Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:That's just as wrong as mono (Score 4, Informative) 172

The irony is that if open source people didn't have a target to emulate, there's tons of things that would have never been written since a baseline and mindshare in the overall tech market wouldn't have existed:

lex = flex
yacc = bison
sh = bash
vi = vim

To name just a few.

So your complaint about "proprietary" falls on deaf ears. If nothing else, what you call proprietary seeds things.

Comment Who said life is fair (Score 1) 706

Take the 7 year old boy that was executed by the Taliban in Afghanistan some weeks ago for being a "spy". The mere fact that we're in America lulls us into thinking of "entitlement". We wind up taking for granted the things we do have vs. the things we don't.

As Cheryl Crow sang, "It's wanting what you've got." What you are eluding to is social engineering by the government ("forced" - your word not mine) which doesn't work. Go join the Taliban.

Comment Re:Not just Google (Score 1) 543

This isn't shocking. IT is not a career based on soft skills. When you're early in your IT career you don't think about it much but the day will come where it can become a problem if your career isn't switched to "soft skills" (aka management). IT is about what you've done in the last year and/or whether your chosen skills continue to be pertinent in the IT marketplace. When was the last time you saw a posting for say Microsoft's COM? Was all the rage in say 1996. As individuals get married and have kids their ability to keep up with what's "vogue" goes south. It's just a fact of life. All you 25 somethings might say "It will never happen to me, I'll keep up with 'X' forever!" but to quote the late John Lennon of "The Beatles" fame, "Life is what happens while you're busy making other plans."

Comment Re:Almost but not quite enough (Score 1) 420

To my knowledge Microsoft doesn't provide the source to psexec & DropMyRights either. The only reason I'm proselytizing what I've written is because it has a user friendly installer.

psexec & DropMyRights assume you're familiar with the command line.

Use the command line tools if you prefer.

Other than that, the end result of what you get from MS' tools and mine do not defer.


PS: FYI, it's not a plugin.

Comment Re:Ignorance on users part (including IT people) (Score 1) 420

They're command line tools... your average user knows squat about the command line.

Allso, as I pointed out in my original post, many an IT professional that I've pointed them out to "doesn't get it".

The crux of what I've done is the installer. It creates shortcuts and labels them "SecureIE" & "SecureFirefox". As they say, a picture is worth a thousand words. A turnkey solution increases user adoption by a very wide margin. I remember when I tried via IM to get a friend to use the command line tools and create shortcuts, I realized as I struggled to get them working that he wasn't putting a space between the .EXE being executed and the first argument, in the shortcut. What's obvious to me isn't obvious to others. Again, this is why the installer is a big deal.

Lastly, the command line tools have a dependency on the Win32 console runtime. If you create shortcuts and use them, there's a momentary flash. If you use these with average users (I'm not /. people) it changes what they're used to seeing and may cause them to reject what you've done since their experience changes. "What's that flash? What's that mean? Is something bad happening? You sure this won't do something bad?"

Again, I was motivated to do this based on my own personal experiences with evangelizing the command line tools.


PS: As for the command line tools, psexec & DropMyRights -- Google them.

Comment Re:Ignorance on users part (including IT people) (Score 1) 420

Mark Russinovich's tool, psexec, allows you to do it with the "-l" switch and DropMyRights:


The issue is that Microsoft never exposed a tool for *average* (note emphasis on AVERAGE) end users to leverage the power CreateRestrictedToken affords.

Currently, when creating a shortcut you can through its Advanced properties have Windows prompt you to change your user credentials but when SP2 came out Microsoft should have added a way to strip admin rights. A no brainer imho and *trivial* to implement.


Comment Re:Ignorance on users part (including IT people) (Score 1) 420

There are many factors at play, including among them in house politics at Microsoft. In particular the fact that they don't have a central figure with the ability to dictate security policy among their product groups. A security czar if you will. Imagine if there was the equivalent of a Steve Jobs inside of Microsoft but the only thing he was worried about was security *THEN* shyt would get done.

Otherwise you have one too many individuals with "security" in their title with no ability to dictate policy in products. Developers inside of Microsoft are pressured by managers to make product deadlines so MS can show growth to the stockholders (hint: none of them are thinking about security) and the end result is nothing progressive, creative and user friendly on the security front gets done. This Dilbert strip eludes to what I'm talking about:


What's more you have individuals like the guys on ZDNet's Security blog who love to post about the latest flaws in applications, whether they be QuickTime or Microsoft Office but never point out that many of these issues can be severely mitigated by not running with administrative credentials.

The "principle of least privilege" gives you the most bang for the buck when it comes to security yet Microsoft has been woefully bad at empowering Windows XP desktop users which lead to Windows' reputation of being insecure. Many security issues that are specific to an application, whether it's IE, Office, QuickTime, Adobe's PDF reader, etc., etc. become way less interesting when you remove administrative rights.

That's why there's 300,000 viruses in the Windows universe and like 7 on Mac OS X. Because Mac OS X has never had people running with administrative rights.

Vista with UAC is a big step in the right direction. Windows 7 presumably will cache the fact that you've approved an installer to do something and let it run its course up until the process (associated with the installer) terminates. This would eliminate prompting users multiple times and annoying the hell out of them.


Comment Almost but not quite enough (Score 0) 420

DropMyRights is one of two tools you can get off Microsoft's site to remove administrative rights when launching applications.

However, the biggest problem with both is that they are command line tools and your average Windows user knows jack about the Windows command line. Yes, this is /. but think of your Aunt Alice, Uncle Joe, Cousin Bob - "command line" is a quick way to immediately lose an average user.

What's more, getting people to actually read the Washingtonpost article and implement what it is saying is like pulling teeth. My experience is, it just doesn't happen. Even with IT people.

Secondly, DropMyRights is linked to the Win32 console runtime which causes a momentary flash as an application is launched (Windows displays a console window momentarily). It's very minor given the gains (in the case of DropMyRights) but average people have creative imaginations and they might dismiss a tool for the most *trivial reason* if their experience changes.

For all these reasons I wrote a small utility RemoveAdmin that does the same thing:


EXCEPT my installer creates shortcuts for IE & FireFox - turnkey solution is critical here, you have to break down the typical resistances with average users. The installer labels the shortcuts "SecureIE" and "SecureFirefox".

In addition removeAdmin.exe isn't linked to the Win32 console runtime so you don't see a flash as an application is launched.


Slashdot Top Deals

If you didn't have to work so hard, you'd have more time to be depressed.