Pervasive DRM from Microsoft (Score:5, Interesting)
- "We can block out rogue applications or compromised applications or broken applications," says the Singapore-based manager of Microsoft's digital media division, Winston Chan.
Jesus, do I hear "big brother" talking about DRM, or what? I was thinking the RIAA was the new McCarthy, but to read this makes my skin crawl....The sting is that a content licence can be revoked at any time by the copyright owner on application to Microsoft, which will then yank the offending content off the air.
"(Censorship) is not easily done because you need pervasive PC deployment and broadcast (media) is the primary channel," Chan says.
Re:Pervasive DRM from Microsoft (Score:3, Interesting)
> Jesus, do I hear "big brother" talking about DRM,
> or what? I was thinking the RIAA was the new
> McCarthy, but to read this makes my skin crawl....
It should. Microsoft is trying to use the RIAA and the MPAA (collectively known as the MSAA: Media Sharks Ass. of America) and the Hollings bill to be legislated into a 100% monopoly of the computer industry. I doubt that they could succeed in their Millenium plan ( http://research.microsoft.com/research/sn/Millenn
-- especially "What would such a system be like?") without some kind of law behind them.
Note how Microsoft is stressing control over applications as well as data, and the linking of
Control over file formats will be crucial as well, since Yukon will be replacing all current file formats, putting all kinds of data under Microsoft's control. This will allow them dominance over all application categories, as anyone else still writing software will be following the same procedures laid out in the article for Corona.
Microsoft's new EULAs allow them to install Millenium whenever they please on all systems covered by them. When they do install Millenium, I imagine it will come with a EULA forbidding its removal or any hindrance in its operation.
If Microsoft succeeds in doing this, it will completely blow away any of their previous antitrust violations. They could conceivably, with government help, attain total dominance of the computer industry for the forseeable future. Their DRMOS patent combined with the Hollings bill would either put their OS competitors out of business, or force them to pay huge licensing fees. Thanks to the open source project Mono, they could extend Millenium to cover both Linux and even Apple.
We are not without hope, though. As Microsoft's tyranny increases, so does customer anger. Alternatives to every one of its monopolies exist today. We can also count on Microsoft bungling things big time, in a way that might destroy them before they gain too much power.
Our brightest hopes lie with Apple. Apple has power far greater than its tiny marketshare implies. Apple can rally the computer industry against the Hollings bill. Apple can gain marketshare, weakening Microsoft. Apple might be able to make the MSAA see reason. And if neccessary, Apple can use the tools it has bought to take down the MSAA and give power back to the artists and people where it belongs.
And Apple has two great friends. One hates Microsoft with a nuclear passion. The other despises the media sharks. They will help their beloved Apple, or they will avenge it.
"At this moment, it has control of systems all over the world. And...we can't do a damn thing to stop it."
Miyasaka, "Godzilla 2000 Millennium" (Japanese version), December 2000
"No one's going to die, mister. Mothra's going to come and save us."
Taiki Goto, "Mothra", December 14, 1996 (Days before Apple announced the return of Steve Jobs.)
Real smart! (Score:2, Troll)
Re:Real smart! (Score:3)
Re:Real smart! (Score:4, Funny)
Re:Real smart! (Score:2)
My opinion on this will not change with negative moderation.
Re:Real smart! (Score:3, Funny)
You are absolutely right!
Re:netbios crash bug (Score:2)
Dumb Question: (Score:4, Interesting)
By that logic, is this part of Microsoft's plan? Since Linux is seen as good by the general public for, amongst other reasons, giving away the source code, is Microsoft trying to make the (erroneous) impression that they're giving away source code as well?
All you have to do is winess the general confusion when a game maker releases some source code ("The RtCW Source Code has been released! This means the game is free!") to see that the general public still doesn't "get" this idea.
Re:Dumb Question: (Score:2)
Privacy Control or DRM? (Score:4, Insightful)
So you get a DRM enabled media file. When you play it, Media Player has to contact this server to find out if you are allowed to play it. They can track every time you play this file.
Maybe you'll have a feature that protects your privacy, but if you don't let the player contact the clearing house, you can't play the files.
Also, I'm sure everyone saw it coming. The reason Microsoft changed their EULA is because of this new DRM crack down. They want any program that can open a DRMed file to have to be authenticated, and they want to be able to disable any program that will attempt to get around these restrictions, and they don't want to get in trouble for messing up software you have installed.
Good thing I use a free and open OS. But if this type of thing continues, all media produced will be encrypted and you'll have to contact the DRM server to view it. So it won't matter. Just wait until router manufacturers are convinced to not all their producted to transmit any packets that haven't been DRMified properly.
Re:Privacy Control or DRM? (Score:4, Insightful)
"My Power Point presentation died... I want it fixed NOW!. What do you mean the copy can not be authorized with the clearinghouse? I wrote and transfered it to the auditorium computer! Make it play!"
Release of API (Score:5, Interesting)
Well, the register does say "what Microsoft has got in there is a grotesque, badly-documented pile of poo it doesn't fully understand itself. [theregister.co.uk]" (in regards to the fact that the few new APIs microsoft released doco's on are other useless or all together wrong!.)
David.
after the settlement (Score:2)
I thought they were doing it out of the good or there harts.
Gee, thanks... (Score:2)
Of course, even that could be solved easily enough with a router and/or port blocking.
License Terms a Joke (Score:2)
Sell me the first license for whatever cost(although the current price is way to high, $49.99 for Professional/Home is much more reasonable) and charge a nominal fee for additonal licenses, like say $9.99....Honestly they would probably have less of a pirating problem if they would charge resonable fees....
Uhhh.... (Score:3, Interesting)
- A new feature will enable computer manufacturers to selectively hide and display Microsoft's integrated programs displayed on the start menu of the operating system, including Microsoft's Internet Explorer Web browser, Windows Media Player and Windows Messenger programs.
Isn't this tantamount to purjury? Their claim that it would criple the system and that it couldn't be removed was obviously false, if all that was necessary to satisfy the courts was to remove the icon from the desktop. Sure, MS is allowed to spin things a bit in the media, but in the courtroom, nearly explicit lies are illegal, no?During the federal antitrust trial, Microsoft argued that such a change would cripple the Windows program.
The change will make it possible for hardware vendors to customize their systems by striking business deals to include alternative programs from companies like America Online and RealNetworks.
It will also permit computer users to reselect the hidden Microsoft programs if they choose.
Re:Uhhh.... (Score:3, Informative)
Hide and remove are diffrent concepts. Just because the IE icon is not on the desktop does not meen that my program can't pullin the IE HTML render object, because the code will still be there on the box
Re:Uhhh.... (Score:2)
In the courts of the United States, it no longer matters whether you tell truth or falsehood or whether or not you have broken the Law. The side that has more money will just keep appealing and delaying until the other cannot afford to pay for lawyers. And when it comes to having money, MSFT is not exactly in a shortage.
Re:No, that's wrong. (Score:3, Informative)
Roblimo I Am Calling You Out (Score:4, Insightful)
However he has now topped himself by linking to a script kiddie tool to what may be an unpatched bug on a website that gets hundreds of thousands of hits a day. What the fuck? Do you see MSNBC or C|Net linking to r00tkits whenever a Linux vulnerability is released?
Roblimo as Editor-in-Chief, you are responsible for his work and quite frankly he is the worst part of the Slashdot experience (now that I've upped my threshold to 4).
Re:Roblimo I Am Calling You Out (Score:5, Informative)
MS02-045, patch available? (Score:5, Informative)
Re:MS02-045, patch available? (Score:4, Informative)
WMP9: it still comes down to trust (Score:5, Insightful)
"Welcome to Windows Media Player 9 Series," the opening screen of the Privacy Options panel reads. "Microsoft is committed to protecting your personal privacy. To enhance your experience with features including album art and pay-per-view-services, data must be sent and received over the Internet and/or saved on your PC. The options below enable you to customize these privacy settings."
OK, so right from the get-go users are presented with the issue of sending information from their computer. Certainly this is an enhancement feature, if done correctly and the user really has control over what is going on. In the long run, the real power and benefit of computers and networks comes with sharing information, and as people become more comfortable with it, software that includes network features will be more powerful and more popular. For example, see the popularity of the CDDB in CD players.
However, how do you really know what sort of information your software is sending over the network? As we start to take advantage of network features, it will become impossible to rely on personal firewalls to curb outbound traffic - you want your CD player to send some ID to the CDDB so it can retrief the correct tracklisting for the CD you're playing, so you have to tell your personal firewall to allow your CD player to connect to the net. After that point, you are trusting the CD player to behave properly and not betray you.
The article acknowledges this:
"As more applications become Web-aware in order to provide services and information back to the user, consumers need to be aware of the quid pro quo that's taking place and exactly what information is being provided to the vendors," Gartenberg said. "What Microsoft appears to have done here looks like a step in the right direction, if it makes it into the final product."
So the issue boils down to trust. Do you trust Microsoft? I'm sorry, but I do not. No matter what they put in their GUI as far as options go, you can never quite be sure about what their software is sending back to them.
With open source, at the very least you're allowed to look at the code and see what your software is really doing...
you can still verify (Score:2)
Source code (Score:2, Interesting)
There's one guy here (hello Dave) that counters my open-source arguments with, "Oh but you can now get the source-code to WinCE", but that doesn't hold water for me.
Re:Source code (Score:2)
Re:Source code (Score:3, Funny)
<duck>
Why not add a link to the patch as well, Slashdot? (Score:5, Informative)
But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.
(good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")
Re:Why not add a link to the patch as well, Slashd (Score:2)
That's what comments and moderation are for - in case the author misses something glaring, like a link to a bug's patch, the general public has a voice to let everyone know.
So stop bitching, ass.
Re:Why not add a link to the patch as well, Slashd (Score:3, Insightful)
P.S. Awesome Sig.
11 components of XP automatically download (Score:4, Informative)
Re:11 components of XP automatically download (Score:2)
But there are at least 18 [hevanet.com] operations where XP connects to microsoft.com
About that NetBIOS over IP exploit (Score:5, Informative)
Before too many more messages;
1. SMBDie = RedButton = Wow, incredibly talented programmer. This sure was a tool we needed.
2. If RestrictAnonymous is set, non-authenticated users can't use it, any authenticated user can.
3. If you're in an environment where any old computer connected to your network can use TCP139/TCP445, set up a sniffer (Network Monitor works) and watch for the source of the traffic. Then beat that person over the head with their PC. Do that either before or after you patch your systems with MS02-045. If more testing of the patch is required, beat them a little every day until your testing is complete.
4. If you're in an environment where you have TCP139/TCP445 open to the Internet, you don't need NTBugtraq, you need Dr. Phil. Buy a $50 Linksys router and put it in front of your machine and use it to block all but those few you really want open (which doesn't include those two).
5. Randy Hinders suggests that disabling NetBIOS over TCPIP works, I'm not yet 100% convinced. Either way, it should be easier to apply the patch than disabling NetBIOS over TCPIP.
The MS Security Bulletin honestly did do a great job of explaining all of this, more people should read it more carefully.
Cheers,
Russ - NTBugtraq Editor
Re:About that NetBIOS over IP exploit (Score:2)
Yeah, stupid red button, yeah stupid user didn't secure his box. End result is no different than if the exploit were a true blue win buster... It's still a borkable box.
Selling like hotcakes? (Score:2)
But instead of censoring, he says, Microsoft's aim is more mundane - simply to use the free player to sell more
I suppose that being able to censor anything on people's computers will sell
So what do new Windows versions have to offer me? More restrictions, more limitations, more tracking of my viewing/usage habits, a direct interface with the "copyright clearing house" to check every time I go to play an MP3 if I actually have 'rights' to play it.
I stopped "upgrading" at windows 2000. I suggest you do too.
mike
My MS Activation Story: True Story. (Score:5, Funny)
MS is still not clear about this. But I'm curious if MS finally got the hint and is now planning to keep a database of all "authentic" Windows XP keys. If this is the case, then I assume the various keygens won't work. (Or they'll work, but when it comes time to activate, you'll find that you don't actually have an "authentic" key.)
Slightly OT, but I thought I'd share my own XP activation experience. It happened last night and it bascially stumped Microsoft.
The short story goes something like this: I'm an MSDN subscriber. My MSDN subscription entitles me to Windows XP keys that will activate up to 10 pcs. So far so good.
Anyway, I go to the MSDN site, log in with my usual username and password. Generate my keys. Get my "10 activation" key for Office XP, Pro XP, Home XP.
Now, according to the license, these generated keys will activate 10 pcs for each application. (In other words, I can put WinXP Pro on my workstation at work and my workstation at home. This counts as two "activations" on two different PCs and is completely within the terms of the license. Each computer, of course, has to be for "development" purposes -- which, oddly enough, they are. My computer at home is actually a computer I use when I telecommute. And I develop on it. So, again, I'm completely within the terms of license agreement.)
Okay, so that's the background. Here's the good part: I install WinXP Pro on my home "work" workstation using the MSDN supplied key. (The copy of WinXP Pro I'm installing, BTW, is the ISO I downloaded from the MSDN site. The copy of Windows XP I'm legally entitled to according to the terms of my MSDN unverisal subscription.)
The MSDN issued key passes the first XP keycheck -- the check that appears before it actually installs. No complaints, install goes smoothly. I boot to the desktop. All's fine. Looks like it installed perfectly.
Except Windows tells me my key is no good.
But wait! It *took* the key when it asked for it, right? Yes. It took it.
I re-enter the key. (And, yes, I'm using the MSDN supplied key on the MSDN ISO -- not the volume license CD, the actual ISO downloaded from the MSDN site.)
Still says my key is no good. It then generates an installation ID -- an obscenely long number -- and tells me that I have to call the 1-888 toll-free activation center.
I call. I give my installation ID. Wait, I'm told, that's not the right installation ID. Generate another one.
I generate another installation ID. (There's a button that can do this when you install XP.)
I read it back. It's still not a valid installation ID.
The activation center guy said he never saw this happen before. Am I reading the correct ID? Did I transpose any digits?
Nope. It's all correct. Read it from right to left, he tells me. I do. Read it from left to right, he tells me. I do.
Wow, he says. I've never seen this before. You have a valid key, he tells me, but Windows is generating an *incorrect* installation ID.
I say, well, I don't care what's going on, I want this thing activated.
Pause. Sir? Can you read me the ID again?
I do. This is the sixth or seventh time I read the ID. Nope, he tells me. Still no good. He puts me on hold. I stay on hold. Sir, he tells me. I'm sorry. Sorry? We can't do anything. You what?
We've never seen this before.
You're kidding.
If you have a correct key, you should get a correct installation ID.
Yes, I say.
Can you read me your key?
I read it. Read it again. And again.
Sir?
Yes?
The key is correct.
I know the key is correct.
Can I put you on hold again?
So I sit and wait. And wait. All told, I've been "activating" for 30 minutes by this time.
Guy comes back on the phone. Sir? We can't do anything.
You're kidding.
He apologizes. He tells me again that he's never seen this happen. You're sure you're using a legit copy?
I explain my MSDN subscription (active, BTW), my MSDN key, my MSDN ISO download.
I'm sorry, he tells me. Try MSDN.
I call MSDN.
Go through the same thing.
Wow, the MSDN tech support guy says. I've never seen this before.
What now?
Good question, he tells me.
He puts me on hold. Consults with a manager.
Sir? There's nothing we can do.
Give me another key.
I can't. I don't have authorization.
Give me someone who has authorization.
We can't generate another key until the morning.
You're kidding. I'm stuck?
I'm afraid so. I've never seen this before, he says.
By this time I'm furious. I want this motherfucker activated.
Finally, the guy puts me on hold.
Sir? I've got a brand new copy of Windows Pro Retail. In my hands. I'm going to read you the key. But you didn't get this from me.
You're giving me another key?
You didn't get this from me, he repeats.
He reads the key. I read it back. That's all I can do, sir, he tells me.
I appreciate it. (Trying to stay calm.) Thank you.
I'm only doing this because you've got a problem we can't fix. You have a valid key, but it's not generating a valid installation ID.
By this time, over an hour has passed. I'm still trying to activate.
He has me enter the new key. I enter it. Try to activate. Comes up with a message: "This key has no more activations."
I wig out. You're fucking shitting me, I tell me. You're fucking shitting me.
Okay, he says. He explains that we'll have to wait until tomorrow morning to get the key re-activated. He'll make sure it gets re-activated first thing. But that's all we can do, he says. I can't do any more tonight.
I tell him that this -- my situation -- is why people pirate software. It's quicker to get a keygen and generate a phony key than to go through this, waste my time and waste my money.
He's sympathetic. I understand, he says. But we'll get this fixed.
Then: Sir?
Yes?
You didn't get that key from me.
Flash forward: right now. It's the next morning. I'm at my desk. I'm reading Slashdot. I'm on hold with Microsoft tech support. I've called three different tech supoort numbers this morning.
They cannot get my copy of Windows XP Pro activated. They cannot re-activate the "mystery" key that my friend last night gave me.
This is the first time they've seen this problem.
Can we get some more specifics? they ask me.
New hard drive, new CDROM, new motherboard. Everything is new.
They're mystified.
I'm still on hold. I'm reading Slashdot while I'm on hold.
A moment ago: Sir? Can you read your key?
I read it.
Yep, they tell me. That's a valid key. Wow. I've never seen this before.
Re:My MS Activation Story: True Story. (Score:2, Funny)
Re:My MS Activation Story: True Story. (Score:2, Funny)
Re:My MS Activation Story: True Story. (Score:3, Informative)
Re:My MS Activation Story: True Story. (Score:4, Interesting)
I have a valid key but not a valid installation ID. Thus far -- last night and this morning -- it has stumped everyone.
Apparently, mine is the first case they've seen. I can't believe that, but that's what I'm being told.
I've read my MSDN key over 10 times in the past hour. They've verified the key, checked it, and even issued me a "temporary" key. Everything works, but *everything* fails when the installation ID is generated.
In fact, this "activation" is so anonymous that right now -- as of this morning -- Microsoft now has my name, address, email address, MSDN ID#, MSDN key, and a listing of each component in my computer.
How's that for "activation" anonymity?
Re:My MS Activation Story: True Story. (Score:5, Insightful)
The main point of this story is not how incompetent Microsoft is. - The main point (IMO) is that this is yet another story about yet another Windows-user that will go to hell and back to use Windows but will not even look at alternatives because Microsoft has successfully implanted the delusion that only Microsoft can solve their problems.
In a free market customers do not put up with crap like this.
I don't feel the slightest pity for you. If you chain yourself to a single vendor with no way out you are asking for being raped. And it's irrelevant if that single vendor is called Microsoft, Apple or Sun.
And you know what the message for Microsoft is?
The message is "If they are willing to spend 10 hours on the phone, they are also willing to pay 200$ more"
Re:My MS Activation Story: True Story. (Score:3, Insightful)
Just because you have driven off the cliff and it's too late now doesn't mean that driving off the cliff was a good idea.
There are many OS-agnostic development platforms like Java, Qt, Delphi/Kylix and many more.
And guess what! They also work with Windows, so you can use Windows without chaining yourself to Microsoft.
The Ultimate Script Kiddie (Score:3, Funny)
How ironic (Score:5, Interesting)
In the era of security conscious people, running someone else's .exe file is really stupid, even if you think it might be funny.
And this tool got front-paged on Slashdot. How stupid can you possibly get?
Disabled media players (Score:2)
What's with all the griping (Score:3, Redundant)
About posting a link to an exploit tool?
How many of you posting or modding this up also support the free exchange of ideas, including how to back up or media shift a DVD, or extract a portion for review?
You think there's a difference? Bullshit. Your argument is "raise the cost of entry to put off casual abusers". How is that different from the argument that (e.g.) librarians or teachers can gain access to knowledge to let them make copies or extracts from a DVD, if they know exactly who to ask and how to ask them?
That's the trouble with the free exchange of ideas. It's easy to pay lip service until you see something that you don't like being made freely available, at which point the prissy voice gets put on and cries of "Well, that's just irresponsible!" get made. One more step down that line, and you'll be exhorting us to think of the children.
One issue, one standard. The issue here is the free and frank and convenient exchange of knowledge, including knowledge that you don't want people to have. Pick a position.
Will Media Player 9 work on Win2K? (Score:2)
Of course, my CD burner software came with the PC, and it's at least one and a half releases out-of-date. But it sounded like our hardware admin knew this to be a consistent problem with MP7/8. I'm still using MP6, along with Media Jukebox when I absolutely have to.
Awesome! (Score:2)
The 'settlement" has NOT been approved (Score:4, Insightful)
When Microsoft began implementing it, even though the judge may still reject it, I cautioned that this is a classic example of Microsoft attempting to subvert the will of the law/consumers by instituting a de facto condition.
- "We'll just integrate Internet Explorer into Windows so it won't matter whether people want to use it. It'll be a de facto standard."
- "We'll just start implementing our slap-on-the-wrist settlement so it won't matter if the judge or the states approve it. The government will be pressured to let us off the hook because the people will believe that we've paid our dues. This will all blow over."
By writing about the settlement without noting that it has not been approved, and flatly rejected by the states, you're playing right into Microsoft's hands. Shame on you.Re:Microsoft news update: (Score:2, Funny)
Re:Oh that's very responsible of you, SlashDot (Score:2, Insightful)
Now, mail to MS in same tone, please.
Re:Oh that's very responsible of you, SlashDot (Score:2)
- Client for Microsoft Networks is not a network protocol. It works at a completely different layer.
- By default, 2000 and XP install TCP/IP as the only protocol (not NetBIOS).
Sure, it sucks regardless. But please get your facts straight before attacking.Re:Oh that's very responsible of you, SlashDot (Score:2)
Re:Oh that's very responsible of you, SlashDot (Score:2)
Re:Oh that's very responsible of you, SlashDot (Score:2, Informative)
Installed, but not enabled.
Oh, it is indeed installed and enabled. NetBios is the protocol used for windows machines to acquire each others ip addresses and names without using DNS.
Re:Oh that's very responsible of you, SlashDot (Score:4, Informative)
Re:Oh that's very responsible of you, SlashDot (Score:3, Insightful)
Maybe it's not too smart, but neither is running a Windows box with SMB/CIFS enabled on the public Internet, which is what the program requires. SMB is a bit like having an open mail relay; a quick and easy solution which is fine on a private network, but try it on the Internet and you are probably going to get shafted sooner rather than later.
Re:Oh that's very responsible of you, SlashDot (Score:2)
Bzt. Don't need public Internet. You could use this at work, or, in my case, this would apply to the majority of our college campus. In those cases, Windows boxen with SMB/CIFS enabled make sense, because machine access is limited to the group of people who should be able to access it (e.g. sharing files with friends, through a password protected folder, or if your campus has a licence to a certain piece of software, providing a method for obtaining it).
Re:Oh that's very responsible of you, SlashDot (Score:2, Funny)
But, to be fair, they linked to a Windows executable. What self-respecting
Re:Oh that's very responsible of you, SlashDot (Score:3, Insightful)
Are you one of those grade school kids or MCSE who don't grasp a clue to the reality?
I just need it in the security audit meeting this afternoon.
One working tool worths a thousand words. We might have to find our way to prove the validity of a security alert if we are not given a tool nevertheless. Now it helps saving lots of man hours, and helps to protect our company from security hazard at early stage.
So you think IT secuirty's jobs is just repeating security updates/news/alerts? We'd be happy to get that $70,000+ salary for doing that.
Re:Oh that's very responsible of you, SlashDot (Score:3, Insightful)
Why?
Why is Slashdot responsible for the vulnerability that allows this?
Why is Slashdot responsible for the actions of users that choose to download and try this out?
You seem to have a very strange understanding of responsibility, albeit one that's rather popular in Redmond and Washington at the moment.
Re:Oh that's very responsible of you, SlashDot (Score:3, Informative)
Re:Thanks for saying (Score:2)
Re:Crash Windows (Score:2, Funny)
Re:Crash Windows (Score:3, Insightful)
Maybe I'm wrong about this, but I'd like to see proof if there's any *nix distrobution that is 100% bug free or has absolutely no security vulnerabilities.
Honestly, if windows is so bad, so full of bugs, why does it keep selling? Lack of alternative? I think not, according to the slashdot community, linux is a more than viable alternative. People are stupid? Well I can see a point there but if you get down to it, it hasn't been as horrible as the slashdot community makes it out to be since it keeps selling.
My main problem with microsoft is that they keep selling updates as new operating systems (Windows ME as my case in point).
I'm just tired of seeing a bunch of posts on slashdot everytime microsoft relesases a bugfix about how horrible microsoft is.
Re:Crash Windows (Score:2, Funny)
YOU FOOL! Everyone knows TeX is bug free :-)
Re:Crash Windows (Score:2)
For example, here is why I stopped using Windows: in August of 1995 I started taking CS classes. I had just gotten a new system and bought Windows 95. After successfully crashing my system over and over again, I went to the bookstore and bought a copy of a book that contained Slackware. I installed it, went back to my programming and was able to write code without crashing my system. Yes I was an unskilled programmer then and I wrote buggy programs, but the difference is that with one of them, the program just had to die (linux) with the other one, I had to wait for the OS to restart (windows).
Since then I've gained a lot of experience, and the one thing that I keep re-enforcing to myself everytime I even think of going that way is that windows is a waste of money and a waste of time. If you do read through their programmers documentation they do not point out problems in their APIs that they do not intend to fix (for example there are some bugs in the Keyboard driver that have been around since DOS that windows will not fix because they don't want to make something not backwards compatible -- my friend who found that out had to pay $50 even though they are a member of MSDN and even though the bug has been around for years). I don't even have the time to get started on the bugs that persist through VB that M$ has no intention of fixing. They will only fix bugs that bring bad press to the company in national media.
Programmers dislike windows because windows is bug ridden with no chance of being fixed. In other words its hell to program for windows. Its and unenjoyable experience. From a programmers perspective, its not worth betting the company on.
If you really can't figure out why windows sells...its because of marketing. Business people tend to look at what "looks pretty in marketing" not meaning what really looks pretty, but who has the best marketing. Most people know that M$ is the kind of marketing and that is why they are successful. Programmers are not typically given the chance to decide what products will make their company tick -- that's typically left up to the "business analysts" -- people who know nothing about how difficult it will be to actually work around all the bugs that you uncover in a peticular system.
Come watch my system BSOD all day and you'll understand why programmers hate windows. The go hang out with my boss who sends me screen shots of windows explorer instead of just sending me a path name to a file and you'll understand why people are still buying windows.
Re:Crash Windows (Score:2)
I can write you a bug free "Hello, World" program if you like.
Re:Crash Windows... Stating the obvious. (Score:2)
Re:Crash Windows (Score:2)
Hey look! A graduate of the Bob Saget School of Comedy finally got some print work!
Good job buddy!
Re:O great.... (Score:2)
Re:Irresponsible (Score:2)
Re:why do you guys give a fuck? (Score:3, Insightful)
Not the most elegant way of putting it, but he's got a point. If that's not bad enough, the tone of the guy posting the article is pretty much judge/jury/executioner.
I'm getting really sick and tired of reading through the articles to find out things aren't near as bad as they're made out to be. If somebody wants my attention regarding norti shenanigans that MS is pulling, try to sound more objective. I feel like I'm watching commercials for Jerry Springer.
Re:Uhm (Score:2)
I didnt' notice any slagging off. Just some factual information about WMP 9, and a couple of MS bugs. Where was the slagging off ?
Besides, it's funny how this doesn't mention anything like, the OpenSSL trojan/crack, or the fact Konquerer was affected by the same SSL bug as IE some times ago and why not mention the recent Apache bugs as well?
Why would it ? Those stories have been covered already, and the bugs have been fixed. This is about a new bug, an SSL exploit in IIS, not just in IE as was previously reported.
Re:wow! (Score:2)
"Don't provide an alternative point of view or anything, you got those mod points to burn! Use'em like bullets!"
I'd be happy if I got modded down for a comment like that. It means that you've struck truth.
I haveta agree, though, it's a pity that the moderators that disagree with you think that moderation points are used to surpress alternative ideas. I post this with the fear that I'll get modded down as well. It'll say 'off-topic' although it isn't.
Re:Not as vulnerable as thought? (Score:2)
If your boxes aren't vulnerable, then you've done something 'nonstandard' to make them that way, or you're using the program incorrectly. So either, you're a competent admin, or an incometent hacker.
Re:I hate Windows Media Player... (Score:2, Informative)