Category Archives: Security

History, Security

Microsoft drops price due to lack of demand

Leave a comment

This seems like a huge blow to the company’s origins. Pretty soon, as global regions prove less likely to succumb to anticompetitive tactics and are free to make a balanced comparison versus other products (especially in the area of security), Microsoft might have to just give their software away.

Microsoft software will sell for just $3 in some parts of the world in an attempt to double the number of global PC users.

Some people call this a business strategy to out-compete hobby-ware such as Linux, or an extension of the kill-collaboration manifesto that built the Gates’ family fortunes. In terms of locking consumers in to the Microsoft philosophy, the question will become whether people are stuck with a $3OS or if they can use another OS on the same hardware.

In related news, Iowa has settled their lawsuit with Microsoft:

Microsoft Corp. agreed Wednesday to pay Iowans up to $180 million to settle a class-action lawsuit that claimed the company had a monopoly that cost the state’s citizens millions of dollars extra for software products.

The $179.5 million settlement means individuals in Iowa who bought certain Microsoft products between 1994 and 2006 will be eligible for cash. Companies with multiple copies can seek vouchers that will enable them to buy computer equipment and software. The amount that can be claimed will depend on which product and how many copies were purchased during the 12-year period.

Amazing, especially when you look at what they determined as “overpayment” per user:

For each copy of Microsoft Windows or MS-DOS, customers can claim $16 per copy, Microsoft Excel is worth $25 a copy and Microsoft Office, $29 a copy.

Poetry, Security

Linux advertising campaign…

Leave a comment

I was desperately trying to escape the clutches of yet another Microsoft vulnerability announcement when a funny marketing campaign came to mind:

Because I want to spend time with my family…Linux

or how about this one

Because I want to make it to the game/dinner/appointment on time…Linux

The problem is that I was recently reviewing firewall rules and wondering why the network folks were opening up ports 1025-5000 for all the “secure” windows server segments. Apparently the fat Microsoft administration tools (running on various desktops around a company) like to have all the RPC ports open to them. Coincidentally, the latest remote exploit comes in through…you guessed it, ports 1025-5000.

Ok, you have to run DNS on the Windows systems to be exploited, but try explaining the options to a Microsoft windows administrator. They don’t seem to understand why the number of ports is excessive, or why you can’t call a segment secure if you have to leave it wide open. My favorite comment so far has been “but the perimeter protects us”, second only to “if we install an old unpatched version of Microsoft’s DNS do you think it will mean we won’t be vulnerable to this exploit?” Ha. I almost choked on my tea when I heard that one.

Because I want to maintain my sanity…Linux

If I could put together a flashy photograph/visual, I think it would show the back of a group of people at a wedding looking towards a bride and religious official, with someone conspicuously absent. At the bottom of the image would be a phrase something like

Keep your priorities straight…Linux

Then again, I’m probably not in marketing for a reason. :)

Security

BMC angry about vulnerability

Leave a comment

BMC Patrol has a critical remote exploit that needs to be patched. Not the most exciting news, but what I did find interesting was the attitude/tone of their announcement:

[This issue] has been addressed, and a patch has been made available to our customers. A flash bulletin has been created describing the patch and will be sent to all affected customers in the next few days.

So far so good, right? Then something odd happens.

BMC has a formal customer support mechanism in place to provide solutions to security issues brought to us by those who have legally licensed our software. In cases where security issues are brought to my attention by individuals/vendors who do not have legal access to our products, we will investigate their merit; however the issues will be addressed at our own discretion and according to our understanding of their severity.

Finally, please note that in the future, I will only communicate resolutions and workarounds to licensed customers who are using our software legally. For a more meaningful dialogue around these issues and to be notified of any available patches, I urge all licensed customers to use BMC’s support mechanism.

They are taking their ball and going home now.

If you want to try and tell them about a critical vulnerability, then you had better be a licensed user or they will pretend you do not exist.

Energy, History, Security

Four miles per gallon worse than the model T

Leave a comment

Funny how things move around on the net. Early last year I was talking about the model T fuel efficiency compared with today’s cars. Now I see the same comparison showing up in the mainstream news:

The average price of a gallon of gas is higher than at any time since the early 1980s. The Middle East seems more volatile than ever. And even climate skeptics are starting to admit that the carbon we’re pumping into the atmosphere might have disastrous consequences. To these circumstances, automakers have responded with a fleet of cars that averages 21 miles per gallon, about four miles per gallon worse than the Model T.

Actually that is four to nine mpg worse than the Model T, or let’s just round it to ten, shall we? 107 years have passed and what exactly has improved? Let me guess, someone will say security of the passengers. Well, that turns out to be bogus logic.

Now I’m starting to think I should just dig up a model T, or take the core principles, and modify it for electric engines for getting around town.