Showing posts with label rat's nest. Show all posts
Showing posts with label rat's nest. Show all posts

03 March 2008

Microsoft's Finances

Much of Microsoft's power - particularly the kind used in bluffing - flows from an unwritten assumption that it is a huge, vastly-profitable company, with almost limitless resources. The limitless resources bit will certainly change if it acquires Yahoo, since it has admitted that it will need to borrow something like $20 billion to finance that transaction. But there is increasing evidence that even without that gargantuan meal to pay for, Microsoft's financials are not as rosy as they seem.

One of the most assiduous followers of this angle is Roy Schestowitz. The only problem has been that his posts on the subject have been running for so long that there is something of a rat's nest of links to follow on on his site if you want to see the big picture.

Happily, he has just put together a consolidated piece that links to all the main pieces of the puzzle:

Here is a summary of about half of our posts which cover this area. To make them digestible (readable without having to follow the link), a summary of references (external) and key points are provided for each.

Worth keeping an eye on.

07 February 2007

Windows: Rat's Nest and Dog's Breakfast

As Edward Tufte has explained far more eloquently than I can, images are able to convey information far more compactly and efficiently than words. So you don't have to be a geek to appreciate the two images in this posting:

Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture.

Well, not quite. The upper picture shows Apache running on GNU/Linux; the lower, IIS running on Windows. The former looks like a motherboard: complicated but orderly; the latter is simply a rat's nest.

As the post says:

A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications.

Now, some have criticised this on the grounds that people don't attempt to attack systems through static Web pages. This is true, but the point is, if this is the difference for a simple operation like displaying a Web page, imagine the contrast for more complex tasks. It is precisely those tasks that offer the greatest scope for finding weaknesses. Thus the images in the post above offer a graphic, if not literal, representation of the dog's breakfast that is Windows security. (Via Slashdot.)